2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
403 # ifndef OPENSSL_NO_DEPRECATED_3_0
404 static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
413 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414 #ifndef OPENSSL_NO_DEPRECATED_3_0
415 # ifndef OPENSSL_NO_DH
416 static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
446 static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
451 static const unsigned char kGCMDefaultKey[32] = { 0 };
453 static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
459 static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
464 static const unsigned char iGCMDefaultIV[12] = { 0 };
466 static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
470 static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
474 static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
479 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481 static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
489 static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
494 static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
499 static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
507 static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
515 static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
520 static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
525 static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
530 static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
535 typedef struct APK_DATA_st {
536 const unsigned char *kder;
543 int type; /* 0 for private, 1 for public, 2 for params */
546 static APK_DATA keydata[] = {
547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
549 #ifndef OPENSSL_NO_EC
550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
554 static APK_DATA keycheckdata[] = {
555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
561 /* group is also associated in our pub key */
562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
573 static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
576 const unsigned char **pdata = &data;
577 EVP_PKEY *pkey = NULL;
578 OSSL_DECODER_CTX *dctx =
579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
588 static EVP_PKEY *load_example_rsa_key(void)
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
594 #ifndef OPENSSL_NO_DSA
595 static EVP_PKEY *load_example_dsa_key(void)
597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
602 #ifndef OPENSSL_NO_EC
603 static EVP_PKEY *load_example_ec_key(void)
605 return load_example_key("EC", kExampleECKeyDER,
606 sizeof(kExampleECKeyDER));
610 #ifndef OPENSSL_NO_DEPRECATED_3_0
611 # ifndef OPENSSL_NO_DH
612 static EVP_PKEY *load_example_dh_key(void)
614 return load_example_key("DH", kExampleDHKeyDER,
615 sizeof(kExampleDHKeyDER));
619 # ifndef OPENSSL_NO_EC
620 static EVP_PKEY *load_example_ed25519_key(void)
622 return load_example_key("ED25519", kExampleED25519KeyDER,
623 sizeof(kExampleED25519KeyDER));
626 static EVP_PKEY *load_example_x25519_key(void)
628 return load_example_key("X25519", kExampleX25519KeyDER,
629 sizeof(kExampleX25519KeyDER));
632 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634 static EVP_PKEY *load_example_hmac_key(void)
636 EVP_PKEY *pkey = NULL;
637 unsigned char key[] = {
638 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
639 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
640 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
643 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
644 NULL, key, sizeof(key));
651 static int test_EVP_set_default_properties(void)
657 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
658 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
663 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
664 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
665 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
670 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
676 OSSL_LIB_CTX_free(ctx);
680 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
681 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
683 EVP_PKEY_CTX *pctx = NULL;
684 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
686 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
688 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
689 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
693 if (!TEST_ptr(tmp_pkey))
699 EVP_PKEY_free(tmp_pkey);
700 EVP_PKEY_CTX_free(pctx);
704 static int test_selection(EVP_PKEY *pkey, int selection)
708 BIO *bio = BIO_new(BIO_s_mem());
710 ret = PEM_write_bio_PUBKEY(bio, pkey);
711 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
715 if (!TEST_false(ret))
718 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
720 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
724 if (!TEST_false(ret))
734 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
737 * Test combinations of private, public, missing and private + public key
738 * params to ensure they are all accepted
740 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
741 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
743 OSSL_PARAM_BLD *bld = NULL;
744 OSSL_PARAM *params = NULL;
745 EVP_PKEY *just_params = NULL;
746 EVP_PKEY *params_and_priv = NULL;
747 EVP_PKEY *params_and_pub = NULL;
748 EVP_PKEY *params_and_keypair = NULL;
749 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
753 * Setup the parameters for our pkey object. For our purposes they don't
754 * have to actually be *valid* parameters. We just need to set something.
756 if (!TEST_ptr(p = BN_new())
757 || !TEST_ptr(q = BN_new())
758 || !TEST_ptr(g = BN_new())
759 || !TEST_ptr(pub = BN_new())
760 || !TEST_ptr(priv = BN_new()))
763 /* Test !priv and !pub */
764 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
769 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
770 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
773 OSSL_PARAM_free(params);
774 OSSL_PARAM_BLD_free(bld);
778 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
779 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
782 /* Test priv and !pub */
783 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
790 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
791 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
794 OSSL_PARAM_free(params);
795 OSSL_PARAM_BLD_free(bld);
799 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
800 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
803 /* Test !priv and pub */
804 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
812 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
815 OSSL_PARAM_free(params);
816 OSSL_PARAM_BLD_free(bld);
820 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
821 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
824 /* Test priv and pub */
825 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
831 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
834 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
835 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
838 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
843 OSSL_PARAM_free(params);
844 OSSL_PARAM_BLD_free(bld);
845 EVP_PKEY_free(just_params);
846 EVP_PKEY_free(params_and_priv);
847 EVP_PKEY_free(params_and_pub);
848 EVP_PKEY_free(params_and_keypair);
857 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
860 * Test combinations of private, public, missing and private + public key
861 * params to ensure they are all accepted for EC keys
863 #ifndef OPENSSL_NO_EC
864 static unsigned char ec_priv[] = {
865 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
866 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
867 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
869 static unsigned char ec_pub[] = {
870 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
871 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
872 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
873 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
874 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
875 0x08, 0x09, 0xb8, 0xdb, 0x03
878 static int test_EC_priv_pub(void)
880 OSSL_PARAM_BLD *bld = NULL;
881 OSSL_PARAM *params = NULL;
882 EVP_PKEY *just_params = NULL;
883 EVP_PKEY *params_and_priv = NULL;
884 EVP_PKEY *params_and_pub = NULL;
885 EVP_PKEY *params_and_keypair = NULL;
890 * Setup the parameters for our pkey object. For our purposes they don't
891 * have to actually be *valid* parameters. We just need to set something.
