2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype
, int selection
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*pkey
= NULL
;
688 BIO
*bio
= BIO_new(BIO_s_mem());
690 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
700 /* Check we can use the resulting key */
701 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
702 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
706 if (!TEST_false(ret
))
709 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
711 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
715 if (!TEST_false(ret
))
722 EVP_PKEY_CTX_free(pctx
);
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
736 OSSL_PARAM_BLD
*bld
= NULL
;
737 OSSL_PARAM
*params
= NULL
;
738 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
745 if (!TEST_ptr(p
= BN_new())
746 || !TEST_ptr(q
= BN_new())
747 || !TEST_ptr(g
= BN_new())
748 || !TEST_ptr(pub
= BN_new())
749 || !TEST_ptr(priv
= BN_new()))
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
758 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
761 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
763 OSSL_PARAM_free(params
);
765 OSSL_PARAM_BLD_free(bld
);
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
775 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
778 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
, params
))
780 OSSL_PARAM_free(params
);
782 OSSL_PARAM_BLD_free(bld
);
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
792 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
795 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
797 OSSL_PARAM_free(params
);
799 OSSL_PARAM_BLD_free(bld
);
801 /* Test priv and pub */
802 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
811 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
814 if (!test_fromdata(keytype
, EVP_PKEY_KEYPAIR
, params
))
819 OSSL_PARAM_free(params
);
820 OSSL_PARAM_BLD_free(bld
);
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv
[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
841 static unsigned char ec_pub
[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
850 static int test_EC_priv_pub(void)
852 OSSL_PARAM_BLD
*bld
= NULL
;
853 OSSL_PARAM
*params
= NULL
;
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
861 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
867 OSSL_PKEY_PARAM_GROUP_NAME
,
870 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
875 OSSL_PARAM_free(params
);
877 OSSL_PARAM_BLD_free(bld
);
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
882 OSSL_PKEY_PARAM_GROUP_NAME
,
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
887 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
898 OSSL_PARAM_free(params
);
900 OSSL_PARAM_BLD_free(bld
);
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
905 OSSL_PKEY_PARAM_GROUP_NAME
,
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
908 OSSL_PKEY_PARAM_PUB_KEY
,
909 ec_pub
, sizeof(ec_pub
))))
911 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
916 OSSL_PARAM_free(params
);
918 OSSL_PARAM_BLD_free(bld
);
920 /* Test priv and pub */
921 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
923 OSSL_PKEY_PARAM_GROUP_NAME
,
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
926 OSSL_PKEY_PARAM_PUB_KEY
,
927 ec_pub
, sizeof(ec_pub
)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
931 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR
, params
))
939 OSSL_PARAM_free(params
);
940 OSSL_PARAM_BLD_free(bld
);
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
952 EC_KEY
*eckey
= NULL
;
953 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
954 EVP_MD_CTX
*ctx
= NULL
;
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
960 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
961 if (!TEST_ptr(eckey
))
964 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
967 pkey
= EVP_PKEY_new();
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
975 while (dup_pk
== NULL
) {
977 ctx
= EVP_MD_CTX_new();
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
986 testpropq
, pkey
, NULL
)))
988 EVP_MD_CTX_free(ctx
);
991 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1002 EVP_MD_CTX_free(ctx
);
1003 EVP_PKEY_free(pkey
);
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1012 static int test_EVP_PKEY_sign(int tst
)
1015 EVP_PKEY
*pkey
= NULL
;
1016 unsigned char *sig
= NULL
;
1017 size_t sig_len
= 0, shortsig_len
= 1;
1018 EVP_PKEY_CTX
*ctx
= NULL
;
1019 unsigned char tbs
[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1025 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1027 } else if (tst
== 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey
= load_example_ec_key()))
1045 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1051 sig
= OPENSSL_malloc(sig_len
);
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1066 EVP_PKEY_CTX_free(ctx
);
1068 EVP_PKEY_free(pkey
);
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1076 static int test_EVP_Enveloped(int n
)
1079 EVP_CIPHER_CTX
*ctx
= NULL
;
1080 EVP_PKEY
*keypair
= NULL
;
1081 unsigned char *kek
= NULL
;
1082 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1083 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1085 unsigned char ciphertext
[32], plaintext
[16];
1086 EVP_CIPHER
*type
= NULL
;
1088 if (nullprov
!= NULL
)
1089 return TEST_skip("Test does not support a non-default library context");
1092 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1097 if (!TEST_ptr(keypair
= load_example_rsa_key())
1098 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1099 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1102 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1104 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1108 ciphertext_len
+= len
;
1110 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1111 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1112 ciphertext
, ciphertext_len
))
1113 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1116 plaintext_len
+= len
;
1117 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1123 EVP_CIPHER_free(type
);
1125 EVP_PKEY_free(keypair
);
1126 EVP_CIPHER_CTX_free(ctx
);
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1148 static int test_EVP_DigestSignInit(int tst
)
1151 EVP_PKEY
*pkey
= NULL
;
1152 unsigned char *sig
= NULL
, *sig2
= NULL
;
1153 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1154 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1155 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1156 BIO
*mdbio
= NULL
, *membio
= NULL
;
1159 EVP_MD
*mdexp
= NULL
;
1162 if (nullprov
!= NULL
)
1163 return TEST_skip("Test does not support a non-default library context");
1170 if (tst
>= 6 && tst
<= 8) {
1171 membio
= BIO_new(BIO_s_mem());
1172 mdbio
= BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1175 BIO_push(mdbio
, membio
);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1179 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1185 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1187 } else if (tst
% 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1196 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1200 if (tst
>= 3 && tst
<= 5)
1201 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1208 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1211 if (tst
>= 6 && tst
<= 8) {
1212 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1214 } else if (tst
< 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1223 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1237 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1243 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1258 if (tst
>= 6 && tst
<= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1268 if (tst
>= 6 && tst
<= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1276 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1288 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1292 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1301 EVP_MD_CTX_free(a_md_ctx
);
1302 EVP_MD_CTX_free(a_md_ctx_verify
);
1303 EVP_PKEY_free(pkey
);
1311 static int test_EVP_DigestVerifyInit(void)
1314 EVP_PKEY
*pkey
= NULL
;
1315 EVP_MD_CTX
*md_ctx
= NULL
;
1317 if (nullprov
!= NULL
)
1318 return TEST_skip("Test does not support a non-default library context");
1320 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey
= load_example_rsa_key()))
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1326 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1327 sizeof(kSignature
)), 0))
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1333 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1334 sizeof(kSignature
)), 0))
1339 EVP_MD_CTX_free(md_ctx
);
1340 EVP_PKEY_free(pkey
);
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1348 unsigned char key
[16];
1349 unsigned char buf
[8], digest
[8];
1350 unsigned char expected
[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1353 EVP_PKEY
*pkey
= NULL
;
1354 EVP_MD_CTX
*mdctx
= NULL
;
1355 EVP_PKEY_CTX
*ctx
= NULL
;
1359 if (nullprov
!= NULL
)
1360 return TEST_skip("Test does not support a non-default library context");
1364 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1368 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1371 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1378 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1384 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1389 EVP_PKEY_free(pkey
);
1390 EVP_MD_CTX_free(mdctx
);
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1398 static int test_EVP_Digest(void)
1401 EVP_MD_CTX
*md_ctx
= NULL
;
1402 unsigned char md
[EVP_MAX_MD_SIZE
];
1403 EVP_MD
*sha256
= NULL
;
1404 EVP_MD
*shake256
= NULL
;
1406 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1409 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1410 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1442 EVP_MD_CTX_free(md_ctx
);
1443 EVP_MD_free(sha256
);
1444 EVP_MD_free(shake256
);
1448 static int test_EVP_md_null(void)
1451 EVP_MD_CTX
*md_ctx
= NULL
;
1452 const EVP_MD
*md_null
= EVP_md_null();
1453 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1454 unsigned int md_len
= sizeof(md_value
);
1456 if (nullprov
!= NULL
)
1457 return TEST_skip("Test does not support a non-default library context");
1459 if (!TEST_ptr(md_null
)
1460 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1465 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1468 if (!TEST_uint_eq(md_len
, 0))
1473 EVP_MD_CTX_free(md_ctx
);
1477 static int test_d2i_AutoPrivateKey(int i
)
1480 const unsigned char *p
;
1481 EVP_PKEY
*pkey
= NULL
;
1482 const APK_DATA
*ak
= &keydata
[i
];
1483 const unsigned char *input
= ak
->kder
;
1484 size_t input_len
= ak
->size
;
1485 int expected_id
= ak
->evptype
;
1488 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1489 || !TEST_ptr_eq(p
, input
+ input_len
)
1490 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1496 EVP_PKEY_free(pkey
);
1500 #ifndef OPENSSL_NO_EC
1502 static const unsigned char ec_public_sect163k1_validxy
[] = {
1503 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1504 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1505 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1506 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1507 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1508 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1511 static const unsigned char ec_public_sect163k1_badx
[] = {
1512 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1513 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1514 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1515 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1516 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1517 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1520 static const unsigned char ec_public_sect163k1_bady
[] = {
1521 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1522 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1523 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1524 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1525 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1526 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1529 static struct ec_der_pub_keys_st
{
1530 const unsigned char *der
;
1533 } ec_der_pub_keys
[] = {
1534 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1535 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1536 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1540 * Tests the range of the decoded EC char2 public point.
