2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*pkey
= NULL
;
688 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
690 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
691 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
701 EVP_PKEY_CTX_free(pctx
);
705 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
708 * Test combinations of private, public, missing and private + public key
709 * params to ensure they are all accepted
711 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
712 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
714 OSSL_PARAM_BLD
*bld
= NULL
;
715 OSSL_PARAM
*params
= NULL
;
716 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
720 * Setup the parameters for our pkey object. For our purposes they don't
721 * have to actually be *valid* parameters. We just need to set something.
723 if (!TEST_ptr(p
= BN_new())
724 || !TEST_ptr(q
= BN_new())
725 || !TEST_ptr(g
= BN_new())
726 || !TEST_ptr(pub
= BN_new())
727 || !TEST_ptr(priv
= BN_new()))
730 /* Test !priv and !pub */
731 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
732 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
733 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
734 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
736 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
739 if (!test_fromdata(keytype
, params
))
741 OSSL_PARAM_free(params
);
743 OSSL_PARAM_BLD_free(bld
);
745 /* Test priv and !pub */
746 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
748 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
749 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
750 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
753 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
756 if (!test_fromdata(keytype
, params
))
758 OSSL_PARAM_free(params
);
760 OSSL_PARAM_BLD_free(bld
);
762 /* Test !priv and pub */
763 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
770 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
773 if (!test_fromdata(keytype
, params
))
775 OSSL_PARAM_free(params
);
777 OSSL_PARAM_BLD_free(bld
);
779 /* Test priv and pub */
780 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
789 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
792 if (!test_fromdata(keytype
, params
))
797 OSSL_PARAM_free(params
);
798 OSSL_PARAM_BLD_free(bld
);
807 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
810 * Test combinations of private, public, missing and private + public key
811 * params to ensure they are all accepted for EC keys
813 #ifndef OPENSSL_NO_EC
814 static unsigned char ec_priv
[] = {
815 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
816 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
817 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
819 static unsigned char ec_pub
[] = {
820 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
821 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
822 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
823 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
824 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
825 0x08, 0x09, 0xb8, 0xdb, 0x03
828 static int test_EC_priv_pub(void)
830 OSSL_PARAM_BLD
*bld
= NULL
;
831 OSSL_PARAM
*params
= NULL
;
836 * Setup the parameters for our pkey object. For our purposes they don't
837 * have to actually be *valid* parameters. We just need to set something.
839 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
842 /* Test !priv and !pub */
843 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
845 OSSL_PKEY_PARAM_GROUP_NAME
,
848 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
851 if (!test_fromdata("EC", params
))
853 OSSL_PARAM_free(params
);
855 OSSL_PARAM_BLD_free(bld
);
857 /* Test priv and !pub */
858 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
859 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
860 OSSL_PKEY_PARAM_GROUP_NAME
,
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
865 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
868 if (!test_fromdata("EC", params
))
870 OSSL_PARAM_free(params
);
872 OSSL_PARAM_BLD_free(bld
);
874 /* Test !priv and pub */
875 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
876 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
877 OSSL_PKEY_PARAM_GROUP_NAME
,
879 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
880 OSSL_PKEY_PARAM_PUB_KEY
,
881 ec_pub
, sizeof(ec_pub
))))
883 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
886 if (!test_fromdata("EC", params
))
888 OSSL_PARAM_free(params
);
890 OSSL_PARAM_BLD_free(bld
);
892 /* Test priv and pub */
893 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
894 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
895 OSSL_PKEY_PARAM_GROUP_NAME
,
897 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
898 OSSL_PKEY_PARAM_PUB_KEY
,
899 ec_pub
, sizeof(ec_pub
)))
900 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
903 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
906 if (!test_fromdata("EC", params
))
911 OSSL_PARAM_free(params
);
912 OSSL_PARAM_BLD_free(bld
);
918 /* Test that using a legacy EC key with only a private key in it works */
919 # ifndef OPENSSL_NO_DEPRECATED_3_0
920 static int test_EC_priv_only_legacy(void)
924 EC_KEY
*eckey
= NULL
;
925 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
926 EVP_MD_CTX
*ctx
= NULL
;
928 /* Create the low level EC_KEY */
929 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
932 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
933 if (!TEST_ptr(eckey
))
936 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
939 pkey
= EVP_PKEY_new();
943 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
947 while (dup_pk
== NULL
) {
949 ctx
= EVP_MD_CTX_new();
954 * The EVP_DigestSignInit function should create the key on the
955 * provider side which is sufficient for this test.
957 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
958 testpropq
, pkey
, NULL
)))
960 EVP_MD_CTX_free(ctx
);
963 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
965 /* EVP_PKEY_eq() returns -2 with missing public keys */
966 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
974 EVP_MD_CTX_free(ctx
);
981 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
982 #endif /* OPENSSL_NO_EC */
984 static int test_EVP_PKEY_sign(int tst
)
987 EVP_PKEY
*pkey
= NULL
;
988 unsigned char *sig
= NULL
;
989 size_t sig_len
= 0, shortsig_len
= 1;
990 EVP_PKEY_CTX
*ctx
= NULL
;
991 unsigned char tbs
[] = {
992 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
993 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
997 if (!TEST_ptr(pkey
= load_example_rsa_key()))
999 } else if (tst
== 1) {
1000 #ifndef OPENSSL_NO_DSA
1001 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1008 #ifndef OPENSSL_NO_EC
1009 if (!TEST_ptr(pkey
= load_example_ec_key()))
1017 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1019 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1020 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1023 sig
= OPENSSL_malloc(sig_len
);
1025 /* Test sending a signature buffer that is too short is rejected */
1026 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1028 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1030 /* Test the signature round-trips */
1031 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1032 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1038 EVP_PKEY_CTX_free(ctx
);
1040 EVP_PKEY_free(pkey
);
1045 * n = 0 => test using legacy cipher
1046 * n = 1 => test using fetched cipher
1048 static int test_EVP_Enveloped(int n
)
1051 EVP_CIPHER_CTX
*ctx
= NULL
;
1052 EVP_PKEY
*keypair
= NULL
;
1053 unsigned char *kek
= NULL
;
1054 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1055 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1056 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1057 unsigned char ciphertext
[32], plaintext
[16];
1058 EVP_CIPHER
*type
= NULL
;
1060 if (nullprov
!= NULL
)
1061 return TEST_skip("Test does not support a non-default library context");
1064 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1065 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1069 if (!TEST_ptr(keypair
= load_example_rsa_key())
1070 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1071 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1072 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1074 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1076 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1080 ciphertext_len
+= len
;
1082 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1083 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1084 ciphertext
, ciphertext_len
))
1085 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1088 plaintext_len
+= len
;
1089 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1095 EVP_CIPHER_free(type
);
1097 EVP_PKEY_free(keypair
);
1098 EVP_CIPHER_CTX_free(ctx
);
1103 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1104 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1105 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1106 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1107 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1108 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1109 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1110 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1111 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1112 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1113 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1114 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1115 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1116 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1117 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1119 static int test_EVP_DigestSignInit(int tst
)
1122 EVP_PKEY
*pkey
= NULL
;
1123 unsigned char *sig
= NULL
, *sig2
= NULL
;
1124 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1125 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1126 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1127 BIO
*mdbio
= NULL
, *membio
= NULL
;
1130 EVP_MD
*mdexp
= NULL
;
1132 if (nullprov
!= NULL
)
1133 return TEST_skip("Test does not support a non-default library context");
1135 if (tst
>= 6 && tst
<= 8) {
1136 membio
= BIO_new(BIO_s_mem());
1137 mdbio
= BIO_new(BIO_f_md());
1138 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1140 BIO_push(mdbio
, membio
);
1141 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1144 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1145 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1150 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1152 } else if (tst
% 3 == 1) {
1153 #ifndef OPENSSL_NO_DSA
1154 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1161 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1165 if (tst
>= 3 && tst
<= 5)
1166 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1170 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1173 if (tst
>= 6 && tst
<= 8) {
1174 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1176 } else if (tst
< 6) {
1177 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1182 /* Determine the size of the signature. */
1183 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1185 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1188 /* Test that supply a short sig buffer fails */
1189 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1193 * We end here because once EVP_DigestSign() has failed you should
1194 * not call it again without re-initing the ctx
1199 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1203 /* Determine the size of the signature. */
1204 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1205 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1207 * Trying to create a signature with a deliberately short
1208 * buffer should fail.