893 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
896 /* Test !priv and !pub */
897 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
898 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
899 OSSL_PKEY_PARAM_GROUP_NAME,
902 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
903 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
906 OSSL_PARAM_free(params);
907 OSSL_PARAM_BLD_free(bld);
911 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
912 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
915 /* Test priv and !pub */
916 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
917 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
918 OSSL_PKEY_PARAM_GROUP_NAME,
920 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
923 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
924 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
927 OSSL_PARAM_free(params);
928 OSSL_PARAM_BLD_free(bld);
933 * We indicate only parameters here, in spite of having built a key that
934 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
935 * expected to fail because it does not support exporting a private EC
936 * key without a corresponding public key
938 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
939 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
942 /* Test !priv and pub */
943 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
944 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
945 OSSL_PKEY_PARAM_GROUP_NAME,
947 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
948 OSSL_PKEY_PARAM_PUB_KEY,
949 ec_pub, sizeof(ec_pub))))
951 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
952 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
955 OSSL_PARAM_free(params);
956 OSSL_PARAM_BLD_free(bld);
960 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
961 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
964 /* Test priv and pub */
965 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
966 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
967 OSSL_PKEY_PARAM_GROUP_NAME,
969 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
970 OSSL_PKEY_PARAM_PUB_KEY,
971 ec_pub, sizeof(ec_pub)))
972 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
975 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
976 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
979 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
982 /* Try key equality */
983 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
984 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
986 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
988 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
990 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
998 OSSL_PARAM_free(params);
999 OSSL_PARAM_BLD_free(bld);
1000 EVP_PKEY_free(just_params);
1001 EVP_PKEY_free(params_and_priv);
1002 EVP_PKEY_free(params_and_pub);
1003 EVP_PKEY_free(params_and_keypair);
1009 /* Test that using a legacy EC key with only a private key in it works */
1010 # ifndef OPENSSL_NO_DEPRECATED_3_0
1011 static int test_EC_priv_only_legacy(void)
1013 BIGNUM *priv = NULL;
1015 EC_KEY *eckey = NULL;
1016 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1017 EVP_MD_CTX *ctx = NULL;
1019 /* Create the low level EC_KEY */
1020 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1023 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1024 if (!TEST_ptr(eckey))
1027 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1030 pkey = EVP_PKEY_new();
1031 if (!TEST_ptr(pkey))
1034 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1038 while (dup_pk == NULL) {
1040 ctx = EVP_MD_CTX_new();
1045 * The EVP_DigestSignInit function should create the key on the
1046 * provider side which is sufficient for this test.
1048 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1049 testpropq, pkey, NULL)))
1051 EVP_MD_CTX_free(ctx);
1054 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1056 /* EVP_PKEY_eq() returns -2 with missing public keys */
1057 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1058 EVP_PKEY_free(pkey);
1065 EVP_MD_CTX_free(ctx);
1066 EVP_PKEY_free(pkey);
1072 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1073 #endif /* OPENSSL_NO_EC */
1075 static int test_EVP_PKEY_sign(int tst)
1078 EVP_PKEY *pkey = NULL;
1079 unsigned char *sig = NULL;
1080 size_t sig_len = 0, shortsig_len = 1;
1081 EVP_PKEY_CTX *ctx = NULL;
1082 unsigned char tbs[] = {
1083 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1084 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1088 if (!TEST_ptr(pkey = load_example_rsa_key()))
1090 } else if (tst == 1) {
1091 #ifndef OPENSSL_NO_DSA
1092 if (!TEST_ptr(pkey = load_example_dsa_key()))
1099 #ifndef OPENSSL_NO_EC
1100 if (!TEST_ptr(pkey = load_example_ec_key()))
1108 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1110 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1111 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1114 sig = OPENSSL_malloc(sig_len);
1116 /* Test sending a signature buffer that is too short is rejected */
1117 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1119 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1121 /* Test the signature round-trips */
1122 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1123 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1129 EVP_PKEY_CTX_free(ctx);
1131 EVP_PKEY_free(pkey);
1136 * n = 0 => test using legacy cipher
1137 * n = 1 => test using fetched cipher
1139 static int test_EVP_Enveloped(int n)
1142 EVP_CIPHER_CTX *ctx = NULL;
1143 EVP_PKEY *keypair = NULL;
1144 unsigned char *kek = NULL;
1145 unsigned char iv[EVP_MAX_IV_LENGTH];
1146 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1147 int len, kek_len, ciphertext_len, plaintext_len;
1148 unsigned char ciphertext[32], plaintext[16];
1149 EVP_CIPHER *type = NULL;
1151 if (nullprov != NULL)
1152 return TEST_skip("Test does not support a non-default library context");
1155 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1156 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1160 if (!TEST_ptr(keypair = load_example_rsa_key())
1161 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1162 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1163 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1165 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1167 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1171 ciphertext_len += len;
1173 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1174 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1175 ciphertext, ciphertext_len))
1176 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1179 plaintext_len += len;
1180 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1186 EVP_CIPHER_free(type);
1188 EVP_PKEY_free(keypair);
1189 EVP_CIPHER_CTX_free(ctx);
1194 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1195 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1196 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1197 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1198 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1199 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1200 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1201 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1202 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1203 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1204 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1205 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1206 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1207 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1208 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1209 * Test 15-29: Same as above with reinitialization
1211 static int test_EVP_DigestSignInit(int tst)
1214 EVP_PKEY *pkey = NULL;
1215 unsigned char *sig = NULL, *sig2 = NULL;
1216 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1217 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1218 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1219 BIO *mdbio = NULL, *membio = NULL;
1222 EVP_MD *mdexp = NULL;
1225 if (nullprov != NULL)
1226 return TEST_skip("Test does not support a non-default library context");
1233 if (tst >= 6 && tst <= 8) {
1234 membio = BIO_new(BIO_s_mem());
1235 mdbio = BIO_new(BIO_f_md());
1236 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1238 BIO_push(mdbio, membio);
1239 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1242 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1243 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1248 if (!TEST_ptr(pkey = load_example_rsa_key()))
1250 } else if (tst % 3 == 1) {
1251 #ifndef OPENSSL_NO_DSA
1252 if (!TEST_ptr(pkey = load_example_dsa_key()))
1259 if (!TEST_ptr(pkey = load_example_hmac_key()))
1263 if (tst >= 3 && tst <= 5)
1264 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1268 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1271 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1274 if (tst >= 6 && tst <= 8) {
1275 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1277 } else if (tst < 6) {
1278 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1283 /* Determine the size of the signature. */
1284 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1286 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1289 /* Test that supply a short sig buffer fails */
1290 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1294 * We end here because once EVP_DigestSign() has failed you should
1295 * not call it again without re-initing the ctx
1300 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1304 /* Determine the size of the signature. */
1305 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1306 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1308 * Trying to create a signature with a deliberately short
1309 * buffer should fail.