1541 * See ec_GF2m_simple_oct2point().
1543 static int test_invalide_ec_char2_pub_range_decode(int id
)
1548 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1549 ec_der_pub_keys
[id
].len
);
1551 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1552 || TEST_ptr_null(pkey
);
1553 EVP_PKEY_free(pkey
);
1557 /* Tests loading a bad key in PKCS8 format */
1558 static int test_EVP_PKCS82PKEY(void)
1561 const unsigned char *derp
= kExampleBadECKeyDER
;
1562 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1563 EVP_PKEY
*pkey
= NULL
;
1565 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1566 sizeof(kExampleBadECKeyDER
))))
1569 if (!TEST_ptr_eq(derp
,
1570 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1573 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1579 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1580 EVP_PKEY_free(pkey
);
1586 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1588 EVP_PKEY
*pkey
= NULL
;
1589 EVP_PKEY
*pkey2
= NULL
;
1591 char *membuf
= NULL
;
1592 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1595 if (testctx
!= NULL
)
1596 /* test not supported with non-default context */
1599 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1600 || !TEST_ptr(pkey
= load_example_rsa_key())
1601 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1602 NULL
, 0, NULL
, NULL
),
1604 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1605 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1606 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1607 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1613 EVP_PKEY_free(pkey
);
1614 EVP_PKEY_free(pkey2
);
1615 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1616 BIO_free_all(membio
);
1620 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1621 static int test_privatekey_to_pkcs8(void)
1623 EVP_PKEY
*pkey
= NULL
;
1625 char *membuf
= NULL
;
1626 long membuf_len
= 0;
1629 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1630 || !TEST_ptr(pkey
= load_example_rsa_key())
1631 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1632 NULL
, 0, NULL
, NULL
),
1634 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1635 || !TEST_ptr(membuf
)
1636 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1637 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1639 * We try to write PEM as well, just to see that it doesn't err, but
1640 * assume that the result is correct.
1642 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1643 NULL
, 0, NULL
, NULL
),
1649 EVP_PKEY_free(pkey
);
1650 BIO_free_all(membio
);
1654 #ifndef OPENSSL_NO_EC
1655 static const struct {
1657 const char *encoding_name
;
1658 } ec_encodings
[] = {
1659 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1660 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1663 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1665 const OSSL_PARAM
*p
;
1666 const char *enc_name
= NULL
;
1672 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1673 OSSL_PKEY_PARAM_EC_ENCODING
))
1674 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1677 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1678 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1679 *enc
= ec_encodings
[i
].encoding
;
1684 return (*enc
!= -1);
1687 static int test_EC_keygen_with_enc(int idx
)
1689 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1690 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1694 enc
= ec_encodings
[idx
].encoding
;
1696 /* Create key parameters */
1697 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1698 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1699 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1700 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1701 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1702 || !TEST_ptr(params
))
1706 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1707 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
1708 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1712 /* Check that the encoding got all the way into the key */
1713 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1714 ec_export_get_encoding_cb
, &enc
))
1715 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1721 EVP_PKEY_free(params
);
1722 EVP_PKEY_CTX_free(kctx
);
1723 EVP_PKEY_CTX_free(pctx
);
1728 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1730 static int test_EVP_SM2_verify(void)
1732 const char *pubkey
=
1733 "-----BEGIN PUBLIC KEY-----\n"
1734 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1735 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1736 "-----END PUBLIC KEY-----\n";
1738 const char *msg
= "message digest";
1739 const char *id
= "ALICE123@YAHOO.COM";
1741 const uint8_t signature
[] = {
1742 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1743 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1744 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1745 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1746 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1747 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1748 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1753 EVP_PKEY
*pkey
= NULL
;
1754 EVP_MD_CTX
*mctx
= NULL
;
1755 EVP_PKEY_CTX
*pctx
= NULL
;
1758 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1759 if (!TEST_true(bio
!= NULL
))
1762 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1763 if (!TEST_true(pkey
!= NULL
))
1766 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1769 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1772 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1775 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1777 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1780 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1783 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1786 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1789 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1795 EVP_PKEY_free(pkey
);
1796 EVP_PKEY_CTX_free(pctx
);
1797 EVP_MD_CTX_free(mctx
);
1802 static int test_EVP_SM2(void)
1805 EVP_PKEY
*pkey
= NULL
;
1806 EVP_PKEY
*pkeyparams
= NULL
;
1807 EVP_PKEY_CTX
*pctx
= NULL
;
1808 EVP_PKEY_CTX
*kctx
= NULL
;
1809 EVP_PKEY_CTX
*sctx
= NULL
;
1811 unsigned char *sig
= NULL
;
1812 EVP_MD_CTX
*md_ctx
= NULL
;
1813 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1814 EVP_PKEY_CTX
*cctx
= NULL
;
1815 EVP_MD
*check_md
= NULL
;
1817 uint8_t ciphertext
[128];
1818 size_t ctext_len
= sizeof(ciphertext
);
1820 uint8_t plaintext
[8];
1821 size_t ptext_len
= sizeof(plaintext
);
1823 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1825 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1826 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1828 char mdname
[OSSL_MAX_NAME_SIZE
];
1830 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1834 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1837 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1840 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1843 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1844 pkeyparams
, testpropq
)))
1847 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1850 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1853 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1856 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1859 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1862 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1863 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1865 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1868 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1874 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1877 /* Determine the size of the signature. */
1878 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1881 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1884 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1887 /* Ensure that the signature round-trips. */
1889 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1896 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1902 /* now check encryption/decryption */
1904 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1905 mdname
, sizeof(mdname
));
1906 for (i
= 0; i
< 2; i
++) {
1907 const char *mdnames
[] = {
1908 #ifndef OPENSSL_NO_SM3
1914 EVP_PKEY_CTX_free(cctx
);
1916 if (mdnames
[i
] == NULL
)
1920 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1921 (char *)mdnames
[i
], 0);
1923 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1927 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1930 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1933 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1937 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1940 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1943 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1947 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1951 * Test we're still using the digest we think we are.
