2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype
, int selection
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*pkey
= NULL
;
688 BIO
*bio
= BIO_new(BIO_s_mem());
690 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
700 /* Check we can use the resulting key */
701 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
702 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
706 if (!TEST_false(ret
))
709 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
711 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
715 if (!TEST_false(ret
))
722 EVP_PKEY_CTX_free(pctx
);
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
736 OSSL_PARAM_BLD
*bld
= NULL
;
737 OSSL_PARAM
*params
= NULL
;
738 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
745 if (!TEST_ptr(p
= BN_new())
746 || !TEST_ptr(q
= BN_new())
747 || !TEST_ptr(g
= BN_new())
748 || !TEST_ptr(pub
= BN_new())
749 || !TEST_ptr(priv
= BN_new()))
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
758 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
761 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
763 OSSL_PARAM_free(params
);
765 OSSL_PARAM_BLD_free(bld
);
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
775 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
778 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
, params
))
780 OSSL_PARAM_free(params
);
782 OSSL_PARAM_BLD_free(bld
);
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
792 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
795 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
797 OSSL_PARAM_free(params
);
799 OSSL_PARAM_BLD_free(bld
);
801 /* Test priv and pub */
802 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
811 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
814 if (!test_fromdata(keytype
, EVP_PKEY_KEYPAIR
, params
))
819 OSSL_PARAM_free(params
);
820 OSSL_PARAM_BLD_free(bld
);
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv
[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
841 static unsigned char ec_pub
[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
850 static int test_EC_priv_pub(void)
852 OSSL_PARAM_BLD
*bld
= NULL
;
853 OSSL_PARAM
*params
= NULL
;
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
861 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
867 OSSL_PKEY_PARAM_GROUP_NAME
,
870 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
875 OSSL_PARAM_free(params
);
877 OSSL_PARAM_BLD_free(bld
);
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
882 OSSL_PKEY_PARAM_GROUP_NAME
,
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
887 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
898 OSSL_PARAM_free(params
);
900 OSSL_PARAM_BLD_free(bld
);
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
905 OSSL_PKEY_PARAM_GROUP_NAME
,
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
908 OSSL_PKEY_PARAM_PUB_KEY
,
909 ec_pub
, sizeof(ec_pub
))))
911 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
916 OSSL_PARAM_free(params
);
918 OSSL_PARAM_BLD_free(bld
);
920 /* Test priv and pub */
921 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
923 OSSL_PKEY_PARAM_GROUP_NAME
,
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
926 OSSL_PKEY_PARAM_PUB_KEY
,
927 ec_pub
, sizeof(ec_pub
)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
931 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR
, params
))
939 OSSL_PARAM_free(params
);
940 OSSL_PARAM_BLD_free(bld
);
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
952 EC_KEY
*eckey
= NULL
;
953 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
954 EVP_MD_CTX
*ctx
= NULL
;
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
960 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
961 if (!TEST_ptr(eckey
))
964 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
967 pkey
= EVP_PKEY_new();
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
975 while (dup_pk
== NULL
) {
977 ctx
= EVP_MD_CTX_new();
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
986 testpropq
, pkey
, NULL
)))
988 EVP_MD_CTX_free(ctx
);
991 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1002 EVP_MD_CTX_free(ctx
);
1003 EVP_PKEY_free(pkey
);
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1012 static int test_EVP_PKEY_sign(int tst
)
1015 EVP_PKEY
*pkey
= NULL
;
1016 unsigned char *sig
= NULL
;
1017 size_t sig_len
= 0, shortsig_len
= 1;
1018 EVP_PKEY_CTX
*ctx
= NULL
;
1019 unsigned char tbs
[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1025 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1027 } else if (tst
== 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey
= load_example_ec_key()))
1045 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1051 sig
= OPENSSL_malloc(sig_len
);
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1066 EVP_PKEY_CTX_free(ctx
);
1068 EVP_PKEY_free(pkey
);
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1076 static int test_EVP_Enveloped(int n
)
1079 EVP_CIPHER_CTX
*ctx
= NULL
;
1080 EVP_PKEY
*keypair
= NULL
;
1081 unsigned char *kek
= NULL
;
1082 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1083 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1085 unsigned char ciphertext
[32], plaintext
[16];
1086 EVP_CIPHER
*type
= NULL
;
1088 if (nullprov
!= NULL
)
1089 return TEST_skip("Test does not support a non-default library context");
1092 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1097 if (!TEST_ptr(keypair
= load_example_rsa_key())
1098 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1099 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1102 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1104 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1108 ciphertext_len
+= len
;
1110 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1111 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1112 ciphertext
, ciphertext_len
))
1113 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1116 plaintext_len
+= len
;
1117 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1123 EVP_CIPHER_free(type
);
1125 EVP_PKEY_free(keypair
);
1126 EVP_CIPHER_CTX_free(ctx
);
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1148 static int test_EVP_DigestSignInit(int tst
)
1151 EVP_PKEY
*pkey
= NULL
;
1152 unsigned char *sig
= NULL
, *sig2
= NULL
;
1153 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1154 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1155 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1156 BIO
*mdbio
= NULL
, *membio
= NULL
;
1159 EVP_MD
*mdexp
= NULL
;
1162 if (nullprov
!= NULL
)
1163 return TEST_skip("Test does not support a non-default library context");
1170 if (tst
>= 6 && tst
<= 8) {
1171 membio
= BIO_new(BIO_s_mem());
1172 mdbio
= BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1175 BIO_push(mdbio
, membio
);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1179 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1185 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1187 } else if (tst
% 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1196 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1200 if (tst
>= 3 && tst
<= 5)
1201 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1208 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1211 if (tst
>= 6 && tst
<= 8) {
1212 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1214 } else if (tst
< 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1223 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1237 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1243 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1258 if (tst
>= 6 && tst
<= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1268 if (tst
>= 6 && tst
<= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1276 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1288 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1292 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1301 EVP_MD_CTX_free(a_md_ctx
);
1302 EVP_MD_CTX_free(a_md_ctx_verify
);
1303 EVP_PKEY_free(pkey
);
1311 static int test_EVP_DigestVerifyInit(void)
1314 EVP_PKEY
*pkey
= NULL
;
1315 EVP_MD_CTX
*md_ctx
= NULL
;
1317 if (nullprov
!= NULL
)
1318 return TEST_skip("Test does not support a non-default library context");
1320 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey
= load_example_rsa_key()))
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1326 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1327 sizeof(kSignature
))))
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1333 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1334 sizeof(kSignature
))))
1339 EVP_MD_CTX_free(md_ctx
);
1340 EVP_PKEY_free(pkey
);
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1348 unsigned char key
[16];
1349 unsigned char buf
[8], digest
[8];
1350 unsigned char expected
[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1353 EVP_PKEY
*pkey
= NULL
;
1354 EVP_MD_CTX
*mdctx
= NULL
;
1355 EVP_PKEY_CTX
*ctx
= NULL
;
1359 if (nullprov
!= NULL
)
1360 return TEST_skip("Test does not support a non-default library context");
1364 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1368 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1371 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1378 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1384 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1389 EVP_PKEY_free(pkey
);
1390 EVP_MD_CTX_free(mdctx
);
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1398 static int test_EVP_Digest(void)
1401 EVP_MD_CTX
*md_ctx
= NULL
;
1402 unsigned char md
[EVP_MAX_MD_SIZE
];
1403 EVP_MD
*sha256
= NULL
;
1404 EVP_MD
*shake256
= NULL
;
1406 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1409 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1410 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1442 EVP_MD_CTX_free(md_ctx
);
1443 EVP_MD_free(sha256
);
1444 EVP_MD_free(shake256
);
1448 static int test_d2i_AutoPrivateKey(int i
)
1451 const unsigned char *p
;
1452 EVP_PKEY
*pkey
= NULL
;
1453 const APK_DATA
*ak
= &keydata
[i
];
1454 const unsigned char *input
= ak
->kder
;
1455 size_t input_len
= ak
->size
;
1456 int expected_id
= ak
->evptype
;
1459 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1460 || !TEST_ptr_eq(p
, input
+ input_len
)
1461 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1467 EVP_PKEY_free(pkey
);
1471 #ifndef OPENSSL_NO_EC
1473 static const unsigned char ec_public_sect163k1_validxy
[] = {
1474 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1475 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1476 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1477 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1478 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1479 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1482 static const unsigned char ec_public_sect163k1_badx
[] = {
1483 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1484 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1485 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1486 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1487 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1488 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1491 static const unsigned char ec_public_sect163k1_bady
[] = {
1492 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1493 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1494 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1495 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1496 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1497 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1500 static struct ec_der_pub_keys_st
{
1501 const unsigned char *der
;
1504 } ec_der_pub_keys
[] = {
1505 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1506 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1507 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1511 * Tests the range of the decoded EC char2 public point.