1311 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1312 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1317 * Ensure that the signature round-trips (Verification isn't supported for
1318 * HMAC via EVP_DigestVerify*)
1321 if (tst >= 6 && tst <= 8) {
1322 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1323 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1327 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1331 if (tst >= 6 && tst <= 8) {
1332 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1335 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1339 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1342 /* Multiple calls to EVP_DigestVerifyFinal should work */
1343 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1347 * For HMAC a doubled call to DigestSignFinal should produce the same
1348 * value as finalization should not happen.
1350 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1351 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1352 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1355 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1364 EVP_MD_CTX_free(a_md_ctx);
1365 EVP_MD_CTX_free(a_md_ctx_verify);
1366 EVP_PKEY_free(pkey);
1374 static int test_EVP_DigestVerifyInit(void)
1377 EVP_PKEY *pkey = NULL;
1378 EVP_MD_CTX *md_ctx = NULL;
1380 if (nullprov != NULL)
1381 return TEST_skip("Test does not support a non-default library context");
1383 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1384 || !TEST_ptr(pkey = load_example_rsa_key()))
1387 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1388 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1389 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1390 sizeof(kSignature)), 0))
1393 /* test with reinitialization */
1394 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1395 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1396 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1397 sizeof(kSignature)), 0))
1402 EVP_MD_CTX_free(md_ctx);
1403 EVP_PKEY_free(pkey);
1407 #ifndef OPENSSL_NO_SIPHASH
1408 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1409 static int test_siphash_digestsign(void)
1411 unsigned char key[16];
1412 unsigned char buf[8], digest[8];
1413 unsigned char expected[8] = {
1414 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1416 EVP_PKEY *pkey = NULL;
1417 EVP_MD_CTX *mdctx = NULL;
1418 EVP_PKEY_CTX *ctx = NULL;
1422 if (nullprov != NULL)
1423 return TEST_skip("Test does not support a non-default library context");
1427 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1431 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1434 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1436 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1437 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1441 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1443 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1445 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1447 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1452 EVP_PKEY_free(pkey);
1453 EVP_MD_CTX_free(mdctx);
1459 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1461 static int test_EVP_Digest(void)
1464 EVP_MD_CTX *md_ctx = NULL;
1465 unsigned char md[EVP_MAX_MD_SIZE];
1466 EVP_MD *sha256 = NULL;
1467 EVP_MD *shake256 = NULL;
1469 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1472 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1473 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1476 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1477 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1478 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1479 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1480 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1483 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1484 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1485 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1486 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1487 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1489 * EVP_DigestInit_ex with NULL type should work on
1490 * pre-initialized context.
1492 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1495 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1496 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1497 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1498 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1499 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1500 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1505 EVP_MD_CTX_free(md_ctx);
1506 EVP_MD_free(sha256);
1507 EVP_MD_free(shake256);
1511 static int test_EVP_md_null(void)
1514 EVP_MD_CTX *md_ctx = NULL;
1515 const EVP_MD *md_null = EVP_md_null();
1516 unsigned char md_value[EVP_MAX_MD_SIZE];
1517 unsigned int md_len = sizeof(md_value);
1519 if (nullprov != NULL)
1520 return TEST_skip("Test does not support a non-default library context");
1522 if (!TEST_ptr(md_null)
1523 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1526 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1527 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1528 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1531 if (!TEST_uint_eq(md_len, 0))
1536 EVP_MD_CTX_free(md_ctx);
1540 static int test_d2i_AutoPrivateKey(int i)
1543 const unsigned char *p;
1544 EVP_PKEY *pkey = NULL;
1545 const APK_DATA *ak = &keydata[i];
1546 const unsigned char *input = ak->kder;
1547 size_t input_len = ak->size;
1548 int expected_id = ak->evptype;
1551 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1552 || !TEST_ptr_eq(p, input + input_len)
1553 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1559 EVP_PKEY_free(pkey);
1563 #ifndef OPENSSL_NO_EC
1565 static const unsigned char ec_public_sect163k1_validxy[] = {
1566 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1567 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1568 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1569 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1570 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1571 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1574 static const unsigned char ec_public_sect163k1_badx[] = {
1575 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1576 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1577 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1578 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1579 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1580 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1583 static const unsigned char ec_public_sect163k1_bady[] = {
1584 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1585 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1586 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1587 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1588 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1589 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1592 static struct ec_der_pub_keys_st {
1593 const unsigned char *der;
1596 } ec_der_pub_keys[] = {
1597 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1598 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1599 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1603 * Tests the range of the decoded EC char2 public point.
1604 * See ec_GF2m_simple_oct2point().
1606 static int test_invalide_ec_char2_pub_range_decode(int id)
1611 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1612 ec_der_pub_keys[id].len);
1614 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1615 || TEST_ptr_null(pkey);
1616 EVP_PKEY_free(pkey);
1620 /* Tests loading a bad key in PKCS8 format */
1621 static int test_EVP_PKCS82PKEY(void)
1624 const unsigned char *derp = kExampleBadECKeyDER;
1625 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1626 EVP_PKEY *pkey = NULL;
1628 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1629 sizeof(kExampleBadECKeyDER))))
1632 if (!TEST_ptr_eq(derp,
1633 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1636 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1642 PKCS8_PRIV_KEY_INFO_free(p8inf);
1643 EVP_PKEY_free(pkey);
1649 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1651 EVP_PKEY *pkey = NULL;
1652 EVP_PKEY *pkey2 = NULL;
1654 char *membuf = NULL;
1655 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1658 if (testctx != NULL)
1659 /* test not supported with non-default context */
1662 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1663 || !TEST_ptr(pkey = load_example_rsa_key())
1664 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1665 NULL, 0, NULL, NULL),
1667 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1668 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1669 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1670 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1676 EVP_PKEY_free(pkey);
1677 EVP_PKEY_free(pkey2);
1678 PKCS8_PRIV_KEY_INFO_free(p8inf);
1679 BIO_free_all(membio);
1683 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1684 static int test_privatekey_to_pkcs8(void)
1686 EVP_PKEY *pkey = NULL;
1688 char *membuf = NULL;
1689 long membuf_len = 0;
1692 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1693 || !TEST_ptr(pkey = load_example_rsa_key())
1694 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1695 NULL, 0, NULL, NULL),
1697 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1698 || !TEST_ptr(membuf)
1699 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1700 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1702 * We try to write PEM as well, just to see that it doesn't err, but
1703 * assume that the result is correct.