1952 * Because of aliases, the easiest is to fetch the digest and
1953 * check the name with EVP_MD_is_a().
1955 EVP_MD_free(check_md
);
1956 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
1958 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
1959 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
1963 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1966 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1972 EVP_PKEY_CTX_free(pctx
);
1973 EVP_PKEY_CTX_free(kctx
);
1974 EVP_PKEY_CTX_free(sctx
);
1975 EVP_PKEY_CTX_free(cctx
);
1976 EVP_PKEY_free(pkey
);
1977 EVP_PKEY_free(pkeyparams
);
1978 EVP_MD_CTX_free(md_ctx
);
1979 EVP_MD_CTX_free(md_ctx_verify
);
1980 EVP_MD_free(check_md
);
1987 static struct keys_st
{
1993 EVP_PKEY_HMAC
, "0123456789", NULL
1996 EVP_PKEY_HMAC
, "", NULL
1997 #ifndef OPENSSL_NO_POLY1305
1999 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2001 #ifndef OPENSSL_NO_SIPHASH
2003 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2006 #ifndef OPENSSL_NO_EC
2008 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2009 "abcdefghijklmnopqrstuvwxyzabcdef"
2011 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2012 "abcdefghijklmnopqrstuvwxyzabcdef"
2015 "01234567890123456789012345678901234567890123456789012345",
2016 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2019 "012345678901234567890123456789012345678901234567890123456",
2020 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2025 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2028 unsigned char buf
[80];
2030 size_t inlen
, len
= 0, shortlen
= 1;
2033 /* Check if this algorithm supports public keys */
2034 if (pub
&& keys
[tst
].pub
== NULL
)
2037 memset(buf
, 0, sizeof(buf
));
2040 #ifndef OPENSSL_NO_EC
2041 inlen
= strlen(keys
[tst
].pub
);
2042 in
= (unsigned char *)keys
[tst
].pub
;
2044 pkey
= EVP_PKEY_new_raw_public_key_ex(
2046 OBJ_nid2sn(keys
[tst
].type
),
2051 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2060 inlen
= strlen(keys
[tst
].priv
);
2061 in
= (unsigned char *)keys
[tst
].priv
;
2063 pkey
= EVP_PKEY_new_raw_private_key_ex(
2064 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2069 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2077 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2078 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2079 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2080 || !TEST_true(len
== inlen
))
2084 * Test that supplying a buffer that is too small fails. Doesn't apply
2085 * to HMAC with a zero length key
2087 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2089 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2093 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2094 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2095 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2100 EVP_PKEY_free(pkey
);
2104 static int test_set_get_raw_keys(int tst
)
2106 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2107 && test_set_get_raw_keys_int(tst
, 0, 1)
2108 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2109 && test_set_get_raw_keys_int(tst
, 1, 1);
2112 #ifndef OPENSSL_NO_DEPRECATED_3_0
2113 static int pkey_custom_check(EVP_PKEY
*pkey
)
2118 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2123 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2128 static EVP_PKEY_METHOD
*custom_pmeth
;
2131 static int test_EVP_PKEY_check(int i
)
2134 EVP_PKEY
*pkey
= NULL
;
2135 EVP_PKEY_CTX
*ctx
= NULL
;
2136 #ifndef OPENSSL_NO_DEPRECATED_3_0
2137 EVP_PKEY_CTX
*ctx2
= NULL
;
2139 const APK_DATA
*ak
= &keycheckdata
[i
];
2140 const unsigned char *input
= ak
->kder
;
2141 size_t input_len
= ak
->size
;
2142 int expected_id
= ak
->evptype
;
2143 int expected_check
= ak
->check
;
2144 int expected_pub_check
= ak
->pub_check
;
2145 int expected_param_check
= ak
->param_check
;
2146 int type
= ak
->type
;
2148 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2151 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2154 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2157 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2160 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2163 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2166 #ifndef OPENSSL_NO_DEPRECATED_3_0
2167 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2168 /* assign the pkey directly, as an internal test */
2169 EVP_PKEY_up_ref(pkey
);
2172 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2175 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2178 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2185 EVP_PKEY_CTX_free(ctx
);
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX_free(ctx2
);
2189 EVP_PKEY_free(pkey
);
2193 #ifndef OPENSSL_NO_CMAC
2194 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2196 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2197 const char msg
[] = "Hello World";
2198 size_t maclen
= AES_BLOCK_SIZE
;
2201 if (!TEST_ptr(mdctx
)
2202 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2203 testpropq
, pkey
, NULL
))
2204 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2205 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2206 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2209 EVP_MD_CTX_free(mdctx
);
2213 static int test_CMAC_keygen(void)
2215 static unsigned char key
[] = {
2216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2217 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2218 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2220 EVP_PKEY_CTX
*kctx
= NULL
;
2222 EVP_PKEY
*pkey
= NULL
;
2223 unsigned char mac
[AES_BLOCK_SIZE
];
2224 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2225 unsigned char mac2
[AES_BLOCK_SIZE
];
2228 if (nullprov
!= NULL
)
2229 return TEST_skip("Test does not support a non-default library context");
2232 * This is a legacy method for CMACs, but should still work.
2233 * This verifies that it works without an ENGINE.