1210 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1211 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1216 * Ensure that the signature round-trips (Verification isn't supported for
1217 * HMAC via EVP_DigestVerify*)
1220 if (tst
>= 6 && tst
<= 8) {
1221 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1222 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1226 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1230 if (tst
>= 6 && tst
<= 8) {
1231 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1234 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1238 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1241 /* Multiple calls to EVP_DigestVerifyFinal should work */
1242 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1246 * For HMAC a doubled call to DigestSignFinal should produce the same
1247 * value as finalization should not happen.
1249 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1250 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1251 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1254 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1263 EVP_MD_CTX_free(a_md_ctx
);
1264 EVP_MD_CTX_free(a_md_ctx_verify
);
1265 EVP_PKEY_free(pkey
);
1273 static int test_EVP_DigestVerifyInit(void)
1276 EVP_PKEY
*pkey
= NULL
;
1277 EVP_MD_CTX
*md_ctx
= NULL
;
1279 if (nullprov
!= NULL
)
1280 return TEST_skip("Test does not support a non-default library context");
1282 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1283 || !TEST_ptr(pkey
= load_example_rsa_key()))
1286 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1287 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1288 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1289 sizeof(kSignature
))))
1294 EVP_MD_CTX_free(md_ctx
);
1295 EVP_PKEY_free(pkey
);
1300 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1302 static int test_EVP_Digest(void)
1305 EVP_MD_CTX
*md_ctx
= NULL
;
1306 unsigned char md
[EVP_MAX_MD_SIZE
];
1307 EVP_MD
*sha256
= NULL
;
1308 EVP_MD
*shake256
= NULL
;
1310 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1313 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1314 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1317 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1318 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1319 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1320 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1321 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1324 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1325 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1326 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1327 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1328 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1330 * EVP_DigestInit_ex with NULL type should work on
1331 * pre-initialized context.
1333 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1336 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1337 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1338 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1339 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1340 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1341 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1346 EVP_MD_CTX_free(md_ctx
);
1347 EVP_MD_free(sha256
);
1348 EVP_MD_free(shake256
);
1352 static int test_d2i_AutoPrivateKey(int i
)
1355 const unsigned char *p
;
1356 EVP_PKEY
*pkey
= NULL
;
1357 const APK_DATA
*ak
= &keydata
[i
];
1358 const unsigned char *input
= ak
->kder
;
1359 size_t input_len
= ak
->size
;
1360 int expected_id
= ak
->evptype
;
1363 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1364 || !TEST_ptr_eq(p
, input
+ input_len
)
1365 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1371 EVP_PKEY_free(pkey
);
1375 #ifndef OPENSSL_NO_EC
1377 static const unsigned char ec_public_sect163k1_validxy
[] = {
1378 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1379 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1380 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1381 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1382 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1383 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1386 static const unsigned char ec_public_sect163k1_badx
[] = {
1387 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1388 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1389 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1390 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1391 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1392 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1395 static const unsigned char ec_public_sect163k1_bady
[] = {
1396 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1397 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1398 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1399 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1400 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1401 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1404 static struct ec_der_pub_keys_st
{
1405 const unsigned char *der
;
1408 } ec_der_pub_keys
[] = {
1409 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1410 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1411 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1415 * Tests the range of the decoded EC char2 public point.
1416 * See ec_GF2m_simple_oct2point().
1418 static int test_invalide_ec_char2_pub_range_decode(int id
)
1423 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1424 ec_der_pub_keys
[id
].len
);
1426 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1427 || TEST_ptr_null(pkey
);
1428 EVP_PKEY_free(pkey
);
1432 /* Tests loading a bad key in PKCS8 format */
1433 static int test_EVP_PKCS82PKEY(void)
1436 const unsigned char *derp
= kExampleBadECKeyDER
;
1437 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1438 EVP_PKEY
*pkey
= NULL
;
1440 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1441 sizeof(kExampleBadECKeyDER
))))
1444 if (!TEST_ptr_eq(derp
,
1445 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1448 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1454 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1455 EVP_PKEY_free(pkey
);
1461 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1463 EVP_PKEY
*pkey
= NULL
;
1464 EVP_PKEY
*pkey2
= NULL
;
1466 char *membuf
= NULL
;
1467 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1470 if (testctx
!= NULL
)
1471 /* test not supported with non-default context */
1474 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1475 || !TEST_ptr(pkey
= load_example_rsa_key())
1476 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1477 NULL
, 0, NULL
, NULL
),
1479 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1480 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1481 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1482 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1488 EVP_PKEY_free(pkey
);
1489 EVP_PKEY_free(pkey2
);
1490 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1491 BIO_free_all(membio
);
1495 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1496 static int test_privatekey_to_pkcs8(void)
1498 EVP_PKEY
*pkey
= NULL
;
1500 char *membuf
= NULL
;
1501 long membuf_len
= 0;
1504 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1505 || !TEST_ptr(pkey
= load_example_rsa_key())
1506 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1507 NULL
, 0, NULL
, NULL
),
1509 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1510 || !TEST_ptr(membuf
)
1511 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1512 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1514 * We try to write PEM as well, just to see that it doesn't err, but
1515 * assume that the result is correct.
