2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "internal/e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
687 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
694 if (!TEST_ptr(tmp_pkey
))
700 EVP_PKEY_free(tmp_pkey
);
701 EVP_PKEY_CTX_free(pctx
);
705 static int test_selection(EVP_PKEY
*pkey
, int selection
)
709 BIO
*bio
= BIO_new(BIO_s_mem());
711 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
712 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
716 if (!TEST_false(ret
))
719 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
721 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
725 if (!TEST_false(ret
))
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
744 OSSL_PARAM_BLD
*bld
= NULL
;
745 OSSL_PARAM
*params
= NULL
;
746 EVP_PKEY
*just_params
= NULL
;
747 EVP_PKEY
*params_and_priv
= NULL
;
748 EVP_PKEY
*params_and_pub
= NULL
;
749 EVP_PKEY
*params_and_keypair
= NULL
;
750 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
757 if (!TEST_ptr(p
= BN_new())
758 || !TEST_ptr(q
= BN_new())
759 || !TEST_ptr(g
= BN_new())
760 || !TEST_ptr(pub
= BN_new())
761 || !TEST_ptr(priv
= BN_new()))
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
770 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
771 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
774 OSSL_PARAM_free(params
);
775 OSSL_PARAM_BLD_free(bld
);
779 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
780 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
791 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
792 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
795 OSSL_PARAM_free(params
);
796 OSSL_PARAM_BLD_free(bld
);
800 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
801 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
812 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
813 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
816 OSSL_PARAM_free(params
);
817 OSSL_PARAM_BLD_free(bld
);
821 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
822 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
825 /* Test priv and pub */
826 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
835 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
836 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
839 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
844 OSSL_PARAM_free(params
);
845 OSSL_PARAM_BLD_free(bld
);
846 EVP_PKEY_free(just_params
);
847 EVP_PKEY_free(params_and_priv
);
848 EVP_PKEY_free(params_and_pub
);
849 EVP_PKEY_free(params_and_keypair
);
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv
[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
870 static unsigned char ec_pub
[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
879 static int test_EC_priv_pub(void)
881 OSSL_PARAM_BLD
*bld
= NULL
;
882 OSSL_PARAM
*params
= NULL
;
883 EVP_PKEY
*just_params
= NULL
;
884 EVP_PKEY
*params_and_priv
= NULL
;
885 EVP_PKEY
*params_and_pub
= NULL
;
886 EVP_PKEY
*params_and_keypair
= NULL
;
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
894 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
900 OSSL_PKEY_PARAM_GROUP_NAME
,
903 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
904 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
907 OSSL_PARAM_free(params
);
908 OSSL_PARAM_BLD_free(bld
);
912 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
913 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
919 OSSL_PKEY_PARAM_GROUP_NAME
,
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
924 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
925 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
928 OSSL_PARAM_free(params
);
929 OSSL_PARAM_BLD_free(bld
);
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
939 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
940 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
946 OSSL_PKEY_PARAM_GROUP_NAME
,
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
949 OSSL_PKEY_PARAM_PUB_KEY
,
950 ec_pub
, sizeof(ec_pub
))))
952 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
953 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
956 OSSL_PARAM_free(params
);
957 OSSL_PARAM_BLD_free(bld
);
961 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
962 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
965 /* Test priv and pub */
966 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
968 OSSL_PKEY_PARAM_GROUP_NAME
,
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
971 OSSL_PKEY_PARAM_PUB_KEY
,
972 ec_pub
, sizeof(ec_pub
)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
976 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
977 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
980 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
983 /* Try key equality */
984 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, just_params
), 0)
985 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_pub
),
987 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_priv
),
989 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_keypair
),
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub
, params_and_pub
), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv
, params_and_priv
), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_pub
), 0)
994 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_priv
), 0))
999 OSSL_PARAM_free(params
);
1000 OSSL_PARAM_BLD_free(bld
);
1001 EVP_PKEY_free(just_params
);
1002 EVP_PKEY_free(params_and_priv
);
1003 EVP_PKEY_free(params_and_pub
);
1004 EVP_PKEY_free(params_and_keypair
);
1010 /* Test that using a legacy EC key with only a private key in it works */
1011 # ifndef OPENSSL_NO_DEPRECATED_3_0
1012 static int test_EC_priv_only_legacy(void)
1014 BIGNUM
*priv
= NULL
;
1016 EC_KEY
*eckey
= NULL
;
1017 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1018 EVP_MD_CTX
*ctx
= NULL
;
1020 /* Create the low level EC_KEY */
1021 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1024 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1025 if (!TEST_ptr(eckey
))
1028 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1031 pkey
= EVP_PKEY_new();
1032 if (!TEST_ptr(pkey
))
1035 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1039 while (dup_pk
== NULL
) {
1041 ctx
= EVP_MD_CTX_new();
1046 * The EVP_DigestSignInit function should create the key on the
1047 * provider side which is sufficient for this test.
1049 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1050 testpropq
, pkey
, NULL
)))
1052 EVP_MD_CTX_free(ctx
);
1055 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1057 /* EVP_PKEY_eq() returns -2 with missing public keys */
1058 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1059 EVP_PKEY_free(pkey
);
1066 EVP_MD_CTX_free(ctx
);
1067 EVP_PKEY_free(pkey
);
1073 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1074 #endif /* OPENSSL_NO_EC */
1076 static int test_EVP_PKEY_sign(int tst
)
1079 EVP_PKEY
*pkey
= NULL
;
1080 unsigned char *sig
= NULL
;
1081 size_t sig_len
= 0, shortsig_len
= 1;
1082 EVP_PKEY_CTX
*ctx
= NULL
;
1083 unsigned char tbs
[] = {
1084 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1085 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1089 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1091 } else if (tst
== 1) {
1092 #ifndef OPENSSL_NO_DSA
1093 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1100 #ifndef OPENSSL_NO_EC
1101 if (!TEST_ptr(pkey
= load_example_ec_key()))
1109 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1111 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1112 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1115 sig
= OPENSSL_malloc(sig_len
);
1117 /* Test sending a signature buffer that is too short is rejected */
1118 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1120 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1122 /* Test the signature round-trips */
1123 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1124 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1130 EVP_PKEY_CTX_free(ctx
);
1132 EVP_PKEY_free(pkey
);
1137 * n = 0 => test using legacy cipher
1138 * n = 1 => test using fetched cipher
1140 static int test_EVP_Enveloped(int n
)
1143 EVP_CIPHER_CTX
*ctx
= NULL
;
1144 EVP_PKEY
*keypair
= NULL
;
1145 unsigned char *kek
= NULL
;
1146 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1147 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1148 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1149 unsigned char ciphertext
[32], plaintext
[16];
1150 EVP_CIPHER
*type
= NULL
;
1152 if (nullprov
!= NULL
)
1153 return TEST_skip("Test does not support a non-default library context");
1156 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1157 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1161 if (!TEST_ptr(keypair
= load_example_rsa_key())
1162 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1163 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1164 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1166 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1168 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1172 ciphertext_len
+= len
;
1174 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1175 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1176 ciphertext
, ciphertext_len
))
1177 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1180 plaintext_len
+= len
;
1181 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1187 EVP_CIPHER_free(type
);
1189 EVP_PKEY_free(keypair
);
1190 EVP_CIPHER_CTX_free(ctx
);
1195 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1196 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1197 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1198 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1199 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1200 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1201 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1202 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1203 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1204 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1205 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1206 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1207 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1208 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1209 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1210 * Test 15-29: Same as above with reinitialization
1212 static int test_EVP_DigestSignInit(int tst
)
1215 EVP_PKEY
*pkey
= NULL
;
1216 unsigned char *sig
= NULL
, *sig2
= NULL
;
1217 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1218 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1219 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1220 BIO
*mdbio
= NULL
, *membio
= NULL
;
1223 EVP_MD
*mdexp
= NULL
;
1226 if (nullprov
!= NULL
)
1227 return TEST_skip("Test does not support a non-default library context");
1234 if (tst
>= 6 && tst
<= 8) {
1235 membio
= BIO_new(BIO_s_mem());
1236 mdbio
= BIO_new(BIO_f_md());
1237 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1239 BIO_push(mdbio
, membio
);
1240 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1243 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1244 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1249 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1251 } else if (tst
% 3 == 1) {
1252 #ifndef OPENSSL_NO_DSA
1253 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1260 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1264 if (tst
>= 3 && tst
<= 5)
1265 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1269 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1272 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1275 if (tst
>= 6 && tst
<= 8) {
1276 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1278 } else if (tst
< 6) {
1279 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1284 /* Determine the size of the signature. */
1285 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1287 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1290 /* Test that supply a short sig buffer fails */
1291 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1295 * We end here because once EVP_DigestSign() has failed you should
1296 * not call it again without re-initing the ctx
1301 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1305 /* Determine the size of the signature. */
1306 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1307 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1309 * Trying to create a signature with a deliberately short
1310 * buffer should fail.