2235 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2237 /* Test a CMAC key created using the "generated" method */
2238 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2239 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2240 EVP_PKEY_CTRL_CIPHER
,
2241 0, (void *)EVP_aes_256_ecb()), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2243 EVP_PKEY_CTRL_SET_MAC_KEY
,
2244 sizeof(key
), (void *)key
), 0)
2245 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2247 || !TEST_true(get_cmac_val(pkey
, mac
)))
2250 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2251 EVP_PKEY_free(pkey
);
2254 * Test a CMAC key using the direct method, and compare with the mac
2257 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2259 || !TEST_true(get_cmac_val(pkey
, mac2
))
2260 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2267 EVP_PKEY_free(pkey
);
2268 EVP_PKEY_CTX_free(kctx
);
2273 static int test_HKDF(void)
2276 unsigned char out
[20];
2279 unsigned char salt
[] = "0123456789";
2280 unsigned char key
[] = "012345678901234567890123456789";
2281 unsigned char info
[] = "infostring";
2282 const unsigned char expected
[] = {
2283 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2284 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2286 size_t expectedlen
= sizeof(expected
);
2288 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2291 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2292 for (i
= 0; i
< 2; i
++) {
2293 outlen
= sizeof(out
);
2294 memset(out
, 0, outlen
);
2296 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2297 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2298 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2299 sizeof(salt
) - 1), 0)
2300 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2301 sizeof(key
) - 1), 0)
2302 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2303 sizeof(info
) - 1), 0)
2304 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2305 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2312 EVP_PKEY_CTX_free(pctx
);
2317 static int test_emptyikm_HKDF(void)
2320 unsigned char out
[20];
2323 unsigned char salt
[] = "9876543210";
2324 unsigned char key
[] = "";
2325 unsigned char info
[] = "stringinfo";
2326 const unsigned char expected
[] = {
2327 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2328 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2330 size_t expectedlen
= sizeof(expected
);
2332 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2335 outlen
= sizeof(out
);
2336 memset(out
, 0, outlen
);
2338 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2339 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2340 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2341 sizeof(salt
) - 1), 0)
2342 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2343 sizeof(key
) - 1), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2345 sizeof(info
) - 1), 0)
2346 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2347 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2353 EVP_PKEY_CTX_free(pctx
);
2358 #ifndef OPENSSL_NO_EC
2359 static int test_X509_PUBKEY_inplace(void)
2362 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2363 const unsigned char *p
= kExampleECPubKeyDER
;
2364 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2368 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2371 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2374 p
= kExampleBadECPubKeyDER
;
2375 input_len
= sizeof(kExampleBadECPubKeyDER
);
2377 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2380 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2386 X509_PUBKEY_free(xp
);
2390 static int test_X509_PUBKEY_dup(void)
2393 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2394 const unsigned char *p
= kExampleECPubKeyDER
;
2395 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2397 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2399 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2400 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2401 || !TEST_ptr_ne(xp
, xq
))
2404 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2405 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2406 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2409 X509_PUBKEY_free(xq
);
2411 p
= kExampleBadECPubKeyDER
;
2412 input_len
= sizeof(kExampleBadECPubKeyDER
);
2414 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2415 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2418 X509_PUBKEY_free(xp
);
2420 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2426 X509_PUBKEY_free(xp
);
2427 X509_PUBKEY_free(xq
);
2430 #endif /* OPENSSL_NO_EC */
2432 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2433 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2435 EVP_MD_CTX
*mdctx
= NULL
;
2436 EVP_PKEY_CTX
*ctx
= NULL
;
2437 const OSSL_PARAM
*params
;
2438 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2441 char mdname
[OSSL_MAX_NAME_SIZE
];
2444 /* Initialise a sign operation */
2445 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2447 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2451 * We should be able to query the parameters now.
2453 params
= EVP_PKEY_CTX_settable_params(ctx
);
2454 if (!TEST_ptr(params
)
2455 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2456 OSSL_SIGNATURE_PARAM_DIGEST
)))
2459 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2460 if (!TEST_ptr(params
)
2461 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2462 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2463 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2464 OSSL_SIGNATURE_PARAM_DIGEST
)))
2468 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2469 * EVP_PKEY_CTX_get_params()
2471 strcpy(mdname
, "SHA512");
2473 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2475 *param
++ = OSSL_PARAM_construct_end();
2477 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2481 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2482 mdname
, sizeof(mdname
));
2483 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2484 || !TEST_str_eq(mdname
, "SHA512"))
2488 * Test the TEST_PKEY_CTX_set_signature_md() and
2489 * TEST_PKEY_CTX_get_signature_md() functions
2491 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2492 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2493 || !TEST_ptr_eq(md
, EVP_sha256()))
2497 * Test getting MD parameters via an associated EVP_PKEY_CTX
2499 mdctx
= EVP_MD_CTX_new();
2500 if (!TEST_ptr(mdctx
)
2501 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2506 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2507 * able to obtain the digest's settable parameters from the provider.
2509 params
= EVP_MD_CTX_settable_params(mdctx
);
2510 if (!TEST_ptr(params
)
2511 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2512 /* The final key should be NULL */
2513 || !TEST_ptr_null(params
[1].key
))
2517 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2518 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2519 ssl3ms
, sizeof(ssl3ms
));
2520 *param
++ = OSSL_PARAM_construct_end();
2522 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2528 EVP_MD_CTX_free(mdctx
);
2529 EVP_PKEY_CTX_free(ctx
);
2534 #ifndef OPENSSL_NO_DSA
2535 static int test_DSA_get_set_params(void)
2537 OSSL_PARAM_BLD
*bld
= NULL
;
2538 OSSL_PARAM
*params
= NULL
;
2539 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2540 EVP_PKEY_CTX
*pctx
= NULL
;
2541 EVP_PKEY
*pkey
= NULL
;
2545 * Setup the parameters for our DSA object. For our purposes they don't
2546 * have to actually be *valid* parameters. We just need to set something.
2548 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2549 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2550 || !TEST_ptr(p
= BN_new())
2551 || !TEST_ptr(q
= BN_new())
2552 || !TEST_ptr(g
= BN_new())
2553 || !TEST_ptr(pub
= BN_new())
2554 || !TEST_ptr(priv
= BN_new()))
2556 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2559 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2564 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2567 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2568 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2572 if (!TEST_ptr(pkey
))
2575 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2578 EVP_PKEY_free(pkey
);
2579 EVP_PKEY_CTX_free(pctx
);
2580 OSSL_PARAM_free(params
);
2581 OSSL_PARAM_BLD_free(bld
);
2592 * Test combinations of private, public, missing and private + public key
2593 * params to ensure they are all accepted
2595 static int test_DSA_priv_pub(void)
2597 return test_EVP_PKEY_ffc_priv_pub("DSA");
2600 #endif /* !OPENSSL_NO_DSA */
2602 static int test_RSA_get_set_params(void)
2604 OSSL_PARAM_BLD
*bld
= NULL
;
2605 OSSL_PARAM
*params
= NULL
;
2606 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2607 EVP_PKEY_CTX
*pctx
= NULL
;
2608 EVP_PKEY
*pkey
= NULL
;
2612 * Setup the parameters for our RSA object. For our purposes they don't
2613 * have to actually be *valid* parameters. We just need to set something.
2615 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2616 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2617 || !TEST_ptr(n
= BN_new())
2618 || !TEST_ptr(e
= BN_new())
2619 || !TEST_ptr(d
= BN_new()))
2621 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2625 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2628 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2629 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2633 if (!TEST_ptr(pkey
))
2636 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2639 EVP_PKEY_free(pkey
);
2640 EVP_PKEY_CTX_free(pctx
);
2641 OSSL_PARAM_free(params
);
2642 OSSL_PARAM_BLD_free(bld
);
2650 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2651 static int test_decrypt_null_chunks(void)
2653 EVP_CIPHER_CTX
* ctx
= NULL
;
2654 EVP_CIPHER
*cipher
= NULL
;
2655 const unsigned char key
[32] = {
2656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2660 unsigned char iv
[12] = {
2661 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2663 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2664 unsigned char ciphertext
[80];
2665 unsigned char plaintext
[80];
2666 /* We initialise tmp to a non zero value on purpose */
2667 int ctlen
, ptlen
, tmp
= 99;
2669 const int enc_offset
= 10, dec_offset
= 20;
2671 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2672 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2673 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2675 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2677 /* Deliberate add a zero length update */
2678 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2680 || !TEST_int_eq(tmp
, 0)
2681 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2683 sizeof(msg
) - enc_offset
))
2684 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2685 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2686 || !TEST_int_eq(tmp
, 0))
2689 /* Deliberately initialise tmp to a non zero value */
2691 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2692 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2695 * Deliberately add a zero length update. We also deliberately do
2696 * this at a different offset than for encryption.