1517 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1518 NULL
, 0, NULL
, NULL
),
1524 EVP_PKEY_free(pkey
);
1525 BIO_free_all(membio
);
1529 #ifndef OPENSSL_NO_EC
1530 static const struct {
1532 const char *encoding_name
;
1533 } ec_encodings
[] = {
1534 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1535 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1538 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1540 const OSSL_PARAM
*p
;
1541 const char *enc_name
= NULL
;
1547 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1548 OSSL_PKEY_PARAM_EC_ENCODING
))
1549 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1552 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1553 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1554 *enc
= ec_encodings
[i
].encoding
;
1559 return (*enc
!= -1);
1562 static int test_EC_keygen_with_enc(int idx
)
1564 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1565 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1569 enc
= ec_encodings
[idx
].encoding
;
1571 /* Create key parameters */
1572 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1573 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
1574 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1575 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1576 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1577 || !TEST_ptr(params
))
1581 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1582 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
1583 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1587 /* Check that the encoding got all the way into the key */
1588 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1589 ec_export_get_encoding_cb
, &enc
))
1590 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1596 EVP_PKEY_free(params
);
1597 EVP_PKEY_CTX_free(kctx
);
1598 EVP_PKEY_CTX_free(pctx
);
1603 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1605 static int test_EVP_SM2_verify(void)
1607 const char *pubkey
=
1608 "-----BEGIN PUBLIC KEY-----\n"
1609 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1610 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1611 "-----END PUBLIC KEY-----\n";
1613 const char *msg
= "message digest";
1614 const char *id
= "ALICE123@YAHOO.COM";
1616 const uint8_t signature
[] = {
1617 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1618 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1619 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1620 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1621 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1622 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1623 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1628 EVP_PKEY
*pkey
= NULL
;
1629 EVP_MD_CTX
*mctx
= NULL
;
1630 EVP_PKEY_CTX
*pctx
= NULL
;
1633 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1634 if (!TEST_true(bio
!= NULL
))
1637 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1638 if (!TEST_true(pkey
!= NULL
))
1641 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1644 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1647 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1650 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1652 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1655 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1658 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1661 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1664 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
1670 EVP_PKEY_free(pkey
);
1671 EVP_PKEY_CTX_free(pctx
);
1672 EVP_MD_CTX_free(mctx
);
1677 static int test_EVP_SM2(void)
1680 EVP_PKEY
*pkey
= NULL
;
1681 EVP_PKEY
*pkeyparams
= NULL
;
1682 EVP_PKEY_CTX
*pctx
= NULL
;
1683 EVP_PKEY_CTX
*kctx
= NULL
;
1684 EVP_PKEY_CTX
*sctx
= NULL
;
1686 unsigned char *sig
= NULL
;
1687 EVP_MD_CTX
*md_ctx
= NULL
;
1688 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1689 EVP_PKEY_CTX
*cctx
= NULL
;
1690 EVP_MD
*check_md
= NULL
;
1692 uint8_t ciphertext
[128];
1693 size_t ctext_len
= sizeof(ciphertext
);
1695 uint8_t plaintext
[8];
1696 size_t ptext_len
= sizeof(plaintext
);
1698 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1700 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1701 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1703 char mdname
[OSSL_MAX_NAME_SIZE
];
1705 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1709 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1712 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1715 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1718 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1719 pkeyparams
, testpropq
)))
1722 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1725 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1728 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1731 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1734 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1737 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1738 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1740 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1743 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1746 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1749 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1752 /* Determine the size of the signature. */
1753 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1756 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1759 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1762 /* Ensure that the signature round-trips. */
1764 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1768 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1771 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1774 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1777 /* now check encryption/decryption */
1779 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1780 mdname
, sizeof(mdname
));
1781 for (i
= 0; i
< 2; i
++) {
1782 const char *mdnames
[] = {
1783 #ifndef OPENSSL_NO_SM3
1789 EVP_PKEY_CTX_free(cctx
);
1791 if (mdnames
[i
] == NULL
)
1795 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1796 (char *)mdnames
[i
], 0);
1798 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1802 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1805 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1808 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1812 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1815 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1818 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1822 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1826 * Test we're still using the digest we think we are.
1827 * Because of aliases, the easiest is to fetch the digest and
1828 * check the name with EVP_MD_is_a().
1830 EVP_MD_free(check_md
);
1831 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
1833 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
1834 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
1838 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1841 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1847 EVP_PKEY_CTX_free(pctx
);
1848 EVP_PKEY_CTX_free(kctx
);
1849 EVP_PKEY_CTX_free(sctx
);
1850 EVP_PKEY_CTX_free(cctx
);
1851 EVP_PKEY_free(pkey
);
1852 EVP_PKEY_free(pkeyparams
);
1853 EVP_MD_CTX_free(md_ctx
);
1854 EVP_MD_CTX_free(md_ctx_verify
);
1855 EVP_MD_free(check_md
);
1862 static struct keys_st
{
1868 EVP_PKEY_HMAC
, "0123456789", NULL
1871 EVP_PKEY_HMAC
, "", NULL
1872 #ifndef OPENSSL_NO_POLY1305
1874 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1876 #ifndef OPENSSL_NO_SIPHASH
1878 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1881 #ifndef OPENSSL_NO_EC
1883 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1884 "abcdefghijklmnopqrstuvwxyzabcdef"
1886 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1887 "abcdefghijklmnopqrstuvwxyzabcdef"
1890 "01234567890123456789012345678901234567890123456789012345",
1891 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1894 "012345678901234567890123456789012345678901234567890123456",
1895 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1900 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1903 unsigned char buf
[80];
1905 size_t inlen
, len
= 0, shortlen
= 1;
1908 /* Check if this algorithm supports public keys */
1909 if (pub
&& keys
[tst
].pub
== NULL
)
1912 memset(buf
, 0, sizeof(buf
));
1915 #ifndef OPENSSL_NO_EC
1916 inlen
= strlen(keys
[tst
].pub
);
1917 in
= (unsigned char *)keys
[tst
].pub
;
1919 pkey
= EVP_PKEY_new_raw_public_key_ex(
1921 OBJ_nid2sn(keys
[tst
].type
),
1926 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1935 inlen
= strlen(keys
[tst
].priv
);
1936 in
= (unsigned char *)keys
[tst
].priv
;
1938 pkey
= EVP_PKEY_new_raw_private_key_ex(
1939 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1944 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1952 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
1953 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1954 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1955 || !TEST_true(len
== inlen
))
1959 * Test that supplying a buffer that is too small fails. Doesn't apply
1960 * to HMAC with a zero length key
1962 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
1964 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
1968 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1969 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1970 || !TEST_mem_eq(in
, inlen
, buf
, len
))
1975 EVP_PKEY_free(pkey
);
1979 static int test_set_get_raw_keys(int tst
)
1981 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
1982 && test_set_get_raw_keys_int(tst
, 0, 1)
1983 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
1984 && test_set_get_raw_keys_int(tst
, 1, 1);
1987 #ifndef OPENSSL_NO_DEPRECATED_3_0
1988 static int pkey_custom_check(EVP_PKEY
*pkey
)
1993 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
1998 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2003 static EVP_PKEY_METHOD
*custom_pmeth
;
2006 static int test_EVP_PKEY_check(int i
)
2009 EVP_PKEY
*pkey
= NULL
;
2010 EVP_PKEY_CTX
*ctx
= NULL
;
2011 #ifndef OPENSSL_NO_DEPRECATED_3_0
2012 EVP_PKEY_CTX
*ctx2
= NULL
;
2014 const APK_DATA
*ak
= &keycheckdata
[i
];
2015 const unsigned char *input
= ak
->kder
;
2016 size_t input_len
= ak
->size
;
2017 int expected_id
= ak
->evptype
;
2018 int expected_check
= ak
->check
;
2019 int expected_pub_check
= ak
->pub_check
;
2020 int expected_param_check
= ak
->param_check
;
2021 int type
= ak
->type
;
2023 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2026 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2029 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2032 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2035 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2038 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2041 #ifndef OPENSSL_NO_DEPRECATED_3_0
2042 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2043 /* assign the pkey directly, as an internal test */
2044 EVP_PKEY_up_ref(pkey
);
2047 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2050 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2053 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2060 EVP_PKEY_CTX_free(ctx
);
2061 #ifndef OPENSSL_NO_DEPRECATED_3_0
2062 EVP_PKEY_CTX_free(ctx2
);
2064 EVP_PKEY_free(pkey
);
2068 #ifndef OPENSSL_NO_CMAC
2069 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2071 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2072 const char msg
[] = "Hello World";
2073 size_t maclen
= AES_BLOCK_SIZE
;
2076 if (!TEST_ptr(mdctx
)
2077 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2078 testpropq
, pkey
, NULL
))
2079 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2080 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2081 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2084 EVP_MD_CTX_free(mdctx
);
2088 static int test_CMAC_keygen(void)
2090 static unsigned char key
[] = {
2091 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2092 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2093 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2095 EVP_PKEY_CTX
*kctx
= NULL
;
2097 EVP_PKEY
*pkey
= NULL
;
2098 unsigned char mac
[AES_BLOCK_SIZE
];
2099 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2100 unsigned char mac2
[AES_BLOCK_SIZE
];
2103 if (nullprov
!= NULL
)
2104 return TEST_skip("Test does not support a non-default library context");
2107 * This is a legacy method for CMACs, but should still work.
