2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
42 OSSL_provider_init_fn ossl_legacy_provider_init;
45 static OSSL_LIB_CTX *testctx = NULL;
46 static char *testpropq = NULL;
48 static OSSL_PROVIDER *nullprov = NULL;
49 static OSSL_PROVIDER *deflprov = NULL;
50 static OSSL_PROVIDER *lgcyprov = NULL;
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
56 static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
111 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
112 * should never use this key anywhere but in an example.
114 #ifndef OPENSSL_NO_DSA
115 static const unsigned char kExampleDSAKeyDER[] = {
116 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
117 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
118 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
119 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
120 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
121 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
122 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
123 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
124 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
125 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
126 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
127 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
128 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
129 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
130 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
131 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
132 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
133 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
134 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
135 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
136 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
137 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
138 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
139 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
140 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
141 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
142 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
143 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
144 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
145 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
146 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
147 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
148 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
149 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
150 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
151 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
152 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
158 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
159 * components are not correct.
161 static const unsigned char kExampleBadRSAKeyDER[] = {
162 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
163 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
164 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
165 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
166 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
167 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
168 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
169 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
170 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
171 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
172 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
173 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
174 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
175 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
176 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
177 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
178 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
179 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
180 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
181 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
182 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
183 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
184 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
185 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
186 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
187 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
188 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
189 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
190 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
191 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
192 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
193 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
194 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
195 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
196 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
197 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
198 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
199 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
200 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
201 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
202 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
203 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
204 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
205 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
206 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
207 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
208 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
209 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
210 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
211 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
212 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
213 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
214 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
215 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
216 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
217 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
218 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
219 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
220 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
221 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
222 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
223 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
224 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
225 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
226 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
227 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
228 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
229 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
230 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
231 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
232 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
233 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
234 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
235 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
236 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
237 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
238 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
239 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
240 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
241 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
242 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
243 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
244 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
245 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
246 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
247 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
248 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
249 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
250 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
254 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
257 static const unsigned char kExampleBad2RSAKeyDER[] = {
258 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
260 0x01, 0x00, 0x02, 0x01, 0x00
263 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
265 static const unsigned char kSignature[] = {
266 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
267 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
268 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
269 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
270 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
271 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
272 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
273 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
274 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
275 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
276 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
280 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
283 static const unsigned char kExampleRSAKeyPKCS8[] = {
284 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
285 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
286 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
287 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
288 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
289 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
290 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
291 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
292 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
293 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
294 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
295 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
296 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
297 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
298 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
299 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
300 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
301 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
302 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
303 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
304 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
305 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
306 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
307 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
308 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
309 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
310 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
311 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
312 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
313 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
314 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
315 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
316 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
317 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
318 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
319 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
320 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
321 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
322 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
323 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
324 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
325 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
326 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
327 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
328 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
329 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
330 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
331 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
332 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
333 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
334 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
335 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
336 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
339 #ifndef OPENSSL_NO_EC
341 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 static const unsigned char kExampleECKeyDER[] = {
345 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
346 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
347 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
348 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
349 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
350 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
351 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
352 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
353 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
354 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
359 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
360 * structure. The private key is equal to the order and will fail to import
362 static const unsigned char kExampleBadECKeyDER[] = {
363 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
364 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
365 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
366 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
367 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
368 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
369 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
370 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
371 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
375 static const unsigned char kExampleECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
387 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
388 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
390 static const unsigned char kExampleBadECPubKeyDER[] = {
391 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
392 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
393 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
394 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
395 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
396 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
397 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
398 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
401 static const unsigned char pExampleECParamDER[] = {
402 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
405 # ifndef OPENSSL_NO_ECX
406 static const unsigned char kExampleED25519KeyDER[] = {
407 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
408 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
409 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
410 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
413 static const unsigned char kExampleED25519PubKeyDER[] = {
414 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
415 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
416 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
417 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
420 # ifndef OPENSSL_NO_DEPRECATED_3_0
421 static const unsigned char kExampleX25519KeyDER[] = {
422 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
423 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
424 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
425 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
431 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
432 #ifndef OPENSSL_NO_DEPRECATED_3_0
433 # ifndef OPENSSL_NO_DH
434 static const unsigned char kExampleDHKeyDER[] = {
435 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
436 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
437 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
438 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
439 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
440 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
441 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
442 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
443 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
444 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
445 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
446 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
447 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
448 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
449 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
450 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
451 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
452 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
453 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
454 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
455 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
456 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
457 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
458 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
459 0x2e, 0x87, 0x2a, 0x0b, 0x7a
464 static const unsigned char kCFBDefaultKey[] = {
465 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
466 0x09, 0xCF, 0x4F, 0x3C
469 static const unsigned char kGCMDefaultKey[32] = { 0 };
471 static const unsigned char kGCMResetKey[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
473 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
474 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
477 static const unsigned char iCFBIV[] = {
478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
479 0x0C, 0x0D, 0x0E, 0x0F
482 static const unsigned char iGCMDefaultIV[12] = { 0 };
484 static const unsigned char iGCMResetIV1[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
488 static const unsigned char iGCMResetIV2[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
492 static const unsigned char cfbPlaintext[] = {
493 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
494 0x73, 0x93, 0x17, 0x2A
496 static const unsigned char cfbPlaintext_partial[] = {
497 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
498 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
501 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
503 static const unsigned char gcmResetPlaintext[] = {
504 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
505 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
506 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
507 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
508 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
511 static const unsigned char cfbCiphertext[] = {
512 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
513 0xE8, 0x3C, 0xFB, 0x4A
516 static const unsigned char cfbCiphertext_partial[] = {
517 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
518 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
521 static const unsigned char ofbCiphertext_partial[] = {
522 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
523 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
526 static const unsigned char gcmDefaultCiphertext[] = {
527 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
528 0xba, 0xf3, 0x9d, 0x18
531 static const unsigned char gcmResetCiphertext1[] = {
532 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
533 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
534 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
535 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
536 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
539 static const unsigned char gcmResetCiphertext2[] = {
540 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
541 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
542 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
543 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
544 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
547 static const unsigned char gcmAAD[] = {
548 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
549 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
552 static const unsigned char gcmDefaultTag[] = {
553 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
554 0xd4, 0x8a, 0xb9, 0x19
557 static const unsigned char gcmResetTag1[] = {
558 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
559 0xfe, 0x2e, 0xa8, 0xf2
562 static const unsigned char gcmResetTag2[] = {
563 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
564 0xbb, 0x2d, 0x55, 0x1b
567 typedef struct APK_DATA_st {
568 const unsigned char *kder;
575 int type; /* 0 for private, 1 for public, 2 for params */
578 static APK_DATA keydata[] = {
579 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
580 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
581 #ifndef OPENSSL_NO_EC
582 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
586 static APK_DATA keycheckdata[] = {
587 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
589 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
591 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
592 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
593 #ifndef OPENSSL_NO_EC
594 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
595 /* group is also associated in our pub key */
596 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
598 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
600 # ifndef OPENSSL_NO_ECX
601 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
602 EVP_PKEY_ED25519, 1, 1, 1, 0},
603 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
604 EVP_PKEY_ED25519, 0, 1, 1, 1},
609 static EVP_PKEY *load_example_key(const char *keytype,
610 const unsigned char *data, size_t data_len)
612 const unsigned char **pdata = &data;
613 EVP_PKEY *pkey = NULL;
614 OSSL_DECODER_CTX *dctx =
615 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
618 /* |pkey| will be NULL on error */
619 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
620 OSSL_DECODER_CTX_free(dctx);
624 static EVP_PKEY *load_example_rsa_key(void)
626 return load_example_key("RSA", kExampleRSAKeyDER,
627 sizeof(kExampleRSAKeyDER));
630 #ifndef OPENSSL_NO_DSA
631 static EVP_PKEY *load_example_dsa_key(void)
633 return load_example_key("DSA", kExampleDSAKeyDER,
634 sizeof(kExampleDSAKeyDER));
638 #ifndef OPENSSL_NO_EC
639 static EVP_PKEY *load_example_ec_key(void)
641 return load_example_key("EC", kExampleECKeyDER,
642 sizeof(kExampleECKeyDER));
646 #ifndef OPENSSL_NO_DEPRECATED_3_0
647 # ifndef OPENSSL_NO_DH
648 static EVP_PKEY *load_example_dh_key(void)
650 return load_example_key("DH", kExampleDHKeyDER,
651 sizeof(kExampleDHKeyDER));
655 # ifndef OPENSSL_NO_ECX
656 static EVP_PKEY *load_example_ed25519_key(void)
658 return load_example_key("ED25519", kExampleED25519KeyDER,
659 sizeof(kExampleED25519KeyDER));
662 static EVP_PKEY *load_example_x25519_key(void)
664 return load_example_key("X25519", kExampleX25519KeyDER,
665 sizeof(kExampleX25519KeyDER));
668 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
670 static EVP_PKEY *load_example_hmac_key(void)
672 EVP_PKEY *pkey = NULL;
673 unsigned char key[] = {
674 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
675 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
676 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
679 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
680 NULL, key, sizeof(key));
687 static int test_EVP_set_default_properties(void)
693 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
694 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
699 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
700 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
701 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
706 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
707 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
712 OSSL_LIB_CTX_free(ctx);
716 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
717 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
719 EVP_PKEY_CTX *pctx = NULL;
720 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
722 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
724 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
725 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
729 if (!TEST_ptr(tmp_pkey))
735 EVP_PKEY_free(tmp_pkey);
736 EVP_PKEY_CTX_free(pctx);
740 static int test_selection(EVP_PKEY *pkey, int selection)
744 BIO *bio = BIO_new(BIO_s_mem());
746 ret = PEM_write_bio_PUBKEY(bio, pkey);
747 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
751 if (!TEST_false(ret))
754 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
756 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
760 if (!TEST_false(ret))
770 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
773 * Test combinations of private, public, missing and private + public key
774 * params to ensure they are all accepted
776 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
777 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
779 OSSL_PARAM_BLD *bld = NULL;
780 OSSL_PARAM *params = NULL;
781 EVP_PKEY *just_params = NULL;
782 EVP_PKEY *params_and_priv = NULL;
783 EVP_PKEY *params_and_pub = NULL;
784 EVP_PKEY *params_and_keypair = NULL;
785 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
789 * Setup the parameters for our pkey object. For our purposes they don't
790 * have to actually be *valid* parameters. We just need to set something.
792 if (!TEST_ptr(p = BN_new())
793 || !TEST_ptr(q = BN_new())
794 || !TEST_ptr(g = BN_new())
795 || !TEST_ptr(pub = BN_new())
796 || !TEST_ptr(priv = BN_new()))
799 /* Test !priv and !pub */
800 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
805 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
806 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
809 OSSL_PARAM_free(params);
810 OSSL_PARAM_BLD_free(bld);
814 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
815 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
818 /* Test priv and !pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
826 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
827 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
830 OSSL_PARAM_free(params);
831 OSSL_PARAM_BLD_free(bld);
835 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
836 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
839 /* Test !priv and pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
851 OSSL_PARAM_free(params);
852 OSSL_PARAM_BLD_free(bld);
856 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
857 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
860 /* Test priv and pub */
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
863 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
864 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
871 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
874 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
879 OSSL_PARAM_free(params);
880 OSSL_PARAM_BLD_free(bld);
881 EVP_PKEY_free(just_params);
882 EVP_PKEY_free(params_and_priv);
883 EVP_PKEY_free(params_and_pub);
884 EVP_PKEY_free(params_and_keypair);
893 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
896 * Test combinations of private, public, missing and private + public key
897 * params to ensure they are all accepted for EC keys
899 #ifndef OPENSSL_NO_EC
900 static unsigned char ec_priv[] = {
901 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
902 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
903 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
905 static unsigned char ec_pub[] = {
906 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
907 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
908 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
909 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
910 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
911 0x08, 0x09, 0xb8, 0xdb, 0x03
914 static int test_EC_priv_pub(void)
916 OSSL_PARAM_BLD *bld = NULL;
917 OSSL_PARAM *params = NULL;
918 EVP_PKEY *just_params = NULL;
919 EVP_PKEY *params_and_priv = NULL;
920 EVP_PKEY *params_and_pub = NULL;
921 EVP_PKEY *params_and_keypair = NULL;
924 unsigned char *encoded = NULL;
926 unsigned char buffer[128];
929 * Setup the parameters for our pkey object. For our purposes they don't
930 * have to actually be *valid* parameters. We just need to set something.