1705 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1706 NULL, 0, NULL, NULL),
1712 EVP_PKEY_free(pkey);
1713 BIO_free_all(membio);
1717 #ifndef OPENSSL_NO_EC
1718 static const struct {
1720 const char *encoding_name;
1721 } ec_encodings[] = {
1722 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1723 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1726 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1728 const OSSL_PARAM *p;
1729 const char *enc_name = NULL;
1735 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1736 OSSL_PKEY_PARAM_EC_ENCODING))
1737 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1740 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1741 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1742 *enc = ec_encodings[i].encoding;
1747 return (*enc != -1);
1750 static int test_EC_keygen_with_enc(int idx)
1752 EVP_PKEY *params = NULL, *key = NULL;
1753 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1757 enc = ec_encodings[idx].encoding;
1759 /* Create key parameters */
1760 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1761 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1762 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1763 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1764 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1765 || !TEST_ptr(params))
1769 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1770 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1771 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1775 /* Check that the encoding got all the way into the key */
1776 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1777 ec_export_get_encoding_cb, &enc))
1778 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1784 EVP_PKEY_free(params);
1785 EVP_PKEY_CTX_free(kctx);
1786 EVP_PKEY_CTX_free(pctx);
1791 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1793 static int test_EVP_SM2_verify(void)
1795 const char *pubkey =
1796 "-----BEGIN PUBLIC KEY-----\n"
1797 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1798 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1799 "-----END PUBLIC KEY-----\n";
1801 const char *msg = "message digest";
1802 const char *id = "ALICE123@YAHOO.COM";
1804 const uint8_t signature[] = {
1805 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1806 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1807 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1808 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1809 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1810 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1811 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1816 EVP_PKEY *pkey = NULL;
1817 EVP_MD_CTX *mctx = NULL;
1818 EVP_PKEY_CTX *pctx = NULL;
1821 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1822 if (!TEST_true(bio != NULL))
1825 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1826 if (!TEST_true(pkey != NULL))
1829 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1832 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1835 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1838 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1840 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1843 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1846 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1849 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1852 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1858 EVP_PKEY_free(pkey);
1859 EVP_PKEY_CTX_free(pctx);
1860 EVP_MD_CTX_free(mctx);
1865 static int test_EVP_SM2(void)
1868 EVP_PKEY *pkey = NULL;
1869 EVP_PKEY *pkeyparams = NULL;
1870 EVP_PKEY_CTX *pctx = NULL;
1871 EVP_PKEY_CTX *kctx = NULL;
1872 EVP_PKEY_CTX *sctx = NULL;
1874 unsigned char *sig = NULL;
1875 EVP_MD_CTX *md_ctx = NULL;
1876 EVP_MD_CTX *md_ctx_verify = NULL;
1877 EVP_PKEY_CTX *cctx = NULL;
1878 EVP_MD *check_md = NULL;
1880 uint8_t ciphertext[128];
1881 size_t ctext_len = sizeof(ciphertext);
1883 uint8_t plaintext[8];
1884 size_t ptext_len = sizeof(plaintext);
1886 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1888 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1889 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1891 char mdname[OSSL_MAX_NAME_SIZE];
1893 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1897 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1900 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1903 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1906 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1907 pkeyparams, testpropq)))
1910 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1913 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1916 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1919 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1922 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1925 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1928 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1931 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1934 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1937 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1940 /* Determine the size of the signature. */
1941 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1944 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1947 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1950 /* Ensure that the signature round-trips. */
1952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1956 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1959 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1962 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1966 * Try verify again with non-matching 0 length id but ensure that it can
1967 * be set on the context and overrides the previous value.
1970 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1974 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1977 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1980 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1983 /* now check encryption/decryption */
1985 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1986 mdname, sizeof(mdname));
1987 for (i = 0; i < 2; i++) {
1988 const char *mdnames[] = {
1989 #ifndef OPENSSL_NO_SM3
1995 EVP_PKEY_CTX_free(cctx);
1997 if (mdnames[i] == NULL)
2001 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2002 (char *)mdnames[i], 0);
2004 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2008 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2011 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2014 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2018 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2021 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2024 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2028 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2032 * Test we're still using the digest we think we are.
2033 * Because of aliases, the easiest is to fetch the digest and
2034 * check the name with EVP_MD_is_a().