2108 * This verifies that it works without an ENGINE.
2110 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2112 /* Test a CMAC key created using the "generated" method */
2113 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2114 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2115 EVP_PKEY_CTRL_CIPHER
,
2116 0, (void *)EVP_aes_256_ecb()), 0)
2117 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2118 EVP_PKEY_CTRL_SET_MAC_KEY
,
2119 sizeof(key
), (void *)key
), 0)
2120 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2122 || !TEST_true(get_cmac_val(pkey
, mac
)))
2125 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2126 EVP_PKEY_free(pkey
);
2129 * Test a CMAC key using the direct method, and compare with the mac
2132 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2134 || !TEST_true(get_cmac_val(pkey
, mac2
))
2135 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2142 EVP_PKEY_free(pkey
);
2143 EVP_PKEY_CTX_free(kctx
);
2148 static int test_HKDF(void)
2151 unsigned char out
[20];
2154 unsigned char salt
[] = "0123456789";
2155 unsigned char key
[] = "012345678901234567890123456789";
2156 unsigned char info
[] = "infostring";
2157 const unsigned char expected
[] = {
2158 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2159 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2161 size_t expectedlen
= sizeof(expected
);
2163 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2166 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2167 for (i
= 0; i
< 2; i
++) {
2168 outlen
= sizeof(out
);
2169 memset(out
, 0, outlen
);
2171 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2172 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2173 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2174 sizeof(salt
) - 1), 0)
2175 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2176 sizeof(key
) - 1), 0)
2177 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2178 sizeof(info
) - 1), 0)
2179 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2180 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2187 EVP_PKEY_CTX_free(pctx
);
2192 static int test_emptyikm_HKDF(void)
2195 unsigned char out
[20];
2198 unsigned char salt
[] = "9876543210";
2199 unsigned char key
[] = "";
2200 unsigned char info
[] = "stringinfo";
2201 const unsigned char expected
[] = {
2202 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2203 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2205 size_t expectedlen
= sizeof(expected
);
2207 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2210 outlen
= sizeof(out
);
2211 memset(out
, 0, outlen
);
2213 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2214 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2215 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2216 sizeof(salt
) - 1), 0)
2217 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2218 sizeof(key
) - 1), 0)
2219 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2220 sizeof(info
) - 1), 0)
2221 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2222 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2228 EVP_PKEY_CTX_free(pctx
);
2233 #ifndef OPENSSL_NO_EC
2234 static int test_X509_PUBKEY_inplace(void)
2237 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2238 const unsigned char *p
= kExampleECPubKeyDER
;
2239 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2243 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2246 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2249 p
= kExampleBadECPubKeyDER
;
2250 input_len
= sizeof(kExampleBadECPubKeyDER
);
2252 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2255 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2261 X509_PUBKEY_free(xp
);
2265 static int test_X509_PUBKEY_dup(void)
2268 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2269 const unsigned char *p
= kExampleECPubKeyDER
;
2270 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2272 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2274 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2275 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2276 || !TEST_ptr_ne(xp
, xq
))
2279 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2280 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2281 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2284 X509_PUBKEY_free(xq
);
2286 p
= kExampleBadECPubKeyDER
;
2287 input_len
= sizeof(kExampleBadECPubKeyDER
);
2289 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2290 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2293 X509_PUBKEY_free(xp
);
2295 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2301 X509_PUBKEY_free(xp
);
2302 X509_PUBKEY_free(xq
);
2305 #endif /* OPENSSL_NO_EC */
2307 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2308 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2310 EVP_MD_CTX
*mdctx
= NULL
;
2311 EVP_PKEY_CTX
*ctx
= NULL
;
2312 const OSSL_PARAM
*params
;
2313 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2316 char mdname
[OSSL_MAX_NAME_SIZE
];
2319 /* Initialise a sign operation */
2320 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2322 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2326 * We should be able to query the parameters now.
2328 params
= EVP_PKEY_CTX_settable_params(ctx
);
2329 if (!TEST_ptr(params
)
2330 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2331 OSSL_SIGNATURE_PARAM_DIGEST
)))
2334 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2335 if (!TEST_ptr(params
)
2336 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2337 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2338 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2339 OSSL_SIGNATURE_PARAM_DIGEST
)))
2343 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2344 * EVP_PKEY_CTX_get_params()
2346 strcpy(mdname
, "SHA512");
2348 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2350 *param
++ = OSSL_PARAM_construct_end();
2352 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2356 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2357 mdname
, sizeof(mdname
));
2358 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2359 || !TEST_str_eq(mdname
, "SHA512"))
2363 * Test the TEST_PKEY_CTX_set_signature_md() and
2364 * TEST_PKEY_CTX_get_signature_md() functions
2366 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2367 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2368 || !TEST_ptr_eq(md
, EVP_sha256()))
2372 * Test getting MD parameters via an associated EVP_PKEY_CTX
2374 mdctx
= EVP_MD_CTX_new();
2375 if (!TEST_ptr(mdctx
)
2376 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2381 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2382 * able to obtain the digest's settable parameters from the provider.
2384 params
= EVP_MD_CTX_settable_params(mdctx
);
2385 if (!TEST_ptr(params
)
2386 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2387 /* The final key should be NULL */
2388 || !TEST_ptr_null(params
[1].key
))
2392 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2393 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2394 ssl3ms
, sizeof(ssl3ms
));
2395 *param
++ = OSSL_PARAM_construct_end();
2397 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2403 EVP_MD_CTX_free(mdctx
);
2404 EVP_PKEY_CTX_free(ctx
);
2409 #ifndef OPENSSL_NO_DSA
2410 static int test_DSA_get_set_params(void)
2412 OSSL_PARAM_BLD
*bld
= NULL
;
2413 OSSL_PARAM
*params
= NULL
;
2414 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2415 EVP_PKEY_CTX
*pctx
= NULL
;
2416 EVP_PKEY
*pkey
= NULL
;
2420 * Setup the parameters for our DSA object. For our purposes they don't
2421 * have to actually be *valid* parameters. We just need to set something.
2423 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2424 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2425 || !TEST_ptr(p
= BN_new())
2426 || !TEST_ptr(q
= BN_new())
2427 || !TEST_ptr(g
= BN_new())
2428 || !TEST_ptr(pub
= BN_new())
2429 || !TEST_ptr(priv
= BN_new()))
2431 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2432 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2433 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2434 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2436 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2439 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2442 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2443 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2447 if (!TEST_ptr(pkey
))
2450 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2453 EVP_PKEY_free(pkey
);
2454 EVP_PKEY_CTX_free(pctx
);
2455 OSSL_PARAM_free(params
);
2456 OSSL_PARAM_BLD_free(bld
);
2467 * Test combinations of private, public, missing and private + public key
2468 * params to ensure they are all accepted
2470 static int test_DSA_priv_pub(void)
2472 return test_EVP_PKEY_ffc_priv_pub("DSA");
2475 #endif /* !OPENSSL_NO_DSA */
2477 static int test_RSA_get_set_params(void)
2479 OSSL_PARAM_BLD
*bld
= NULL
;
2480 OSSL_PARAM
*params
= NULL
;
2481 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2482 EVP_PKEY_CTX
*pctx
= NULL
;
2483 EVP_PKEY
*pkey
= NULL
;
2487 * Setup the parameters for our RSA object. For our purposes they don't
2488 * have to actually be *valid* parameters. We just need to set something.