932 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
935 /* Test !priv and !pub */
936 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
937 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
938 OSSL_PKEY_PARAM_GROUP_NAME,
941 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
942 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
945 OSSL_PARAM_free(params);
946 OSSL_PARAM_BLD_free(bld);
950 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
954 /* Test priv and !pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
962 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
963 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
966 OSSL_PARAM_free(params);
967 OSSL_PARAM_BLD_free(bld);
972 * We indicate only parameters here, in spite of having built a key that
973 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
974 * expected to fail because it does not support exporting a private EC
975 * key without a corresponding public key
977 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
978 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
981 /* Test !priv and pub */
982 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
983 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
984 OSSL_PKEY_PARAM_GROUP_NAME,
986 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
987 OSSL_PKEY_PARAM_PUB_KEY,
988 ec_pub, sizeof(ec_pub))))
990 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
991 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
994 OSSL_PARAM_free(params);
995 OSSL_PARAM_BLD_free(bld);
999 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1000 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1003 /* Test priv and pub */
1004 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1005 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1008 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1009 OSSL_PKEY_PARAM_PUB_KEY,
1010 ec_pub, sizeof(ec_pub)))
1011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1015 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1018 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1021 /* Try key equality */
1022 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1023 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1025 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1027 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1029 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1030 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1031 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1032 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1035 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1036 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1038 OPENSSL_free(encoded);
1040 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1041 OPENSSL_free(encoded);
1046 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1047 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1048 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1049 buffer, sizeof(buffer), &len), 1)
1050 || !TEST_int_eq(len, 65))
1054 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1055 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1057 || !TEST_int_eq(len, 65))
1060 /* too-short buffer len*/
1061 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1062 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1063 buffer, 10, &len), 0))
1068 OSSL_PARAM_free(params);
1069 OSSL_PARAM_BLD_free(bld);
1070 EVP_PKEY_free(just_params);
1071 EVP_PKEY_free(params_and_priv);
1072 EVP_PKEY_free(params_and_pub);
1073 EVP_PKEY_free(params_and_keypair);
1079 /* Also test that we can read the EC PUB affine coordinates */
1080 static int test_evp_get_ec_pub(void)
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 unsigned char *pad = NULL;
1085 EVP_PKEY *keypair = NULL;
1086 BIGNUM *priv = NULL;
1091 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1094 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1095 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1096 OSSL_PKEY_PARAM_GROUP_NAME,
1098 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1099 OSSL_PKEY_PARAM_PUB_KEY,
1100 ec_pub, sizeof(ec_pub)))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1105 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1106 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1109 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1112 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1113 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1116 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1120 BN_bn2bin(x, &pad[1]);
1121 BN_bn2bin(y, &pad[33]);
1122 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1128 OSSL_PARAM_free(params);
1129 OSSL_PARAM_BLD_free(bld);
1130 EVP_PKEY_free(keypair);
1138 /* Test that using a legacy EC key with only a private key in it works */
1139 # ifndef OPENSSL_NO_DEPRECATED_3_0
1140 static int test_EC_priv_only_legacy(void)
1142 BIGNUM *priv = NULL;
1144 EC_KEY *eckey = NULL;
1145 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1146 EVP_MD_CTX *ctx = NULL;
1148 /* Create the low level EC_KEY */
1149 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1152 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1153 if (!TEST_ptr(eckey))
1156 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1159 pkey = EVP_PKEY_new();
1160 if (!TEST_ptr(pkey))
1163 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1169 ctx = EVP_MD_CTX_new();
1174 * The EVP_DigestSignInit function should create the key on the
1175 * provider side which is sufficient for this test.
1177 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1178 testpropq, pkey, NULL)))
1180 EVP_MD_CTX_free(ctx);
1186 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1188 /* EVP_PKEY_eq() returns -2 with missing public keys */
1189 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1190 EVP_PKEY_free(pkey);
1198 EVP_MD_CTX_free(ctx);
1199 EVP_PKEY_free(pkey);
1206 static int test_evp_get_ec_pub_legacy(void)
1208 OSSL_LIB_CTX *libctx = NULL;
1209 unsigned char *pad = NULL;
1210 EVP_PKEY *pkey = NULL;
1211 EC_KEY *eckey = NULL;
1212 BIGNUM *priv = NULL;
1217 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1220 /* Create the legacy key */
1221 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1222 NID_X9_62_prime256v1)))
1225 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1228 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1231 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1234 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1237 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1240 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1243 /* Transfer the legacy key */
1244 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1248 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1249 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1252 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1256 BN_bn2bin(x, &pad[1]);
1257 BN_bn2bin(y, &pad[33]);
1259 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1265 OSSL_LIB_CTX_free(libctx);
1266 EVP_PKEY_free(pkey);
1275 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1276 #endif /* OPENSSL_NO_EC */
1278 static int test_EVP_PKEY_sign(int tst)
1281 EVP_PKEY *pkey = NULL;
1282 unsigned char *sig = NULL;
1283 size_t sig_len = 0, shortsig_len = 1;
1284 EVP_PKEY_CTX *ctx = NULL;
1285 unsigned char tbs[] = {
1286 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1287 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1291 if (!TEST_ptr(pkey = load_example_rsa_key()))
1293 } else if (tst == 1) {
1294 #ifndef OPENSSL_NO_DSA
1295 if (!TEST_ptr(pkey = load_example_dsa_key()))
1302 #ifndef OPENSSL_NO_EC
1303 if (!TEST_ptr(pkey = load_example_ec_key()))
1311 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1313 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1314 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1317 sig = OPENSSL_malloc(sig_len);
1319 /* Test sending a signature buffer that is too short is rejected */
1320 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1322 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1324 /* Test the signature round-trips */
1325 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1326 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1332 EVP_PKEY_CTX_free(ctx);
1334 EVP_PKEY_free(pkey);
1338 #ifndef OPENSSL_NO_DEPRECATED_3_0
1339 static int test_EVP_PKEY_sign_with_app_method(int tst)
1342 EVP_PKEY *pkey = NULL;
1344 RSA_METHOD *rsa_meth = NULL;
1345 #ifndef OPENSSL_NO_DSA
1347 DSA_METHOD *dsa_meth = NULL;
1349 unsigned char *sig = NULL;
1350 size_t sig_len = 0, shortsig_len = 1;
1351 EVP_PKEY_CTX *ctx = NULL;
1352 unsigned char tbs[] = {
1353 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1354 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1358 if (!TEST_ptr(pkey = load_example_rsa_key()))
1360 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1363 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1364 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1365 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1367 rsa = NULL; /* now owned by the pkey */
1369 #ifndef OPENSSL_NO_DSA
1370 if (!TEST_ptr(pkey = load_example_dsa_key()))
1372 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1375 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1376 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1377 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1379 dsa = NULL; /* now owned by the pkey */
1386 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1388 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1389 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1392 sig = OPENSSL_malloc(sig_len);
1394 /* Test sending a signature buffer that is too short is rejected */
1395 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1397 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1399 /* Test the signature round-trips */
1400 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1401 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1407 EVP_PKEY_CTX_free(ctx);
1409 EVP_PKEY_free(pkey);
1411 RSA_meth_free(rsa_meth);
1412 #ifndef OPENSSL_NO_DSA
1414 DSA_meth_free(dsa_meth);
1418 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1421 * n = 0 => test using legacy cipher
1422 * n = 1 => test using fetched cipher
1424 static int test_EVP_Enveloped(int n)
1427 EVP_CIPHER_CTX *ctx = NULL;
1428 EVP_PKEY *keypair = NULL;
1429 unsigned char *kek = NULL;
1430 unsigned char iv[EVP_MAX_IV_LENGTH];
1431 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1432 int len, kek_len, ciphertext_len, plaintext_len;
1433 unsigned char ciphertext[32], plaintext[16];
1434 EVP_CIPHER *type = NULL;
1436 if (nullprov != NULL)
1437 return TEST_skip("Test does not support a non-default library context");
1440 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1441 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1445 if (!TEST_ptr(keypair = load_example_rsa_key())
1446 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1447 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1448 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1450 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1452 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1456 ciphertext_len += len;
1458 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1459 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1460 ciphertext, ciphertext_len))
1461 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1464 plaintext_len += len;
1465 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1471 EVP_CIPHER_free(type);
1473 EVP_PKEY_free(keypair);
1474 EVP_CIPHER_CTX_free(ctx);
1479 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1480 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1481 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1482 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1483 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1484 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1485 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1486 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1487 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1488 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1489 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1490 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1491 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1492 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1493 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1494 * Test 15-29: Same as above with reinitialization
1496 static int test_EVP_DigestSignInit(int tst)
1499 EVP_PKEY *pkey = NULL;
1500 unsigned char *sig = NULL, *sig2 = NULL;
1501 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1502 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1503 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1504 BIO *mdbio = NULL, *membio = NULL;
1507 EVP_MD *mdexp = NULL;
1510 if (nullprov != NULL)
1511 return TEST_skip("Test does not support a non-default library context");
1518 if (tst >= 6 && tst <= 8) {
1519 membio = BIO_new(BIO_s_mem());
1520 mdbio = BIO_new(BIO_f_md());
1521 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1523 BIO_push(mdbio, membio);
1524 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1527 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1528 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1533 if (!TEST_ptr(pkey = load_example_rsa_key()))
1535 } else if (tst % 3 == 1) {
1536 #ifndef OPENSSL_NO_DSA
1537 if (!TEST_ptr(pkey = load_example_dsa_key()))
1544 if (!TEST_ptr(pkey = load_example_hmac_key()))
1548 if (tst >= 3 && tst <= 5)
1549 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1553 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1556 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1559 if (tst >= 6 && tst <= 8) {
1560 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1562 } else if (tst < 6) {
1563 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1568 /* Determine the size of the signature. */
1569 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1571 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1574 /* Test that supply a short sig buffer fails */
1575 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1579 * We end here because once EVP_DigestSign() has failed you should
1580 * not call it again without re-initing the ctx
1585 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1589 /* Determine the size of the signature. */
1590 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1591 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1593 * Trying to create a signature with a deliberately short
1594 * buffer should fail.
1596 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1597 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1602 * Ensure that the signature round-trips (Verification isn't supported for
1603 * HMAC via EVP_DigestVerify*)
1606 if (tst >= 6 && tst <= 8) {
1607 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1608 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1612 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1616 if (tst >= 6 && tst <= 8) {
1617 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1620 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1624 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1627 /* Multiple calls to EVP_DigestVerifyFinal should work */
1628 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1632 * For HMAC a doubled call to DigestSignFinal should produce the same
1633 * value as finalization should not happen.