2036 EVP_MD_free(check_md);
2037 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2039 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2040 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2044 if (!TEST_true(ptext_len == sizeof(kMsg)))
2047 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2053 EVP_PKEY_CTX_free(pctx);
2054 EVP_PKEY_CTX_free(kctx);
2055 EVP_PKEY_CTX_free(sctx);
2056 EVP_PKEY_CTX_free(cctx);
2057 EVP_PKEY_free(pkey);
2058 EVP_PKEY_free(pkeyparams);
2059 EVP_MD_CTX_free(md_ctx);
2060 EVP_MD_CTX_free(md_ctx_verify);
2061 EVP_MD_free(check_md);
2068 static struct keys_st {
2074 EVP_PKEY_HMAC, "0123456789", NULL
2077 EVP_PKEY_HMAC, "", NULL
2078 #ifndef OPENSSL_NO_POLY1305
2080 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2082 #ifndef OPENSSL_NO_SIPHASH
2084 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2087 #ifndef OPENSSL_NO_EC
2089 EVP_PKEY_X25519, "01234567890123456789012345678901",
2090 "abcdefghijklmnopqrstuvwxyzabcdef"
2092 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2093 "abcdefghijklmnopqrstuvwxyzabcdef"
2096 "01234567890123456789012345678901234567890123456789012345",
2097 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2100 "012345678901234567890123456789012345678901234567890123456",
2101 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2106 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2109 unsigned char buf[80];
2111 size_t inlen, len = 0, shortlen = 1;
2114 /* Check if this algorithm supports public keys */
2115 if (pub && keys[tst].pub == NULL)
2118 memset(buf, 0, sizeof(buf));
2121 #ifndef OPENSSL_NO_EC
2122 inlen = strlen(keys[tst].pub);
2123 in = (unsigned char *)keys[tst].pub;
2125 pkey = EVP_PKEY_new_raw_public_key_ex(
2127 OBJ_nid2sn(keys[tst].type),
2132 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2141 inlen = strlen(keys[tst].priv);
2142 in = (unsigned char *)keys[tst].priv;
2144 pkey = EVP_PKEY_new_raw_private_key_ex(
2145 testctx, OBJ_nid2sn(keys[tst].type),
2150 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2158 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2159 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2160 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2161 || !TEST_true(len == inlen))
2165 * Test that supplying a buffer that is too small fails. Doesn't apply
2166 * to HMAC with a zero length key
2168 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2170 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2174 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2175 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2176 || !TEST_mem_eq(in, inlen, buf, len))
2181 EVP_PKEY_free(pkey);
2185 static int test_set_get_raw_keys(int tst)
2187 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2188 && test_set_get_raw_keys_int(tst, 0, 1)
2189 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2190 && test_set_get_raw_keys_int(tst, 1, 1);
2193 #ifndef OPENSSL_NO_DEPRECATED_3_0
2194 static int pkey_custom_check(EVP_PKEY *pkey)
2199 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2204 static int pkey_custom_param_check(EVP_PKEY *pkey)
2209 static EVP_PKEY_METHOD *custom_pmeth;
2212 static int test_EVP_PKEY_check(int i)
2215 EVP_PKEY *pkey = NULL;
2216 EVP_PKEY_CTX *ctx = NULL;
2217 #ifndef OPENSSL_NO_DEPRECATED_3_0
2218 EVP_PKEY_CTX *ctx2 = NULL;
2220 const APK_DATA *ak = &keycheckdata[i];
2221 const unsigned char *input = ak->kder;
2222 size_t input_len = ak->size;
2223 int expected_id = ak->evptype;
2224 int expected_check = ak->check;
2225 int expected_pub_check = ak->pub_check;
2226 int expected_param_check = ak->param_check;
2227 int type = ak->type;
2229 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2232 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2235 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2238 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2241 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2244 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2247 #ifndef OPENSSL_NO_DEPRECATED_3_0
2248 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2249 /* assign the pkey directly, as an internal test */
2250 EVP_PKEY_up_ref(pkey);
2253 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2256 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2259 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2266 EVP_PKEY_CTX_free(ctx);
2267 #ifndef OPENSSL_NO_DEPRECATED_3_0
2268 EVP_PKEY_CTX_free(ctx2);
2270 EVP_PKEY_free(pkey);
2274 #ifndef OPENSSL_NO_CMAC
2275 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2277 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2278 const char msg[] = "Hello World";
2279 size_t maclen = AES_BLOCK_SIZE;
2282 if (!TEST_ptr(mdctx)
2283 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2284 testpropq, pkey, NULL))
2285 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2286 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2287 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2290 EVP_MD_CTX_free(mdctx);
2294 static int test_CMAC_keygen(void)
2296 static unsigned char key[] = {
2297 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2298 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2299 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2301 EVP_PKEY_CTX *kctx = NULL;
2303 EVP_PKEY *pkey = NULL;
2304 unsigned char mac[AES_BLOCK_SIZE];
2305 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2306 unsigned char mac2[AES_BLOCK_SIZE];
2309 if (nullprov != NULL)
2310 return TEST_skip("Test does not support a non-default library context");
2313 * This is a legacy method for CMACs, but should still work.
2314 * This verifies that it works without an ENGINE.
2316 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2318 /* Test a CMAC key created using the "generated" method */
2319 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2320 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2321 EVP_PKEY_CTRL_CIPHER,
2322 0, (void *)EVP_aes_256_ecb()), 0)
2323 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2324 EVP_PKEY_CTRL_SET_MAC_KEY,
2325 sizeof(key), (void *)key), 0)
2326 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2328 || !TEST_true(get_cmac_val(pkey, mac)))
2331 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2332 EVP_PKEY_free(pkey);
2335 * Test a CMAC key using the direct method, and compare with the mac
2338 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2340 || !TEST_true(get_cmac_val(pkey, mac2))
2341 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2348 EVP_PKEY_free(pkey);
2349 EVP_PKEY_CTX_free(kctx);
2354 static int test_HKDF(void)
2357 unsigned char out[20];
2360 unsigned char salt[] = "0123456789";
2361 unsigned char key[] = "012345678901234567890123456789";
2362 unsigned char info[] = "infostring";
2363 const unsigned char expected[] = {
2364 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2365 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2367 size_t expectedlen = sizeof(expected);
2369 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2372 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2373 for (i = 0; i < 2; i++) {
2374 outlen = sizeof(out);
2375 memset(out, 0, outlen);
2377 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2378 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2379 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2380 sizeof(salt) - 1), 0)
2381 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2382 sizeof(key) - 1), 0)
2383 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2384 sizeof(info) - 1), 0)
2385 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2386 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2393 EVP_PKEY_CTX_free(pctx);
2398 static int test_emptyikm_HKDF(void)
2401 unsigned char out[20];
2404 unsigned char salt[] = "9876543210";
2405 unsigned char key[] = "";
2406 unsigned char info[] = "stringinfo";
2407 const unsigned char expected[] = {
2408 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2409 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2411 size_t expectedlen = sizeof(expected);
2413 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2416 outlen = sizeof(out);
2417 memset(out, 0, outlen);
2419 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2420 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2421 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2422 sizeof(salt) - 1), 0)
2423 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2424 sizeof(key) - 1), 0)
2425 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2426 sizeof(info) - 1), 0)
2427 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2428 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2434 EVP_PKEY_CTX_free(pctx);
2439 #ifndef OPENSSL_NO_EC
2440 static int test_X509_PUBKEY_inplace(void)
2443 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2444 const unsigned char *p = kExampleECPubKeyDER;
2445 size_t input_len = sizeof(kExampleECPubKeyDER);
2449 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2452 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2455 p = kExampleBadECPubKeyDER;
2456 input_len = sizeof(kExampleBadECPubKeyDER);
2458 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2461 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2467 X509_PUBKEY_free(xp);
2471 static int test_X509_PUBKEY_dup(void)
2474 X509_PUBKEY *xp = NULL, *xq = NULL;
2475 const unsigned char *p = kExampleECPubKeyDER;
2476 size_t input_len = sizeof(kExampleECPubKeyDER);
2478 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2480 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2481 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2482 || !TEST_ptr_ne(xp, xq))
2485 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2486 || !TEST_ptr(X509_PUBKEY_get0(xp))
2487 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2490 X509_PUBKEY_free(xq);
2492 p = kExampleBadECPubKeyDER;
2493 input_len = sizeof(kExampleBadECPubKeyDER);
2495 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2496 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2499 X509_PUBKEY_free(xp);
2501 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2507 X509_PUBKEY_free(xp);
2508 X509_PUBKEY_free(xq);
2511 #endif /* OPENSSL_NO_EC */
2513 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2514 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2516 EVP_MD_CTX *mdctx = NULL;
2517 EVP_PKEY_CTX *ctx = NULL;
2518 const OSSL_PARAM *params;
2519 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2522 char mdname[OSSL_MAX_NAME_SIZE];
2525 /* Initialise a sign operation */
2526 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2528 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2532 * We should be able to query the parameters now.