2490 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2491 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2492 || !TEST_ptr(n
= BN_new())
2493 || !TEST_ptr(e
= BN_new())
2494 || !TEST_ptr(d
= BN_new()))
2496 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2497 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2498 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2500 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2503 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2504 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2508 if (!TEST_ptr(pkey
))
2511 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2514 EVP_PKEY_free(pkey
);
2515 EVP_PKEY_CTX_free(pctx
);
2516 OSSL_PARAM_free(params
);
2517 OSSL_PARAM_BLD_free(bld
);
2525 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2526 static int test_decrypt_null_chunks(void)
2528 EVP_CIPHER_CTX
* ctx
= NULL
;
2529 EVP_CIPHER
*cipher
= NULL
;
2530 const unsigned char key
[32] = {
2531 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2532 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2533 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2535 unsigned char iv
[12] = {
2536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2538 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2539 unsigned char ciphertext
[80];
2540 unsigned char plaintext
[80];
2541 /* We initialise tmp to a non zero value on purpose */
2542 int ctlen
, ptlen
, tmp
= 99;
2544 const int enc_offset
= 10, dec_offset
= 20;
2546 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2547 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2548 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2550 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2552 /* Deliberate add a zero length update */
2553 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2555 || !TEST_int_eq(tmp
, 0)
2556 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2558 sizeof(msg
) - enc_offset
))
2559 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2560 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2561 || !TEST_int_eq(tmp
, 0))
2564 /* Deliberately initialise tmp to a non zero value */
2566 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2567 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2570 * Deliberately add a zero length update. We also deliberately do
2571 * this at a different offset than for encryption.
2573 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2575 || !TEST_int_eq(tmp
, 0)
2576 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2577 ciphertext
+ dec_offset
,
2578 ctlen
- dec_offset
))
2579 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2580 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2581 || !TEST_int_eq(tmp
, 0)
2582 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2587 EVP_CIPHER_CTX_free(ctx
);
2588 EVP_CIPHER_free(cipher
);
2591 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2593 #ifndef OPENSSL_NO_DH
2595 * Test combinations of private, public, missing and private + public key
2596 * params to ensure they are all accepted
2598 static int test_DH_priv_pub(void)
2600 return test_EVP_PKEY_ffc_priv_pub("DH");
2603 # ifndef OPENSSL_NO_DEPRECATED_3_0
2604 static int test_EVP_PKEY_set1_DH(void)
2606 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2607 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2609 BIGNUM
*p
, *g
= NULL
;
2610 BIGNUM
*pubkey
= NULL
;
2611 unsigned char pub
[2048 / 8];
2614 if (!TEST_ptr(p
= BN_new())
2615 || !TEST_ptr(g
= BN_new())
2616 || !TEST_ptr(pubkey
= BN_new())
2617 || !TEST_true(BN_set_word(p
, 9999))
2618 || !TEST_true(BN_set_word(g
, 2))
2619 || !TEST_true(BN_set_word(pubkey
, 4321))
2620 || !TEST_ptr(noqdh
= DH_new())
2621 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2622 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2623 || !TEST_ptr(pubkey
= BN_new())
2624 || !TEST_true(BN_set_word(pubkey
, 4321)))
2628 x942dh
= DH_get_2048_256();
2629 pkey1
= EVP_PKEY_new();
2630 pkey2
= EVP_PKEY_new();
2631 if (!TEST_ptr(x942dh
)
2635 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2639 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2640 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2643 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2645 || !TEST_ptr(pubkey
))
2648 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2649 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2652 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2653 OSSL_PKEY_PARAM_PUB_KEY
,
2654 pub
, sizeof(pub
), &len
))
2655 || !TEST_size_t_ne(len
, 0))
2663 EVP_PKEY_free(pkey1
);
2664 EVP_PKEY_free(pkey2
);
2670 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2671 #endif /* !OPENSSL_NO_DH */
2674 * We test what happens with an empty template. For the sake of this test,
2675 * the template must be ignored, and we know that's the case for RSA keys
2676 * (this might arguably be a misfeature, but that's what we currently do,
2677 * even in provider code, since that's how the legacy RSA implementation
2680 static int test_keygen_with_empty_template(int n
)
2682 EVP_PKEY_CTX
*ctx
= NULL
;
2683 EVP_PKEY
*pkey
= NULL
;
2684 EVP_PKEY
*tkey
= NULL
;
2687 if (nullprov
!= NULL
)
2688 return TEST_skip("Test does not support a non-default library context");
2692 /* We do test with no template at all as well */
2693 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2697 /* Here we create an empty RSA key that serves as our template */
2698 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2699 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2700 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2705 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2706 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2711 EVP_PKEY_CTX_free(ctx
);
2712 EVP_PKEY_free(pkey
);
2713 EVP_PKEY_free(tkey
);
2718 * Test that we fail if we attempt to use an algorithm that is not available
2719 * in the current library context (unless we are using an algorithm that
2720 * should be made available via legacy codepaths).
2725 static int test_pkey_ctx_fail_without_provider(int tst
)
2727 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2728 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2729 EVP_PKEY_CTX
*pctx
= NULL
;
2730 const char *keytype
= NULL
;
2731 int expect_null
= 0;
2734 if (!TEST_ptr(tmpctx
))
2737 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2738 if (!TEST_ptr(tmpnullprov
))
2742 * We check for certain algos in the null provider.
2743 * If an algo is expected to have a provider keymgmt, contructing an
2744 * EVP_PKEY_CTX is expected to fail (return NULL).
2745 * Otherwise, if it's expected to have legacy support, contructing an
2746 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2756 #ifdef OPENSSL_NO_EC
2757 TEST_info("EC disable, skipping SM2 check...");
2760 #ifdef OPENSSL_NO_SM2
2761 TEST_info("SM2 disable, skipping SM2 check...");
2766 TEST_error("No test for case %d", tst
);
2770 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2771 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2774 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2780 EVP_PKEY_CTX_free(pctx
);
2781 OSSL_PROVIDER_unload(tmpnullprov
);
2782 OSSL_LIB_CTX_free(tmpctx
);
2786 static int test_rand_agglomeration(void)
2790 OSSL_PARAM params
[3], *p
= params
;
2792 unsigned int step
= 7;
2793 static unsigned char seed
[] = "It does not matter how slowly you go "
2794 "as long as you do not stop.";
2795 unsigned char out
[sizeof(seed
)];
2797 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2798 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2800 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2801 EVP_RAND_free(rand
);
2805 memset(out
, 0, sizeof(out
));
2806 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2807 seed
, sizeof(seed
));
2808 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2809 *p
= OSSL_PARAM_construct_end();
2810 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2811 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2812 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2813 EVP_RAND_CTX_free(ctx
);
2818 * Test that we correctly return the original or "running" IV after
2819 * an encryption operation.
2820 * Run multiple times for some different relevant algorithms/modes.