1512 * See ec_GF2m_simple_oct2point().
1514 static int test_invalide_ec_char2_pub_range_decode(int id
)
1519 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1520 ec_der_pub_keys
[id
].len
);
1522 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1523 || TEST_ptr_null(pkey
);
1524 EVP_PKEY_free(pkey
);
1528 /* Tests loading a bad key in PKCS8 format */
1529 static int test_EVP_PKCS82PKEY(void)
1532 const unsigned char *derp
= kExampleBadECKeyDER
;
1533 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1534 EVP_PKEY
*pkey
= NULL
;
1536 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1537 sizeof(kExampleBadECKeyDER
))))
1540 if (!TEST_ptr_eq(derp
,
1541 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1544 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1550 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1551 EVP_PKEY_free(pkey
);
1557 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1559 EVP_PKEY
*pkey
= NULL
;
1560 EVP_PKEY
*pkey2
= NULL
;
1562 char *membuf
= NULL
;
1563 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1566 if (testctx
!= NULL
)
1567 /* test not supported with non-default context */
1570 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1571 || !TEST_ptr(pkey
= load_example_rsa_key())
1572 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1573 NULL
, 0, NULL
, NULL
),
1575 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1576 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1577 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1578 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1584 EVP_PKEY_free(pkey
);
1585 EVP_PKEY_free(pkey2
);
1586 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1587 BIO_free_all(membio
);
1591 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1592 static int test_privatekey_to_pkcs8(void)
1594 EVP_PKEY
*pkey
= NULL
;
1596 char *membuf
= NULL
;
1597 long membuf_len
= 0;
1600 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1601 || !TEST_ptr(pkey
= load_example_rsa_key())
1602 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1603 NULL
, 0, NULL
, NULL
),
1605 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1606 || !TEST_ptr(membuf
)
1607 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1608 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1610 * We try to write PEM as well, just to see that it doesn't err, but
1611 * assume that the result is correct.
1613 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1614 NULL
, 0, NULL
, NULL
),
1620 EVP_PKEY_free(pkey
);
1621 BIO_free_all(membio
);
1625 #ifndef OPENSSL_NO_EC
1626 static const struct {
1628 const char *encoding_name
;
1629 } ec_encodings
[] = {
1630 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1631 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1634 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1636 const OSSL_PARAM
*p
;
1637 const char *enc_name
= NULL
;
1643 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1644 OSSL_PKEY_PARAM_EC_ENCODING
))
1645 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1648 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1649 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1650 *enc
= ec_encodings
[i
].encoding
;
1655 return (*enc
!= -1);
1658 static int test_EC_keygen_with_enc(int idx
)
1660 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1661 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1665 enc
= ec_encodings
[idx
].encoding
;
1667 /* Create key parameters */
1668 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1669 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
1670 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1671 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1672 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1673 || !TEST_ptr(params
))
1677 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1678 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
1679 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1683 /* Check that the encoding got all the way into the key */
1684 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1685 ec_export_get_encoding_cb
, &enc
))
1686 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1692 EVP_PKEY_free(params
);
1693 EVP_PKEY_CTX_free(kctx
);
1694 EVP_PKEY_CTX_free(pctx
);
1699 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1701 static int test_EVP_SM2_verify(void)
1703 const char *pubkey
=
1704 "-----BEGIN PUBLIC KEY-----\n"
1705 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1706 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1707 "-----END PUBLIC KEY-----\n";
1709 const char *msg
= "message digest";
1710 const char *id
= "ALICE123@YAHOO.COM";
1712 const uint8_t signature
[] = {
1713 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1714 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1715 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1716 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1717 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1718 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1719 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1724 EVP_PKEY
*pkey
= NULL
;
1725 EVP_MD_CTX
*mctx
= NULL
;
1726 EVP_PKEY_CTX
*pctx
= NULL
;
1729 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1730 if (!TEST_true(bio
!= NULL
))
1733 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1734 if (!TEST_true(pkey
!= NULL
))
1737 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1740 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1743 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1746 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1748 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1751 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1754 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1757 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1760 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
1766 EVP_PKEY_free(pkey
);
1767 EVP_PKEY_CTX_free(pctx
);
1768 EVP_MD_CTX_free(mctx
);
1773 static int test_EVP_SM2(void)
1776 EVP_PKEY
*pkey
= NULL
;
1777 EVP_PKEY
*pkeyparams
= NULL
;
1778 EVP_PKEY_CTX
*pctx
= NULL
;
1779 EVP_PKEY_CTX
*kctx
= NULL
;
1780 EVP_PKEY_CTX
*sctx
= NULL
;
1782 unsigned char *sig
= NULL
;
1783 EVP_MD_CTX
*md_ctx
= NULL
;
1784 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1785 EVP_PKEY_CTX
*cctx
= NULL
;
1786 EVP_MD
*check_md
= NULL
;
1788 uint8_t ciphertext
[128];
1789 size_t ctext_len
= sizeof(ciphertext
);
1791 uint8_t plaintext
[8];
1792 size_t ptext_len
= sizeof(plaintext
);
1794 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1796 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1797 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1799 char mdname
[OSSL_MAX_NAME_SIZE
];
1801 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1805 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1808 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1811 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1814 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1815 pkeyparams
, testpropq
)))
1818 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1821 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1824 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1827 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1830 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1833 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1834 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1836 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1839 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1842 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1845 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1848 /* Determine the size of the signature. */
1849 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1852 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1855 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1858 /* Ensure that the signature round-trips. */
1860 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1864 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1867 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1870 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1873 /* now check encryption/decryption */
1875 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1876 mdname
, sizeof(mdname
));
1877 for (i
= 0; i
< 2; i
++) {
1878 const char *mdnames
[] = {
1879 #ifndef OPENSSL_NO_SM3
1885 EVP_PKEY_CTX_free(cctx
);
1887 if (mdnames
[i
] == NULL
)
1891 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1892 (char *)mdnames
[i
], 0);
1894 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1898 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1901 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1904 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1908 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1911 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1914 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1918 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1922 * Test we're still using the digest we think we are.