1312 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1313 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1318 * Ensure that the signature round-trips (Verification isn't supported for
1319 * HMAC via EVP_DigestVerify*)
1322 if (tst
>= 6 && tst
<= 8) {
1323 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1324 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1328 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1332 if (tst
>= 6 && tst
<= 8) {
1333 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1336 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1340 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1343 /* Multiple calls to EVP_DigestVerifyFinal should work */
1344 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1348 * For HMAC a doubled call to DigestSignFinal should produce the same
1349 * value as finalization should not happen.
1351 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1352 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1353 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1356 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1365 EVP_MD_CTX_free(a_md_ctx
);
1366 EVP_MD_CTX_free(a_md_ctx_verify
);
1367 EVP_PKEY_free(pkey
);
1375 static int test_EVP_DigestVerifyInit(void)
1378 EVP_PKEY
*pkey
= NULL
;
1379 EVP_MD_CTX
*md_ctx
= NULL
;
1381 if (nullprov
!= NULL
)
1382 return TEST_skip("Test does not support a non-default library context");
1384 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1385 || !TEST_ptr(pkey
= load_example_rsa_key()))
1388 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1389 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1390 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1391 sizeof(kSignature
)), 0))
1394 /* test with reinitialization */
1395 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1396 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1397 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1398 sizeof(kSignature
)), 0))
1403 EVP_MD_CTX_free(md_ctx
);
1404 EVP_PKEY_free(pkey
);
1408 #ifndef OPENSSL_NO_SIPHASH
1409 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1410 static int test_siphash_digestsign(void)
1412 unsigned char key
[16];
1413 unsigned char buf
[8], digest
[8];
1414 unsigned char expected
[8] = {
1415 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1417 EVP_PKEY
*pkey
= NULL
;
1418 EVP_MD_CTX
*mdctx
= NULL
;
1419 EVP_PKEY_CTX
*ctx
= NULL
;
1423 if (nullprov
!= NULL
)
1424 return TEST_skip("Test does not support a non-default library context");
1428 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1432 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1435 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1437 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1438 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1442 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1444 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1446 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1448 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1453 EVP_PKEY_free(pkey
);
1454 EVP_MD_CTX_free(mdctx
);
1460 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1462 static int test_EVP_Digest(void)
1465 EVP_MD_CTX
*md_ctx
= NULL
;
1466 unsigned char md
[EVP_MAX_MD_SIZE
];
1467 EVP_MD
*sha256
= NULL
;
1468 EVP_MD
*shake256
= NULL
;
1470 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1473 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1474 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1477 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1478 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1479 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1480 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1481 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1484 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1485 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1486 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1487 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1488 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1490 * EVP_DigestInit_ex with NULL type should work on
1491 * pre-initialized context.
1493 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1496 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1497 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1498 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1499 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1500 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1501 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1506 EVP_MD_CTX_free(md_ctx
);
1507 EVP_MD_free(sha256
);
1508 EVP_MD_free(shake256
);
1512 static int test_EVP_md_null(void)
1515 EVP_MD_CTX
*md_ctx
= NULL
;
1516 const EVP_MD
*md_null
= EVP_md_null();
1517 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1518 unsigned int md_len
= sizeof(md_value
);
1520 if (nullprov
!= NULL
)
1521 return TEST_skip("Test does not support a non-default library context");
1523 if (!TEST_ptr(md_null
)
1524 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1527 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1528 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1529 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1532 if (!TEST_uint_eq(md_len
, 0))
1537 EVP_MD_CTX_free(md_ctx
);
1541 static int test_d2i_AutoPrivateKey(int i
)
1544 const unsigned char *p
;
1545 EVP_PKEY
*pkey
= NULL
;
1546 const APK_DATA
*ak
= &keydata
[i
];
1547 const unsigned char *input
= ak
->kder
;
1548 size_t input_len
= ak
->size
;
1549 int expected_id
= ak
->evptype
;
1552 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1553 || !TEST_ptr_eq(p
, input
+ input_len
)
1554 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1560 EVP_PKEY_free(pkey
);
1564 #ifndef OPENSSL_NO_EC
1566 static const unsigned char ec_public_sect163k1_validxy
[] = {
1567 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1568 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1569 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1570 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1571 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1572 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1575 static const unsigned char ec_public_sect163k1_badx
[] = {
1576 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1577 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1578 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1579 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1580 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1581 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1584 static const unsigned char ec_public_sect163k1_bady
[] = {
1585 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1586 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1587 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1588 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1589 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1590 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1593 static struct ec_der_pub_keys_st
{
1594 const unsigned char *der
;
1597 } ec_der_pub_keys
[] = {
1598 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1599 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1600 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1604 * Tests the range of the decoded EC char2 public point.
1605 * See ec_GF2m_simple_oct2point().
1607 static int test_invalide_ec_char2_pub_range_decode(int id
)
1612 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1613 ec_der_pub_keys
[id
].len
);
1615 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1616 || TEST_ptr_null(pkey
);
1617 EVP_PKEY_free(pkey
);
1621 /* Tests loading a bad key in PKCS8 format */
1622 static int test_EVP_PKCS82PKEY(void)
1625 const unsigned char *derp
= kExampleBadECKeyDER
;
1626 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1627 EVP_PKEY
*pkey
= NULL
;
1629 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1630 sizeof(kExampleBadECKeyDER
))))
1633 if (!TEST_ptr_eq(derp
,
1634 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1637 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1643 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1644 EVP_PKEY_free(pkey
);
1650 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1652 EVP_PKEY
*pkey
= NULL
;
1653 EVP_PKEY
*pkey2
= NULL
;
1655 char *membuf
= NULL
;
1656 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1659 if (testctx
!= NULL
)
1660 /* test not supported with non-default context */
1663 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1664 || !TEST_ptr(pkey
= load_example_rsa_key())
1665 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1666 NULL
, 0, NULL
, NULL
),
1668 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1669 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1670 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1671 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1677 EVP_PKEY_free(pkey
);
1678 EVP_PKEY_free(pkey2
);
1679 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1680 BIO_free_all(membio
);
1684 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1685 static int test_privatekey_to_pkcs8(void)
1687 EVP_PKEY
*pkey
= NULL
;
1689 char *membuf
= NULL
;
1690 long membuf_len
= 0;
1693 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1694 || !TEST_ptr(pkey
= load_example_rsa_key())
1695 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1696 NULL
, 0, NULL
, NULL
),
1698 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1699 || !TEST_ptr(membuf
)
1700 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1701 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1703 * We try to write PEM as well, just to see that it doesn't err, but
1704 * assume that the result is correct.