2822 static int test_evp_iv_aes(int idx
)
2825 EVP_CIPHER_CTX
*ctx
= NULL
;
2826 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2827 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2828 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2829 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2830 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2831 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2832 9, 10, 11, 12, 13, 14, 15, 16 };
2833 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2834 unsigned char *ref_iv
;
2835 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2836 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2838 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2839 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2840 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2841 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2842 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2843 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2844 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2845 #ifndef OPENSSL_NO_OCB
2846 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2847 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2849 int len
= sizeof(ciphertext
);
2850 size_t ivlen
, ref_len
;
2851 const EVP_CIPHER
*type
= NULL
;
2854 if (nullprov
!= NULL
&& idx
< 6)
2855 return TEST_skip("Test does not support a non-default library context");
2859 type
= EVP_aes_128_cbc();
2862 type
= (type
!= NULL
) ? type
:
2863 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2865 ref_len
= sizeof(cbc_state
);
2869 type
= EVP_aes_128_ofb();
2872 type
= (type
!= NULL
) ? type
:
2873 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
2875 ref_len
= sizeof(ofb_state
);
2879 type
= EVP_aes_128_cfb();
2882 type
= (type
!= NULL
) ? type
:
2883 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
2885 ref_len
= sizeof(cfb_state
);
2889 type
= EVP_aes_128_gcm();
2892 type
= (type
!= NULL
) ? type
:
2893 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
2895 ref_len
= sizeof(gcm_state
);
2898 type
= EVP_aes_128_ccm();
2901 type
= (type
!= NULL
) ? type
:
2902 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
2904 ref_len
= sizeof(ccm_state
);
2906 #ifdef OPENSSL_NO_OCB
2912 type
= EVP_aes_128_ocb();
2915 type
= (type
!= NULL
) ? type
:
2916 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
2918 ref_len
= sizeof(ocb_state
);
2926 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
2927 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
2928 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
2930 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
2931 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
2932 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
2934 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
2935 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
2936 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
2939 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2940 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
2941 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
2944 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
2947 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
2953 EVP_CIPHER_CTX_free(ctx
);
2955 EVP_CIPHER_free((EVP_CIPHER
*)type
);
2959 #ifndef OPENSSL_NO_DES
2960 static int test_evp_iv_des(int idx
)
2963 EVP_CIPHER_CTX
*ctx
= NULL
;
2964 static const unsigned char key
[24] = {
2965 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2966 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2967 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2969 static const unsigned char init_iv
[8] = {
2970 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2972 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2973 9, 10, 11, 12, 13, 14, 15, 16 };
2974 unsigned char ciphertext
[32], oiv
[8], iv
[8];
2975 unsigned const char *ref_iv
;
2976 static const unsigned char cbc_state_des
[8] = {
2977 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2979 static const unsigned char cbc_state_3des
[8] = {
2980 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2982 static const unsigned char ofb_state_des
[8] = {
2983 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2985 static const unsigned char ofb_state_3des
[8] = {
2986 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2988 static const unsigned char cfb_state_des
[8] = {
2989 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2991 static const unsigned char cfb_state_3des
[8] = {
2992 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2994 int len
= sizeof(ciphertext
);
2995 size_t ivlen
, ref_len
;
2996 EVP_CIPHER
*type
= NULL
;
2998 if (lgcyprov
== NULL
&& idx
< 3)
2999 return TEST_skip("Test requires legacy provider to be loaded");
3003 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3004 ref_iv
= cbc_state_des
;
3005 ref_len
= sizeof(cbc_state_des
);
3008 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3009 ref_iv
= ofb_state_des
;
3010 ref_len
= sizeof(ofb_state_des
);
3013 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3014 ref_iv
= cfb_state_des
;
3015 ref_len
= sizeof(cfb_state_des
);
3018 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3019 ref_iv
= cbc_state_3des
;
3020 ref_len
= sizeof(cbc_state_3des
);
3023 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3024 ref_iv
= ofb_state_3des
;
3025 ref_len
= sizeof(ofb_state_3des
);
3028 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3029 ref_iv
= cfb_state_3des
;
3030 ref_len
= sizeof(cfb_state_3des
);
3037 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3038 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3039 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3041 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3042 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3043 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3045 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3046 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3047 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3050 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3051 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3053 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3058 EVP_CIPHER_CTX_free(ctx
);
3059 EVP_CIPHER_free(type
);
3064 #ifndef OPENSSL_NO_EC
3065 static int ecpub_nids
[] = {
3066 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3067 NID_secp384r1
, NID_secp521r1
,
3068 # ifndef OPENSSL_NO_EC2M
3069 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3070 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3072 NID_brainpoolP384r1
, NID_brainpoolP512r1
3075 static int test_ecpub(int idx
)
3077 int ret
= 0, len
, savelen
;
3079 unsigned char buf
[1024];
3081 EVP_PKEY
*pkey
= NULL
;
3082 EVP_PKEY_CTX
*ctx
= NULL
;
3083 # ifndef OPENSSL_NO_DEPRECATED_3_0
3084 const unsigned char *q
;
3085 EVP_PKEY
*pkey2
= NULL
;
3089 if (nullprov
!= NULL
)
3090 return TEST_skip("Test does not support a non-default library context");
3092 nid
= ecpub_nids
[idx
];
3094 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3096 || !TEST_true(EVP_PKEY_keygen_init(ctx
))
3097 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3098 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3100 len
= i2d_PublicKey(pkey
, NULL
);
3102 if (!TEST_int_ge(len
, 1)
3103 || !TEST_int_lt(len
, 1024))
3106 len
= i2d_PublicKey(pkey
, &p
);
3107 if (!TEST_int_ge(len
, 1)
3108 || !TEST_int_eq(len
, savelen
))
3111 # ifndef OPENSSL_NO_DEPRECATED_3_0
3112 /* Now try to decode the just-created DER. */
3114 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3115 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3116 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3118 /* EC_KEY ownership transferred */
3120 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3122 /* The keys should match. */
3123 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3130 EVP_PKEY_CTX_free(ctx
);
3131 EVP_PKEY_free(pkey
);
3132 # ifndef OPENSSL_NO_DEPRECATED_3_0
3133 EVP_PKEY_free(pkey2
);
3140 static int test_EVP_rsa_pss_with_keygen_bits(void)
3143 EVP_PKEY_CTX
*ctx
= NULL
;
3144 EVP_PKEY
*pkey
= NULL
;
3147 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3149 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3150 && TEST_true(EVP_PKEY_keygen_init(ctx
))
3151 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3152 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3153 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3156 EVP_PKEY_free(pkey
);
3157 EVP_PKEY_CTX_free(ctx
);
3161 static int success
= 1;
3162 static void md_names(const char *name
, void *vctx
)
3164 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3165 /* Force a namemap update */
3166 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3168 if (!TEST_ptr(aes128
))
3171 EVP_CIPHER_free(aes128
);
3175 * Test that changing the namemap in a user callback works in a names_do_all
3178 static int test_names_do_all(void)
3180 /* We use a custom libctx so that we know the state of the namemap */
3181 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3182 EVP_MD
*sha256
= NULL
;
3188 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3189 if (!TEST_ptr(sha256
))
3193 * We loop through all the names for a given digest. This should still work
3194 * even if the namemap changes part way through.
3196 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3199 if (!TEST_true(success
))
3204 EVP_MD_free(sha256
);
3205 OSSL_LIB_CTX_free(ctx
);
3211 const unsigned char *key
;
3212 const unsigned char *iv
;
3213 const unsigned char *input
;
3214 const unsigned char *expected
;
3215 const unsigned char *tag
;
3216 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3225 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3227 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3228 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3232 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3233 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3234 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3235 sizeof(gcmDefaultTag
), 1, 0, 1
3238 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3239 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3243 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3244 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3245 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3246 sizeof(gcmDefaultTag
), 0, 0, 1
3249 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3250 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3254 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3255 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3256 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3257 sizeof(gcmDefaultTag
), 1, 1, 0
3260 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3261 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3265 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3266 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3267 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3268 sizeof(gcmDefaultTag
), 0, 1, 0
3272 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3276 if (t
->ivlen
!= 0) {
3277 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3280 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3288 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3289 * arguments are given one at a time and a final adjustment to the enc
3290 * parameter sets the correct operation.