1923 * Because of aliases, the easiest is to fetch the digest and
1924 * check the name with EVP_MD_is_a().
1926 EVP_MD_free(check_md
);
1927 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
1929 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
1930 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
1934 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1937 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1943 EVP_PKEY_CTX_free(pctx
);
1944 EVP_PKEY_CTX_free(kctx
);
1945 EVP_PKEY_CTX_free(sctx
);
1946 EVP_PKEY_CTX_free(cctx
);
1947 EVP_PKEY_free(pkey
);
1948 EVP_PKEY_free(pkeyparams
);
1949 EVP_MD_CTX_free(md_ctx
);
1950 EVP_MD_CTX_free(md_ctx_verify
);
1951 EVP_MD_free(check_md
);
1958 static struct keys_st
{
1964 EVP_PKEY_HMAC
, "0123456789", NULL
1967 EVP_PKEY_HMAC
, "", NULL
1968 #ifndef OPENSSL_NO_POLY1305
1970 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1972 #ifndef OPENSSL_NO_SIPHASH
1974 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1977 #ifndef OPENSSL_NO_EC
1979 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1980 "abcdefghijklmnopqrstuvwxyzabcdef"
1982 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1983 "abcdefghijklmnopqrstuvwxyzabcdef"
1986 "01234567890123456789012345678901234567890123456789012345",
1987 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1990 "012345678901234567890123456789012345678901234567890123456",
1991 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1996 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1999 unsigned char buf
[80];
2001 size_t inlen
, len
= 0, shortlen
= 1;
2004 /* Check if this algorithm supports public keys */
2005 if (pub
&& keys
[tst
].pub
== NULL
)
2008 memset(buf
, 0, sizeof(buf
));
2011 #ifndef OPENSSL_NO_EC
2012 inlen
= strlen(keys
[tst
].pub
);
2013 in
= (unsigned char *)keys
[tst
].pub
;
2015 pkey
= EVP_PKEY_new_raw_public_key_ex(
2017 OBJ_nid2sn(keys
[tst
].type
),
2022 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2031 inlen
= strlen(keys
[tst
].priv
);
2032 in
= (unsigned char *)keys
[tst
].priv
;
2034 pkey
= EVP_PKEY_new_raw_private_key_ex(
2035 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2040 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2048 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2049 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2050 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2051 || !TEST_true(len
== inlen
))
2055 * Test that supplying a buffer that is too small fails. Doesn't apply
2056 * to HMAC with a zero length key
2058 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2060 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2064 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2065 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2066 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2071 EVP_PKEY_free(pkey
);
2075 static int test_set_get_raw_keys(int tst
)
2077 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2078 && test_set_get_raw_keys_int(tst
, 0, 1)
2079 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2080 && test_set_get_raw_keys_int(tst
, 1, 1);
2083 #ifndef OPENSSL_NO_DEPRECATED_3_0
2084 static int pkey_custom_check(EVP_PKEY
*pkey
)
2089 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2094 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2099 static EVP_PKEY_METHOD
*custom_pmeth
;
2102 static int test_EVP_PKEY_check(int i
)
2105 EVP_PKEY
*pkey
= NULL
;
2106 EVP_PKEY_CTX
*ctx
= NULL
;
2107 #ifndef OPENSSL_NO_DEPRECATED_3_0
2108 EVP_PKEY_CTX
*ctx2
= NULL
;
2110 const APK_DATA
*ak
= &keycheckdata
[i
];
2111 const unsigned char *input
= ak
->kder
;
2112 size_t input_len
= ak
->size
;
2113 int expected_id
= ak
->evptype
;
2114 int expected_check
= ak
->check
;
2115 int expected_pub_check
= ak
->pub_check
;
2116 int expected_param_check
= ak
->param_check
;
2117 int type
= ak
->type
;
2119 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2122 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2125 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2128 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2131 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2134 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2137 #ifndef OPENSSL_NO_DEPRECATED_3_0
2138 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2139 /* assign the pkey directly, as an internal test */
2140 EVP_PKEY_up_ref(pkey
);
2143 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2146 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2149 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2156 EVP_PKEY_CTX_free(ctx
);
2157 #ifndef OPENSSL_NO_DEPRECATED_3_0
2158 EVP_PKEY_CTX_free(ctx2
);
2160 EVP_PKEY_free(pkey
);
2164 #ifndef OPENSSL_NO_CMAC
2165 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2167 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2168 const char msg
[] = "Hello World";
2169 size_t maclen
= AES_BLOCK_SIZE
;
2172 if (!TEST_ptr(mdctx
)
2173 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2174 testpropq
, pkey
, NULL
))
2175 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2176 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2177 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2180 EVP_MD_CTX_free(mdctx
);
2184 static int test_CMAC_keygen(void)
2186 static unsigned char key
[] = {
2187 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2188 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2189 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2191 EVP_PKEY_CTX
*kctx
= NULL
;
2193 EVP_PKEY
*pkey
= NULL
;
2194 unsigned char mac
[AES_BLOCK_SIZE
];
2195 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2196 unsigned char mac2
[AES_BLOCK_SIZE
];
2199 if (nullprov
!= NULL
)
2200 return TEST_skip("Test does not support a non-default library context");
2203 * This is a legacy method for CMACs, but should still work.
2204 * This verifies that it works without an ENGINE.