1706 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1707 NULL
, 0, NULL
, NULL
),
1713 EVP_PKEY_free(pkey
);
1714 BIO_free_all(membio
);
1718 #ifndef OPENSSL_NO_EC
1719 static const struct {
1721 const char *encoding_name
;
1722 } ec_encodings
[] = {
1723 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1724 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1727 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1729 const OSSL_PARAM
*p
;
1730 const char *enc_name
= NULL
;
1736 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1737 OSSL_PKEY_PARAM_EC_ENCODING
))
1738 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1741 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1742 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1743 *enc
= ec_encodings
[i
].encoding
;
1748 return (*enc
!= -1);
1751 static int test_EC_keygen_with_enc(int idx
)
1753 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1754 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1758 enc
= ec_encodings
[idx
].encoding
;
1760 /* Create key parameters */
1761 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1762 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1763 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1764 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1765 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1766 || !TEST_ptr(params
))
1770 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1771 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1772 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1776 /* Check that the encoding got all the way into the key */
1777 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1778 ec_export_get_encoding_cb
, &enc
))
1779 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1785 EVP_PKEY_free(params
);
1786 EVP_PKEY_CTX_free(kctx
);
1787 EVP_PKEY_CTX_free(pctx
);
1792 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1794 static int test_EVP_SM2_verify(void)
1796 const char *pubkey
=
1797 "-----BEGIN PUBLIC KEY-----\n"
1798 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1799 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1800 "-----END PUBLIC KEY-----\n";
1802 const char *msg
= "message digest";
1803 const char *id
= "ALICE123@YAHOO.COM";
1805 const uint8_t signature
[] = {
1806 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1807 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1808 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1809 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1810 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1811 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1812 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1817 EVP_PKEY
*pkey
= NULL
;
1818 EVP_MD_CTX
*mctx
= NULL
;
1819 EVP_PKEY_CTX
*pctx
= NULL
;
1822 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1823 if (!TEST_true(bio
!= NULL
))
1826 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1827 if (!TEST_true(pkey
!= NULL
))
1830 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1833 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1836 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1839 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1841 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1844 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1847 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1850 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1853 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1859 EVP_PKEY_free(pkey
);
1860 EVP_PKEY_CTX_free(pctx
);
1861 EVP_MD_CTX_free(mctx
);
1866 static int test_EVP_SM2(void)
1869 EVP_PKEY
*pkey
= NULL
;
1870 EVP_PKEY
*pkeyparams
= NULL
;
1871 EVP_PKEY_CTX
*pctx
= NULL
;
1872 EVP_PKEY_CTX
*kctx
= NULL
;
1873 EVP_PKEY_CTX
*sctx
= NULL
;
1875 unsigned char *sig
= NULL
;
1876 EVP_MD_CTX
*md_ctx
= NULL
;
1877 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1878 EVP_PKEY_CTX
*cctx
= NULL
;
1879 EVP_MD
*check_md
= NULL
;
1881 uint8_t ciphertext
[128];
1882 size_t ctext_len
= sizeof(ciphertext
);
1884 uint8_t plaintext
[8];
1885 size_t ptext_len
= sizeof(plaintext
);
1887 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1889 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1890 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1892 char mdname
[OSSL_MAX_NAME_SIZE
];
1894 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1898 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1901 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1904 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1907 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1908 pkeyparams
, testpropq
)))
1911 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
1914 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1917 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1920 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1923 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1927 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1929 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1932 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1935 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1938 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1941 /* Determine the size of the signature. */
1942 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1945 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1948 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1951 /* Ensure that the signature round-trips. */
1953 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1957 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1963 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1967 * Try verify again with non-matching 0 length id but ensure that it can
1968 * be set on the context and overrides the previous value.
1971 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1975 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, NULL
, 0), 0))
1978 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1981 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1984 /* now check encryption/decryption */
1986 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1987 mdname
, sizeof(mdname
));
1988 for (i
= 0; i
< 2; i
++) {
1989 const char *mdnames
[] = {
1990 #ifndef OPENSSL_NO_SM3
1996 EVP_PKEY_CTX_free(cctx
);
1998 if (mdnames
[i
] == NULL
)
2002 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2003 (char *)mdnames
[i
], 0);
2005 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2009 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
2012 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2015 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
2019 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
2022 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2025 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
2029 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2033 * Test we're still using the digest we think we are.
2034 * Because of aliases, the easiest is to fetch the digest and
2035 * check the name with EVP_MD_is_a().
2037 EVP_MD_free(check_md
);
2038 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2040 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2041 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2045 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2048 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2054 EVP_PKEY_CTX_free(pctx
);
2055 EVP_PKEY_CTX_free(kctx
);
2056 EVP_PKEY_CTX_free(sctx
);
2057 EVP_PKEY_CTX_free(cctx
);
2058 EVP_PKEY_free(pkey
);
2059 EVP_PKEY_free(pkeyparams
);
2060 EVP_MD_CTX_free(md_ctx
);
2061 EVP_MD_CTX_free(md_ctx_verify
);
2062 EVP_MD_free(check_md
);
2069 static struct keys_st
{
2075 EVP_PKEY_HMAC
, "0123456789", NULL
2078 EVP_PKEY_HMAC
, "", NULL
2079 #ifndef OPENSSL_NO_POLY1305
2081 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2083 #ifndef OPENSSL_NO_SIPHASH
2085 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2088 #ifndef OPENSSL_NO_EC
2090 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2091 "abcdefghijklmnopqrstuvwxyzabcdef"
2093 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2094 "abcdefghijklmnopqrstuvwxyzabcdef"
2097 "01234567890123456789012345678901234567890123456789012345",
2098 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2101 "012345678901234567890123456789012345678901234567890123456",
2102 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2107 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2110 unsigned char buf
[80];
2112 size_t inlen
, len
= 0, shortlen
= 1;
2115 /* Check if this algorithm supports public keys */
2116 if (pub
&& keys
[tst
].pub
== NULL
)
2119 memset(buf
, 0, sizeof(buf
));
2122 #ifndef OPENSSL_NO_EC
2123 inlen
= strlen(keys
[tst
].pub
);
2124 in
= (unsigned char *)keys
[tst
].pub
;
2126 pkey
= EVP_PKEY_new_raw_public_key_ex(
2128 OBJ_nid2sn(keys
[tst
].type
),
2133 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2142 inlen
= strlen(keys
[tst
].priv
);
2143 in
= (unsigned char *)keys
[tst
].priv
;
2145 pkey
= EVP_PKEY_new_raw_private_key_ex(
2146 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2151 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2159 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2160 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2161 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2162 || !TEST_true(len
== inlen
))
2166 * Test that supplying a buffer that is too small fails. Doesn't apply
2167 * to HMAC with a zero length key
2169 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2171 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2175 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2176 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2177 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2182 EVP_PKEY_free(pkey
);
2186 static int test_set_get_raw_keys(int tst
)
2188 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2189 && test_set_get_raw_keys_int(tst
, 0, 1)
2190 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2191 && test_set_get_raw_keys_int(tst
, 1, 1);
2194 #ifndef OPENSSL_NO_DEPRECATED_3_0
2195 static int pkey_custom_check(EVP_PKEY
*pkey
)
2200 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2205 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2210 static EVP_PKEY_METHOD
*custom_pmeth
;
2213 static int test_EVP_PKEY_check(int i
)
2216 EVP_PKEY
*pkey
= NULL
;
2217 EVP_PKEY_CTX
*ctx
= NULL
;
2218 #ifndef OPENSSL_NO_DEPRECATED_3_0
2219 EVP_PKEY_CTX
*ctx2
= NULL
;
2221 const APK_DATA
*ak
= &keycheckdata
[i
];
2222 const unsigned char *input
= ak
->kder
;
2223 size_t input_len
= ak
->size
;
2224 int expected_id
= ak
->evptype
;
2225 int expected_check
= ak
->check
;
2226 int expected_pub_check
= ak
->pub_check
;
2227 int expected_param_check
= ak
->param_check
;
2228 int type
= ak
->type
;
2230 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2233 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2236 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2239 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2242 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2245 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2248 #ifndef OPENSSL_NO_DEPRECATED_3_0
2249 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2250 /* assign the pkey directly, as an internal test */
2251 EVP_PKEY_up_ref(pkey
);
2254 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2257 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2260 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2267 EVP_PKEY_CTX_free(ctx
);
2268 #ifndef OPENSSL_NO_DEPRECATED_3_0
2269 EVP_PKEY_CTX_free(ctx2
);
2271 EVP_PKEY_free(pkey
);
2275 #ifndef OPENSSL_NO_CMAC
2276 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2278 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2279 const char msg
[] = "Hello World";
2280 size_t maclen
= AES_BLOCK_SIZE
;
2283 if (!TEST_ptr(mdctx
)
2284 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2285 testpropq
, pkey
, NULL
))
2286 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2287 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2288 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2291 EVP_MD_CTX_free(mdctx
);
2295 static int test_CMAC_keygen(void)
2297 static unsigned char key
[] = {
2298 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2299 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2300 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2302 EVP_PKEY_CTX
*kctx
= NULL
;
2304 EVP_PKEY
*pkey
= NULL
;
2305 unsigned char mac
[AES_BLOCK_SIZE
];
2306 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2307 unsigned char mac2
[AES_BLOCK_SIZE
];
2310 if (nullprov
!= NULL
)
2311 return TEST_skip("Test does not support a non-default library context");
2314 * This is a legacy method for CMACs, but should still work.