3292 static int test_evp_init_seq(int idx
)
3294 int outlen1
, outlen2
;
3296 unsigned char outbuf
[1024];
3297 unsigned char tag
[16];
3298 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3299 EVP_CIPHER_CTX
*ctx
= NULL
;
3300 EVP_CIPHER
*type
= NULL
;
3301 size_t taglen
= sizeof(tag
);
3302 char *errmsg
= NULL
;
3304 ctx
= EVP_CIPHER_CTX_new();
3306 errmsg
= "CTX_ALLOC";
3309 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3310 errmsg
= "CIPHER_FETCH";
3313 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3314 errmsg
= "EMPTY_ENC_INIT";
3317 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3321 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3322 errmsg
= "KEY_INIT (before iv)";
3325 if (!evp_init_seq_set_iv(ctx
, t
)) {
3329 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3330 errmsg
= "KEY_INIT (after iv)";
3333 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3334 errmsg
= "FINAL_ENC_INIT";
3337 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3338 errmsg
= "CIPHER_UPDATE";
3341 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3342 /* Set expected tag */
3343 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3344 t
->taglen
, (void *)t
->tag
))) {
3349 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3350 errmsg
= "CIPHER_FINAL";
3353 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3354 errmsg
= "WRONG_RESULT";
3357 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3358 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3362 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3363 errmsg
= "TAG_ERROR";
3370 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3371 EVP_CIPHER_CTX_free(ctx
);
3372 EVP_CIPHER_free(type
);
3377 const unsigned char *input
;
3378 const unsigned char *expected
;
3382 } EVP_RESET_TEST_st
;
3384 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3386 cfbPlaintext
, cfbCiphertext
,
3387 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3390 cfbCiphertext
, cfbPlaintext
,
3391 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3396 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3399 static int test_evp_reset(int idx
)
3401 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3402 int outlen1
, outlen2
;
3404 unsigned char outbuf
[1024];
3405 EVP_CIPHER_CTX
*ctx
= NULL
;
3406 EVP_CIPHER
*type
= NULL
;
3407 char *errmsg
= NULL
;
3409 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3410 errmsg
= "CTX_ALLOC";
3413 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3414 errmsg
= "CIPHER_FETCH";
3417 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3418 errmsg
= "CIPHER_INIT";
3421 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3425 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3426 errmsg
= "CIPHER_UPDATE";
3429 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3430 errmsg
= "CIPHER_FINAL";
3433 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3434 errmsg
= "WRONG_RESULT";
3437 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3438 errmsg
= "CIPHER_REINIT";
3441 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3442 errmsg
= "CIPHER_UPDATE (reinit)";
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3446 errmsg
= "CIPHER_FINAL (reinit)";
3449 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3450 errmsg
= "WRONG_RESULT (reinit)";
3456 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3457 EVP_CIPHER_CTX_free(ctx
);
3458 EVP_CIPHER_free(type
);
3465 } EVP_UPDATED_IV_TEST_st
;
3467 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3507 * Test that the IV in the context is updated during a crypto operation for CFB
3510 static int test_evp_updated_iv(int idx
)
3512 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3513 int outlen1
, outlen2
;
3515 unsigned char outbuf
[1024];
3516 EVP_CIPHER_CTX
*ctx
= NULL
;
3517 EVP_CIPHER
*type
= NULL
;
3518 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3520 char *errmsg
= NULL
;
3522 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3523 errmsg
= "CTX_ALLOC";
3526 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3527 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3531 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3532 errmsg
= "CIPHER_INIT";
3535 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3539 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3540 errmsg
= "CIPHER_UPDATE";
3543 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3544 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3547 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3548 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3551 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3552 errmsg
= "IV_NOT_UPDATED";
3555 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3556 errmsg
= "CIPHER_FINAL";
3563 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3564 EVP_CIPHER_CTX_free(ctx
);
3565 EVP_CIPHER_free(type
);
3570 const unsigned char *iv1
;
3571 const unsigned char *iv2
;
3572 const unsigned char *expected1
;
3573 const unsigned char *expected2
;
3574 const unsigned char *tag1
;
3575 const unsigned char *tag2
;
3578 size_t expectedlen1
;
3579 size_t expectedlen2
;
3580 } TEST_GCM_IV_REINIT_st
;
3582 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3584 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3585 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3586 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3589 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3590 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3591 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3595 static int test_gcm_reinit(int idx
)
3597 int outlen1
, outlen2
, outlen3
;
3599 unsigned char outbuf
[1024];
3600 unsigned char tag
[16];
3601 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3602 EVP_CIPHER_CTX
*ctx
= NULL
;
3603 EVP_CIPHER
*type
= NULL
;
3604 size_t taglen
= sizeof(tag
);
3605 char *errmsg
= NULL
;
3607 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3608 errmsg
= "CTX_ALLOC";
3611 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3612 errmsg
= "CIPHER_FETCH";
3615 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3616 errmsg
= "ENC_INIT";
3619 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3620 errmsg
= "SET_IVLEN1";
3623 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3627 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3631 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3632 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3633 sizeof(gcmResetPlaintext
)))) {
3634 errmsg
= "CIPHER_UPDATE1";
3637 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3638 errmsg
= "CIPHER_FINAL1";
3641 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3642 errmsg
= "WRONG_RESULT1";
3645 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3646 errmsg
= "GET_TAG1";
3649 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3650 errmsg
= "TAG_ERROR1";
3654 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3655 errmsg
= "SET_IVLEN2";
3658 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3662 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3666 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3667 sizeof(gcmResetPlaintext
)))) {
3668 errmsg
= "CIPHER_UPDATE2";
3671 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3672 errmsg
= "CIPHER_FINAL2";
3675 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3676 errmsg
= "WRONG_RESULT2";
3679 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3680 errmsg
= "GET_TAG2";
3683 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3684 errmsg
= "TAG_ERROR2";
3690 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3691 EVP_CIPHER_CTX_free(ctx
);
3692 EVP_CIPHER_free(type
);
3696 #ifndef OPENSSL_NO_DEPRECATED_3_0
3697 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3698 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3700 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3702 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3704 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3706 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3710 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3712 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3714 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3718 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3719 size_t *outlen
, const unsigned char *in
,
3722 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3723 const unsigned char *tbs
, size_t tbslen
);
3725 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3726 return psign(ctx
, out
, outlen
, in
, inlen
);
3729 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3730 size_t *siglen
, const unsigned char *tbs
,
3733 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3734 const unsigned char *tbs
, size_t tbslen
);
3736 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3737 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3740 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3743 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3745 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3746 return pderive(ctx
, key
, keylen
);
3749 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3751 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3753 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3754 return pcopy(dst
, src
);
3757 static int ctrl_called
;
3759 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3761 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3763 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3765 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3770 return pctrl(ctx
, type
, p1
, p2
);
3773 static int test_custom_pmeth(int idx
)
3775 EVP_PKEY_CTX
*pctx
= NULL
;
3776 EVP_MD_CTX
*ctx
= NULL
;
3777 EVP_PKEY
*pkey
= NULL
;
3778 int id
, orig_id
, orig_flags
;
3781 unsigned char *res
= NULL
;
3782 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3783 const EVP_MD
*md
= EVP_sha256();
3788 /* We call deprecated APIs so this test doesn't support a custom libctx */