2698 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2700 || !TEST_int_eq(tmp
, 0)
2701 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2702 ciphertext
+ dec_offset
,
2703 ctlen
- dec_offset
))
2704 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2705 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2706 || !TEST_int_eq(tmp
, 0)
2707 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2712 EVP_CIPHER_CTX_free(ctx
);
2713 EVP_CIPHER_free(cipher
);
2716 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2718 #ifndef OPENSSL_NO_DH
2720 * Test combinations of private, public, missing and private + public key
2721 * params to ensure they are all accepted
2723 static int test_DH_priv_pub(void)
2725 return test_EVP_PKEY_ffc_priv_pub("DH");
2728 # ifndef OPENSSL_NO_DEPRECATED_3_0
2729 static int test_EVP_PKEY_set1_DH(void)
2731 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2732 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2734 BIGNUM
*p
, *g
= NULL
;
2735 BIGNUM
*pubkey
= NULL
;
2736 unsigned char pub
[2048 / 8];
2739 if (!TEST_ptr(p
= BN_new())
2740 || !TEST_ptr(g
= BN_new())
2741 || !TEST_ptr(pubkey
= BN_new())
2742 || !TEST_true(BN_set_word(p
, 9999))
2743 || !TEST_true(BN_set_word(g
, 2))
2744 || !TEST_true(BN_set_word(pubkey
, 4321))
2745 || !TEST_ptr(noqdh
= DH_new())
2746 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2747 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2748 || !TEST_ptr(pubkey
= BN_new())
2749 || !TEST_true(BN_set_word(pubkey
, 4321)))
2753 x942dh
= DH_get_2048_256();
2754 pkey1
= EVP_PKEY_new();
2755 pkey2
= EVP_PKEY_new();
2756 if (!TEST_ptr(x942dh
)
2760 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2764 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2765 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2768 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2770 || !TEST_ptr(pubkey
))
2773 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2774 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2777 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2778 OSSL_PKEY_PARAM_PUB_KEY
,
2779 pub
, sizeof(pub
), &len
))
2780 || !TEST_size_t_ne(len
, 0))
2788 EVP_PKEY_free(pkey1
);
2789 EVP_PKEY_free(pkey2
);
2795 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2796 #endif /* !OPENSSL_NO_DH */
2799 * We test what happens with an empty template. For the sake of this test,
2800 * the template must be ignored, and we know that's the case for RSA keys
2801 * (this might arguably be a misfeature, but that's what we currently do,
2802 * even in provider code, since that's how the legacy RSA implementation
2805 static int test_keygen_with_empty_template(int n
)
2807 EVP_PKEY_CTX
*ctx
= NULL
;
2808 EVP_PKEY
*pkey
= NULL
;
2809 EVP_PKEY
*tkey
= NULL
;
2812 if (nullprov
!= NULL
)
2813 return TEST_skip("Test does not support a non-default library context");
2817 /* We do test with no template at all as well */
2818 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2822 /* Here we create an empty RSA key that serves as our template */
2823 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2824 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2825 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2830 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2831 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2836 EVP_PKEY_CTX_free(ctx
);
2837 EVP_PKEY_free(pkey
);
2838 EVP_PKEY_free(tkey
);
2843 * Test that we fail if we attempt to use an algorithm that is not available
2844 * in the current library context (unless we are using an algorithm that
2845 * should be made available via legacy codepaths).
2850 static int test_pkey_ctx_fail_without_provider(int tst
)
2852 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2853 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2854 EVP_PKEY_CTX
*pctx
= NULL
;
2855 const char *keytype
= NULL
;
2856 int expect_null
= 0;
2859 if (!TEST_ptr(tmpctx
))
2862 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2863 if (!TEST_ptr(tmpnullprov
))
2867 * We check for certain algos in the null provider.
2868 * If an algo is expected to have a provider keymgmt, contructing an
2869 * EVP_PKEY_CTX is expected to fail (return NULL).
2870 * Otherwise, if it's expected to have legacy support, contructing an
2871 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2881 #ifdef OPENSSL_NO_EC
2882 TEST_info("EC disable, skipping SM2 check...");
2885 #ifdef OPENSSL_NO_SM2
2886 TEST_info("SM2 disable, skipping SM2 check...");
2891 TEST_error("No test for case %d", tst
);
2895 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2896 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2899 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2905 EVP_PKEY_CTX_free(pctx
);
2906 OSSL_PROVIDER_unload(tmpnullprov
);
2907 OSSL_LIB_CTX_free(tmpctx
);
2911 static int test_rand_agglomeration(void)
2915 OSSL_PARAM params
[3], *p
= params
;
2917 unsigned int step
= 7;
2918 static unsigned char seed
[] = "It does not matter how slowly you go "
2919 "as long as you do not stop.";
2920 unsigned char out
[sizeof(seed
)];
2922 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2923 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2925 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2926 EVP_RAND_free(rand
);
2930 memset(out
, 0, sizeof(out
));
2931 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2932 seed
, sizeof(seed
));
2933 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2934 *p
= OSSL_PARAM_construct_end();
2935 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2936 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2937 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2938 EVP_RAND_CTX_free(ctx
);
2943 * Test that we correctly return the original or "running" IV after
2944 * an encryption operation.
2945 * Run multiple times for some different relevant algorithms/modes.