2315 * This verifies that it works without an ENGINE.
2317 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2319 /* Test a CMAC key created using the "generated" method */
2320 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2321 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2322 EVP_PKEY_CTRL_CIPHER
,
2323 0, (void *)EVP_aes_256_ecb()), 0)
2324 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2325 EVP_PKEY_CTRL_SET_MAC_KEY
,
2326 sizeof(key
), (void *)key
), 0)
2327 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2329 || !TEST_true(get_cmac_val(pkey
, mac
)))
2332 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2333 EVP_PKEY_free(pkey
);
2336 * Test a CMAC key using the direct method, and compare with the mac
2339 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2341 || !TEST_true(get_cmac_val(pkey
, mac2
))
2342 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2349 EVP_PKEY_free(pkey
);
2350 EVP_PKEY_CTX_free(kctx
);
2355 static int test_HKDF(void)
2358 unsigned char out
[20];
2361 unsigned char salt
[] = "0123456789";
2362 unsigned char key
[] = "012345678901234567890123456789";
2363 unsigned char info
[] = "infostring";
2364 const unsigned char expected
[] = {
2365 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2366 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2368 size_t expectedlen
= sizeof(expected
);
2370 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2373 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2374 for (i
= 0; i
< 2; i
++) {
2375 outlen
= sizeof(out
);
2376 memset(out
, 0, outlen
);
2378 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2379 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2380 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2381 sizeof(salt
) - 1), 0)
2382 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2383 sizeof(key
) - 1), 0)
2384 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2385 sizeof(info
) - 1), 0)
2386 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2387 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2394 EVP_PKEY_CTX_free(pctx
);
2399 static int test_emptyikm_HKDF(void)
2402 unsigned char out
[20];
2405 unsigned char salt
[] = "9876543210";
2406 unsigned char key
[] = "";
2407 unsigned char info
[] = "stringinfo";
2408 const unsigned char expected
[] = {
2409 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2410 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2412 size_t expectedlen
= sizeof(expected
);
2414 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2417 outlen
= sizeof(out
);
2418 memset(out
, 0, outlen
);
2420 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2421 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2422 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2423 sizeof(salt
) - 1), 0)
2424 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2425 sizeof(key
) - 1), 0)
2426 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2427 sizeof(info
) - 1), 0)
2428 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2429 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2435 EVP_PKEY_CTX_free(pctx
);
2440 #ifndef OPENSSL_NO_EC
2441 static int test_X509_PUBKEY_inplace(void)
2444 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2445 const unsigned char *p
= kExampleECPubKeyDER
;
2446 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2450 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2453 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2456 p
= kExampleBadECPubKeyDER
;
2457 input_len
= sizeof(kExampleBadECPubKeyDER
);
2459 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2462 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2468 X509_PUBKEY_free(xp
);
2472 static int test_X509_PUBKEY_dup(void)
2475 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2476 const unsigned char *p
= kExampleECPubKeyDER
;
2477 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2479 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2481 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2482 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2483 || !TEST_ptr_ne(xp
, xq
))
2486 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2487 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2488 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2491 X509_PUBKEY_free(xq
);
2493 p
= kExampleBadECPubKeyDER
;
2494 input_len
= sizeof(kExampleBadECPubKeyDER
);
2496 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2497 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2500 X509_PUBKEY_free(xp
);
2502 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2508 X509_PUBKEY_free(xp
);
2509 X509_PUBKEY_free(xq
);
2512 #endif /* OPENSSL_NO_EC */
2514 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2515 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2517 EVP_MD_CTX
*mdctx
= NULL
;
2518 EVP_PKEY_CTX
*ctx
= NULL
;
2519 const OSSL_PARAM
*params
;
2520 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2523 char mdname
[OSSL_MAX_NAME_SIZE
];
2526 /* Initialise a sign operation */
2527 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2529 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2533 * We should be able to query the parameters now.
2535 params
= EVP_PKEY_CTX_settable_params(ctx
);
2536 if (!TEST_ptr(params
)
2537 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2538 OSSL_SIGNATURE_PARAM_DIGEST
)))
2541 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2542 if (!TEST_ptr(params
)
2543 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2544 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2545 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2546 OSSL_SIGNATURE_PARAM_DIGEST
)))
2550 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2551 * EVP_PKEY_CTX_get_params()
2553 strcpy(mdname
, "SHA512");
2555 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2557 *param
++ = OSSL_PARAM_construct_end();
2559 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2563 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2564 mdname
, sizeof(mdname
));
2565 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2566 || !TEST_str_eq(mdname
, "SHA512"))
2570 * Test the TEST_PKEY_CTX_set_signature_md() and
2571 * TEST_PKEY_CTX_get_signature_md() functions
2573 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2574 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2575 || !TEST_ptr_eq(md
, EVP_sha256()))
2579 * Test getting MD parameters via an associated EVP_PKEY_CTX
2581 mdctx
= EVP_MD_CTX_new();
2582 if (!TEST_ptr(mdctx
)
2583 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2588 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2589 * able to obtain the digest's settable parameters from the provider.
2591 params
= EVP_MD_CTX_settable_params(mdctx
);
2592 if (!TEST_ptr(params
)
2593 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2594 /* The final key should be NULL */
2595 || !TEST_ptr_null(params
[1].key
))
2599 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2600 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2601 ssl3ms
, sizeof(ssl3ms
));
2602 *param
++ = OSSL_PARAM_construct_end();
2604 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2610 EVP_MD_CTX_free(mdctx
);
2611 EVP_PKEY_CTX_free(ctx
);
2616 #ifndef OPENSSL_NO_DSA
2617 static int test_DSA_get_set_params(void)
2619 OSSL_PARAM_BLD
*bld
= NULL
;
2620 OSSL_PARAM
*params
= NULL
;
2621 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2622 EVP_PKEY_CTX
*pctx
= NULL
;
2623 EVP_PKEY
*pkey
= NULL
;
2627 * Setup the parameters for our DSA object. For our purposes they don't
2628 * have to actually be *valid* parameters. We just need to set something.
2630 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2631 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2632 || !TEST_ptr(p
= BN_new())
2633 || !TEST_ptr(q
= BN_new())
2634 || !TEST_ptr(g
= BN_new())
2635 || !TEST_ptr(pub
= BN_new())
2636 || !TEST_ptr(priv
= BN_new()))
2638 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2639 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2640 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2641 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2643 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2646 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2649 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2650 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2654 if (!TEST_ptr(pkey
))
2657 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2660 EVP_PKEY_free(pkey
);
2661 EVP_PKEY_CTX_free(pctx
);
2662 OSSL_PARAM_free(params
);
2663 OSSL_PARAM_BLD_free(bld
);
2674 * Test combinations of private, public, missing and private + public key
2675 * params to ensure they are all accepted
2677 static int test_DSA_priv_pub(void)
2679 return test_EVP_PKEY_ffc_priv_pub("DSA");
2682 #endif /* !OPENSSL_NO_DSA */
2684 static int test_RSA_get_set_params(void)
2686 OSSL_PARAM_BLD
*bld
= NULL
;
2687 OSSL_PARAM
*params
= NULL
;
2688 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2689 EVP_PKEY_CTX
*pctx
= NULL
;
2690 EVP_PKEY
*pkey
= NULL
;
2694 * Setup the parameters for our RSA object. For our purposes they don't
2695 * have to actually be *valid* parameters. We just need to set something.