1635 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1636 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1637 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1640 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1649 EVP_MD_CTX_free(a_md_ctx);
1650 EVP_MD_CTX_free(a_md_ctx_verify);
1651 EVP_PKEY_free(pkey);
1659 static int test_EVP_DigestVerifyInit(void)
1662 EVP_PKEY *pkey = NULL;
1663 EVP_MD_CTX *md_ctx = NULL;
1665 if (nullprov != NULL)
1666 return TEST_skip("Test does not support a non-default library context");
1668 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1669 || !TEST_ptr(pkey = load_example_rsa_key()))
1672 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1673 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1674 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1675 sizeof(kSignature)), 0))
1678 /* test with reinitialization */
1679 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1680 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1681 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1682 sizeof(kSignature)), 0))
1687 EVP_MD_CTX_free(md_ctx);
1688 EVP_PKEY_free(pkey);
1692 #ifndef OPENSSL_NO_SIPHASH
1693 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1694 static int test_siphash_digestsign(void)
1696 unsigned char key[16];
1697 unsigned char buf[8], digest[8];
1698 unsigned char expected[8] = {
1699 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1701 EVP_PKEY *pkey = NULL;
1702 EVP_MD_CTX *mdctx = NULL;
1703 EVP_PKEY_CTX *ctx = NULL;
1707 if (nullprov != NULL)
1708 return TEST_skip("Test does not support a non-default library context");
1712 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1716 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1719 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1721 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1722 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1726 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1728 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1730 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1732 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1737 EVP_PKEY_free(pkey);
1738 EVP_MD_CTX_free(mdctx);
1744 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1746 static int test_EVP_Digest(void)
1749 EVP_MD_CTX *md_ctx = NULL;
1750 unsigned char md[EVP_MAX_MD_SIZE];
1751 EVP_MD *sha256 = NULL;
1752 EVP_MD *shake256 = NULL;
1754 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1757 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1758 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1761 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1762 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1763 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1764 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1765 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1768 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1769 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1770 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1771 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1772 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1774 * EVP_DigestInit_ex with NULL type should work on
1775 * pre-initialized context.
1777 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1780 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1781 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1782 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1783 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1784 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1785 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1790 EVP_MD_CTX_free(md_ctx);
1791 EVP_MD_free(sha256);
1792 EVP_MD_free(shake256);
1796 static int test_EVP_md_null(void)
1799 EVP_MD_CTX *md_ctx = NULL;
1800 const EVP_MD *md_null = EVP_md_null();
1801 unsigned char md_value[EVP_MAX_MD_SIZE];
1802 unsigned int md_len = sizeof(md_value);
1804 if (nullprov != NULL)
1805 return TEST_skip("Test does not support a non-default library context");
1807 if (!TEST_ptr(md_null)
1808 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1811 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1812 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1813 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1816 if (!TEST_uint_eq(md_len, 0))
1821 EVP_MD_CTX_free(md_ctx);
1825 static int test_d2i_AutoPrivateKey(int i)
1828 const unsigned char *p;
1829 EVP_PKEY *pkey = NULL;
1830 const APK_DATA *ak = &keydata[i];
1831 const unsigned char *input = ak->kder;
1832 size_t input_len = ak->size;
1833 int expected_id = ak->evptype;
1836 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1837 || !TEST_ptr_eq(p, input + input_len)
1838 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1844 EVP_PKEY_free(pkey);
1848 #ifndef OPENSSL_NO_EC
1850 static const unsigned char ec_public_sect163k1_validxy[] = {
1851 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1852 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1853 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1854 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1855 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1856 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1859 static const unsigned char ec_public_sect163k1_badx[] = {
1860 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1861 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1862 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1863 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1864 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1865 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1868 static const unsigned char ec_public_sect163k1_bady[] = {
1869 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1870 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1871 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1872 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1873 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1874 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1877 static struct ec_der_pub_keys_st {
1878 const unsigned char *der;
1881 } ec_der_pub_keys[] = {
1882 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1883 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1884 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1888 * Tests the range of the decoded EC char2 public point.
1889 * See ec_GF2m_simple_oct2point().
1891 static int test_invalide_ec_char2_pub_range_decode(int id)
1896 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1897 ec_der_pub_keys[id].len);
1899 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1900 || TEST_ptr_null(pkey);
1901 EVP_PKEY_free(pkey);
1905 /* Tests loading a bad key in PKCS8 format */
1906 static int test_EVP_PKCS82PKEY(void)
1909 const unsigned char *derp = kExampleBadECKeyDER;
1910 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1911 EVP_PKEY *pkey = NULL;
1913 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1914 sizeof(kExampleBadECKeyDER))))
1917 if (!TEST_ptr_eq(derp,
1918 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1921 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1927 PKCS8_PRIV_KEY_INFO_free(p8inf);
1928 EVP_PKEY_free(pkey);
1934 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1936 EVP_PKEY *pkey = NULL;
1937 EVP_PKEY *pkey2 = NULL;
1939 char *membuf = NULL;
1940 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1943 if (testctx != NULL)
1944 /* test not supported with non-default context */
1947 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1948 || !TEST_ptr(pkey = load_example_rsa_key())
1949 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1950 NULL, 0, NULL, NULL),
1952 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1953 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1954 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1955 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1961 EVP_PKEY_free(pkey);
1962 EVP_PKEY_free(pkey2);
1963 PKCS8_PRIV_KEY_INFO_free(p8inf);
1964 BIO_free_all(membio);
1968 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1969 static int test_privatekey_to_pkcs8(void)
1971 EVP_PKEY *pkey = NULL;
1973 char *membuf = NULL;
1974 long membuf_len = 0;
1977 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1978 || !TEST_ptr(pkey = load_example_rsa_key())
1979 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1980 NULL, 0, NULL, NULL),
1982 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1983 || !TEST_ptr(membuf)
1984 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1985 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1987 * We try to write PEM as well, just to see that it doesn't err, but
1988 * assume that the result is correct.
1990 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1991 NULL, 0, NULL, NULL),
1997 EVP_PKEY_free(pkey);
1998 BIO_free_all(membio);
2002 #ifndef OPENSSL_NO_EC
2003 static const struct {
2005 const char *encoding_name;
2006 } ec_encodings[] = {
2007 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2008 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2011 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2013 const OSSL_PARAM *p;
2014 const char *enc_name = NULL;
2020 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2021 OSSL_PKEY_PARAM_EC_ENCODING))
2022 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2025 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2026 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2027 *enc = ec_encodings[i].encoding;
2032 return (*enc != -1);
2035 static int test_EC_keygen_with_enc(int idx)
2037 EVP_PKEY *params = NULL, *key = NULL;
2038 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2042 enc = ec_encodings[idx].encoding;
2044 /* Create key parameters */
2045 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2046 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2048 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2049 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2050 || !TEST_ptr(params))
2054 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2055 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2056 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2060 /* Check that the encoding got all the way into the key */
2061 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2062 ec_export_get_encoding_cb, &enc))
2063 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2069 EVP_PKEY_free(params);
2070 EVP_PKEY_CTX_free(kctx);
2071 EVP_PKEY_CTX_free(pctx);
2076 #if !defined(OPENSSL_NO_SM2)
2078 static int test_EVP_SM2_verify(void)
2080 const char *pubkey =
2081 "-----BEGIN PUBLIC KEY-----\n"
2082 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2083 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2084 "-----END PUBLIC KEY-----\n";
2086 const char *msg = "message digest";
2087 const char *id = "ALICE123@YAHOO.COM";
2089 const uint8_t signature[] = {
2090 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2091 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2092 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2093 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2094 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2095 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2096 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2101 EVP_PKEY *pkey = NULL;
2102 EVP_MD_CTX *mctx = NULL;
2103 EVP_PKEY_CTX *pctx = NULL;
2106 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2107 if (!TEST_true(bio != NULL))
2110 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2111 if (!TEST_true(pkey != NULL))
2114 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2117 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2120 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2123 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2125 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2128 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2131 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2134 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2137 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2143 EVP_PKEY_free(pkey);
2144 EVP_PKEY_CTX_free(pctx);
2145 EVP_MD_CTX_free(mctx);
2150 static int test_EVP_SM2(void)
2153 EVP_PKEY *pkey = NULL;
2154 EVP_PKEY *pkeyparams = NULL;
2155 EVP_PKEY_CTX *pctx = NULL;
2156 EVP_PKEY_CTX *kctx = NULL;
2157 EVP_PKEY_CTX *sctx = NULL;
2159 unsigned char *sig = NULL;
2160 EVP_MD_CTX *md_ctx = NULL;
2161 EVP_MD_CTX *md_ctx_verify = NULL;
2162 EVP_PKEY_CTX *cctx = NULL;
2163 EVP_MD *check_md = NULL;
2165 uint8_t ciphertext[128];
2166 size_t ctext_len = sizeof(ciphertext);
2168 uint8_t plaintext[8];
2169 size_t ptext_len = sizeof(plaintext);
2171 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2173 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2174 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2176 char mdname[OSSL_MAX_NAME_SIZE];
2178 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2182 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2185 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2188 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2191 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2192 pkeyparams, testpropq)))
2195 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2198 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2201 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2204 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2207 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2210 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2211 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2213 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2216 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2222 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2225 /* Determine the size of the signature. */
2226 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2229 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2232 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2235 /* Ensure that the signature round-trips. */
2237 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2241 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2244 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2247 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2251 * Try verify again with non-matching 0 length id but ensure that it can
2252 * be set on the context and overrides the previous value.
2255 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2259 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2265 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2268 /* now check encryption/decryption */
2270 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2271 mdname, sizeof(mdname));
2272 for (i = 0; i < 2; i++) {
2273 const char *mdnames[] = {
2274 #ifndef OPENSSL_NO_SM3
2280 EVP_PKEY_CTX_free(cctx);
2282 if (mdnames[i] == NULL)
2286 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2287 (char *)mdnames[i], 0);
2289 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2293 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2296 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2299 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2303 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2306 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2309 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2313 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2317 * Test we're still using the digest we think we are.
2318 * Because of aliases, the easiest is to fetch the digest and
2319 * check the name with EVP_MD_is_a().