2947 static int test_evp_iv_aes(int idx
)
2950 EVP_CIPHER_CTX
*ctx
= NULL
;
2951 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2952 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2953 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2954 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2955 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2956 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2957 9, 10, 11, 12, 13, 14, 15, 16 };
2958 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2959 unsigned char *ref_iv
;
2960 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2961 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2963 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2964 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2965 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2966 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2967 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2968 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2969 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2970 #ifndef OPENSSL_NO_OCB
2971 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2972 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2974 int len
= sizeof(ciphertext
);
2975 size_t ivlen
, ref_len
;
2976 const EVP_CIPHER
*type
= NULL
;
2979 if (nullprov
!= NULL
&& idx
< 6)
2980 return TEST_skip("Test does not support a non-default library context");
2984 type
= EVP_aes_128_cbc();
2987 type
= (type
!= NULL
) ? type
:
2988 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2990 ref_len
= sizeof(cbc_state
);
2994 type
= EVP_aes_128_ofb();
2997 type
= (type
!= NULL
) ? type
:
2998 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3000 ref_len
= sizeof(ofb_state
);
3004 type
= EVP_aes_128_cfb();
3007 type
= (type
!= NULL
) ? type
:
3008 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3010 ref_len
= sizeof(cfb_state
);
3014 type
= EVP_aes_128_gcm();
3017 type
= (type
!= NULL
) ? type
:
3018 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3020 ref_len
= sizeof(gcm_state
);
3023 type
= EVP_aes_128_ccm();
3026 type
= (type
!= NULL
) ? type
:
3027 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3029 ref_len
= sizeof(ccm_state
);
3031 #ifdef OPENSSL_NO_OCB
3037 type
= EVP_aes_128_ocb();
3040 type
= (type
!= NULL
) ? type
:
3041 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3043 ref_len
= sizeof(ocb_state
);
3051 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3052 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3053 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3055 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3056 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3057 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3059 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3060 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3061 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3064 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3065 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3066 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3069 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3072 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3078 EVP_CIPHER_CTX_free(ctx
);
3080 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3084 #ifndef OPENSSL_NO_DES
3085 static int test_evp_iv_des(int idx
)
3088 EVP_CIPHER_CTX
*ctx
= NULL
;
3089 static const unsigned char key
[24] = {
3090 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3091 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3092 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3094 static const unsigned char init_iv
[8] = {
3095 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3097 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3098 9, 10, 11, 12, 13, 14, 15, 16 };
3099 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3100 unsigned const char *ref_iv
;
3101 static const unsigned char cbc_state_des
[8] = {
3102 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3104 static const unsigned char cbc_state_3des
[8] = {
3105 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3107 static const unsigned char ofb_state_des
[8] = {
3108 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3110 static const unsigned char ofb_state_3des
[8] = {
3111 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3113 static const unsigned char cfb_state_des
[8] = {
3114 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3116 static const unsigned char cfb_state_3des
[8] = {
3117 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3119 int len
= sizeof(ciphertext
);
3120 size_t ivlen
, ref_len
;
3121 EVP_CIPHER
*type
= NULL
;
3123 if (lgcyprov
== NULL
&& idx
< 3)
3124 return TEST_skip("Test requires legacy provider to be loaded");
3128 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3129 ref_iv
= cbc_state_des
;
3130 ref_len
= sizeof(cbc_state_des
);
3133 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3134 ref_iv
= ofb_state_des
;
3135 ref_len
= sizeof(ofb_state_des
);
3138 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3139 ref_iv
= cfb_state_des
;
3140 ref_len
= sizeof(cfb_state_des
);
3143 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3144 ref_iv
= cbc_state_3des
;
3145 ref_len
= sizeof(cbc_state_3des
);
3148 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3149 ref_iv
= ofb_state_3des
;
3150 ref_len
= sizeof(ofb_state_3des
);
3153 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3154 ref_iv
= cfb_state_3des
;
3155 ref_len
= sizeof(cfb_state_3des
);
3162 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3163 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3164 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3166 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3167 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3168 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3170 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3171 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3172 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3175 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3176 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3178 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3183 EVP_CIPHER_CTX_free(ctx
);
3184 EVP_CIPHER_free(type
);
3189 #ifndef OPENSSL_NO_EC
3190 static int ecpub_nids
[] = {
3191 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3192 NID_secp384r1
, NID_secp521r1
,
3193 # ifndef OPENSSL_NO_EC2M
3194 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3195 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3197 NID_brainpoolP384r1
, NID_brainpoolP512r1
3200 static int test_ecpub(int idx
)
3202 int ret
= 0, len
, savelen
;
3204 unsigned char buf
[1024];
3206 EVP_PKEY
*pkey
= NULL
;
3207 EVP_PKEY_CTX
*ctx
= NULL
;
3208 # ifndef OPENSSL_NO_DEPRECATED_3_0
3209 const unsigned char *q
;
3210 EVP_PKEY
*pkey2
= NULL
;
3214 if (nullprov
!= NULL
)
3215 return TEST_skip("Test does not support a non-default library context");
3217 nid
= ecpub_nids
[idx
];
3219 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3221 || !TEST_true(EVP_PKEY_keygen_init(ctx
))
3222 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3223 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3225 len
= i2d_PublicKey(pkey
, NULL
);
3227 if (!TEST_int_ge(len
, 1)
3228 || !TEST_int_lt(len
, 1024))
3231 len
= i2d_PublicKey(pkey
, &p
);
3232 if (!TEST_int_ge(len
, 1)
3233 || !TEST_int_eq(len
, savelen
))
3236 # ifndef OPENSSL_NO_DEPRECATED_3_0
3237 /* Now try to decode the just-created DER. */
3239 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3240 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3241 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3243 /* EC_KEY ownership transferred */
3245 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3247 /* The keys should match. */
3248 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3255 EVP_PKEY_CTX_free(ctx
);
3256 EVP_PKEY_free(pkey
);
3257 # ifndef OPENSSL_NO_DEPRECATED_3_0
3258 EVP_PKEY_free(pkey2
);
3265 static int test_EVP_rsa_pss_with_keygen_bits(void)
3268 EVP_PKEY_CTX
*ctx
= NULL
;
3269 EVP_PKEY
*pkey
= NULL
;
3272 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3274 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3275 && TEST_true(EVP_PKEY_keygen_init(ctx
))
3276 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3277 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3278 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3281 EVP_PKEY_free(pkey
);
3282 EVP_PKEY_CTX_free(ctx
);
3286 static int success
= 1;
3287 static void md_names(const char *name
, void *vctx
)
3289 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3290 /* Force a namemap update */
3291 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3293 if (!TEST_ptr(aes128
))
3296 EVP_CIPHER_free(aes128
);
3300 * Test that changing the namemap in a user callback works in a names_do_all
3303 static int test_names_do_all(void)
3305 /* We use a custom libctx so that we know the state of the namemap */
3306 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3307 EVP_MD
*sha256
= NULL
;
3313 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3314 if (!TEST_ptr(sha256
))
3318 * We loop through all the names for a given digest. This should still work
3319 * even if the namemap changes part way through.
3321 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3324 if (!TEST_true(success
))
3329 EVP_MD_free(sha256
);
3330 OSSL_LIB_CTX_free(ctx
);
3336 const unsigned char *key
;
3337 const unsigned char *iv
;
3338 const unsigned char *input
;
3339 const unsigned char *expected
;
3340 const unsigned char *tag
;
3341 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3350 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3352 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3353 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3357 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3358 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3359 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3360 sizeof(gcmDefaultTag
), 1, 0, 1
3363 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3364 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3368 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3369 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3370 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3371 sizeof(gcmDefaultTag
), 0, 0, 1
3374 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3375 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3379 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3380 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3381 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3382 sizeof(gcmDefaultTag
), 1, 1, 0
3385 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3386 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3390 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3391 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3392 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3393 sizeof(gcmDefaultTag
), 0, 1, 0
3397 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3401 if (t
->ivlen
!= 0) {
3402 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3405 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3413 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3414 * arguments are given one at a time and a final adjustment to the enc
3415 * parameter sets the correct operation.