2206 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2208 /* Test a CMAC key created using the "generated" method */
2209 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2210 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2211 EVP_PKEY_CTRL_CIPHER
,
2212 0, (void *)EVP_aes_256_ecb()), 0)
2213 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2214 EVP_PKEY_CTRL_SET_MAC_KEY
,
2215 sizeof(key
), (void *)key
), 0)
2216 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2218 || !TEST_true(get_cmac_val(pkey
, mac
)))
2221 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2222 EVP_PKEY_free(pkey
);
2225 * Test a CMAC key using the direct method, and compare with the mac
2228 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2230 || !TEST_true(get_cmac_val(pkey
, mac2
))
2231 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2238 EVP_PKEY_free(pkey
);
2239 EVP_PKEY_CTX_free(kctx
);
2244 static int test_HKDF(void)
2247 unsigned char out
[20];
2250 unsigned char salt
[] = "0123456789";
2251 unsigned char key
[] = "012345678901234567890123456789";
2252 unsigned char info
[] = "infostring";
2253 const unsigned char expected
[] = {
2254 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2255 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2257 size_t expectedlen
= sizeof(expected
);
2259 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2262 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2263 for (i
= 0; i
< 2; i
++) {
2264 outlen
= sizeof(out
);
2265 memset(out
, 0, outlen
);
2267 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2268 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2269 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2270 sizeof(salt
) - 1), 0)
2271 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2272 sizeof(key
) - 1), 0)
2273 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2274 sizeof(info
) - 1), 0)
2275 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2276 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2283 EVP_PKEY_CTX_free(pctx
);
2288 static int test_emptyikm_HKDF(void)
2291 unsigned char out
[20];
2294 unsigned char salt
[] = "9876543210";
2295 unsigned char key
[] = "";
2296 unsigned char info
[] = "stringinfo";
2297 const unsigned char expected
[] = {
2298 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2299 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2301 size_t expectedlen
= sizeof(expected
);
2303 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2306 outlen
= sizeof(out
);
2307 memset(out
, 0, outlen
);
2309 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2310 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2311 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2312 sizeof(salt
) - 1), 0)
2313 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2314 sizeof(key
) - 1), 0)
2315 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2316 sizeof(info
) - 1), 0)
2317 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2318 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2324 EVP_PKEY_CTX_free(pctx
);
2329 #ifndef OPENSSL_NO_EC
2330 static int test_X509_PUBKEY_inplace(void)
2333 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2334 const unsigned char *p
= kExampleECPubKeyDER
;
2335 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2339 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2342 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2345 p
= kExampleBadECPubKeyDER
;
2346 input_len
= sizeof(kExampleBadECPubKeyDER
);
2348 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2351 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2357 X509_PUBKEY_free(xp
);
2361 static int test_X509_PUBKEY_dup(void)
2364 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2365 const unsigned char *p
= kExampleECPubKeyDER
;
2366 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2368 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2370 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2371 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2372 || !TEST_ptr_ne(xp
, xq
))
2375 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2376 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2377 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2380 X509_PUBKEY_free(xq
);
2382 p
= kExampleBadECPubKeyDER
;
2383 input_len
= sizeof(kExampleBadECPubKeyDER
);
2385 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2386 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2389 X509_PUBKEY_free(xp
);
2391 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2397 X509_PUBKEY_free(xp
);
2398 X509_PUBKEY_free(xq
);
2401 #endif /* OPENSSL_NO_EC */
2403 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2404 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2406 EVP_MD_CTX
*mdctx
= NULL
;
2407 EVP_PKEY_CTX
*ctx
= NULL
;
2408 const OSSL_PARAM
*params
;
2409 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2412 char mdname
[OSSL_MAX_NAME_SIZE
];
2415 /* Initialise a sign operation */
2416 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2418 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2422 * We should be able to query the parameters now.
2424 params
= EVP_PKEY_CTX_settable_params(ctx
);
2425 if (!TEST_ptr(params
)
2426 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2427 OSSL_SIGNATURE_PARAM_DIGEST
)))
2430 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2431 if (!TEST_ptr(params
)
2432 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2433 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2434 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2435 OSSL_SIGNATURE_PARAM_DIGEST
)))
2439 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2440 * EVP_PKEY_CTX_get_params()
2442 strcpy(mdname
, "SHA512");
2444 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2446 *param
++ = OSSL_PARAM_construct_end();
2448 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2452 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2453 mdname
, sizeof(mdname
));
2454 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2455 || !TEST_str_eq(mdname
, "SHA512"))
2459 * Test the TEST_PKEY_CTX_set_signature_md() and
2460 * TEST_PKEY_CTX_get_signature_md() functions
2462 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2463 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2464 || !TEST_ptr_eq(md
, EVP_sha256()))
2468 * Test getting MD parameters via an associated EVP_PKEY_CTX
2470 mdctx
= EVP_MD_CTX_new();
2471 if (!TEST_ptr(mdctx
)
2472 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2477 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2478 * able to obtain the digest's settable parameters from the provider.
2480 params
= EVP_MD_CTX_settable_params(mdctx
);
2481 if (!TEST_ptr(params
)
2482 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2483 /* The final key should be NULL */
2484 || !TEST_ptr_null(params
[1].key
))
2488 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2489 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2490 ssl3ms
, sizeof(ssl3ms
));
2491 *param
++ = OSSL_PARAM_construct_end();
2493 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2499 EVP_MD_CTX_free(mdctx
);
2500 EVP_PKEY_CTX_free(ctx
);
2505 #ifndef OPENSSL_NO_DSA
2506 static int test_DSA_get_set_params(void)
2508 OSSL_PARAM_BLD
*bld
= NULL
;
2509 OSSL_PARAM
*params
= NULL
;
2510 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2511 EVP_PKEY_CTX
*pctx
= NULL
;
2512 EVP_PKEY
*pkey
= NULL
;
2516 * Setup the parameters for our DSA object. For our purposes they don't
2517 * have to actually be *valid* parameters. We just need to set something.
2519 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2520 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2521 || !TEST_ptr(p
= BN_new())
2522 || !TEST_ptr(q
= BN_new())
2523 || !TEST_ptr(g
= BN_new())
2524 || !TEST_ptr(pub
= BN_new())
2525 || !TEST_ptr(priv
= BN_new()))
2527 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2528 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2529 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2530 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2532 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2535 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2538 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2539 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2543 if (!TEST_ptr(pkey
))
2546 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2549 EVP_PKEY_free(pkey
);
2550 EVP_PKEY_CTX_free(pctx
);
2551 OSSL_PARAM_free(params
);
2552 OSSL_PARAM_BLD_free(bld
);
2563 * Test combinations of private, public, missing and private + public key
2564 * params to ensure they are all accepted
2566 static int test_DSA_priv_pub(void)
2568 return test_EVP_PKEY_ffc_priv_pub("DSA");
2571 #endif /* !OPENSSL_NO_DSA */
2573 static int test_RSA_get_set_params(void)
2575 OSSL_PARAM_BLD
*bld
= NULL
;
2576 OSSL_PARAM
*params
= NULL
;
2577 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2578 EVP_PKEY_CTX
*pctx
= NULL
;
2579 EVP_PKEY
*pkey
= NULL
;
2583 * Setup the parameters for our RSA object. For our purposes they don't
2584 * have to actually be *valid* parameters. We just need to set something.
2586 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2587 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2588 || !TEST_ptr(n
= BN_new())
2589 || !TEST_ptr(e
= BN_new())
2590 || !TEST_ptr(d
= BN_new()))
2592 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2593 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2594 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2596 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2599 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2600 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2604 if (!TEST_ptr(pkey
))
2607 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2610 EVP_PKEY_free(pkey
);
2611 EVP_PKEY_CTX_free(pctx
);
2612 OSSL_PARAM_free(params
);
2613 OSSL_PARAM_BLD_free(bld
);
2621 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2622 static int test_decrypt_null_chunks(void)
2624 EVP_CIPHER_CTX
* ctx
= NULL
;
2625 EVP_CIPHER
*cipher
= NULL
;
2626 const unsigned char key
[32] = {
2627 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2628 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2629 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2631 unsigned char iv
[12] = {
2632 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2634 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2635 unsigned char ciphertext
[80];
2636 unsigned char plaintext
[80];
2637 /* We initialise tmp to a non zero value on purpose */
2638 int ctlen
, ptlen
, tmp
= 99;
2640 const int enc_offset
= 10, dec_offset
= 20;
2642 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2643 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2644 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2646 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2648 /* Deliberate add a zero length update */
2649 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2651 || !TEST_int_eq(tmp
, 0)
2652 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2654 sizeof(msg
) - enc_offset
))
2655 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2656 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2657 || !TEST_int_eq(tmp
, 0))
2660 /* Deliberately initialise tmp to a non zero value */
2662 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2663 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2666 * Deliberately add a zero length update. We also deliberately do
2667 * this at a different offset than for encryption.