2534 params = EVP_PKEY_CTX_settable_params(ctx);
2535 if (!TEST_ptr(params)
2536 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2537 OSSL_SIGNATURE_PARAM_DIGEST)))
2540 params = EVP_PKEY_CTX_gettable_params(ctx);
2541 if (!TEST_ptr(params)
2542 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2543 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2544 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2545 OSSL_SIGNATURE_PARAM_DIGEST)))
2549 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2550 * EVP_PKEY_CTX_get_params()
2552 strcpy(mdname, "SHA512");
2554 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2556 *param++ = OSSL_PARAM_construct_end();
2558 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2562 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2563 mdname, sizeof(mdname));
2564 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2565 || !TEST_str_eq(mdname, "SHA512"))
2569 * Test the TEST_PKEY_CTX_set_signature_md() and
2570 * TEST_PKEY_CTX_get_signature_md() functions
2572 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2573 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2574 || !TEST_ptr_eq(md, EVP_sha256()))
2578 * Test getting MD parameters via an associated EVP_PKEY_CTX
2580 mdctx = EVP_MD_CTX_new();
2581 if (!TEST_ptr(mdctx)
2582 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2587 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2588 * able to obtain the digest's settable parameters from the provider.
2590 params = EVP_MD_CTX_settable_params(mdctx);
2591 if (!TEST_ptr(params)
2592 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2593 /* The final key should be NULL */
2594 || !TEST_ptr_null(params[1].key))
2598 memset(ssl3ms, 0, sizeof(ssl3ms));
2599 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2600 ssl3ms, sizeof(ssl3ms));
2601 *param++ = OSSL_PARAM_construct_end();
2603 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2609 EVP_MD_CTX_free(mdctx);
2610 EVP_PKEY_CTX_free(ctx);
2615 #ifndef OPENSSL_NO_DSA
2616 static int test_DSA_get_set_params(void)
2618 OSSL_PARAM_BLD *bld = NULL;
2619 OSSL_PARAM *params = NULL;
2620 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2621 EVP_PKEY_CTX *pctx = NULL;
2622 EVP_PKEY *pkey = NULL;
2626 * Setup the parameters for our DSA object. For our purposes they don't
2627 * have to actually be *valid* parameters. We just need to set something.
2629 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2630 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2631 || !TEST_ptr(p = BN_new())
2632 || !TEST_ptr(q = BN_new())
2633 || !TEST_ptr(g = BN_new())
2634 || !TEST_ptr(pub = BN_new())
2635 || !TEST_ptr(priv = BN_new()))
2637 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2638 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2639 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2640 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2642 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2645 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2648 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2649 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2653 if (!TEST_ptr(pkey))
2656 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2659 EVP_PKEY_free(pkey);
2660 EVP_PKEY_CTX_free(pctx);
2661 OSSL_PARAM_free(params);
2662 OSSL_PARAM_BLD_free(bld);
2673 * Test combinations of private, public, missing and private + public key
2674 * params to ensure they are all accepted
2676 static int test_DSA_priv_pub(void)
2678 return test_EVP_PKEY_ffc_priv_pub("DSA");
2681 #endif /* !OPENSSL_NO_DSA */
2683 static int test_RSA_get_set_params(void)
2685 OSSL_PARAM_BLD *bld = NULL;
2686 OSSL_PARAM *params = NULL;
2687 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2688 EVP_PKEY_CTX *pctx = NULL;
2689 EVP_PKEY *pkey = NULL;
2693 * Setup the parameters for our RSA object. For our purposes they don't
2694 * have to actually be *valid* parameters. We just need to set something.
2696 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2697 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2698 || !TEST_ptr(n = BN_new())
2699 || !TEST_ptr(e = BN_new())
2700 || !TEST_ptr(d = BN_new()))
2702 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2703 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2704 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2706 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2709 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2710 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2714 if (!TEST_ptr(pkey))
2717 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2720 EVP_PKEY_free(pkey);
2721 EVP_PKEY_CTX_free(pctx);
2722 OSSL_PARAM_free(params);
2723 OSSL_PARAM_BLD_free(bld);
2731 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2732 static int test_decrypt_null_chunks(void)
2734 EVP_CIPHER_CTX* ctx = NULL;
2735 EVP_CIPHER *cipher = NULL;
2736 const unsigned char key[32] = {
2737 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2738 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2739 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2741 unsigned char iv[12] = {
2742 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2744 unsigned char msg[] = "It was the best of times, it was the worst of times";
2745 unsigned char ciphertext[80];
2746 unsigned char plaintext[80];
2747 /* We initialise tmp to a non zero value on purpose */
2748 int ctlen, ptlen, tmp = 99;
2750 const int enc_offset = 10, dec_offset = 20;
2752 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2753 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2754 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2756 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2758 /* Deliberate add a zero length update */
2759 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2761 || !TEST_int_eq(tmp, 0)
2762 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2764 sizeof(msg) - enc_offset))
2765 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2766 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2767 || !TEST_int_eq(tmp, 0))
2770 /* Deliberately initialise tmp to a non zero value */
2772 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2773 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2776 * Deliberately add a zero length update. We also deliberately do
2777 * this at a different offset than for encryption.