3417 static int test_evp_init_seq(int idx
)
3419 int outlen1
, outlen2
;
3421 unsigned char outbuf
[1024];
3422 unsigned char tag
[16];
3423 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3424 EVP_CIPHER_CTX
*ctx
= NULL
;
3425 EVP_CIPHER
*type
= NULL
;
3426 size_t taglen
= sizeof(tag
);
3427 char *errmsg
= NULL
;
3429 ctx
= EVP_CIPHER_CTX_new();
3431 errmsg
= "CTX_ALLOC";
3434 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3435 errmsg
= "CIPHER_FETCH";
3438 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3439 errmsg
= "EMPTY_ENC_INIT";
3442 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3446 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3447 errmsg
= "KEY_INIT (before iv)";
3450 if (!evp_init_seq_set_iv(ctx
, t
)) {
3454 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3455 errmsg
= "KEY_INIT (after iv)";
3458 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3459 errmsg
= "FINAL_ENC_INIT";
3462 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3463 errmsg
= "CIPHER_UPDATE";
3466 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3467 /* Set expected tag */
3468 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3469 t
->taglen
, (void *)t
->tag
))) {
3474 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3475 errmsg
= "CIPHER_FINAL";
3478 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3479 errmsg
= "WRONG_RESULT";
3482 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3483 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3487 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3488 errmsg
= "TAG_ERROR";
3495 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3496 EVP_CIPHER_CTX_free(ctx
);
3497 EVP_CIPHER_free(type
);
3502 const unsigned char *input
;
3503 const unsigned char *expected
;
3507 } EVP_RESET_TEST_st
;
3509 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3511 cfbPlaintext
, cfbCiphertext
,
3512 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3515 cfbCiphertext
, cfbPlaintext
,
3516 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3521 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3524 static int test_evp_reset(int idx
)
3526 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3527 int outlen1
, outlen2
;
3529 unsigned char outbuf
[1024];
3530 EVP_CIPHER_CTX
*ctx
= NULL
;
3531 EVP_CIPHER
*type
= NULL
;
3532 char *errmsg
= NULL
;
3534 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3535 errmsg
= "CTX_ALLOC";
3538 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3539 errmsg
= "CIPHER_FETCH";
3542 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3543 errmsg
= "CIPHER_INIT";
3546 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3550 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3551 errmsg
= "CIPHER_UPDATE";
3554 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3555 errmsg
= "CIPHER_FINAL";
3558 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3559 errmsg
= "WRONG_RESULT";
3562 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3563 errmsg
= "CIPHER_REINIT";
3566 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3567 errmsg
= "CIPHER_UPDATE (reinit)";
3570 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3571 errmsg
= "CIPHER_FINAL (reinit)";
3574 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3575 errmsg
= "WRONG_RESULT (reinit)";
3581 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3582 EVP_CIPHER_CTX_free(ctx
);
3583 EVP_CIPHER_free(type
);
3590 } EVP_UPDATED_IV_TEST_st
;
3592 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3632 * Test that the IV in the context is updated during a crypto operation for CFB
3635 static int test_evp_updated_iv(int idx
)
3637 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3638 int outlen1
, outlen2
;
3640 unsigned char outbuf
[1024];
3641 EVP_CIPHER_CTX
*ctx
= NULL
;
3642 EVP_CIPHER
*type
= NULL
;
3643 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3645 char *errmsg
= NULL
;
3647 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3648 errmsg
= "CTX_ALLOC";
3651 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3652 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3656 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3657 errmsg
= "CIPHER_INIT";
3660 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3664 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3665 errmsg
= "CIPHER_UPDATE";
3668 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3669 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3672 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3673 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3676 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3677 errmsg
= "IV_NOT_UPDATED";
3680 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3681 errmsg
= "CIPHER_FINAL";
3688 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3689 EVP_CIPHER_CTX_free(ctx
);
3690 EVP_CIPHER_free(type
);
3695 const unsigned char *iv1
;
3696 const unsigned char *iv2
;
3697 const unsigned char *expected1
;
3698 const unsigned char *expected2
;
3699 const unsigned char *tag1
;
3700 const unsigned char *tag2
;
3703 size_t expectedlen1
;
3704 size_t expectedlen2
;
3705 } TEST_GCM_IV_REINIT_st
;
3707 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3709 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3710 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3711 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3714 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3715 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3716 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3720 static int test_gcm_reinit(int idx
)
3722 int outlen1
, outlen2
, outlen3
;
3724 unsigned char outbuf
[1024];
3725 unsigned char tag
[16];
3726 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3727 EVP_CIPHER_CTX
*ctx
= NULL
;
3728 EVP_CIPHER
*type
= NULL
;
3729 size_t taglen
= sizeof(tag
);
3730 char *errmsg
= NULL
;
3732 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3733 errmsg
= "CTX_ALLOC";
3736 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3737 errmsg
= "CIPHER_FETCH";
3740 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3741 errmsg
= "ENC_INIT";
3744 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3745 errmsg
= "SET_IVLEN1";
3748 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3752 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3756 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3757 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3758 sizeof(gcmResetPlaintext
)))) {
3759 errmsg
= "CIPHER_UPDATE1";
3762 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3763 errmsg
= "CIPHER_FINAL1";
3766 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3767 errmsg
= "WRONG_RESULT1";
3770 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3771 errmsg
= "GET_TAG1";
3774 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3775 errmsg
= "TAG_ERROR1";
3779 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3780 errmsg
= "SET_IVLEN2";
3783 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3787 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3791 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3792 sizeof(gcmResetPlaintext
)))) {
3793 errmsg
= "CIPHER_UPDATE2";
3796 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3797 errmsg
= "CIPHER_FINAL2";
3800 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3801 errmsg
= "WRONG_RESULT2";
3804 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3805 errmsg
= "GET_TAG2";
3808 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3809 errmsg
= "TAG_ERROR2";
3815 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3816 EVP_CIPHER_CTX_free(ctx
);
3817 EVP_CIPHER_free(type
);
3821 #ifndef OPENSSL_NO_DEPRECATED_3_0
3822 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3823 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3825 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3827 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3829 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3831 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3835 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3837 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3839 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3843 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3844 size_t *outlen
, const unsigned char *in
,
3847 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3848 const unsigned char *tbs
, size_t tbslen
);
3850 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3851 return psign(ctx
, out
, outlen
, in
, inlen
);
3854 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3855 size_t *siglen
, const unsigned char *tbs
,
3858 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3859 const unsigned char *tbs
, size_t tbslen
);
3861 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3862 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3865 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3868 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3870 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3871 return pderive(ctx
, key
, keylen
);
3874 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3876 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3878 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3879 return pcopy(dst
, src
);
3882 static int ctrl_called
;
3884 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3886 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3888 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3890 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3895 return pctrl(ctx
, type
, p1
, p2
);
3898 static int test_custom_pmeth(int idx
)
3900 EVP_PKEY_CTX
*pctx
= NULL
;
3901 EVP_MD_CTX
*ctx
= NULL
;
3902 EVP_PKEY
*pkey
= NULL
;
3903 int id
, orig_id
, orig_flags
;
3906 unsigned char *res
= NULL
;
3907 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3908 const EVP_MD
*md
= EVP_sha256();
3913 /* We call deprecated APIs so this test doesn't support a custom libctx */
3914 if (testctx
!= NULL
)
3921 pkey
= load_example_rsa_key();
3925 # ifndef OPENSSL_NO_DSA
3927 pkey
= load_example_dsa_key();
3934 # ifndef OPENSSL_NO_EC
3936 pkey
= load_example_ec_key();
3943 # ifndef OPENSSL_NO_EC
3944 id