2669 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2671 || !TEST_int_eq(tmp
, 0)
2672 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2673 ciphertext
+ dec_offset
,
2674 ctlen
- dec_offset
))
2675 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2676 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2677 || !TEST_int_eq(tmp
, 0)
2678 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2683 EVP_CIPHER_CTX_free(ctx
);
2684 EVP_CIPHER_free(cipher
);
2687 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2689 #ifndef OPENSSL_NO_DH
2691 * Test combinations of private, public, missing and private + public key
2692 * params to ensure they are all accepted
2694 static int test_DH_priv_pub(void)
2696 return test_EVP_PKEY_ffc_priv_pub("DH");
2699 # ifndef OPENSSL_NO_DEPRECATED_3_0
2700 static int test_EVP_PKEY_set1_DH(void)
2702 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2703 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2705 BIGNUM
*p
, *g
= NULL
;
2706 BIGNUM
*pubkey
= NULL
;
2707 unsigned char pub
[2048 / 8];
2710 if (!TEST_ptr(p
= BN_new())
2711 || !TEST_ptr(g
= BN_new())
2712 || !TEST_ptr(pubkey
= BN_new())
2713 || !TEST_true(BN_set_word(p
, 9999))
2714 || !TEST_true(BN_set_word(g
, 2))
2715 || !TEST_true(BN_set_word(pubkey
, 4321))
2716 || !TEST_ptr(noqdh
= DH_new())
2717 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2718 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2719 || !TEST_ptr(pubkey
= BN_new())
2720 || !TEST_true(BN_set_word(pubkey
, 4321)))
2724 x942dh
= DH_get_2048_256();
2725 pkey1
= EVP_PKEY_new();
2726 pkey2
= EVP_PKEY_new();
2727 if (!TEST_ptr(x942dh
)
2731 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2735 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2736 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2739 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2741 || !TEST_ptr(pubkey
))
2744 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2745 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2748 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2749 OSSL_PKEY_PARAM_PUB_KEY
,
2750 pub
, sizeof(pub
), &len
))
2751 || !TEST_size_t_ne(len
, 0))
2759 EVP_PKEY_free(pkey1
);
2760 EVP_PKEY_free(pkey2
);
2766 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2767 #endif /* !OPENSSL_NO_DH */
2770 * We test what happens with an empty template. For the sake of this test,
2771 * the template must be ignored, and we know that's the case for RSA keys
2772 * (this might arguably be a misfeature, but that's what we currently do,
2773 * even in provider code, since that's how the legacy RSA implementation
2776 static int test_keygen_with_empty_template(int n
)
2778 EVP_PKEY_CTX
*ctx
= NULL
;
2779 EVP_PKEY
*pkey
= NULL
;
2780 EVP_PKEY
*tkey
= NULL
;
2783 if (nullprov
!= NULL
)
2784 return TEST_skip("Test does not support a non-default library context");
2788 /* We do test with no template at all as well */
2789 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2793 /* Here we create an empty RSA key that serves as our template */
2794 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2795 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2796 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2801 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2802 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2807 EVP_PKEY_CTX_free(ctx
);
2808 EVP_PKEY_free(pkey
);
2809 EVP_PKEY_free(tkey
);
2814 * Test that we fail if we attempt to use an algorithm that is not available
2815 * in the current library context (unless we are using an algorithm that
2816 * should be made available via legacy codepaths).
2821 static int test_pkey_ctx_fail_without_provider(int tst
)
2823 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2824 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2825 EVP_PKEY_CTX
*pctx
= NULL
;
2826 const char *keytype
= NULL
;
2827 int expect_null
= 0;
2830 if (!TEST_ptr(tmpctx
))
2833 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2834 if (!TEST_ptr(tmpnullprov
))
2838 * We check for certain algos in the null provider.
2839 * If an algo is expected to have a provider keymgmt, contructing an
2840 * EVP_PKEY_CTX is expected to fail (return NULL).
2841 * Otherwise, if it's expected to have legacy support, contructing an
2842 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2852 #ifdef OPENSSL_NO_EC
2853 TEST_info("EC disable, skipping SM2 check...");
2856 #ifdef OPENSSL_NO_SM2
2857 TEST_info("SM2 disable, skipping SM2 check...");
2862 TEST_error("No test for case %d", tst
);
2866 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2867 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2870 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2876 EVP_PKEY_CTX_free(pctx
);
2877 OSSL_PROVIDER_unload(tmpnullprov
);
2878 OSSL_LIB_CTX_free(tmpctx
);
2882 static int test_rand_agglomeration(void)
2886 OSSL_PARAM params
[3], *p
= params
;
2888 unsigned int step
= 7;
2889 static unsigned char seed
[] = "It does not matter how slowly you go "
2890 "as long as you do not stop.";
2891 unsigned char out
[sizeof(seed
)];
2893 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2894 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2896 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2897 EVP_RAND_free(rand
);
2901 memset(out
, 0, sizeof(out
));
2902 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2903 seed
, sizeof(seed
));
2904 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2905 *p
= OSSL_PARAM_construct_end();
2906 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2907 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2908 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2909 EVP_RAND_CTX_free(ctx
);
2914 * Test that we correctly return the original or "running" IV after
2915 * an encryption operation.
2916 * Run multiple times for some different relevant algorithms/modes.