2321 EVP_MD_free(check_md);
2322 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2324 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2325 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2329 if (!TEST_true(ptext_len == sizeof(kMsg)))
2332 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2338 EVP_PKEY_CTX_free(pctx);
2339 EVP_PKEY_CTX_free(kctx);
2340 EVP_PKEY_CTX_free(sctx);
2341 EVP_PKEY_CTX_free(cctx);
2342 EVP_PKEY_free(pkey);
2343 EVP_PKEY_free(pkeyparams);
2344 EVP_MD_CTX_free(md_ctx);
2345 EVP_MD_CTX_free(md_ctx_verify);
2346 EVP_MD_free(check_md);
2353 static struct keys_st {
2359 EVP_PKEY_HMAC, "0123456789", NULL
2362 EVP_PKEY_HMAC, "", NULL
2363 #ifndef OPENSSL_NO_POLY1305
2365 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2367 #ifndef OPENSSL_NO_SIPHASH
2369 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2372 #ifndef OPENSSL_NO_ECX
2374 EVP_PKEY_X25519, "01234567890123456789012345678901",
2375 "abcdefghijklmnopqrstuvwxyzabcdef"
2377 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2378 "abcdefghijklmnopqrstuvwxyzabcdef"
2381 "01234567890123456789012345678901234567890123456789012345",
2382 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2385 "012345678901234567890123456789012345678901234567890123456",
2386 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2391 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2394 unsigned char buf[80];
2396 size_t inlen, len = 0, shortlen = 1;
2399 /* Check if this algorithm supports public keys */
2400 if (pub && keys[tst].pub == NULL)
2403 memset(buf, 0, sizeof(buf));
2406 #ifndef OPENSSL_NO_EC
2407 inlen = strlen(keys[tst].pub);
2408 in = (unsigned char *)keys[tst].pub;
2410 pkey = EVP_PKEY_new_raw_public_key_ex(
2412 OBJ_nid2sn(keys[tst].type),
2417 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2426 inlen = strlen(keys[tst].priv);
2427 in = (unsigned char *)keys[tst].priv;
2429 pkey = EVP_PKEY_new_raw_private_key_ex(
2430 testctx, OBJ_nid2sn(keys[tst].type),
2435 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2443 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2444 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2445 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2446 || !TEST_true(len == inlen))
2450 * Test that supplying a buffer that is too small fails. Doesn't apply
2451 * to HMAC with a zero length key
2453 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2455 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2459 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2460 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2461 || !TEST_mem_eq(in, inlen, buf, len))
2466 EVP_PKEY_free(pkey);
2470 static int test_set_get_raw_keys(int tst)
2472 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2473 && test_set_get_raw_keys_int(tst, 0, 1)
2474 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2475 && test_set_get_raw_keys_int(tst, 1, 1);
2478 #ifndef OPENSSL_NO_DEPRECATED_3_0
2479 static int pkey_custom_check(EVP_PKEY *pkey)
2484 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2489 static int pkey_custom_param_check(EVP_PKEY *pkey)
2494 static EVP_PKEY_METHOD *custom_pmeth;
2497 static int test_EVP_PKEY_check(int i)
2500 EVP_PKEY *pkey = NULL;
2501 EVP_PKEY_CTX *ctx = NULL;
2502 #ifndef OPENSSL_NO_DEPRECATED_3_0
2503 EVP_PKEY_CTX *ctx2 = NULL;
2505 const APK_DATA *ak = &keycheckdata[i];
2506 const unsigned char *input = ak->kder;
2507 size_t input_len = ak->size;
2508 int expected_id = ak->evptype;
2509 int expected_check = ak->check;
2510 int expected_pub_check = ak->pub_check;
2511 int expected_param_check = ak->param_check;
2512 int type = ak->type;
2514 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2517 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2520 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2523 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2526 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2529 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2532 #ifndef OPENSSL_NO_DEPRECATED_3_0
2533 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2534 /* assign the pkey directly, as an internal test */
2535 EVP_PKEY_up_ref(pkey);
2538 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2541 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2544 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2551 EVP_PKEY_CTX_free(ctx);
2552 #ifndef OPENSSL_NO_DEPRECATED_3_0
2553 EVP_PKEY_CTX_free(ctx2);
2555 EVP_PKEY_free(pkey);
2559 #ifndef OPENSSL_NO_CMAC
2560 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2562 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2563 const char msg[] = "Hello World";
2564 size_t maclen = AES_BLOCK_SIZE;
2567 if (!TEST_ptr(mdctx)
2568 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2569 testpropq, pkey, NULL))
2570 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2571 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2572 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2575 EVP_MD_CTX_free(mdctx);
2579 static int test_CMAC_keygen(void)
2581 static unsigned char key[] = {
2582 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2583 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2584 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2586 EVP_PKEY_CTX *kctx = NULL;
2588 EVP_PKEY *pkey = NULL;
2589 unsigned char mac[AES_BLOCK_SIZE];
2590 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2591 unsigned char mac2[AES_BLOCK_SIZE];
2594 if (nullprov != NULL)
2595 return TEST_skip("Test does not support a non-default library context");
2598 * This is a legacy method for CMACs, but should still work.
2599 * This verifies that it works without an ENGINE.
2601 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2603 /* Test a CMAC key created using the "generated" method */
2604 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2605 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2606 EVP_PKEY_CTRL_CIPHER,
2607 0, (void *)EVP_aes_256_cbc()), 0)
2608 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2609 EVP_PKEY_CTRL_SET_MAC_KEY,
2610 sizeof(key), (void *)key), 0)
2611 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2613 || !TEST_true(get_cmac_val(pkey, mac)))
2616 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2617 EVP_PKEY_free(pkey);
2620 * Test a CMAC key using the direct method, and compare with the mac
2623 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2625 || !TEST_true(get_cmac_val(pkey, mac2))
2626 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2633 EVP_PKEY_free(pkey);
2634 EVP_PKEY_CTX_free(kctx);
2639 static int test_HKDF(void)
2642 unsigned char out[20];
2645 unsigned char salt[] = "0123456789";
2646 unsigned char key[] = "012345678901234567890123456789";
2647 unsigned char info[] = "infostring";
2648 const unsigned char expected[] = {
2649 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2650 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2652 size_t expectedlen = sizeof(expected);
2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2657 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2658 for (i = 0; i < 2; i++) {
2659 outlen = sizeof(out);
2660 memset(out, 0, outlen);
2662 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2663 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2664 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2665 sizeof(salt) - 1), 0)
2666 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2667 sizeof(key) - 1), 0)
2668 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2669 sizeof(info) - 1), 0)
2670 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2671 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2678 EVP_PKEY_CTX_free(pctx);
2683 static int test_emptyikm_HKDF(void)
2686 unsigned char out[20];
2689 unsigned char salt[] = "9876543210";
2690 unsigned char key[] = "";
2691 unsigned char info[] = "stringinfo";
2692 const unsigned char expected[] = {
2693 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2694 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2696 size_t expectedlen = sizeof(expected);
2698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2701 outlen = sizeof(out);
2702 memset(out, 0, outlen);
2704 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2705 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2706 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2707 sizeof(salt) - 1), 0)
2708 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2709 sizeof(key) - 1), 0)
2710 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2711 sizeof(info) - 1), 0)
2712 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2713 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2719 EVP_PKEY_CTX_free(pctx);
2724 #ifndef OPENSSL_NO_EC
2725 static int test_X509_PUBKEY_inplace(void)
2728 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2729 const unsigned char *p = kExampleECPubKeyDER;
2730 size_t input_len = sizeof(kExampleECPubKeyDER);
2734 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2737 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2740 p = kExampleBadECPubKeyDER;
2741 input_len = sizeof(kExampleBadECPubKeyDER);
2743 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2746 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2752 X509_PUBKEY_free(xp);
2756 static int test_X509_PUBKEY_dup(void)
2759 X509_PUBKEY *xp = NULL, *xq = NULL;
2760 const unsigned char *p = kExampleECPubKeyDER;
2761 size_t input_len = sizeof(kExampleECPubKeyDER);
2763 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2765 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2766 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2767 || !TEST_ptr_ne(xp, xq))
2770 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2771 || !TEST_ptr(X509_PUBKEY_get0(xp))
2772 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2775 X509_PUBKEY_free(xq);
2777 p = kExampleBadECPubKeyDER;
2778 input_len = sizeof(kExampleBadECPubKeyDER);
2780 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2781 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2784 X509_PUBKEY_free(xp);
2786 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2792 X509_PUBKEY_free(xp);
2793 X509_PUBKEY_free(xq);
2796 #endif /* OPENSSL_NO_EC */
2798 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2799 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2801 EVP_MD_CTX *mdctx = NULL;
2802 EVP_PKEY_CTX *ctx = NULL;
2803 const OSSL_PARAM *params;
2804 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2807 char mdname[OSSL_MAX_NAME_SIZE];
2810 /* Initialise a sign operation */
2811 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2813 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2817 * We should be able to query the parameters now.
2819 params = EVP_PKEY_CTX_settable_params(ctx);
2820 if (!TEST_ptr(params)
2821 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2822 OSSL_SIGNATURE_PARAM_DIGEST)))
2825 params = EVP_PKEY_CTX_gettable_params(ctx);
2826 if (!TEST_ptr(params)
2827 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2828 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2829 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2830 OSSL_SIGNATURE_PARAM_DIGEST)))
2834 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2835 * EVP_PKEY_CTX_get_params()
2837 strcpy(mdname, "SHA512");
2839 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2841 *param++ = OSSL_PARAM_construct_end();
2843 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2847 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2848 mdname, sizeof(mdname));
2849 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2850 || !TEST_str_eq(mdname, "SHA512"))
2854 * Test the TEST_PKEY_CTX_set_signature_md() and
2855 * TEST_PKEY_CTX_get_signature_md() functions
2857 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2858 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2859 || !TEST_ptr_eq(md, EVP_sha256()))
2863 * Test getting MD parameters via an associated EVP_PKEY_CTX
2865 mdctx = EVP_MD_CTX_new();
2866 if (!TEST_ptr(mdctx)
2867 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2872 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2873 * able to obtain the digest's settable parameters from the provider.
2875 params = EVP_MD_CTX_settable_params(mdctx);
2876 if (!TEST_ptr(params)
2877 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2878 /* The final key should be NULL */
2879 || !TEST_ptr_null(params[1].key))
2883 memset(ssl3ms, 0, sizeof(ssl3ms));
2884 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2885 ssl3ms, sizeof(ssl3ms));
2886 *param++ = OSSL_PARAM_construct_end();
2888 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2894 EVP_MD_CTX_free(mdctx);
2895 EVP_PKEY_CTX_free(ctx);
2900 #ifndef OPENSSL_NO_DSA
2901 static int test_DSA_get_set_params(void)
2903 OSSL_PARAM_BLD *bld = NULL;
2904 OSSL_PARAM *params = NULL;
2905 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2906 EVP_PKEY_CTX *pctx = NULL;
2907 EVP_PKEY *pkey = NULL;
2911 * Setup the parameters for our DSA object. For our purposes they don't
2912 * have to actually be *valid* parameters. We just need to set something.
2914 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2915 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2916 || !TEST_ptr(p = BN_new())
2917 || !TEST_ptr(q = BN_new())
2918 || !TEST_ptr(g = BN_new())
2919 || !TEST_ptr(pub = BN_new())
2920 || !TEST_ptr(priv = BN_new()))
2922 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2923 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2924 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2925 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2927 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2930 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2933 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2934 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2938 if (!TEST_ptr(pkey))
2941 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2944 EVP_PKEY_free(pkey);
2945 EVP_PKEY_CTX_free(pctx);
2946 OSSL_PARAM_free(params);
2947 OSSL_PARAM_BLD_free(bld);
2958 * Test combinations of private, public, missing and private + public key
2959 * params to ensure they are all accepted
2961 static int test_DSA_priv_pub(void)
2963 return test_EVP_PKEY_ffc_priv_pub("DSA");
2966 #endif /* !OPENSSL_NO_DSA */
2968 static int test_RSA_get_set_params(void)
2970 OSSL_PARAM_BLD *bld = NULL;
2971 OSSL_PARAM *params = NULL;
2972 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2973 EVP_PKEY_CTX *pctx = NULL;
2974 EVP_PKEY *pkey = NULL;
2978 * Setup the parameters for our RSA object. For our purposes they don't
2979 * have to actually be *valid* parameters. We just need to set something.