= EVP_PKEY_ED25519
;
3946 pkey
= load_example_ed25519_key();
3953 # ifndef OPENSSL_NO_DH
3956 pkey
= load_example_dh_key();
3963 # ifndef OPENSSL_NO_EC
3964 id
= EVP_PKEY_X25519
;
3966 pkey
= load_example_x25519_key();
3972 TEST_error("Should not happen");
3976 if (!TEST_ptr(pkey
))
3980 if (!TEST_true(evp_pkey_is_provided(pkey
)))
3983 EVP_PKEY
*tmp
= pkey
;
3985 /* Convert to a legacy key */
3986 pkey
= EVP_PKEY_new();
3987 if (!TEST_ptr(pkey
)) {
3991 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
3996 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4000 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4004 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4005 if (!TEST_int_eq(orig_id
, id
)
4006 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4009 if (id
== EVP_PKEY_ED25519
) {
4010 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4011 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4012 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4014 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4016 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4017 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4018 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4019 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4021 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4022 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4026 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4028 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4029 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4030 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4032 || !TEST_int_eq(ctrl_called
, 1)
4033 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4034 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4035 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4036 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4039 ctx
= EVP_MD_CTX_new();
4040 reslen
= EVP_PKEY_size(pkey
);
4041 res
= OPENSSL_malloc(reslen
);
4044 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4045 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4046 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4048 || !TEST_int_eq(ctrl_called
, 1))
4051 if (id
== EVP_PKEY_ED25519
) {
4052 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4055 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4056 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4064 EVP_MD_CTX_free(ctx
);
4066 EVP_PKEY_CTX_free(pctx
);
4067 EVP_PKEY_free(pkey
);
4068 EVP_PKEY_meth_remove(custom_pmeth
);
4069 EVP_PKEY_meth_free(custom_pmeth
);
4070 custom_pmeth
= NULL
;
4074 static int test_evp_md_cipher_meth(void)
4076 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4077 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4080 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4086 EVP_MD_meth_free(md
);
4087 EVP_CIPHER_meth_free(ciph
);
4092 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4093 /* Test we can create a signature keys with an associated ENGINE */
4094 static int test_signatures_with_engine(int tst
)
4097 const char *engine_id
= "dasync";
4098 EVP_PKEY
*pkey
= NULL
;
4099 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4100 const unsigned char cmackey
[] = {
4101 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4102 0x0c, 0x0d, 0x0e, 0x0f
4104 const unsigned char ed25519key
[] = {
4105 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4106 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4107 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4109 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4111 EVP_MD_CTX
*ctx
= NULL
;
4112 unsigned char *mac
= NULL
;
4116 # ifdef OPENSSL_NO_CMAC
4117 /* Skip CMAC tests in a no-cmac build */
4122 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4125 if (!TEST_true(ENGINE_init(e
))) {
4132 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4136 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4140 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4141 sizeof(ed25519key
));
4144 TEST_error("Invalid test case");
4147 if (!TEST_ptr(pkey
))
4150 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4153 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4156 if (!TEST_true(ret
))
4159 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4160 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4163 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4166 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4169 /* We used a bad key. We expect a failure here */
4170 if (!TEST_false(ret
))
4176 EVP_MD_CTX_free(ctx
);
4178 EVP_PKEY_free(pkey
);
4185 static int test_cipher_with_engine(void)
4188 const char *engine_id
= "dasync";
4189 const unsigned char keyiv
[] = {
4190 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4191 0x0c, 0x0d, 0x0e, 0x0f
4193 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4195 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4196 unsigned char buf
[AES_BLOCK_SIZE
];
4199 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4202 if (!TEST_true(ENGINE_init(e
))) {
4207 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4208 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4211 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4214 /* Copy the ctx, and complete the operation with the new ctx */
4215 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4218 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4219 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4224 EVP_CIPHER_CTX_free(ctx
);
4225 EVP_CIPHER_CTX_free(ctx2
);
4231 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4232 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4234 static int ecxnids
[] = {
4241 /* Test that creating ECX keys with a short private key fails as expected */
4242 static int test_ecx_short_keys(int tst
)
4244 unsigned char ecxkeydata
= 1;
4248 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4249 if (!TEST_ptr_null(pkey
)) {
4250 EVP_PKEY_free(pkey
);
4256 typedef enum OPTION_choice
{
4263 const OPTIONS
*test_get_options(void)
4265 static const OPTIONS options
[] = {
4266 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4267 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4273 int setup_tests(void)
4277 while ((o
= opt_next()) != OPT_EOF
) {
4280 /* Set up an alternate library context */
4281 testctx
= OSSL_LIB_CTX_new();
4282 if (!TEST_ptr(testctx
))
4284 /* Swap the libctx to test non-default context only */
4285 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4286 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4287 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4289 case OPT_TEST_CASES
:
4296 ADD_TEST(test_EVP_set_default_properties
);
4297 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4298 ADD_TEST(test_EVP_DigestVerifyInit
);
4299 #ifndef OPENSSL_NO_SIPHASH
4300 ADD_TEST(test_siphash_digestsign
);
4302 ADD_TEST(test_EVP_Digest
);
4303 ADD_TEST(test_EVP_md_null
);
4304 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4305 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4306 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4307 ADD_TEST(test_privatekey_to_pkcs8
);
4308 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4309 #ifndef OPENSSL_NO_EC
4310 ADD_TEST(test_EVP_PKCS82PKEY
);
4312 #ifndef OPENSSL_NO_EC
4313 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4315 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4316 ADD_TEST(test_EVP_SM2
);
4317 ADD_TEST(test_EVP_SM2_verify
);
4319 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4320 #ifndef OPENSSL_NO_DEPRECATED_3_0
4321 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4322 if (!TEST_ptr(custom_pmeth
))
4324 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4325 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4326 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4327 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4330 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4331 #ifndef OPENSSL_NO_CMAC
4332 ADD_TEST(test_CMAC_keygen
);
4334 ADD_TEST(test_HKDF
);
4335 ADD_TEST(test_emptyikm_HKDF
);
4336 #ifndef OPENSSL_NO_EC
4337 ADD_TEST(test_X509_PUBKEY_inplace
);
4338 ADD_TEST(test_X509_PUBKEY_dup
);
4339 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4340 OSSL_NELEM(ec_der_pub_keys
));
4342 #ifndef OPENSSL_NO_DSA
4343 ADD_TEST(test_DSA_get_set_params
);
4344 ADD_TEST(test_DSA_priv_pub
);
4346 ADD_TEST(test_RSA_get_set_params
);
4347 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4348 ADD_TEST(test_decrypt_null_chunks
);
4350 #ifndef OPENSSL_NO_DH
4351 ADD_TEST(test_DH_priv_pub
);
4352 # ifndef OPENSSL_NO_DEPRECATED_3_0
4353 ADD_TEST(test_EVP_PKEY_set1_DH
);
4356 #ifndef OPENSSL_NO_EC
4357 ADD_TEST(test_EC_priv_pub
);
4358 # ifndef OPENSSL_NO_DEPRECATED_3_0
4359 ADD_TEST(test_EC_priv_only_legacy
);
4362 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4363 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4365 ADD_TEST(test_rand_agglomeration
);
4366 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4367 #ifndef OPENSSL_NO_DES
4368 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4370 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4371 #ifndef OPENSSL_NO_EC
4372 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4375 ADD_TEST(test_names_do_all
);
4377 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4378 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4379 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4380 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4382 #ifndef OPENSSL_NO_DEPRECATED_3_0
4383 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4384 ADD_TEST(test_evp_md_cipher_meth
);
4386 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4387 /* Tests only support the default libctx */
4388 if (testctx
== NULL
) {
4389 # ifndef OPENSSL_NO_EC
4390 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4392 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4394 ADD_TEST(test_cipher_with_engine
);
4399 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4404 void cleanup_tests(void)
4406 OSSL_PROVIDER_unload(nullprov
);
4407 OSSL_PROVIDER_unload(deflprov
);
4408 OSSL_PROVIDER_unload(lgcyprov
);
4409 OSSL_LIB_CTX_free(testctx
);