2697 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2698 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2699 || !TEST_ptr(n
= BN_new())
2700 || !TEST_ptr(e
= BN_new())
2701 || !TEST_ptr(d
= BN_new()))
2703 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2704 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2705 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2707 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2710 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2711 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2715 if (!TEST_ptr(pkey
))
2718 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2721 EVP_PKEY_free(pkey
);
2722 EVP_PKEY_CTX_free(pctx
);
2723 OSSL_PARAM_free(params
);
2724 OSSL_PARAM_BLD_free(bld
);
2732 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2733 static int test_decrypt_null_chunks(void)
2735 EVP_CIPHER_CTX
* ctx
= NULL
;
2736 EVP_CIPHER
*cipher
= NULL
;
2737 const unsigned char key
[32] = {
2738 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2739 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2740 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2742 unsigned char iv
[12] = {
2743 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2745 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2746 unsigned char ciphertext
[80];
2747 unsigned char plaintext
[80];
2748 /* We initialise tmp to a non zero value on purpose */
2749 int ctlen
, ptlen
, tmp
= 99;
2751 const int enc_offset
= 10, dec_offset
= 20;
2753 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2754 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2755 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2757 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2759 /* Deliberate add a zero length update */
2760 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2762 || !TEST_int_eq(tmp
, 0)
2763 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2765 sizeof(msg
) - enc_offset
))
2766 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2767 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2768 || !TEST_int_eq(tmp
, 0))
2771 /* Deliberately initialise tmp to a non zero value */
2773 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2774 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2777 * Deliberately add a zero length update. We also deliberately do
2778 * this at a different offset than for encryption.
2780 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2782 || !TEST_int_eq(tmp
, 0)
2783 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2784 ciphertext
+ dec_offset
,
2785 ctlen
- dec_offset
))
2786 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2787 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2788 || !TEST_int_eq(tmp
, 0)
2789 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2794 EVP_CIPHER_CTX_free(ctx
);
2795 EVP_CIPHER_free(cipher
);
2798 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2800 #ifndef OPENSSL_NO_DH
2802 * Test combinations of private, public, missing and private + public key
2803 * params to ensure they are all accepted
2805 static int test_DH_priv_pub(void)
2807 return test_EVP_PKEY_ffc_priv_pub("DH");
2810 # ifndef OPENSSL_NO_DEPRECATED_3_0
2811 static int test_EVP_PKEY_set1_DH(void)
2813 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2814 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2816 BIGNUM
*p
, *g
= NULL
;
2817 BIGNUM
*pubkey
= NULL
;
2818 unsigned char pub
[2048 / 8];
2821 if (!TEST_ptr(p
= BN_new())
2822 || !TEST_ptr(g
= BN_new())
2823 || !TEST_ptr(pubkey
= BN_new())
2824 || !TEST_true(BN_set_word(p
, 9999))
2825 || !TEST_true(BN_set_word(g
, 2))
2826 || !TEST_true(BN_set_word(pubkey
, 4321))
2827 || !TEST_ptr(noqdh
= DH_new())
2828 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2829 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2830 || !TEST_ptr(pubkey
= BN_new())
2831 || !TEST_true(BN_set_word(pubkey
, 4321)))
2835 x942dh
= DH_get_2048_256();
2836 pkey1
= EVP_PKEY_new();
2837 pkey2
= EVP_PKEY_new();
2838 if (!TEST_ptr(x942dh
)
2842 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2846 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2847 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2850 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2852 || !TEST_ptr(pubkey
))
2855 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2856 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2859 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2860 OSSL_PKEY_PARAM_PUB_KEY
,
2861 pub
, sizeof(pub
), &len
))
2862 || !TEST_size_t_ne(len
, 0))
2870 EVP_PKEY_free(pkey1
);
2871 EVP_PKEY_free(pkey2
);
2877 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2878 #endif /* !OPENSSL_NO_DH */
2881 * We test what happens with an empty template. For the sake of this test,
2882 * the template must be ignored, and we know that's the case for RSA keys
2883 * (this might arguably be a misfeature, but that's what we currently do,
2884 * even in provider code, since that's how the legacy RSA implementation
2887 static int test_keygen_with_empty_template(int n
)
2889 EVP_PKEY_CTX
*ctx
= NULL
;
2890 EVP_PKEY
*pkey
= NULL
;
2891 EVP_PKEY
*tkey
= NULL
;
2894 if (nullprov
!= NULL
)
2895 return TEST_skip("Test does not support a non-default library context");
2899 /* We do test with no template at all as well */
2900 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2904 /* Here we create an empty RSA key that serves as our template */
2905 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2906 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2907 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2912 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2913 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2918 EVP_PKEY_CTX_free(ctx
);
2919 EVP_PKEY_free(pkey
);
2920 EVP_PKEY_free(tkey
);
2925 * Test that we fail if we attempt to use an algorithm that is not available
2926 * in the current library context (unless we are using an algorithm that
2927 * should be made available via legacy codepaths).
2932 static int test_pkey_ctx_fail_without_provider(int tst
)
2934 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2935 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2936 EVP_PKEY_CTX
*pctx
= NULL
;
2937 const char *keytype
= NULL
;
2938 int expect_null
= 0;
2941 if (!TEST_ptr(tmpctx
))
2944 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2945 if (!TEST_ptr(tmpnullprov
))
2949 * We check for certain algos in the null provider.
2950 * If an algo is expected to have a provider keymgmt, constructing an
2951 * EVP_PKEY_CTX is expected to fail (return NULL).
2952 * Otherwise, if it's expected to have legacy support, constructing an
2953 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2963 #ifdef OPENSSL_NO_EC
2964 TEST_info("EC disable, skipping SM2 check...");
2967 #ifdef OPENSSL_NO_SM2
2968 TEST_info("SM2 disable, skipping SM2 check...");
2973 TEST_error("No test for case %d", tst
);
2977 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2978 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2981 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2987 EVP_PKEY_CTX_free(pctx
);
2988 OSSL_PROVIDER_unload(tmpnullprov
);
2989 OSSL_LIB_CTX_free(tmpctx
);
2993 static int test_rand_agglomeration(void)
2997 OSSL_PARAM params
[3], *p
= params
;
2999 unsigned int step
= 7;
3000 static unsigned char seed
[] = "It does not matter how slowly you go "
3001 "as long as you do not stop.";
3002 unsigned char out
[sizeof(seed
)];
3004 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
3005 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
3007 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
3008 EVP_RAND_free(rand
);
3012 memset(out
, 0, sizeof(out
));
3013 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
3014 seed
, sizeof(seed
));
3015 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
3016 *p
= OSSL_PARAM_construct_end();
3017 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
3018 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
3019 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
3020 EVP_RAND_CTX_free(ctx
);
3025 * Test that we correctly return the original or "running" IV after
3026 * an encryption operation.
3027 * Run multiple times for some different relevant algorithms/modes.