2981 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2982 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2983 || !TEST_ptr(n = BN_new())
2984 || !TEST_ptr(e = BN_new())
2985 || !TEST_ptr(d = BN_new()))
2987 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2988 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2989 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2991 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2994 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2995 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2999 if (!TEST_ptr(pkey))
3002 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3005 EVP_PKEY_free(pkey);
3006 EVP_PKEY_CTX_free(pctx);
3007 OSSL_PARAM_free(params);
3008 OSSL_PARAM_BLD_free(bld);
3016 static int test_RSA_OAEP_set_get_params(void)
3019 EVP_PKEY *key = NULL;
3020 EVP_PKEY_CTX *key_ctx = NULL;
3022 if (nullprov != NULL)
3023 return TEST_skip("Test does not support a non-default library context");
3025 if (!TEST_ptr(key = load_example_rsa_key())
3026 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3030 int padding = RSA_PKCS1_OAEP_PADDING;
3031 OSSL_PARAM params[4];
3033 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3034 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3035 OSSL_DIGEST_NAME_SHA2_256, 0);
3036 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3037 OSSL_DIGEST_NAME_SHA1, 0);
3038 params[3] = OSSL_PARAM_construct_end();
3040 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3044 OSSL_PARAM params[3];
3045 char oaepmd[30] = { '\0' };
3046 char mgf1md[30] = { '\0' };
3048 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3049 oaepmd, sizeof(oaepmd));
3050 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3051 mgf1md, sizeof(mgf1md));
3052 params[2] = OSSL_PARAM_construct_end();
3054 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3057 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3058 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3066 EVP_PKEY_CTX_free(key_ctx);
3071 /* https://github.com/openssl/openssl/issues/21288 */
3072 static int test_RSA_OAEP_set_null_label(void)
3075 EVP_PKEY *key = NULL;
3076 EVP_PKEY_CTX *key_ctx = NULL;
3078 if (!TEST_ptr(key = load_example_rsa_key())
3079 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3080 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3083 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3086 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3089 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3096 EVP_PKEY_CTX_free(key_ctx);
3101 #ifndef OPENSSL_NO_DEPRECATED_3_0
3102 static int test_RSA_legacy(void)
3110 const EVP_MD *md = EVP_sha256();
3111 EVP_MD_CTX *ctx = NULL;
3112 EVP_PKEY *pkey = NULL;
3115 if (nullprov != NULL)
3116 return TEST_skip("Test does not support a non-default library context");
3118 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3119 || !TEST_ptr(q = BN_dup(BN_value_one()))
3120 || !TEST_ptr(n = BN_dup(BN_value_one()))
3121 || !TEST_ptr(e = BN_dup(BN_value_one()))
3122 || !TEST_ptr(d = BN_dup(BN_value_one())))
3125 if (!TEST_ptr(rsa = RSA_new())
3126 || !TEST_ptr(pkey = EVP_PKEY_new())
3127 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3130 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3135 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3141 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3146 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3153 EVP_MD_CTX_free(ctx);
3154 EVP_PKEY_free(pkey);
3165 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3166 static int test_decrypt_null_chunks(void)
3168 EVP_CIPHER_CTX* ctx = NULL;
3169 EVP_CIPHER *cipher = NULL;
3170 const unsigned char key[32] = {
3171 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3172 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3173 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3175 unsigned char iv[12] = {
3176 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3178 unsigned char msg[] = "It was the best of times, it was the worst of times";
3179 unsigned char ciphertext[80];
3180 unsigned char plaintext[80];
3181 /* We initialise tmp to a non zero value on purpose */
3182 int ctlen, ptlen, tmp = 99;
3184 const int enc_offset = 10, dec_offset = 20;
3186 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3187 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3188 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3190 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3192 /* Deliberate add a zero length update */
3193 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3195 || !TEST_int_eq(tmp, 0)
3196 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3198 sizeof(msg) - enc_offset))
3199 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3200 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3201 || !TEST_int_eq(tmp, 0))
3204 /* Deliberately initialise tmp to a non zero value */
3206 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3207 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3210 * Deliberately add a zero length update. We also deliberately do
3211 * this at a different offset than for encryption.
3213 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3215 || !TEST_int_eq(tmp, 0)
3216 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3217 ciphertext + dec_offset,
3218 ctlen - dec_offset))
3219 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3220 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3221 || !TEST_int_eq(tmp, 0)
3222 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3227 EVP_CIPHER_CTX_free(ctx);
3228 EVP_CIPHER_free(cipher);
3231 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3233 #ifndef OPENSSL_NO_DH
3235 * Test combinations of private, public, missing and private + public key
3236 * params to ensure they are all accepted
3238 static int test_DH_priv_pub(void)
3240 return test_EVP_PKEY_ffc_priv_pub("DH");
3243 # ifndef OPENSSL_NO_DEPRECATED_3_0
3244 static int test_EVP_PKEY_set1_DH(void)
3246 DH *x942dh = NULL, *noqdh = NULL;
3247 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3249 BIGNUM *p, *g = NULL;
3250 BIGNUM *pubkey = NULL;
3251 unsigned char pub[2048 / 8];
3254 if (!TEST_ptr(p = BN_new())
3255 || !TEST_ptr(g = BN_new())
3256 || !TEST_ptr(pubkey = BN_new())
3257 || !TEST_true(BN_set_word(p, 9999))
3258 || !TEST_true(BN_set_word(g, 2))
3259 || !TEST_true(BN_set_word(pubkey, 4321))
3260 || !TEST_ptr(noqdh = DH_new())
3261 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3262 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3263 || !TEST_ptr(pubkey = BN_new())
3264 || !TEST_true(BN_set_word(pubkey, 4321)))
3268 x942dh = DH_get_2048_256();
3269 pkey1 = EVP_PKEY_new();
3270 pkey2 = EVP_PKEY_new();
3271 if (!TEST_ptr(x942dh)
3275 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3279 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3280 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3283 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3285 || !TEST_ptr(pubkey))
3288 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3289 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3292 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3293 OSSL_PKEY_PARAM_PUB_KEY,
3294 pub, sizeof(pub), &len))
3295 || !TEST_size_t_ne(len, 0))
3303 EVP_PKEY_free(pkey1);
3304 EVP_PKEY_free(pkey2);
3310 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3311 #endif /* !OPENSSL_NO_DH */
3314 * We test what happens with an empty template. For the sake of this test,
3315 * the template must be ignored, and we know that's the case for RSA keys
3316 * (this might arguably be a misfeature, but that's what we currently do,
3317 * even in provider code, since that's how the legacy RSA implementation
3320 static int test_keygen_with_empty_template(int n)
3322 EVP_PKEY_CTX *ctx = NULL;
3323 EVP_PKEY *pkey = NULL;
3324 EVP_PKEY *tkey = NULL;
3327 if (nullprov != NULL)
3328 return TEST_skip("Test does not support a non-default library context");
3332 /* We do test with no template at all as well */
3333 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3337 /* Here we create an empty RSA key that serves as our template */
3338 if (!TEST_ptr(tkey = EVP_PKEY_new())
3339 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3340 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3345 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3346 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3351 EVP_PKEY_CTX_free(ctx);
3352 EVP_PKEY_free(pkey);
3353 EVP_PKEY_free(tkey);
3358 * Test that we fail if we attempt to use an algorithm that is not available
3359 * in the current library context (unless we are using an algorithm that
3360 * should be made available via legacy codepaths).
3365 static int test_pkey_ctx_fail_without_provider(int tst)
3367 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3368 OSSL_PROVIDER *tmpnullprov = NULL;
3369 EVP_PKEY_CTX *pctx = NULL;
3370 const char *keytype = NULL;
3371 int expect_null = 0;
3374 if (!TEST_ptr(tmpctx))
3377 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3378 if (!TEST_ptr(tmpnullprov))
3382 * We check for certain algos in the null provider.
3383 * If an algo is expected to have a provider keymgmt, constructing an
3384 * EVP_PKEY_CTX is expected to fail (return NULL).
3385 * Otherwise, if it's expected to have legacy support, constructing an
3386 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3396 #ifdef OPENSSL_NO_EC
3397 TEST_info("EC disable, skipping SM2 check...");
3400 #ifdef OPENSSL_NO_SM2
3401 TEST_info("SM2 disable, skipping SM2 check...");
3406 TEST_error("No test for case %d", tst);
3410 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3411 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3414 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3420 EVP_PKEY_CTX_free(pctx);
3421 OSSL_PROVIDER_unload(tmpnullprov);
3422 OSSL_LIB_CTX_free(tmpctx);
3426 static int test_rand_agglomeration(void)
3430 OSSL_PARAM params[3], *p = params;
3432 unsigned int step = 7;
3433 static unsigned char seed[] = "It does not matter how slowly you go "
3434 "as long as you do not stop.";
3435 unsigned char out[sizeof(seed)];
3437 if (!TEST_int_ne(sizeof(seed) % step, 0)
3438 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3440 ctx = EVP_RAND_CTX_new(rand, NULL);
3441 EVP_RAND_free(rand);
3445 memset(out, 0, sizeof(out));
3446 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3447 seed, sizeof(seed));
3448 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3449 *p = OSSL_PARAM_construct_end();
3450 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3451 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3452 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3453 EVP_RAND_CTX_free(ctx);
3458 * Test that we correctly return the original or "running" IV after
3459 * an encryption operation.
3460 * Run multiple times for some different relevant algorithms/modes.
3462 static int test_evp_iv_aes(int idx)
3465 EVP_CIPHER_CTX *ctx = NULL;
3466 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3467 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3468 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3469 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3470 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3471 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3472 9, 10, 11, 12, 13, 14, 15, 16 };
3473 unsigned char ciphertext[32], oiv[16], iv[16];
3474 unsigned char *ref_iv;
3475 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3476 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3478 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3479 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3480 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3481 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3482 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3483 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3484 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3485 #ifndef OPENSSL_NO_OCB
3486 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3487 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3489 int len = sizeof(ciphertext);
3490 size_t ivlen, ref_len;
3491 const EVP_CIPHER *type = NULL;
3494 if (nullprov != NULL && idx < 6)
3495 return TEST_skip("Test does not support a non-default library context");
3499 type = EVP_aes_128_cbc();
3502 type = (type != NULL) ? type :
3503 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3505 ref_len = sizeof(cbc_state);
3509 type = EVP_aes_128_ofb();
3512 type = (type != NULL) ? type :
3513 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3515 ref_len = sizeof(ofb_state);
3519 type = EVP_aes_128_cfb();
3522 type = (type != NULL) ? type :
3523 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3525 ref_len = sizeof(cfb_state);
3529 type = EVP_aes_128_gcm();
3532 type = (type != NULL) ? type :
3533 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3535 ref_len = sizeof(gcm_state);
3538 type = EVP_aes_128_ccm();
3541 type = (type != NULL) ? type :
3542 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3544 ref_len = sizeof(ccm_state);
3546 #ifdef OPENSSL_NO_OCB
3552 type = EVP_aes_128_ocb();
3555 type = (type != NULL) ? type :
3556 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3558 ref_len = sizeof(ocb_state);
3566 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3567 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3568 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3570 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3571 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3572 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3574 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3576 if (!TEST_int_gt(ivlen, 0))
3579 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3580 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3583 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3584 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3585 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3588 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3591 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3597 EVP_CIPHER_CTX_free(ctx);
3599 EVP_CIPHER_free((EVP_CIPHER *)type);
3603 #ifndef OPENSSL_NO_DES
3604 static int test_evp_iv_des(int idx)
3607 EVP_CIPHER_CTX *ctx = NULL;
3608 static const unsigned char key[24] = {
3609 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3610 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3611 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3613 static const unsigned char init_iv[8] = {
3614 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3616 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3617 9, 10, 11, 12, 13, 14, 15, 16 };
3618 unsigned char ciphertext[32], oiv[8], iv[8];
3619 unsigned const char *ref_iv;
3620 static const unsigned char cbc_state_des[8] = {
3621 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3623 static const unsigned char cbc_state_3des[8] = {
3624 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3626 static const unsigned char ofb_state_des[8] = {
3627 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3629 static const unsigned char ofb_state_3des[8] = {
3630 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3632 static const unsigned char cfb_state_des[8] = {
3633 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3635 static const unsigned char cfb_state_3des[8] = {
3636 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3638 int len = sizeof(ciphertext);
3639 size_t ivlen, ref_len;
3640 EVP_CIPHER *type = NULL;
3642 if (lgcyprov == NULL && idx < 3)
3643 return TEST_skip("Test requires legacy provider to be loaded");
3647 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3648 ref_iv = cbc_state_des;
3649 ref_len = sizeof(cbc_state_des);
3652 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3653 ref_iv = ofb_state_des;
3654 ref_len = sizeof(ofb_state_des);
3657 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3658 ref_iv = cfb_state_des;
3659 ref_len = sizeof(cfb_state_des);
3662 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3663 ref_iv = cbc_state_3des;
3664 ref_len = sizeof(cbc_state_3des);
3667 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3668 ref_iv = ofb_state_3des;
3669 ref_len = sizeof(ofb_state_3des);
3672 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3673 ref_iv = cfb_state_3des;