2918 static int test_evp_iv_aes(int idx
)
2921 EVP_CIPHER_CTX
*ctx
= NULL
;
2922 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2923 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2924 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2925 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2926 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2927 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2928 9, 10, 11, 12, 13, 14, 15, 16 };
2929 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2930 unsigned char *ref_iv
;
2931 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2932 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2934 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2935 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2936 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2937 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2938 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2939 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2940 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2941 #ifndef OPENSSL_NO_OCB
2942 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2943 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2945 int len
= sizeof(ciphertext
);
2946 size_t ivlen
, ref_len
;
2947 const EVP_CIPHER
*type
= NULL
;
2950 if (nullprov
!= NULL
&& idx
< 6)
2951 return TEST_skip("Test does not support a non-default library context");
2955 type
= EVP_aes_128_cbc();
2958 type
= (type
!= NULL
) ? type
:
2959 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2961 ref_len
= sizeof(cbc_state
);
2965 type
= EVP_aes_128_ofb();
2968 type
= (type
!= NULL
) ? type
:
2969 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
2971 ref_len
= sizeof(ofb_state
);
2975 type
= EVP_aes_128_cfb();
2978 type
= (type
!= NULL
) ? type
:
2979 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
2981 ref_len
= sizeof(cfb_state
);
2985 type
= EVP_aes_128_gcm();
2988 type
= (type
!= NULL
) ? type
:
2989 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
2991 ref_len
= sizeof(gcm_state
);
2994 type
= EVP_aes_128_ccm();
2997 type
= (type
!= NULL
) ? type
:
2998 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3000 ref_len
= sizeof(ccm_state
);
3002 #ifdef OPENSSL_NO_OCB
3008 type
= EVP_aes_128_ocb();
3011 type
= (type
!= NULL
) ? type
:
3012 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3014 ref_len
= sizeof(ocb_state
);
3022 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3023 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3024 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3026 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3027 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3028 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3030 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3031 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3032 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3035 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3036 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3037 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3040 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3043 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3049 EVP_CIPHER_CTX_free(ctx
);
3051 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3055 #ifndef OPENSSL_NO_DES
3056 static int test_evp_iv_des(int idx
)
3059 EVP_CIPHER_CTX
*ctx
= NULL
;
3060 static const unsigned char key
[24] = {
3061 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3062 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3063 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3065 static const unsigned char init_iv
[8] = {
3066 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3068 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3069 9, 10, 11, 12, 13, 14, 15, 16 };
3070 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3071 unsigned const char *ref_iv
;
3072 static const unsigned char cbc_state_des
[8] = {
3073 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3075 static const unsigned char cbc_state_3des
[8] = {
3076 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3078 static const unsigned char ofb_state_des
[8] = {
3079 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3081 static const unsigned char ofb_state_3des
[8] = {
3082 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3084 static const unsigned char cfb_state_des
[8] = {
3085 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3087 static const unsigned char cfb_state_3des
[8] = {
3088 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3090 int len
= sizeof(ciphertext
);
3091 size_t ivlen
, ref_len
;
3092 EVP_CIPHER
*type
= NULL
;
3094 if (lgcyprov
== NULL
&& idx
< 3)
3095 return TEST_skip("Test requires legacy provider to be loaded");
3099 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3100 ref_iv
= cbc_state_des
;
3101 ref_len
= sizeof(cbc_state_des
);
3104 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3105 ref_iv
= ofb_state_des
;
3106 ref_len
= sizeof(ofb_state_des
);
3109 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3110 ref_iv
= cfb_state_des
;
3111 ref_len
= sizeof(cfb_state_des
);
3114 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3115 ref_iv
= cbc_state_3des
;
3116 ref_len
= sizeof(cbc_state_3des
);
3119 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3120 ref_iv
= ofb_state_3des
;
3121 ref_len
= sizeof(ofb_state_3des
);
3124 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3125 ref_iv
= cfb_state_3des
;
3126 ref_len
= sizeof(cfb_state_3des
);
3133 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3134 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3135 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3137 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3138 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3139 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3141 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3142 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3143 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3146 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3147 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3149 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3154 EVP_CIPHER_CTX_free(ctx
);
3155 EVP_CIPHER_free(type
);
3160 #ifndef OPENSSL_NO_EC
3161 static int ecpub_nids
[] = {
3162 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3163 NID_secp384r1
, NID_secp521r1
,
3164 # ifndef OPENSSL_NO_EC2M
3165 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3166 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3168 NID_brainpoolP384r1
, NID_brainpoolP512r1
3171 static int test_ecpub(int idx
)
3173 int ret
= 0, len
, savelen
;
3175 unsigned char buf
[1024];
3177 EVP_PKEY
*pkey
= NULL
;
3178 EVP_PKEY_CTX
*ctx
= NULL
;
3179 # ifndef OPENSSL_NO_DEPRECATED_3_0
3180 const unsigned char *q
;
3181 EVP_PKEY
*pkey2
= NULL
;
3185 if (nullprov
!= NULL
)
3186 return TEST_skip("Test does not support a non-default library context");
3188 nid
= ecpub_nids
[idx
];
3190 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3192 || !TEST_true(EVP_PKEY_keygen_init(ctx
))
3193 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3194 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3196 len
= i2d_PublicKey(pkey
, NULL
);
3198 if (!TEST_int_ge(len
, 1)
3199 || !TEST_int_lt(len
, 1024))
3202 len
= i2d_PublicKey(pkey
, &p
);
3203 if (!TEST_int_ge(len
, 1)
3204 || !TEST_int_eq(len
, savelen
))
3207 # ifndef OPENSSL_NO_DEPRECATED_3_0
3208 /* Now try to decode the just-created DER. */
3210 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3211 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3212 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3214 /* EC_KEY ownership transferred */
3216 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3218 /* The keys should match. */
3219 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3226 EVP_PKEY_CTX_free(ctx
);
3227 EVP_PKEY_free(pkey
);
3228 # ifndef OPENSSL_NO_DEPRECATED_3_0
3229 EVP_PKEY_free(pkey2
);
3236 static int test_EVP_rsa_pss_with_keygen_bits(void)
3239 EVP_PKEY_CTX
*ctx
= NULL
;
3240 EVP_PKEY
*pkey
= NULL
;
3243 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3245 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3246 && TEST_true(EVP_PKEY_keygen_init(ctx
))
3247 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3248 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3249 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3252 EVP_PKEY_free(pkey
);
3253 EVP_PKEY_CTX_free(ctx
);
3257 static int success
= 1;
3258 static void md_names(const char *name
, void *vctx
)
3260 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3261 /* Force a namemap update */
3262 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3264 if (!TEST_ptr(aes128
))
3267 EVP_CIPHER_free(aes128
);
3271 * Test that changing the namemap in a user callback works in a names_do_all
3274 static int test_names_do_all(void)
3276 /* We use a custom libctx so that we know the state of the namemap */
3277 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3278 EVP_MD
*sha256
= NULL
;
3284 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3285 if (!TEST_ptr(sha256
))
3289 * We loop through all the names for a given digest. This should still work
3290 * even if the namemap changes part way through.
3292 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3295 if (!TEST_true(success
))
3300 EVP_MD_free(sha256
);
3301 OSSL_LIB_CTX_free(ctx
);
3307 const unsigned char *key
;
3308 const unsigned char *iv
;
3309 const unsigned char *input
;
3310 const unsigned char *expected
;
3311 const unsigned char *tag
;
3312 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3321 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3323 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3324 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3328 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3329 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3330 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3331 sizeof(gcmDefaultTag
), 1, 0, 1
3334 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3335 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3339 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3340 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3341 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3342 sizeof(gcmDefaultTag
), 0, 0, 1
3345 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3346 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3350 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3351 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3352 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3353 sizeof(gcmDefaultTag
), 1, 1, 0
3356 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3357 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3361 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3362 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3363 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3364 sizeof(gcmDefaultTag
), 0, 1, 0
3368 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3372 if (t
->ivlen
!= 0) {
3373 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3376 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3384 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3385 * arguments are given one at a time and a final adjustment to the enc
3386 * parameter sets the correct operation.