3029 static int test_evp_iv_aes(int idx
)
3032 EVP_CIPHER_CTX
*ctx
= NULL
;
3033 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3034 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3035 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3036 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3037 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3038 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3039 9, 10, 11, 12, 13, 14, 15, 16 };
3040 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3041 unsigned char *ref_iv
;
3042 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3043 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3045 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3046 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3047 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3048 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3049 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3050 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3051 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3052 #ifndef OPENSSL_NO_OCB
3053 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3054 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3056 int len
= sizeof(ciphertext
);
3057 size_t ivlen
, ref_len
;
3058 const EVP_CIPHER
*type
= NULL
;
3061 if (nullprov
!= NULL
&& idx
< 6)
3062 return TEST_skip("Test does not support a non-default library context");
3066 type
= EVP_aes_128_cbc();
3069 type
= (type
!= NULL
) ? type
:
3070 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3072 ref_len
= sizeof(cbc_state
);
3076 type
= EVP_aes_128_ofb();
3079 type
= (type
!= NULL
) ? type
:
3080 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3082 ref_len
= sizeof(ofb_state
);
3086 type
= EVP_aes_128_cfb();
3089 type
= (type
!= NULL
) ? type
:
3090 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3092 ref_len
= sizeof(cfb_state
);
3096 type
= EVP_aes_128_gcm();
3099 type
= (type
!= NULL
) ? type
:
3100 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3102 ref_len
= sizeof(gcm_state
);
3105 type
= EVP_aes_128_ccm();
3108 type
= (type
!= NULL
) ? type
:
3109 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3111 ref_len
= sizeof(ccm_state
);
3113 #ifdef OPENSSL_NO_OCB
3119 type
= EVP_aes_128_ocb();
3122 type
= (type
!= NULL
) ? type
:
3123 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3125 ref_len
= sizeof(ocb_state
);
3133 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3134 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3135 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3137 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3138 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3139 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3141 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3142 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3143 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3146 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3147 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3148 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3151 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3154 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3160 EVP_CIPHER_CTX_free(ctx
);
3162 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3166 #ifndef OPENSSL_NO_DES
3167 static int test_evp_iv_des(int idx
)
3170 EVP_CIPHER_CTX
*ctx
= NULL
;
3171 static const unsigned char key
[24] = {
3172 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3173 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3174 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3176 static const unsigned char init_iv
[8] = {
3177 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3179 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3180 9, 10, 11, 12, 13, 14, 15, 16 };
3181 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3182 unsigned const char *ref_iv
;
3183 static const unsigned char cbc_state_des
[8] = {
3184 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3186 static const unsigned char cbc_state_3des
[8] = {
3187 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3189 static const unsigned char ofb_state_des
[8] = {
3190 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3192 static const unsigned char ofb_state_3des
[8] = {
3193 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3195 static const unsigned char cfb_state_des
[8] = {
3196 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3198 static const unsigned char cfb_state_3des
[8] = {
3199 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3201 int len
= sizeof(ciphertext
);
3202 size_t ivlen
, ref_len
;
3203 EVP_CIPHER
*type
= NULL
;
3205 if (lgcyprov
== NULL
&& idx
< 3)
3206 return TEST_skip("Test requires legacy provider to be loaded");
3210 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3211 ref_iv
= cbc_state_des
;
3212 ref_len
= sizeof(cbc_state_des
);
3215 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3216 ref_iv
= ofb_state_des
;
3217 ref_len
= sizeof(ofb_state_des
);
3220 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3221 ref_iv
= cfb_state_des
;
3222 ref_len
= sizeof(cfb_state_des
);
3225 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3226 ref_iv
= cbc_state_3des
;
3227 ref_len
= sizeof(cbc_state_3des
);
3230 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3231 ref_iv
= ofb_state_3des
;
3232 ref_len
= sizeof(ofb_state_3des
);
3235 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3236 ref_iv
= cfb_state_3des
;
3237 ref_len
= sizeof(cfb_state_3des
);
3244 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3245 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3246 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3248 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3249 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3250 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3252 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3253 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3254 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3257 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3258 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3260 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3265 EVP_CIPHER_CTX_free(ctx
);
3266 EVP_CIPHER_free(type
);
3271 #ifndef OPENSSL_NO_EC
3272 static int ecpub_nids
[] = {
3273 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3274 NID_secp384r1
, NID_secp521r1
,
3275 # ifndef OPENSSL_NO_EC2M
3276 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3277 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3279 NID_brainpoolP384r1
, NID_brainpoolP512r1
3282 static int test_ecpub(int idx
)
3284 int ret
= 0, len
, savelen
;
3286 unsigned char buf
[1024];
3288 EVP_PKEY
*pkey
= NULL
;
3289 EVP_PKEY_CTX
*ctx
= NULL
;
3290 # ifndef OPENSSL_NO_DEPRECATED_3_0
3291 const unsigned char *q
;
3292 EVP_PKEY
*pkey2
= NULL
;
3296 if (nullprov
!= NULL
)
3297 return TEST_skip("Test does not support a non-default library context");
3299 nid
= ecpub_nids
[idx
];
3301 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3303 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3304 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3305 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3307 len
= i2d_PublicKey(pkey
, NULL
);
3309 if (!TEST_int_ge(len
, 1)
3310 || !TEST_int_lt(len
, 1024))
3313 len
= i2d_PublicKey(pkey
, &p
);
3314 if (!TEST_int_ge(len
, 1)
3315 || !TEST_int_eq(len
, savelen
))
3318 # ifndef OPENSSL_NO_DEPRECATED_3_0
3319 /* Now try to decode the just-created DER. */
3321 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3322 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3323 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3325 /* EC_KEY ownership transferred */
3327 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3329 /* The keys should match. */
3330 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3337 EVP_PKEY_CTX_free(ctx
);
3338 EVP_PKEY_free(pkey
);
3339 # ifndef OPENSSL_NO_DEPRECATED_3_0
3340 EVP_PKEY_free(pkey2
);
3347 static int test_EVP_rsa_pss_with_keygen_bits(void)
3350 EVP_PKEY_CTX
*ctx
= NULL
;
3351 EVP_PKEY
*pkey
= NULL
;
3354 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3356 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3357 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3358 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3359 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3360 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3363 EVP_PKEY_free(pkey
);
3364 EVP_PKEY_CTX_free(ctx
);
3368 static int test_EVP_rsa_pss_set_saltlen(void)
3371 EVP_PKEY
*pkey
= NULL
;
3372 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3373 EVP_MD
*sha256
= NULL
;
3374 EVP_MD_CTX
*sha256_ctx
= NULL
;
3375 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3376 const int test_value
= 32;
3378 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3379 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3380 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3381 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3382 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3383 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
))
3384 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
))
3385 && TEST_int_eq(saltlen
, test_value
);
3387 EVP_MD_CTX_free(sha256_ctx
);
3388 EVP_PKEY_free(pkey
);
3389 EVP_MD_free(sha256
);
3394 static int success
= 1;
3395 static void md_names(const char *name
, void *vctx
)
3397 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3398 /* Force a namemap update */
3399 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3401 if (!TEST_ptr(aes128
))
3404 EVP_CIPHER_free(aes128
);
3408 * Test that changing the namemap in a user callback works in a names_do_all
3411 static int test_names_do_all(void)
3413 /* We use a custom libctx so that we know the state of the namemap */
3414 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3415 EVP_MD
*sha256
= NULL
;
3421 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3422 if (!TEST_ptr(sha256
))
3426 * We loop through all the names for a given digest. This should still work
3427 * even if the namemap changes part way through.
3429 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3432 if (!TEST_true(success
))
3437 EVP_MD_free(sha256
);
3438 OSSL_LIB_CTX_free(ctx
);
3444 const unsigned char *key
;
3445 const unsigned char *iv
;
3446 const unsigned char *input
;
3447 const unsigned char *expected
;
3448 const unsigned char *tag
;
3449 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3458 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3460 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3461 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3465 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3466 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3467 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3468 sizeof(gcmDefaultTag
), 1, 0, 1
3471 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3472 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3476 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3477 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3478 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3479 sizeof(gcmDefaultTag
), 0, 0, 1
3482 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3483 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3487 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3488 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3489 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3490 sizeof(gcmDefaultTag
), 1, 1, 0
3493 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3494 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3498 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3499 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3500 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3501 sizeof(gcmDefaultTag
), 0, 1, 0
3505 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3509 if (t
->ivlen
!= 0) {
3510 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3513 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3521 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3522 * arguments are given one at a time and a final adjustment to the enc
3523 * parameter sets the correct operation.