2779 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2781 || !TEST_int_eq(tmp, 0)
2782 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2783 ciphertext + dec_offset,
2784 ctlen - dec_offset))
2785 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2786 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2787 || !TEST_int_eq(tmp, 0)
2788 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2793 EVP_CIPHER_CTX_free(ctx);
2794 EVP_CIPHER_free(cipher);
2797 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2799 #ifndef OPENSSL_NO_DH
2801 * Test combinations of private, public, missing and private + public key
2802 * params to ensure they are all accepted
2804 static int test_DH_priv_pub(void)
2806 return test_EVP_PKEY_ffc_priv_pub("DH");
2809 # ifndef OPENSSL_NO_DEPRECATED_3_0
2810 static int test_EVP_PKEY_set1_DH(void)
2812 DH *x942dh = NULL, *noqdh = NULL;
2813 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2815 BIGNUM *p, *g = NULL;
2816 BIGNUM *pubkey = NULL;
2817 unsigned char pub[2048 / 8];
2820 if (!TEST_ptr(p = BN_new())
2821 || !TEST_ptr(g = BN_new())
2822 || !TEST_ptr(pubkey = BN_new())
2823 || !TEST_true(BN_set_word(p, 9999))
2824 || !TEST_true(BN_set_word(g, 2))
2825 || !TEST_true(BN_set_word(pubkey, 4321))
2826 || !TEST_ptr(noqdh = DH_new())
2827 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2828 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2829 || !TEST_ptr(pubkey = BN_new())
2830 || !TEST_true(BN_set_word(pubkey, 4321)))
2834 x942dh = DH_get_2048_256();
2835 pkey1 = EVP_PKEY_new();
2836 pkey2 = EVP_PKEY_new();
2837 if (!TEST_ptr(x942dh)
2841 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2845 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2846 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2849 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2851 || !TEST_ptr(pubkey))
2854 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2855 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2858 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2859 OSSL_PKEY_PARAM_PUB_KEY,
2860 pub, sizeof(pub), &len))
2861 || !TEST_size_t_ne(len, 0))
2869 EVP_PKEY_free(pkey1);
2870 EVP_PKEY_free(pkey2);
2876 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2877 #endif /* !OPENSSL_NO_DH */
2880 * We test what happens with an empty template. For the sake of this test,
2881 * the template must be ignored, and we know that's the case for RSA keys
2882 * (this might arguably be a misfeature, but that's what we currently do,
2883 * even in provider code, since that's how the legacy RSA implementation
2886 static int test_keygen_with_empty_template(int n)
2888 EVP_PKEY_CTX *ctx = NULL;
2889 EVP_PKEY *pkey = NULL;
2890 EVP_PKEY *tkey = NULL;
2893 if (nullprov != NULL)
2894 return TEST_skip("Test does not support a non-default library context");
2898 /* We do test with no template at all as well */
2899 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2903 /* Here we create an empty RSA key that serves as our template */
2904 if (!TEST_ptr(tkey = EVP_PKEY_new())
2905 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2906 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2911 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2912 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2917 EVP_PKEY_CTX_free(ctx);
2918 EVP_PKEY_free(pkey);
2919 EVP_PKEY_free(tkey);
2924 * Test that we fail if we attempt to use an algorithm that is not available
2925 * in the current library context (unless we are using an algorithm that
2926 * should be made available via legacy codepaths).
2931 static int test_pkey_ctx_fail_without_provider(int tst)
2933 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2934 OSSL_PROVIDER *tmpnullprov = NULL;
2935 EVP_PKEY_CTX *pctx = NULL;
2936 const char *keytype = NULL;
2937 int expect_null = 0;
2940 if (!TEST_ptr(tmpctx))
2943 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2944 if (!TEST_ptr(tmpnullprov))
2948 * We check for certain algos in the null provider.
2949 * If an algo is expected to have a provider keymgmt, constructing an
2950 * EVP_PKEY_CTX is expected to fail (return NULL).
2951 * Otherwise, if it's expected to have legacy support, constructing an
2952 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2962 #ifdef OPENSSL_NO_EC
2963 TEST_info("EC disable, skipping SM2 check...");
2966 #ifdef OPENSSL_NO_SM2
2967 TEST_info("SM2 disable, skipping SM2 check...");
2972 TEST_error("No test for case %d", tst);
2976 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2977 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2980 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2986 EVP_PKEY_CTX_free(pctx);
2987 OSSL_PROVIDER_unload(tmpnullprov);
2988 OSSL_LIB_CTX_free(tmpctx);
2992 static int test_rand_agglomeration(void)
2996 OSSL_PARAM params[3], *p = params;
2998 unsigned int step = 7;
2999 static unsigned char seed[] = "It does not matter how slowly you go "
3000 "as long as you do not stop.";
3001 unsigned char out[sizeof(seed)];
3003 if (!TEST_int_ne(sizeof(seed) % step, 0)
3004 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3006 ctx = EVP_RAND_CTX_new(rand, NULL);
3007 EVP_RAND_free(rand);
3011 memset(out, 0, sizeof(out));
3012 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3013 seed, sizeof(seed));
3014 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3015 *p = OSSL_PARAM_construct_end();
3016 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3017 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3018 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3019 EVP_RAND_CTX_free(ctx);
3024 * Test that we correctly return the original or "running" IV after
3025 * an encryption operation.
3026 * Run multiple times for some different relevant algorithms/modes.