3388 static int test_evp_init_seq(int idx
)
3390 int outlen1
, outlen2
;
3392 unsigned char outbuf
[1024];
3393 unsigned char tag
[16];
3394 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3395 EVP_CIPHER_CTX
*ctx
= NULL
;
3396 EVP_CIPHER
*type
= NULL
;
3397 size_t taglen
= sizeof(tag
);
3398 char *errmsg
= NULL
;
3400 ctx
= EVP_CIPHER_CTX_new();
3402 errmsg
= "CTX_ALLOC";
3405 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3406 errmsg
= "CIPHER_FETCH";
3409 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3410 errmsg
= "EMPTY_ENC_INIT";
3413 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3417 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3418 errmsg
= "KEY_INIT (before iv)";
3421 if (!evp_init_seq_set_iv(ctx
, t
)) {
3425 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3426 errmsg
= "KEY_INIT (after iv)";
3429 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3430 errmsg
= "FINAL_ENC_INIT";
3433 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3434 errmsg
= "CIPHER_UPDATE";
3437 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3438 /* Set expected tag */
3439 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3440 t
->taglen
, (void *)t
->tag
))) {
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3446 errmsg
= "CIPHER_FINAL";
3449 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3450 errmsg
= "WRONG_RESULT";
3453 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3454 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3458 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3459 errmsg
= "TAG_ERROR";
3466 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3467 EVP_CIPHER_CTX_free(ctx
);
3468 EVP_CIPHER_free(type
);
3473 const unsigned char *input
;
3474 const unsigned char *expected
;
3478 } EVP_RESET_TEST_st
;
3480 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3482 cfbPlaintext
, cfbCiphertext
,
3483 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3486 cfbCiphertext
, cfbPlaintext
,
3487 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3492 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3495 static int test_evp_reset(int idx
)
3497 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3498 int outlen1
, outlen2
;
3500 unsigned char outbuf
[1024];
3501 EVP_CIPHER_CTX
*ctx
= NULL
;
3502 EVP_CIPHER
*type
= NULL
;
3503 char *errmsg
= NULL
;
3505 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3506 errmsg
= "CTX_ALLOC";
3509 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3510 errmsg
= "CIPHER_FETCH";
3513 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3514 errmsg
= "CIPHER_INIT";
3517 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3521 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3522 errmsg
= "CIPHER_UPDATE";
3525 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3526 errmsg
= "CIPHER_FINAL";
3529 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3530 errmsg
= "WRONG_RESULT";
3533 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3534 errmsg
= "CIPHER_REINIT";
3537 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3538 errmsg
= "CIPHER_UPDATE (reinit)";
3541 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3542 errmsg
= "CIPHER_FINAL (reinit)";
3545 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3546 errmsg
= "WRONG_RESULT (reinit)";
3552 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3553 EVP_CIPHER_CTX_free(ctx
);
3554 EVP_CIPHER_free(type
);
3561 } EVP_UPDATED_IV_TEST_st
;
3563 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3603 * Test that the IV in the context is updated during a crypto operation for CFB
3606 static int test_evp_updated_iv(int idx
)
3608 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3609 int outlen1
, outlen2
;
3611 unsigned char outbuf
[1024];
3612 EVP_CIPHER_CTX
*ctx
= NULL
;
3613 EVP_CIPHER
*type
= NULL
;
3614 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3616 char *errmsg
= NULL
;
3618 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3619 errmsg
= "CTX_ALLOC";
3622 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3623 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3627 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3628 errmsg
= "CIPHER_INIT";
3631 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3635 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3636 errmsg
= "CIPHER_UPDATE";
3639 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3640 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3643 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3644 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3647 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3648 errmsg
= "IV_NOT_UPDATED";
3651 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3652 errmsg
= "CIPHER_FINAL";
3659 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3660 EVP_CIPHER_CTX_free(ctx
);
3661 EVP_CIPHER_free(type
);
3666 const unsigned char *iv1
;
3667 const unsigned char *iv2
;
3668 const unsigned char *expected1
;
3669 const unsigned char *expected2
;
3670 const unsigned char *tag1
;
3671 const unsigned char *tag2
;
3674 size_t expectedlen1
;
3675 size_t expectedlen2
;
3676 } TEST_GCM_IV_REINIT_st
;
3678 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3680 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3681 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3682 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3685 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3686 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3687 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3691 static int test_gcm_reinit(int idx
)
3693 int outlen1
, outlen2
, outlen3
;
3695 unsigned char outbuf
[1024];
3696 unsigned char tag
[16];
3697 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3698 EVP_CIPHER_CTX
*ctx
= NULL
;
3699 EVP_CIPHER
*type
= NULL
;
3700 size_t taglen
= sizeof(tag
);
3701 char *errmsg
= NULL
;
3703 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3704 errmsg
= "CTX_ALLOC";
3707 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3708 errmsg
= "CIPHER_FETCH";
3711 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3712 errmsg
= "ENC_INIT";
3715 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3716 errmsg
= "SET_IVLEN1";
3719 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3723 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3727 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3728 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3729 sizeof(gcmResetPlaintext
)))) {
3730 errmsg
= "CIPHER_UPDATE1";
3733 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3734 errmsg
= "CIPHER_FINAL1";
3737 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3738 errmsg
= "WRONG_RESULT1";
3741 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3742 errmsg
= "GET_TAG1";
3745 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3746 errmsg
= "TAG_ERROR1";
3750 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3751 errmsg
= "SET_IVLEN2";
3754 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3758 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3762 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3763 sizeof(gcmResetPlaintext
)))) {
3764 errmsg
= "CIPHER_UPDATE2";
3767 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3768 errmsg
= "CIPHER_FINAL2";
3771 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3772 errmsg
= "WRONG_RESULT2";
3775 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3776 errmsg
= "GET_TAG2";
3779 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3780 errmsg
= "TAG_ERROR2";
3786 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3787 EVP_CIPHER_CTX_free(ctx
);
3788 EVP_CIPHER_free(type
);
3792 #ifndef OPENSSL_NO_DEPRECATED_3_0
3793 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3794 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3796 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3798 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3800 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3802 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3806 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3808 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3810 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3814 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3815 size_t *outlen
, const unsigned char *in
,
3818 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3819 const unsigned char *tbs
, size_t tbslen
);
3821 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3822 return psign(ctx
, out
, outlen
, in
, inlen
);
3825 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3826 size_t *siglen
, const unsigned char *tbs
,
3829 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3830 const unsigned char *tbs
, size_t tbslen
);
3832 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3833 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3836 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3839 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3841 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3842 return pderive(ctx
, key
, keylen
);
3845 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3847 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3849 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3850 return pcopy(dst
, src
);
3853 static int ctrl_called
;
3855 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3857 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3859 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3861 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3866 return pctrl(ctx
, type
, p1
, p2
);
3869 static int test_custom_pmeth(int idx
)
3871 EVP_PKEY_CTX
*pctx
= NULL
;
3872 EVP_MD_CTX
*ctx
= NULL
;
3873 EVP_PKEY
*pkey
= NULL
;
3874 int id
, orig_id
, orig_flags
;
3877 unsigned char *res
= NULL
;
3878 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3879 const EVP_MD
*md
= EVP_sha256();
3884 /* We call deprecated APIs so this test doesn't support a custom libctx */
3885 if (testctx
!= NULL
)