3674 ref_len = sizeof(cfb_state_3des);
3681 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3682 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3683 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3685 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3686 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3687 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3689 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3691 if (!TEST_int_gt(ivlen, 0))
3694 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3695 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3698 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3699 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3701 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3706 EVP_CIPHER_CTX_free(ctx);
3707 EVP_CIPHER_free(type);
3712 #ifndef OPENSSL_NO_BF
3713 static int test_evp_bf_default_keylen(int idx)
3716 static const char *algos[4] = {
3717 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3719 int ivlen[4] = { 0, 8, 8, 8 };
3720 EVP_CIPHER *cipher = NULL;
3722 if (lgcyprov == NULL)
3723 return TEST_skip("Test requires legacy provider to be loaded");
3725 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3726 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3727 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3732 EVP_CIPHER_free(cipher);
3737 #ifndef OPENSSL_NO_EC
3738 static int ecpub_nids[] = {
3739 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3740 NID_secp384r1, NID_secp521r1,
3741 # ifndef OPENSSL_NO_EC2M
3742 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3743 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3745 NID_brainpoolP384r1, NID_brainpoolP512r1
3748 static int test_ecpub(int idx)
3750 int ret = 0, len, savelen;
3752 unsigned char buf[1024];
3754 EVP_PKEY *pkey = NULL;
3755 EVP_PKEY_CTX *ctx = NULL;
3756 # ifndef OPENSSL_NO_DEPRECATED_3_0
3757 const unsigned char *q;
3758 EVP_PKEY *pkey2 = NULL;
3762 if (nullprov != NULL)
3763 return TEST_skip("Test does not support a non-default library context");
3765 nid = ecpub_nids[idx];
3767 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3769 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3770 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3771 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3773 len = i2d_PublicKey(pkey, NULL);
3775 if (!TEST_int_ge(len, 1)
3776 || !TEST_int_lt(len, 1024))
3779 len = i2d_PublicKey(pkey, &p);
3780 if (!TEST_int_ge(len, 1)
3781 || !TEST_int_eq(len, savelen))
3784 # ifndef OPENSSL_NO_DEPRECATED_3_0
3785 /* Now try to decode the just-created DER. */
3787 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3788 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3789 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3791 /* EC_KEY ownership transferred */
3793 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3795 /* The keys should match. */
3796 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3803 EVP_PKEY_CTX_free(ctx);
3804 EVP_PKEY_free(pkey);
3805 # ifndef OPENSSL_NO_DEPRECATED_3_0
3806 EVP_PKEY_free(pkey2);
3813 static int test_EVP_rsa_pss_with_keygen_bits(void)
3816 EVP_PKEY_CTX *ctx = NULL;
3817 EVP_PKEY *pkey = NULL;
3820 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3822 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3823 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3824 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3825 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3826 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3829 EVP_PKEY_free(pkey);
3830 EVP_PKEY_CTX_free(ctx);
3834 static int test_EVP_rsa_pss_set_saltlen(void)
3837 EVP_PKEY *pkey = NULL;
3838 EVP_PKEY_CTX *pkey_ctx = NULL;
3839 EVP_MD *sha256 = NULL;
3840 EVP_MD_CTX *sha256_ctx = NULL;
3841 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3842 const int test_value = 32;
3844 ret = TEST_ptr(pkey = load_example_rsa_key())
3845 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3846 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3847 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3848 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3849 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3850 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3851 && TEST_int_eq(saltlen, test_value);
3853 EVP_MD_CTX_free(sha256_ctx);
3854 EVP_PKEY_free(pkey);
3855 EVP_MD_free(sha256);
3860 static int success = 1;
3861 static void md_names(const char *name, void *vctx)
3863 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3864 /* Force a namemap update */
3865 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3867 if (!TEST_ptr(aes128))
3870 EVP_CIPHER_free(aes128);
3874 * Test that changing the namemap in a user callback works in a names_do_all
3877 static int test_names_do_all(void)
3879 /* We use a custom libctx so that we know the state of the namemap */
3880 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3881 EVP_MD *sha256 = NULL;
3887 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3888 if (!TEST_ptr(sha256))
3892 * We loop through all the names for a given digest. This should still work
3893 * even if the namemap changes part way through.
3895 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3898 if (!TEST_true(success))
3903 EVP_MD_free(sha256);
3904 OSSL_LIB_CTX_free(ctx);
3910 const unsigned char *key;
3911 const unsigned char *iv;
3912 const unsigned char *input;
3913 const unsigned char *expected;
3914 const unsigned char *tag;
3915 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3924 static const EVP_INIT_TEST_st evp_init_tests[] = {
3926 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3927 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3931 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3932 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3933 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3934 sizeof(gcmDefaultTag), 1, 0, 1
3937 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3938 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3942 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3943 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3944 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3945 sizeof(gcmDefaultTag), 0, 0, 1
3948 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3949 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3953 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3954 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3955 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3956 sizeof(gcmDefaultTag), 1, 1, 0
3959 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3960 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3964 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3965 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3966 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3967 sizeof(gcmDefaultTag), 0, 1, 0
3971 /* use same key, iv and plaintext for cfb and ofb */
3972 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
3974 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3975 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3976 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
3979 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
3980 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
3981 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3984 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3985 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3986 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
3989 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
3990 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
3991 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3995 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3999 if (t->ivlen != 0) {
4000 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4003 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4011 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4012 * arguments are given one at a time and a final adjustment to the enc
4013 * parameter sets the correct operation.
4015 static int test_evp_init_seq(int idx)
4017 int outlen1, outlen2;
4019 unsigned char outbuf[1024];
4020 unsigned char tag[16];
4021 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4022 EVP_CIPHER_CTX *ctx = NULL;
4023 EVP_CIPHER *type = NULL;
4024 size_t taglen = sizeof(tag);
4025 char *errmsg = NULL;
4027 ctx = EVP_CIPHER_CTX_new();
4029 errmsg = "CTX_ALLOC";
4032 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4033 errmsg = "CIPHER_FETCH";
4036 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4037 errmsg = "EMPTY_ENC_INIT";
4040 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4044 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4045 errmsg = "KEY_INIT (before iv)";
4048 if (!evp_init_seq_set_iv(ctx, t)) {
4052 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4053 errmsg = "KEY_INIT (after iv)";
4056 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4057 errmsg = "FINAL_ENC_INIT";
4060 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4061 errmsg = "CIPHER_UPDATE";
4064 if (t->finalenc == 0 && t->tag != NULL) {
4065 /* Set expected tag */
4066 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4067 t->taglen, (void *)t->tag), 0)) {
4072 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4073 errmsg = "CIPHER_FINAL";
4076 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4077 errmsg = "WRONG_RESULT";
4080 if (t->finalenc != 0 && t->tag != NULL) {
4081 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4085 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4086 errmsg = "TAG_ERROR";
4093 TEST_info("evp_init_test %d: %s", idx, errmsg);
4094 EVP_CIPHER_CTX_free(ctx);
4095 EVP_CIPHER_free(type);
4100 * Test re-initialization of cipher context without changing key or iv.
4101 * The result of both iteration should be the same.
4103 static int test_evp_reinit_seq(int idx)
4105 int outlen1, outlen2, outlen_final;
4107 unsigned char outbuf1[1024];
4108 unsigned char outbuf2[1024];
4109 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4110 EVP_CIPHER_CTX *ctx = NULL;
4111 EVP_CIPHER *type = NULL;
4113 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4114 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4115 /* setup cipher context */
4116 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4117 /* first iteration */
4118 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4119 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4120 /* check test results iteration 1 */
4121 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4122 /* now re-init the context (same cipher, key and iv) */
4123 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4124 /* second iteration */
4125 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4126 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4127 /* check test results iteration 2 */
4128 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4132 EVP_CIPHER_CTX_free(ctx);
4133 EVP_CIPHER_free(type);
4138 const unsigned char *input;
4139 const unsigned char *expected;
4143 } EVP_RESET_TEST_st;
4145 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4147 cfbPlaintext, cfbCiphertext,
4148 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4151 cfbCiphertext, cfbPlaintext,
4152 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4157 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4160 static int test_evp_reset(int idx)
4162 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4163 int outlen1, outlen2;
4165 unsigned char outbuf[1024];
4166 EVP_CIPHER_CTX *ctx = NULL;
4167 EVP_CIPHER *type = NULL;
4168 char *errmsg = NULL;
4170 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4171 errmsg = "CTX_ALLOC";
4174 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4175 errmsg = "CIPHER_FETCH";
4178 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4179 errmsg = "CIPHER_INIT";
4182 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4186 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4187 errmsg = "CIPHER_UPDATE";
4190 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4191 errmsg = "CIPHER_FINAL";
4194 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4195 errmsg = "WRONG_RESULT";
4198 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4199 errmsg = "CIPHER_REINIT";
4202 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4203 errmsg = "CIPHER_UPDATE (reinit)";
4206 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4207 errmsg = "CIPHER_FINAL (reinit)";
4210 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4211 errmsg = "WRONG_RESULT (reinit)";
4217 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4218 EVP_CIPHER_CTX_free(ctx);
4219 EVP_CIPHER_free(type);
4226 } EVP_UPDATED_IV_TEST_st;
4228 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4268 * Test that the IV in the context is updated during a crypto operation for CFB
4271 static int test_evp_updated_iv(int idx)
4273 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4274 int outlen1, outlen2;
4276 unsigned char outbuf[1024];
4277 EVP_CIPHER_CTX *ctx = NULL;
4278 EVP_CIPHER *type = NULL;
4279 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4281 char *errmsg = NULL;
4283 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4284 errmsg = "CTX_ALLOC";
4287 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4288 TEST_info("cipher %s not supported, skipping", t->cipher);
4292 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4293 errmsg = "CIPHER_INIT";
4296 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4300 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4301 errmsg = "CIPHER_UPDATE";
4304 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4305 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4308 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4309 if (!TEST_int_ge(iv_len,0)) {
4310 errmsg = "CIPHER_CTX_GET_IV_LEN";
4313 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4314 errmsg = "IV_NOT_UPDATED";
4317 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4318 errmsg = "CIPHER_FINAL";
4325 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4326 EVP_CIPHER_CTX_free(ctx);
4327 EVP_CIPHER_free(type);
4332 const unsigned char *iv1;
4333 const unsigned char *iv2;
4334 const unsigned char *expected1;
4335 const unsigned char *expected2;
4336 const unsigned char *tag1;
4337 const unsigned char *tag2;
4340 size_t expectedlen1;
4341 size_t expectedlen2;
4342 } TEST_GCM_IV_REINIT_st;
4344 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4346 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4347 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4348 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4351 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4352 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4353 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4357 static int test_gcm_reinit(int idx)
4359 int outlen1, outlen2, outlen3;
4361 unsigned char outbuf[1024];
4362 unsigned char tag[16];
4363 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4364 EVP_CIPHER_CTX *ctx = NULL;
4365 EVP_CIPHER *type = NULL;
4366 size_t taglen = sizeof(tag);
4367 char *errmsg = NULL;
4369 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4370 errmsg = "CTX_ALLOC";
4373 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4374 errmsg = "CIPHER_FETCH";
4377 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4378 errmsg = "ENC_INIT";
4381 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4382 errmsg = "SET_IVLEN1";
4385 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4389 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4393 EVP_CIPHER_CTX_set_padding(ctx, 0);
4394 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4395 sizeof(gcmResetPlaintext)))) {
4396 errmsg = "CIPHER_UPDATE1";
4399 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4400 errmsg = "CIPHER_FINAL1";
4403 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4404 errmsg = "WRONG_RESULT1";
4407 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4408 errmsg = "GET_TAG1";
4411 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4412 errmsg = "TAG_ERROR1";
4416 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4417 errmsg = "SET_IVLEN2";
4420 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4424 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4428 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4429 sizeof(gcmResetPlaintext)))) {