3525 static int test_evp_init_seq(int idx
)
3527 int outlen1
, outlen2
;
3529 unsigned char outbuf
[1024];
3530 unsigned char tag
[16];
3531 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3532 EVP_CIPHER_CTX
*ctx
= NULL
;
3533 EVP_CIPHER
*type
= NULL
;
3534 size_t taglen
= sizeof(tag
);
3535 char *errmsg
= NULL
;
3537 ctx
= EVP_CIPHER_CTX_new();
3539 errmsg
= "CTX_ALLOC";
3542 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3543 errmsg
= "CIPHER_FETCH";
3546 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3547 errmsg
= "EMPTY_ENC_INIT";
3550 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3554 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3555 errmsg
= "KEY_INIT (before iv)";
3558 if (!evp_init_seq_set_iv(ctx
, t
)) {
3562 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3563 errmsg
= "KEY_INIT (after iv)";
3566 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3567 errmsg
= "FINAL_ENC_INIT";
3570 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3571 errmsg
= "CIPHER_UPDATE";
3574 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3575 /* Set expected tag */
3576 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3577 t
->taglen
, (void *)t
->tag
))) {
3582 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3583 errmsg
= "CIPHER_FINAL";
3586 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3587 errmsg
= "WRONG_RESULT";
3590 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3591 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3595 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3596 errmsg
= "TAG_ERROR";
3603 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3604 EVP_CIPHER_CTX_free(ctx
);
3605 EVP_CIPHER_free(type
);
3610 const unsigned char *input
;
3611 const unsigned char *expected
;
3615 } EVP_RESET_TEST_st
;
3617 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3619 cfbPlaintext
, cfbCiphertext
,
3620 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3623 cfbCiphertext
, cfbPlaintext
,
3624 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3629 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3632 static int test_evp_reset(int idx
)
3634 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3635 int outlen1
, outlen2
;
3637 unsigned char outbuf
[1024];
3638 EVP_CIPHER_CTX
*ctx
= NULL
;
3639 EVP_CIPHER
*type
= NULL
;
3640 char *errmsg
= NULL
;
3642 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3643 errmsg
= "CTX_ALLOC";
3646 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3647 errmsg
= "CIPHER_FETCH";
3650 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3651 errmsg
= "CIPHER_INIT";
3654 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3658 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3659 errmsg
= "CIPHER_UPDATE";
3662 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3663 errmsg
= "CIPHER_FINAL";
3666 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3667 errmsg
= "WRONG_RESULT";
3670 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3671 errmsg
= "CIPHER_REINIT";
3674 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3675 errmsg
= "CIPHER_UPDATE (reinit)";
3678 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3679 errmsg
= "CIPHER_FINAL (reinit)";
3682 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3683 errmsg
= "WRONG_RESULT (reinit)";
3689 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3690 EVP_CIPHER_CTX_free(ctx
);
3691 EVP_CIPHER_free(type
);
3698 } EVP_UPDATED_IV_TEST_st
;
3700 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3740 * Test that the IV in the context is updated during a crypto operation for CFB
3743 static int test_evp_updated_iv(int idx
)
3745 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3746 int outlen1
, outlen2
;
3748 unsigned char outbuf
[1024];
3749 EVP_CIPHER_CTX
*ctx
= NULL
;
3750 EVP_CIPHER
*type
= NULL
;
3751 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3753 char *errmsg
= NULL
;
3755 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3756 errmsg
= "CTX_ALLOC";
3759 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3760 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3764 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3765 errmsg
= "CIPHER_INIT";
3768 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3772 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3773 errmsg
= "CIPHER_UPDATE";
3776 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3777 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3780 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3781 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3784 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3785 errmsg
= "IV_NOT_UPDATED";
3788 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3789 errmsg
= "CIPHER_FINAL";
3796 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3797 EVP_CIPHER_CTX_free(ctx
);
3798 EVP_CIPHER_free(type
);
3803 const unsigned char *iv1
;
3804 const unsigned char *iv2
;
3805 const unsigned char *expected1
;
3806 const unsigned char *expected2
;
3807 const unsigned char *tag1
;
3808 const unsigned char *tag2
;
3811 size_t expectedlen1
;
3812 size_t expectedlen2
;
3813 } TEST_GCM_IV_REINIT_st
;
3815 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3817 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3818 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3819 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3822 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3823 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3824 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3828 static int test_gcm_reinit(int idx
)
3830 int outlen1
, outlen2
, outlen3
;
3832 unsigned char outbuf
[1024];
3833 unsigned char tag
[16];
3834 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3835 EVP_CIPHER_CTX
*ctx
= NULL
;
3836 EVP_CIPHER
*type
= NULL
;
3837 size_t taglen
= sizeof(tag
);
3838 char *errmsg
= NULL
;
3840 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3841 errmsg
= "CTX_ALLOC";
3844 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3845 errmsg
= "CIPHER_FETCH";
3848 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3849 errmsg
= "ENC_INIT";
3852 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3853 errmsg
= "SET_IVLEN1";
3856 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3860 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3864 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3865 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3866 sizeof(gcmResetPlaintext
)))) {
3867 errmsg
= "CIPHER_UPDATE1";
3870 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3871 errmsg
= "CIPHER_FINAL1";
3874 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3875 errmsg
= "WRONG_RESULT1";
3878 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3879 errmsg
= "GET_TAG1";
3882 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3883 errmsg
= "TAG_ERROR1";
3887 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3888 errmsg
= "SET_IVLEN2";
3891 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3895 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3899 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3900 sizeof(gcmResetPlaintext
)))) {
3901 errmsg
= "CIPHER_UPDATE2";
3904 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3905 errmsg
= "CIPHER_FINAL2";
3908 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3909 errmsg
= "WRONG_RESULT2";
3912 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3913 errmsg
= "GET_TAG2";
3916 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3917 errmsg
= "TAG_ERROR2";
3923 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3924 EVP_CIPHER_CTX_free(ctx
);
3925 EVP_CIPHER_free(type
);
3929 #ifndef OPENSSL_NO_DEPRECATED_3_0
3930 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3931 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3933 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3935 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3937 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3939 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3943 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3945 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3947 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3951 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3952 size_t *outlen
, const unsigned char *in
,
3955 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3956 const unsigned char *tbs
, size_t tbslen
);
3958 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3959 return psign(ctx
, out
, outlen
, in
, inlen
);
3962 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3963 size_t *siglen
, const unsigned char *tbs
,
3966 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3967 const unsigned char *tbs
, size_t tbslen
);
3969 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3970 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3973 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3976 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3978 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3979 return pderive(ctx
, key
, keylen
);
3982 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3984 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3986 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3987 return pcopy(dst
, src
);
3990 static int ctrl_called
;
3992 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3994 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3996 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3998 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
4003 return pctrl(ctx
, type
, p1
, p2
);
4006 static int test_custom_pmeth(int idx
)
4008 EVP_PKEY_CTX
*pctx
= NULL
;
4009 EVP_MD_CTX
*ctx
= NULL
;
4010 EVP_PKEY
*pkey
= NULL
;
4011 int id
, orig_id
, orig_flags
;
4014 unsigned char *res
= NULL
;
4015 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
4016 const EVP_MD
*md
= EVP_sha256();
4021 /* We call deprecated APIs so this test doesn't support a custom libctx */
4022 if (testctx
!= NULL
)
4029 pkey
= load_example_rsa_key();
4033 # ifndef OPENSSL_NO_DSA
4035 pkey
= load_example_dsa_key();
4042 # ifndef OPENSSL_NO_EC
4044 pkey
= load_example_ec_key();
4051 # ifndef OPENSSL_NO_EC
4052 id
= EVP_PKEY_ED25519
;
4054 pkey
= load_example_ed25519_key();
4061 # ifndef OPENSSL_NO_DH
4064 pkey
= load_example_dh_key();
4071 # ifndef OPENSSL_NO_EC
4072 id
= EVP_PKEY_X25519
;
4074 pkey
= load_example_x25519_key();
4080 TEST_error("Should not happen");
4084 if (!TEST_ptr(pkey
))
4088 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4091 EVP_PKEY
*tmp
= pkey
;
4093 /* Convert to a legacy key */
4094 pkey
= EVP_PKEY_new();
4095 if (!TEST_ptr(pkey
)) {
4099 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4104 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4108 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4112 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4113 if (!TEST_int_eq(orig_id
, id
)
4114 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4117 if (id
== EVP_PKEY_ED25519
) {
4118 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4119 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4120 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4122 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4124 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4125 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4126 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4127 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4129 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4130 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4134 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4136 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4137 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4138 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4140 || !TEST_int_eq(ctrl_called
, 1)
4141 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4142 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4143 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4144 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4147 ctx
= EVP_MD_CTX_new();
4148 reslen
= EVP_PKEY_size(pkey
);
4149 res
= OPENSSL_malloc(reslen
);
4152 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4153 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4154 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4156 || !TEST_int_eq(ctrl_called
, 1))
4159 if (id
== EVP_PKEY_ED25519
) {
4160 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4163 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4164 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4172 EVP_MD_CTX_free(ctx
);
4174 EVP_PKEY_CTX_free(pctx
);
4175 EVP_PKEY_free(pkey
);
4176 EVP_PKEY_meth_remove(custom_pmeth
);
4177 EVP_PKEY_meth_free(custom_pmeth
);
4178 custom_pmeth
= NULL
;
4182 static int test_evp_md_cipher_meth(void)
4184 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4185 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4188 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4194 EVP_MD_meth_free(md
);
4195 EVP_CIPHER_meth_free(ciph
);
4204 static int custom_md_init_called
= 0;
4205 static int custom_md_cleanup_called
= 0;
4207 static int custom_md_init(EVP_MD_CTX
*ctx
)
4209 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4214 custom_md_init_called
++;
4218 static int custom_md_cleanup(EVP_MD_CTX
*ctx
)
4220 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4226 custom_md_cleanup_called
++;
4230 static int test_custom_md_meth(void)
4232 EVP_MD_CTX
*mdctx
= NULL
;
4234 char mess
[] = "Test Message\n";
4235 unsigned char md_value
[EVP_MAX_MD_SIZE
];
4236 unsigned int md_len
;
4241 * We are testing deprecated functions. We don't support a non-default
4242 * library context in this test.