3789 if (testctx
!= NULL
)
3796 pkey
= load_example_rsa_key();
3800 # ifndef OPENSSL_NO_DSA
3802 pkey
= load_example_dsa_key();
3809 # ifndef OPENSSL_NO_EC
3811 pkey
= load_example_ec_key();
3818 # ifndef OPENSSL_NO_EC
3819 id
= EVP_PKEY_ED25519
;
3821 pkey
= load_example_ed25519_key();
3828 # ifndef OPENSSL_NO_DH
3831 pkey
= load_example_dh_key();
3838 # ifndef OPENSSL_NO_EC
3839 id
= EVP_PKEY_X25519
;
3841 pkey
= load_example_x25519_key();
3847 TEST_error("Should not happen");
3851 if (!TEST_ptr(pkey
))
3855 if (!TEST_true(evp_pkey_is_provided(pkey
)))
3858 EVP_PKEY
*tmp
= pkey
;
3860 /* Convert to a legacy key */
3861 pkey
= EVP_PKEY_new();
3862 if (!TEST_ptr(pkey
)) {
3866 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
3871 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
3875 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
3879 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
3880 if (!TEST_int_eq(orig_id
, id
)
3881 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
3884 if (id
== EVP_PKEY_ED25519
) {
3885 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
3886 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
3887 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
3889 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
3891 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
3892 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
3893 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
3894 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
3896 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
3897 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
3901 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
3903 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
3904 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
3905 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
3907 || !TEST_int_eq(ctrl_called
, 1)
3908 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
3909 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
3910 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
3911 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
3914 ctx
= EVP_MD_CTX_new();
3915 reslen
= EVP_PKEY_size(pkey
);
3916 res
= OPENSSL_malloc(reslen
);
3919 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
3920 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
3921 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
3923 || !TEST_int_eq(ctrl_called
, 1))
3926 if (id
== EVP_PKEY_ED25519
) {
3927 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
3930 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
3931 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
3939 EVP_MD_CTX_free(ctx
);
3941 EVP_PKEY_CTX_free(pctx
);
3942 EVP_PKEY_free(pkey
);
3943 EVP_PKEY_meth_remove(custom_pmeth
);
3944 EVP_PKEY_meth_free(custom_pmeth
);
3945 custom_pmeth
= NULL
;
3949 static int test_evp_md_cipher_meth(void)
3951 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
3952 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3955 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
3961 EVP_MD_meth_free(md
);
3962 EVP_CIPHER_meth_free(ciph
);
3967 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
3968 /* Test we can create a signature keys with an associated ENGINE */
3969 static int test_signatures_with_engine(int tst
)
3972 const char *engine_id
= "dasync";
3973 EVP_PKEY
*pkey
= NULL
;
3974 const unsigned char badcmackey
[] = { 0x00, 0x01 };
3975 const unsigned char cmackey
[] = {
3976 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3977 0x0c, 0x0d, 0x0e, 0x0f
3979 const unsigned char ed25519key
[] = {
3980 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3981 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3984 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
3986 EVP_MD_CTX
*ctx
= NULL
;
3987 unsigned char *mac
= NULL
;
3991 # ifdef OPENSSL_NO_CMAC
3992 /* Skip CMAC tests in a no-cmac build */
3997 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4000 if (!TEST_true(ENGINE_init(e
))) {
4007 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4011 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4015 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4016 sizeof(ed25519key
));
4019 TEST_error("Invalid test case");
4022 if (!TEST_ptr(pkey
))
4025 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4028 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4031 if (!TEST_true(ret
))
4034 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4035 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4038 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4041 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4044 /* We used a bad key. We expect a failure here */
4045 if (!TEST_false(ret
))
4051 EVP_MD_CTX_free(ctx
);
4053 EVP_PKEY_free(pkey
);
4060 static int test_cipher_with_engine(void)
4063 const char *engine_id
= "dasync";
4064 const unsigned char keyiv
[] = {
4065 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4066 0x0c, 0x0d, 0x0e, 0x0f
4068 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4070 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4071 unsigned char buf
[AES_BLOCK_SIZE
];
4074 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4077 if (!TEST_true(ENGINE_init(e
))) {
4082 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4083 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4086 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4089 /* Copy the ctx, and complete the operation with the new ctx */
4090 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4093 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4094 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4099 EVP_CIPHER_CTX_free(ctx
);
4100 EVP_CIPHER_CTX_free(ctx2
);
4106 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4107 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4109 typedef enum OPTION_choice
{
4116 const OPTIONS
*test_get_options(void)
4118 static const OPTIONS options
[] = {
4119 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4120 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4126 int setup_tests(void)
4130 while ((o
= opt_next()) != OPT_EOF
) {
4133 /* Set up an alternate library context */
4134 testctx
= OSSL_LIB_CTX_new();
4135 if (!TEST_ptr(testctx
))
4137 /* Swap the libctx to test non-default context only */
4138 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4139 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4140 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4142 case OPT_TEST_CASES
:
4149 ADD_TEST(test_EVP_set_default_properties
);
4150 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 15);
4151 ADD_TEST(test_EVP_DigestVerifyInit
);
4152 ADD_TEST(test_EVP_Digest
);
4153 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4154 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4155 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4156 ADD_TEST(test_privatekey_to_pkcs8
);
4157 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4158 #ifndef OPENSSL_NO_EC
4159 ADD_TEST(test_EVP_PKCS82PKEY
);
4161 #ifndef OPENSSL_NO_EC
4162 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4164 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4165 ADD_TEST(test_EVP_SM2
);
4166 ADD_TEST(test_EVP_SM2_verify
);
4168 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4169 #ifndef OPENSSL_NO_DEPRECATED_3_0
4170 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4171 if (!TEST_ptr(custom_pmeth
))
4173 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4174 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4175 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4176 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4179 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4180 #ifndef OPENSSL_NO_CMAC
4181 ADD_TEST(test_CMAC_keygen
);
4183 ADD_TEST(test_HKDF
);
4184 ADD_TEST(test_emptyikm_HKDF
);
4185 #ifndef OPENSSL_NO_EC
4186 ADD_TEST(test_X509_PUBKEY_inplace
);
4187 ADD_TEST(test_X509_PUBKEY_dup
);
4188 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4189 OSSL_NELEM(ec_der_pub_keys
));
4191 #ifndef OPENSSL_NO_DSA
4192 ADD_TEST(test_DSA_get_set_params
);
4193 ADD_TEST(test_DSA_priv_pub
);
4195 ADD_TEST(test_RSA_get_set_params
);
4196 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4197 ADD_TEST(test_decrypt_null_chunks
);
4199 #ifndef OPENSSL_NO_DH
4200 ADD_TEST(test_DH_priv_pub
);
4201 # ifndef OPENSSL_NO_DEPRECATED_3_0
4202 ADD_TEST(test_EVP_PKEY_set1_DH
);
4205 #ifndef OPENSSL_NO_EC
4206 ADD_TEST(test_EC_priv_pub
);
4207 # ifndef OPENSSL_NO_DEPRECATED_3_0
4208 ADD_TEST(test_EC_priv_only_legacy
);
4211 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4212 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4214 ADD_TEST(test_rand_agglomeration
);
4215 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4216 #ifndef OPENSSL_NO_DES
4217 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4219 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4220 #ifndef OPENSSL_NO_EC
4221 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4224 ADD_TEST(test_names_do_all
);
4226 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4227 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4228 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4229 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4231 #ifndef OPENSSL_NO_DEPRECATED_3_0
4232 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4233 ADD_TEST(test_evp_md_cipher_meth
);
4235 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4236 /* Tests only support the default libctx */
4237 if (testctx
== NULL
) {
4238 # ifndef OPENSSL_NO_EC
4239 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4241 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4243 ADD_TEST(test_cipher_with_engine
);
4251 void cleanup_tests(void)
4253 OSSL_PROVIDER_unload(nullprov
);
4254 OSSL_PROVIDER_unload(deflprov
);
4255 OSSL_PROVIDER_unload(lgcyprov
);
4256 OSSL_LIB_CTX_free(testctx
);