4430 errmsg = "CIPHER_UPDATE2";
4433 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4434 errmsg = "CIPHER_FINAL2";
4437 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4438 errmsg = "WRONG_RESULT2";
4441 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4442 errmsg = "GET_TAG2";
4445 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4446 errmsg = "TAG_ERROR2";
4452 TEST_info("evp_init_test %d: %s", idx, errmsg);
4453 EVP_CIPHER_CTX_free(ctx);
4454 EVP_CIPHER_free(type);
4458 static const char *ivlen_change_ciphers[] = {
4460 #ifndef OPENSSL_NO_OCB
4466 /* Negative test for ivlen change after iv being set */
4467 static int test_ivlen_change(int idx)
4471 unsigned char outbuf[1024];
4472 static const unsigned char iv[] = {
4473 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4474 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4476 EVP_CIPHER_CTX *ctx = NULL;
4477 EVP_CIPHER *ciph = NULL;
4478 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4479 size_t ivlen = 13; /* non-default IV length */
4481 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4484 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4488 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4491 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4492 sizeof(gcmDefaultPlaintext))))
4495 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4497 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4501 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4502 sizeof(gcmDefaultPlaintext)))) {
4503 ERR_clear_last_mark();
4510 EVP_CIPHER_CTX_free(ctx);
4511 EVP_CIPHER_free(ciph);
4515 static const char *keylen_change_ciphers[] = {
4516 #ifndef OPENSSL_NO_BF
4519 #ifndef OPENSSL_NO_CAST
4522 #ifndef OPENSSL_NO_RC2
4525 #ifndef OPENSSL_NO_RC4
4528 #ifndef OPENSSL_NO_RC5
4534 /* Negative test for keylen change after key was set */
4535 static int test_keylen_change(int idx)
4539 unsigned char outbuf[1024];
4540 static const unsigned char key[] = {
4541 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4542 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4544 EVP_CIPHER_CTX *ctx = NULL;
4545 EVP_CIPHER *ciph = NULL;
4546 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4547 size_t keylen = 12; /* non-default key length */
4549 if (lgcyprov == NULL)
4550 return TEST_skip("Test requires legacy provider to be loaded");
4552 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4555 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4559 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4562 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4563 sizeof(gcmDefaultPlaintext))))
4566 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4568 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4572 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4573 sizeof(gcmDefaultPlaintext)))) {
4574 ERR_clear_last_mark();
4581 EVP_CIPHER_CTX_free(ctx);
4582 EVP_CIPHER_free(ciph);
4586 #ifndef OPENSSL_NO_DEPRECATED_3_0
4587 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4588 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4590 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4592 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4594 int (*pinit)(EVP_PKEY_CTX *ctx);
4596 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4600 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4602 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4604 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4608 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4609 size_t *outlen, const unsigned char *in,
4612 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4613 const unsigned char *tbs, size_t tbslen);
4615 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4616 return psign(ctx, out, outlen, in, inlen);
4619 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4620 size_t *siglen, const unsigned char *tbs,
4623 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4624 const unsigned char *tbs, size_t tbslen);
4626 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4627 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4630 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4633 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4635 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4636 return pderive(ctx, key, keylen);
4639 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4641 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4643 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4644 return pcopy(dst, src);
4647 static int ctrl_called;
4649 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4651 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4653 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4655 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4660 return pctrl(ctx, type, p1, p2);
4663 static int test_custom_pmeth(int idx)
4665 EVP_PKEY_CTX *pctx = NULL;
4666 EVP_MD_CTX *ctx = NULL;
4667 EVP_PKEY *pkey = NULL;
4668 int id, orig_id, orig_flags;
4671 unsigned char *res = NULL;
4672 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4673 const EVP_MD *md = EVP_sha256();
4678 /* We call deprecated APIs so this test doesn't support a custom libctx */
4679 if (testctx != NULL)
4686 pkey = load_example_rsa_key();
4690 # ifndef OPENSSL_NO_DSA
4692 pkey = load_example_dsa_key();
4699 # ifndef OPENSSL_NO_EC
4701 pkey = load_example_ec_key();
4708 # ifndef OPENSSL_NO_ECX
4709 id = EVP_PKEY_ED25519;
4711 pkey = load_example_ed25519_key();
4718 # ifndef OPENSSL_NO_DH
4721 pkey = load_example_dh_key();
4728 # ifndef OPENSSL_NO_ECX
4729 id = EVP_PKEY_X25519;
4731 pkey = load_example_x25519_key();
4737 TEST_error("Should not happen");
4741 if (!TEST_ptr(pkey))
4745 if (!TEST_true(evp_pkey_is_provided(pkey)))
4748 EVP_PKEY *tmp = pkey;
4750 /* Convert to a legacy key */
4751 pkey = EVP_PKEY_new();
4752 if (!TEST_ptr(pkey)) {
4756 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4761 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4765 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4769 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4770 if (!TEST_int_eq(orig_id, id)
4771 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4774 if (id == EVP_PKEY_ED25519) {
4775 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4776 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4777 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4779 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4781 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4782 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4783 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4784 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4786 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4787 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4791 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4793 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4794 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4795 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4797 || !TEST_int_eq(ctrl_called, 1)
4798 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4799 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4800 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4801 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4804 ctx = EVP_MD_CTX_new();
4805 reslen = EVP_PKEY_size(pkey);
4806 res = OPENSSL_malloc(reslen);
4809 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4810 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4811 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4813 || !TEST_int_eq(ctrl_called, 1))
4816 if (id == EVP_PKEY_ED25519) {
4817 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4820 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4821 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4829 EVP_MD_CTX_free(ctx);
4831 EVP_PKEY_CTX_free(pctx);
4832 EVP_PKEY_free(pkey);
4833 EVP_PKEY_meth_remove(custom_pmeth);
4834 EVP_PKEY_meth_free(custom_pmeth);
4835 custom_pmeth = NULL;
4839 static int test_evp_md_cipher_meth(void)
4841 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4842 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4845 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4851 EVP_MD_meth_free(md);
4852 EVP_CIPHER_meth_free(ciph);
4861 static int custom_md_init_called = 0;
4862 static int custom_md_cleanup_called = 0;
4864 static int custom_md_init(EVP_MD_CTX *ctx)
4866 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4871 custom_md_init_called++;
4875 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4877 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4883 custom_md_cleanup_called++;
4887 static int test_custom_md_meth(void)
4889 EVP_MD_CTX *mdctx = NULL;
4891 char mess[] = "Test Message\n";
4892 unsigned char md_value[EVP_MAX_MD_SIZE];
4893 unsigned int md_len;
4898 * We are testing deprecated functions. We don't support a non-default
4899 * library context in this test.
4901 if (testctx != NULL)
4902 return TEST_skip("Non-default libctx");
4904 custom_md_init_called = custom_md_cleanup_called = 0;
4906 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4907 if (!TEST_int_ne(nid, NID_undef))
4909 tmp = EVP_MD_meth_new(nid, NID_undef);
4913 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4914 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4915 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4916 sizeof(custom_dgst_ctx))))
4919 mdctx = EVP_MD_CTX_new();
4920 if (!TEST_ptr(mdctx)
4922 * Initing our custom md and then initing another md should
4923 * result in the init and cleanup functions of the custom md
4926 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4927 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4928 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4929 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4930 || !TEST_int_eq(custom_md_init_called, 1)
4931 || !TEST_int_eq(custom_md_cleanup_called, 1))
4936 EVP_MD_CTX_free(mdctx);
4937 EVP_MD_meth_free(tmp);
4945 static int custom_ciph_init_called = 0;
4946 static int custom_ciph_cleanup_called = 0;
4948 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4949 const unsigned char *iv, int enc)
4951 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4956 custom_ciph_init_called++;
4960 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4962 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4968 custom_ciph_cleanup_called++;
4972 static int test_custom_ciph_meth(void)
4974 EVP_CIPHER_CTX *ciphctx = NULL;
4975 EVP_CIPHER *tmp = NULL;
4980 * We are testing deprecated functions. We don't support a non-default
4981 * library context in this test.
4983 if (testctx != NULL)
4984 return TEST_skip("Non-default libctx");
4986 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4988 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4989 if (!TEST_int_ne(nid, NID_undef))
4991 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4995 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4996 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4997 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4998 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4999 sizeof(custom_ciph_ctx))))
5002 ciphctx = EVP_CIPHER_CTX_new();
5003 if (!TEST_ptr(ciphctx)
5005 * Initing our custom cipher and then initing another cipher
5006 * should result in the init and cleanup functions of the custom
5007 * cipher being called.
5009 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5010 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5012 || !TEST_int_eq(custom_ciph_init_called, 1)
5013 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5018 EVP_CIPHER_CTX_free(ciphctx);
5019 EVP_CIPHER_meth_free(tmp);
5023 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5024 /* Test we can create a signature keys with an associated ENGINE */
5025 static int test_signatures_with_engine(int tst)
5028 const char *engine_id = "dasync";
5029 EVP_PKEY *pkey = NULL;
5030 const unsigned char badcmackey[] = { 0x00, 0x01 };
5031 const unsigned char cmackey[] = {
5032 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5033 0x0c, 0x0d, 0x0e, 0x0f
5035 const unsigned char ed25519key[] = {
5036 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5037 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5038 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5040 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5042 EVP_MD_CTX *ctx = NULL;
5043 unsigned char *mac = NULL;
5047 # ifdef OPENSSL_NO_CMAC
5048 /* Skip CMAC tests in a no-cmac build */
5052 # ifdef OPENSSL_NO_ECX
5053 /* Skip ECX tests in a no-ecx build */
5058 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5061 if (!TEST_true(ENGINE_init(e))) {
5068 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5072 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5076 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5077 sizeof(ed25519key));
5080 TEST_error("Invalid test case");
5083 if (!TEST_ptr(pkey))
5086 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5089 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5092 if (!TEST_true(ret))
5095 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5096 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5099 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5102 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5105 /* We used a bad key. We expect a failure here */
5106 if (!TEST_false(ret))
5112 EVP_MD_CTX_free(ctx);
5114 EVP_PKEY_free(pkey);
5121 static int test_cipher_with_engine(void)
5124 const char *engine_id = "dasync";
5125 const unsigned char keyiv[] = {
5126 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5127 0x0c, 0x0d, 0x0e, 0x0f
5129 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5131 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5132 unsigned char buf[AES_BLOCK_SIZE];
5135 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5138 if (!TEST_true(ENGINE_init(e))) {
5143 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5144 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5147 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5150 /* Copy the ctx, and complete the operation with the new ctx */
5151 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5154 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5155 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5160 EVP_CIPHER_CTX_free(ctx);
5161 EVP_CIPHER_CTX_free(ctx2);
5167 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5168 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5170 #ifndef OPENSSL_NO_ECX
5171 static int ecxnids[] = {
5178 /* Test that creating ECX keys with a short private key fails as expected */
5179 static int test_ecx_short_keys(int tst)
5181 unsigned char ecxkeydata = 1;
5185 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5186 NULL, &ecxkeydata, 1);
5187 if (!TEST_ptr_null(pkey)) {
5188 EVP_PKEY_free(pkey);
5196 typedef enum OPTION_choice {
5203 const OPTIONS *test_get_options(void)
5205 static const OPTIONS options[] = {
5206 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5207 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5213 #ifndef OPENSSL_NO_ECX
5214 /* Test that trying to sign with a public key errors out gracefully */
5215 static int test_ecx_not_private_key(int tst)
5217 EVP_PKEY *pkey = NULL;
5219 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5221 EVP_MD_CTX *ctx = NULL;
5222 unsigned char *mac = NULL;
5224 unsigned char *pubkey;
5227 switch (keys[tst].type) {
5230 return TEST_skip("signing not supported for X25519/X448");
5233 /* Check if this algorithm supports public keys */
5234 if (keys[tst].pub == NULL)
5235 return TEST_skip("no public key present");
5237 pubkey = (unsigned char *)keys[tst].pub;
5238 pubkeylen = strlen(keys[tst].pub);
5240 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5241 NULL, pubkey, pubkeylen);
5242 if (!TEST_ptr(pkey))
5245 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5248 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5251 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5254 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5257 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5262 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5263 * but we relax the check to allow error also thrown by
5264 * EVP_DigestSignInit and EVP_DigestSign.