4244 if (testctx
!= NULL
)
4247 custom_md_init_called
= custom_md_cleanup_called
= 0;
4249 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4250 if (!TEST_int_ne(nid
, NID_undef
))
4252 tmp
= EVP_MD_meth_new(nid
, NID_undef
);
4256 if (!TEST_true(EVP_MD_meth_set_init(tmp
, custom_md_init
))
4257 || !TEST_true(EVP_MD_meth_set_cleanup(tmp
, custom_md_cleanup
))
4258 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp
,
4259 sizeof(custom_dgst_ctx
))))
4262 mdctx
= EVP_MD_CTX_new();
4263 if (!TEST_ptr(mdctx
)
4265 * Initing our custom md and then initing another md should
4266 * result in the init and cleanup functions of the custom md
4267 * from being called.
4269 || !TEST_true(EVP_DigestInit_ex(mdctx
, tmp
, NULL
))
4270 || !TEST_true(EVP_DigestInit_ex(mdctx
, EVP_sha256(), NULL
))
4271 || !TEST_true(EVP_DigestUpdate(mdctx
, mess
, strlen(mess
)))
4272 || !TEST_true(EVP_DigestFinal_ex(mdctx
, md_value
, &md_len
))
4273 || !TEST_int_eq(custom_md_init_called
, 1)
4274 || !TEST_int_eq(custom_md_cleanup_called
, 1))
4279 EVP_MD_CTX_free(mdctx
);
4280 EVP_MD_meth_free(tmp
);
4284 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4285 /* Test we can create a signature keys with an associated ENGINE */
4286 static int test_signatures_with_engine(int tst
)
4289 const char *engine_id
= "dasync";
4290 EVP_PKEY
*pkey
= NULL
;
4291 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4292 const unsigned char cmackey
[] = {
4293 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4294 0x0c, 0x0d, 0x0e, 0x0f
4296 const unsigned char ed25519key
[] = {
4297 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4298 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4299 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4301 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4303 EVP_MD_CTX
*ctx
= NULL
;
4304 unsigned char *mac
= NULL
;
4308 # ifdef OPENSSL_NO_CMAC
4309 /* Skip CMAC tests in a no-cmac build */
4314 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4317 if (!TEST_true(ENGINE_init(e
))) {
4324 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4328 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4332 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4333 sizeof(ed25519key
));
4336 TEST_error("Invalid test case");
4339 if (!TEST_ptr(pkey
))
4342 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4345 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4348 if (!TEST_true(ret
))
4351 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4352 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4355 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4358 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4361 /* We used a bad key. We expect a failure here */
4362 if (!TEST_false(ret
))
4368 EVP_MD_CTX_free(ctx
);
4370 EVP_PKEY_free(pkey
);
4377 static int test_cipher_with_engine(void)
4380 const char *engine_id
= "dasync";
4381 const unsigned char keyiv
[] = {
4382 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4383 0x0c, 0x0d, 0x0e, 0x0f
4385 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4387 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4388 unsigned char buf
[AES_BLOCK_SIZE
];
4391 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4394 if (!TEST_true(ENGINE_init(e
))) {
4399 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4400 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4403 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4406 /* Copy the ctx, and complete the operation with the new ctx */
4407 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4410 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4411 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4416 EVP_CIPHER_CTX_free(ctx
);
4417 EVP_CIPHER_CTX_free(ctx2
);
4423 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4424 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4426 static int ecxnids
[] = {
4433 /* Test that creating ECX keys with a short private key fails as expected */
4434 static int test_ecx_short_keys(int tst
)
4436 unsigned char ecxkeydata
= 1;
4440 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4441 if (!TEST_ptr_null(pkey
)) {
4442 EVP_PKEY_free(pkey
);
4448 typedef enum OPTION_choice
{
4455 const OPTIONS
*test_get_options(void)
4457 static const OPTIONS options
[] = {
4458 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4459 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4465 int setup_tests(void)
4469 while ((o
= opt_next()) != OPT_EOF
) {
4472 /* Set up an alternate library context */
4473 testctx
= OSSL_LIB_CTX_new();
4474 if (!TEST_ptr(testctx
))
4476 /* Swap the libctx to test non-default context only */
4477 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4478 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4479 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4481 case OPT_TEST_CASES
:
4488 ADD_TEST(test_EVP_set_default_properties
);
4489 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4490 ADD_TEST(test_EVP_DigestVerifyInit
);
4491 #ifndef OPENSSL_NO_SIPHASH
4492 ADD_TEST(test_siphash_digestsign
);
4494 ADD_TEST(test_EVP_Digest
);
4495 ADD_TEST(test_EVP_md_null
);
4496 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4497 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4498 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4499 ADD_TEST(test_privatekey_to_pkcs8
);
4500 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4501 #ifndef OPENSSL_NO_EC
4502 ADD_TEST(test_EVP_PKCS82PKEY
);
4504 #ifndef OPENSSL_NO_EC
4505 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4507 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4508 ADD_TEST(test_EVP_SM2
);
4509 ADD_TEST(test_EVP_SM2_verify
);
4511 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4512 #ifndef OPENSSL_NO_DEPRECATED_3_0
4513 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4514 if (!TEST_ptr(custom_pmeth
))
4516 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4517 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4518 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4519 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4522 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4523 #ifndef OPENSSL_NO_CMAC
4524 ADD_TEST(test_CMAC_keygen
);
4526 ADD_TEST(test_HKDF
);
4527 ADD_TEST(test_emptyikm_HKDF
);
4528 #ifndef OPENSSL_NO_EC
4529 ADD_TEST(test_X509_PUBKEY_inplace
);
4530 ADD_TEST(test_X509_PUBKEY_dup
);
4531 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4532 OSSL_NELEM(ec_der_pub_keys
));
4534 #ifndef OPENSSL_NO_DSA
4535 ADD_TEST(test_DSA_get_set_params
);
4536 ADD_TEST(test_DSA_priv_pub
);
4538 ADD_TEST(test_RSA_get_set_params
);
4539 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4540 ADD_TEST(test_decrypt_null_chunks
);
4542 #ifndef OPENSSL_NO_DH
4543 ADD_TEST(test_DH_priv_pub
);
4544 # ifndef OPENSSL_NO_DEPRECATED_3_0
4545 ADD_TEST(test_EVP_PKEY_set1_DH
);
4548 #ifndef OPENSSL_NO_EC
4549 ADD_TEST(test_EC_priv_pub
);
4550 # ifndef OPENSSL_NO_DEPRECATED_3_0
4551 ADD_TEST(test_EC_priv_only_legacy
);
4554 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4555 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4557 ADD_TEST(test_rand_agglomeration
);
4558 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4559 #ifndef OPENSSL_NO_DES
4560 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4562 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4563 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
4564 #ifndef OPENSSL_NO_EC
4565 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4568 ADD_TEST(test_names_do_all
);
4570 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4571 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4572 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4573 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4575 #ifndef OPENSSL_NO_DEPRECATED_3_0
4576 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4577 ADD_TEST(test_evp_md_cipher_meth
);
4578 ADD_TEST(test_custom_md_meth
);
4580 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4581 /* Tests only support the default libctx */
4582 if (testctx
== NULL
) {
4583 # ifndef OPENSSL_NO_EC
4584 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4586 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4588 ADD_TEST(test_cipher_with_engine
);
4593 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4598 void cleanup_tests(void)
4600 OSSL_PROVIDER_unload(nullprov
);
4601 OSSL_PROVIDER_unload(deflprov
);
4602 OSSL_PROVIDER_unload(lgcyprov
);
4603 OSSL_LIB_CTX_free(testctx
);