3892 pkey
= load_example_rsa_key();
3896 # ifndef OPENSSL_NO_DSA
3898 pkey
= load_example_dsa_key();
3905 # ifndef OPENSSL_NO_EC
3907 pkey
= load_example_ec_key();
3914 # ifndef OPENSSL_NO_EC
3915 id
= EVP_PKEY_ED25519
;
3917 pkey
= load_example_ed25519_key();
3924 # ifndef OPENSSL_NO_DH
3927 pkey
= load_example_dh_key();
3934 # ifndef OPENSSL_NO_EC
3935 id
= EVP_PKEY_X25519
;
3937 pkey
= load_example_x25519_key();
3943 TEST_error("Should not happen");
3947 if (!TEST_ptr(pkey
))
3951 if (!TEST_true(evp_pkey_is_provided(pkey
)))
3954 EVP_PKEY
*tmp
= pkey
;
3956 /* Convert to a legacy key */
3957 pkey
= EVP_PKEY_new();
3958 if (!TEST_ptr(pkey
)) {
3962 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
3967 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
3971 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
3975 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
3976 if (!TEST_int_eq(orig_id
, id
)
3977 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
3980 if (id
== EVP_PKEY_ED25519
) {
3981 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
3982 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
3983 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
3985 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
3987 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
3988 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
3989 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
3990 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
3992 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
3993 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
3997 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
3999 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4000 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4001 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4003 || !TEST_int_eq(ctrl_called
, 1)
4004 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4005 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4006 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4007 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4010 ctx
= EVP_MD_CTX_new();
4011 reslen
= EVP_PKEY_size(pkey
);
4012 res
= OPENSSL_malloc(reslen
);
4015 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4016 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4017 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4019 || !TEST_int_eq(ctrl_called
, 1))
4022 if (id
== EVP_PKEY_ED25519
) {
4023 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4026 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4027 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4035 EVP_MD_CTX_free(ctx
);
4037 EVP_PKEY_CTX_free(pctx
);
4038 EVP_PKEY_free(pkey
);
4039 EVP_PKEY_meth_remove(custom_pmeth
);
4040 EVP_PKEY_meth_free(custom_pmeth
);
4041 custom_pmeth
= NULL
;
4045 static int test_evp_md_cipher_meth(void)
4047 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4048 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4051 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4057 EVP_MD_meth_free(md
);
4058 EVP_CIPHER_meth_free(ciph
);
4063 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4064 /* Test we can create a signature keys with an associated ENGINE */
4065 static int test_signatures_with_engine(int tst
)
4068 const char *engine_id
= "dasync";
4069 EVP_PKEY
*pkey
= NULL
;
4070 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4071 const unsigned char cmackey
[] = {
4072 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4073 0x0c, 0x0d, 0x0e, 0x0f
4075 const unsigned char ed25519key
[] = {
4076 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4077 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4078 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4080 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4082 EVP_MD_CTX
*ctx
= NULL
;
4083 unsigned char *mac
= NULL
;
4087 # ifdef OPENSSL_NO_CMAC
4088 /* Skip CMAC tests in a no-cmac build */
4093 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4096 if (!TEST_true(ENGINE_init(e
))) {
4103 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4107 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4111 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4112 sizeof(ed25519key
));
4115 TEST_error("Invalid test case");
4118 if (!TEST_ptr(pkey
))
4121 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4124 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4127 if (!TEST_true(ret
))
4130 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4131 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4134 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4137 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4140 /* We used a bad key. We expect a failure here */
4141 if (!TEST_false(ret
))
4147 EVP_MD_CTX_free(ctx
);
4149 EVP_PKEY_free(pkey
);
4156 static int test_cipher_with_engine(void)
4159 const char *engine_id
= "dasync";
4160 const unsigned char keyiv
[] = {
4161 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4162 0x0c, 0x0d, 0x0e, 0x0f
4164 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4166 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4167 unsigned char buf
[AES_BLOCK_SIZE
];
4170 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4173 if (!TEST_true(ENGINE_init(e
))) {
4178 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4179 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4182 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4185 /* Copy the ctx, and complete the operation with the new ctx */
4186 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4189 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4190 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4195 EVP_CIPHER_CTX_free(ctx
);
4196 EVP_CIPHER_CTX_free(ctx2
);
4202 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4203 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4205 typedef enum OPTION_choice
{
4212 const OPTIONS
*test_get_options(void)
4214 static const OPTIONS options
[] = {
4215 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4216 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4222 int setup_tests(void)
4226 while ((o
= opt_next()) != OPT_EOF
) {
4229 /* Set up an alternate library context */
4230 testctx
= OSSL_LIB_CTX_new();
4231 if (!TEST_ptr(testctx
))
4233 /* Swap the libctx to test non-default context only */
4234 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4235 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4236 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4238 case OPT_TEST_CASES
:
4245 ADD_TEST(test_EVP_set_default_properties
);
4246 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4247 ADD_TEST(test_EVP_DigestVerifyInit
);
4248 #ifndef OPENSSL_NO_SIPHASH
4249 ADD_TEST(test_siphash_digestsign
);
4251 ADD_TEST(test_EVP_Digest
);
4252 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4253 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4254 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4255 ADD_TEST(test_privatekey_to_pkcs8
);
4256 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4257 #ifndef OPENSSL_NO_EC
4258 ADD_TEST(test_EVP_PKCS82PKEY
);
4260 #ifndef OPENSSL_NO_EC
4261 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4263 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4264 ADD_TEST(test_EVP_SM2
);
4265 ADD_TEST(test_EVP_SM2_verify
);
4267 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4268 #ifndef OPENSSL_NO_DEPRECATED_3_0
4269 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4270 if (!TEST_ptr(custom_pmeth
))
4272 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4273 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4274 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4275 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4278 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4279 #ifndef OPENSSL_NO_CMAC
4280 ADD_TEST(test_CMAC_keygen
);
4282 ADD_TEST(test_HKDF
);
4283 ADD_TEST(test_emptyikm_HKDF
);
4284 #ifndef OPENSSL_NO_EC
4285 ADD_TEST(test_X509_PUBKEY_inplace
);
4286 ADD_TEST(test_X509_PUBKEY_dup
);
4287 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4288 OSSL_NELEM(ec_der_pub_keys
));
4290 #ifndef OPENSSL_NO_DSA
4291 ADD_TEST(test_DSA_get_set_params
);
4292 ADD_TEST(test_DSA_priv_pub
);
4294 ADD_TEST(test_RSA_get_set_params
);
4295 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4296 ADD_TEST(test_decrypt_null_chunks
);
4298 #ifndef OPENSSL_NO_DH
4299 ADD_TEST(test_DH_priv_pub
);
4300 # ifndef OPENSSL_NO_DEPRECATED_3_0
4301 ADD_TEST(test_EVP_PKEY_set1_DH
);
4304 #ifndef OPENSSL_NO_EC
4305 ADD_TEST(test_EC_priv_pub
);
4306 # ifndef OPENSSL_NO_DEPRECATED_3_0
4307 ADD_TEST(test_EC_priv_only_legacy
);
4310 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4311 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4313 ADD_TEST(test_rand_agglomeration
);
4314 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4315 #ifndef OPENSSL_NO_DES
4316 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4318 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4319 #ifndef OPENSSL_NO_EC
4320 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4323 ADD_TEST(test_names_do_all
);
4325 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4326 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4327 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4328 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4330 #ifndef OPENSSL_NO_DEPRECATED_3_0
4331 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4332 ADD_TEST(test_evp_md_cipher_meth
);
4334 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4335 /* Tests only support the default libctx */
4336 if (testctx
== NULL
) {
4337 # ifndef OPENSSL_NO_EC
4338 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4340 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4342 ADD_TEST(test_cipher_with_engine
);
4350 void cleanup_tests(void)
4352 OSSL_PROVIDER_unload(nullprov
);
4353 OSSL_PROVIDER_unload(deflprov
);
4354 OSSL_PROVIDER_unload(lgcyprov
);
4355 OSSL_LIB_CTX_free(testctx
);