5266 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5272 EVP_MD_CTX_free(ctx);
5274 EVP_PKEY_free(pkey);
5278 #endif /* OPENSSL_NO_ECX */
5280 static int test_sign_continuation(void)
5282 OSSL_PROVIDER *fake_rsa = NULL;
5284 EVP_PKEY *pkey = NULL;
5285 EVP_PKEY_CTX *pctx = NULL;
5286 EVP_MD_CTX *mctx = NULL;
5287 const char sigbuf[] = "To Be Signed";
5288 unsigned char signature[256];
5289 size_t siglen = 256;
5290 static int nodupnum = 1;
5291 static const OSSL_PARAM nodup_params[] = {
5292 OSSL_PARAM_int("NO_DUP", &nodupnum),
5296 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5299 /* Construct a pkey using precise propq to use our provider */
5300 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5301 "provider=fake-rsa"))
5302 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5303 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5307 /* First test it continues (classic behavior) */
5308 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5309 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5311 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5312 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5313 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5314 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5317 EVP_MD_CTX_free(mctx);
5319 /* try again but failing the continuation */
5320 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5321 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5322 NULL, pkey, nodup_params))
5323 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5324 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5325 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5326 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5332 EVP_MD_CTX_free(mctx);
5333 EVP_PKEY_free(pkey);
5334 EVP_PKEY_CTX_free(pctx);
5335 fake_rsa_finish(fake_rsa);
5339 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5340 const unsigned char *gcm_iv, size_t gcm_ivlen,
5341 const unsigned char *gcm_pt, size_t gcm_pt_s,
5342 const unsigned char *gcm_aad, size_t gcm_aad_s,
5343 const unsigned char *gcm_ct, size_t gcm_ct_s,
5344 const unsigned char *gcm_tag, size_t gcm_tag_s)
5347 EVP_CIPHER_CTX *ctx;
5348 EVP_CIPHER *cipher = NULL;
5350 unsigned char outbuf[1024];
5351 unsigned char outtag[16];
5352 OSSL_PARAM params[2] = {
5353 OSSL_PARAM_END, OSSL_PARAM_END
5356 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5357 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5360 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5363 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5365 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5366 gcm_aad, gcm_aad_s)))
5367 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5369 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5372 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5373 outtag, sizeof(outtag));
5375 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5376 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5377 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5382 EVP_CIPHER_free(cipher);
5383 EVP_CIPHER_CTX_free(ctx);
5388 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5389 const unsigned char *gcm_iv, size_t gcm_ivlen,
5390 const unsigned char *gcm_pt, size_t gcm_pt_s,
5391 const unsigned char *gcm_aad, size_t gcm_aad_s,
5392 const unsigned char *gcm_ct, size_t gcm_ct_s,
5393 const unsigned char *gcm_tag, size_t gcm_tag_s)
5396 EVP_CIPHER_CTX *ctx;
5397 EVP_CIPHER *cipher = NULL;
5399 unsigned char outbuf[1024];
5400 OSSL_PARAM params[2] = {
5401 OSSL_PARAM_END, OSSL_PARAM_END
5404 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5407 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5410 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5413 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5415 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5416 gcm_aad, gcm_aad_s)))
5417 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5419 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5422 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5423 (void*)gcm_tag, gcm_tag_s);
5425 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5426 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5431 EVP_CIPHER_free(cipher);
5432 EVP_CIPHER_CTX_free(ctx);
5437 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5439 /* AES-GCM test data obtained from NIST public test vectors */
5440 static const unsigned char gcm_key[] = {
5441 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5442 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5443 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5445 static const unsigned char gcm_iv[] = {
5446 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5447 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5448 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5449 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5450 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5451 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5452 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5453 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5454 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5455 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5456 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5458 static const unsigned char gcm_pt[] = {
5459 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5460 0x4f, 0xe3, 0x6f, 0x81,
5462 static const unsigned char gcm_ct[] = {
5463 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5464 0xe2, 0xd0, 0xec, 0xed,
5466 static const unsigned char gcm_tag[] = {
5467 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5468 0xdb, 0x99, 0x6c, 0x21,
5471 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5472 gcm_pt, sizeof(gcm_pt), NULL, 0,
5473 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5474 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5475 gcm_pt, sizeof(gcm_pt), NULL, 0,
5476 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5479 #ifndef OPENSSL_NO_RC4
5480 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5481 const unsigned char *rc4_pt, size_t rc4_pt_s,
5482 const unsigned char *rc4_ct, size_t rc4_ct_s)
5485 EVP_CIPHER_CTX *ctx;
5486 EVP_CIPHER *cipher = NULL;
5488 unsigned char outbuf[1024];
5489 OSSL_PARAM params[2] = {
5490 OSSL_PARAM_END, OSSL_PARAM_END
5493 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5494 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5497 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5500 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5501 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5503 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5506 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5511 EVP_CIPHER_free(cipher);
5512 EVP_CIPHER_CTX_free(ctx);
5517 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5518 const unsigned char *rc4_pt, size_t rc4_pt_s,
5519 const unsigned char *rc4_ct, size_t rc4_ct_s)
5522 EVP_CIPHER_CTX *ctx;
5523 EVP_CIPHER *cipher = NULL;
5525 unsigned char outbuf[1024];
5526 OSSL_PARAM params[2] = {
5527 OSSL_PARAM_END, OSSL_PARAM_END
5530 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5533 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5536 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5539 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5540 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5542 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5547 EVP_CIPHER_free(cipher);
5548 EVP_CIPHER_CTX_free(ctx);
5553 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5555 /* RC4 test data obtained from RFC 6229 */
5556 static const struct {
5557 unsigned char key[5];
5558 unsigned char padding[11];
5560 { /* Five bytes of key material */
5561 0x83, 0x32, 0x22, 0x77, 0x2a,
5563 { /* Random padding to 16 bytes */
5564 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5567 static const unsigned char rc4_pt[] = {
5568 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5569 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5571 static const unsigned char rc4_ct[] = {
5572 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5573 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5576 if (lgcyprov == NULL)
5577 return TEST_skip("Test requires legacy provider to be loaded");
5579 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5580 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5581 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5582 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5586 int setup_tests(void)
5590 while ((o = opt_next()) != OPT_EOF) {
5593 /* Set up an alternate library context */
5594 testctx = OSSL_LIB_CTX_new();
5595 if (!TEST_ptr(testctx))
5597 #ifdef STATIC_LEGACY
5599 * This test is always statically linked against libcrypto. We must not
5600 * attempt to load legacy.so that might be dynamically linked against
5601 * libcrypto. Instead we use a built-in version of the legacy provider.
5603 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5606 /* Swap the libctx to test non-default context only */
5607 nullprov = OSSL_PROVIDER_load(NULL, "null");
5608 deflprov = OSSL_PROVIDER_load(testctx, "default");
5609 #ifndef OPENSSL_SYS_TANDEM
5610 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5613 case OPT_TEST_CASES:
5620 ADD_TEST(test_EVP_set_default_properties);
5621 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5622 ADD_TEST(test_EVP_DigestVerifyInit);
5623 #ifndef OPENSSL_NO_SIPHASH
5624 ADD_TEST(test_siphash_digestsign);
5626 ADD_TEST(test_EVP_Digest);
5627 ADD_TEST(test_EVP_md_null);
5628 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5629 #ifndef OPENSSL_NO_DEPRECATED_3_0
5630 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5632 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5633 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5634 ADD_TEST(test_privatekey_to_pkcs8);
5635 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5636 #ifndef OPENSSL_NO_EC
5637 ADD_TEST(test_EVP_PKCS82PKEY);
5639 #ifndef OPENSSL_NO_EC
5640 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5642 #if !defined(OPENSSL_NO_SM2)
5643 ADD_TEST(test_EVP_SM2);
5644 ADD_TEST(test_EVP_SM2_verify);
5646 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5647 #ifndef OPENSSL_NO_DEPRECATED_3_0
5648 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5649 if (!TEST_ptr(custom_pmeth))
5651 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5652 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5653 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5654 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5657 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5658 #ifndef OPENSSL_NO_CMAC
5659 ADD_TEST(test_CMAC_keygen);
5661 ADD_TEST(test_HKDF);
5662 ADD_TEST(test_emptyikm_HKDF);
5663 #ifndef OPENSSL_NO_EC
5664 ADD_TEST(test_X509_PUBKEY_inplace);
5665 ADD_TEST(test_X509_PUBKEY_dup);
5666 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5667 OSSL_NELEM(ec_der_pub_keys));
5669 #ifndef OPENSSL_NO_DSA
5670 ADD_TEST(test_DSA_get_set_params);
5671 ADD_TEST(test_DSA_priv_pub);
5673 ADD_TEST(test_RSA_get_set_params);
5674 ADD_TEST(test_RSA_OAEP_set_get_params);
5675 ADD_TEST(test_RSA_OAEP_set_null_label);
5676 #ifndef OPENSSL_NO_DEPRECATED_3_0
5677 ADD_TEST(test_RSA_legacy);
5679 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5680 ADD_TEST(test_decrypt_null_chunks);
5682 #ifndef OPENSSL_NO_DH
5683 ADD_TEST(test_DH_priv_pub);
5684 # ifndef OPENSSL_NO_DEPRECATED_3_0
5685 ADD_TEST(test_EVP_PKEY_set1_DH);
5688 #ifndef OPENSSL_NO_EC
5689 ADD_TEST(test_EC_priv_pub);
5690 ADD_TEST(test_evp_get_ec_pub);
5691 # ifndef OPENSSL_NO_DEPRECATED_3_0
5692 ADD_TEST(test_EC_priv_only_legacy);
5693 ADD_TEST(test_evp_get_ec_pub_legacy);
5696 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5697 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5699 ADD_TEST(test_rand_agglomeration);
5700 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5701 #ifndef OPENSSL_NO_DES
5702 ADD_ALL_TESTS(test_evp_iv_des, 6);
5704 #ifndef OPENSSL_NO_BF
5705 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5707 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5708 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5709 #ifndef OPENSSL_NO_EC
5710 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5713 ADD_TEST(test_names_do_all);
5715 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5716 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5717 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5718 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5719 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5720 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5721 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5722 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5724 #ifndef OPENSSL_NO_DEPRECATED_3_0
5725 ADD_ALL_TESTS(test_custom_pmeth, 12);
5726 ADD_TEST(test_evp_md_cipher_meth);
5727 ADD_TEST(test_custom_md_meth);
5728 ADD_TEST(test_custom_ciph_meth);
5730 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5731 /* Tests only support the default libctx */
5732 if (testctx == NULL) {
5733 # ifndef OPENSSL_NO_EC
5734 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5736 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5738 ADD_TEST(test_cipher_with_engine);
5743 #ifndef OPENSSL_NO_ECX
5744 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5745 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5748 ADD_TEST(test_sign_continuation);
5750 /* Test cases for CVE-2023-5363 */
5751 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5752 #ifndef OPENSSL_NO_RC4
5753 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5759 void cleanup_tests(void)
5761 OSSL_PROVIDER_unload(nullprov);
5762 OSSL_PROVIDER_unload(deflprov);
5763 #ifndef OPENSSL_SYS_TANDEM
5764 OSSL_PROVIDER_unload(lgcyprov);
5766 OSSL_LIB_CTX_free(testctx);