3028 static int test_evp_iv_aes(int idx)
3031 EVP_CIPHER_CTX *ctx = NULL;
3032 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3033 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3034 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3035 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3036 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3037 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3038 9, 10, 11, 12, 13, 14, 15, 16 };
3039 unsigned char ciphertext[32], oiv[16], iv[16];
3040 unsigned char *ref_iv;
3041 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3042 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3044 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3045 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3046 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3047 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3048 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3049 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3050 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3051 #ifndef OPENSSL_NO_OCB
3052 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3053 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3055 int len = sizeof(ciphertext);
3056 size_t ivlen, ref_len;
3057 const EVP_CIPHER *type = NULL;
3060 if (nullprov != NULL && idx < 6)
3061 return TEST_skip("Test does not support a non-default library context");
3065 type = EVP_aes_128_cbc();
3068 type = (type != NULL) ? type :
3069 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3071 ref_len = sizeof(cbc_state);
3075 type = EVP_aes_128_ofb();
3078 type = (type != NULL) ? type :
3079 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3081 ref_len = sizeof(ofb_state);
3085 type = EVP_aes_128_cfb();
3088 type = (type != NULL) ? type :
3089 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3091 ref_len = sizeof(cfb_state);
3095 type = EVP_aes_128_gcm();
3098 type = (type != NULL) ? type :
3099 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3101 ref_len = sizeof(gcm_state);
3104 type = EVP_aes_128_ccm();
3107 type = (type != NULL) ? type :
3108 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3110 ref_len = sizeof(ccm_state);
3112 #ifdef OPENSSL_NO_OCB
3118 type = EVP_aes_128_ocb();
3121 type = (type != NULL) ? type :
3122 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3124 ref_len = sizeof(ocb_state);
3132 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3133 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3134 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3136 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3137 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3138 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3140 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3141 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3142 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3145 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3146 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3147 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3150 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3153 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3159 EVP_CIPHER_CTX_free(ctx);
3161 EVP_CIPHER_free((EVP_CIPHER *)type);
3165 #ifndef OPENSSL_NO_DES
3166 static int test_evp_iv_des(int idx)
3169 EVP_CIPHER_CTX *ctx = NULL;
3170 static const unsigned char key[24] = {
3171 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3172 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3173 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3175 static const unsigned char init_iv[8] = {
3176 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3178 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3179 9, 10, 11, 12, 13, 14, 15, 16 };
3180 unsigned char ciphertext[32], oiv[8], iv[8];
3181 unsigned const char *ref_iv;
3182 static const unsigned char cbc_state_des[8] = {
3183 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3185 static const unsigned char cbc_state_3des[8] = {
3186 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3188 static const unsigned char ofb_state_des[8] = {
3189 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3191 static const unsigned char ofb_state_3des[8] = {
3192 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3194 static const unsigned char cfb_state_des[8] = {
3195 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3197 static const unsigned char cfb_state_3des[8] = {
3198 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3200 int len = sizeof(ciphertext);
3201 size_t ivlen, ref_len;
3202 EVP_CIPHER *type = NULL;
3204 if (lgcyprov == NULL && idx < 3)
3205 return TEST_skip("Test requires legacy provider to be loaded");
3209 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3210 ref_iv = cbc_state_des;
3211 ref_len = sizeof(cbc_state_des);
3214 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3215 ref_iv = ofb_state_des;
3216 ref_len = sizeof(ofb_state_des);
3219 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3220 ref_iv = cfb_state_des;
3221 ref_len = sizeof(cfb_state_des);
3224 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3225 ref_iv = cbc_state_3des;
3226 ref_len = sizeof(cbc_state_3des);
3229 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3230 ref_iv = ofb_state_3des;
3231 ref_len = sizeof(ofb_state_3des);
3234 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3235 ref_iv = cfb_state_3des;
3236 ref_len = sizeof(cfb_state_3des);
3243 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3244 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3245 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3247 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3248 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3249 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3251 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3252 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3253 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3256 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3257 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3259 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3264 EVP_CIPHER_CTX_free(ctx);
3265 EVP_CIPHER_free(type);
3270 #ifndef OPENSSL_NO_BF
3271 static int test_evp_bf_default_keylen(int idx)
3274 static const char *algos[4] = {
3275 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3277 int ivlen[4] = { 0, 8, 8, 8 };
3278 EVP_CIPHER *cipher = NULL;
3280 if (lgcyprov == NULL)
3281 return TEST_skip("Test requires legacy provider to be loaded");
3283 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3284 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3285 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3290 EVP_CIPHER_free(cipher);
3295 #ifndef OPENSSL_NO_EC
3296 static int ecpub_nids[] = {
3297 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3298 NID_secp384r1, NID_secp521r1,
3299 # ifndef OPENSSL_NO_EC2M
3300 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3301 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3303 NID_brainpoolP384r1, NID_brainpoolP512r1
3306 static int test_ecpub(int idx)
3308 int ret = 0, len, savelen;
3310 unsigned char buf[1024];
3312 EVP_PKEY *pkey = NULL;
3313 EVP_PKEY_CTX *ctx = NULL;
3314 # ifndef OPENSSL_NO_DEPRECATED_3_0
3315 const unsigned char *q;
3316 EVP_PKEY *pkey2 = NULL;
3320 if (nullprov != NULL)
3321 return TEST_skip("Test does not support a non-default library context");
3323 nid = ecpub_nids[idx];
3325 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3327 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3328 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3329 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3331 len = i2d_PublicKey(pkey, NULL);
3333 if (!TEST_int_ge(len, 1)
3334 || !TEST_int_lt(len, 1024))
3337 len = i2d_PublicKey(pkey, &p);
3338 if (!TEST_int_ge(len, 1)
3339 || !TEST_int_eq(len, savelen))
3342 # ifndef OPENSSL_NO_DEPRECATED_3_0
3343 /* Now try to decode the just-created DER. */
3345 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3346 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3347 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3349 /* EC_KEY ownership transferred */
3351 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3353 /* The keys should match. */
3354 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3361 EVP_PKEY_CTX_free(ctx);
3362 EVP_PKEY_free(pkey);
3363 # ifndef OPENSSL_NO_DEPRECATED_3_0
3364 EVP_PKEY_free(pkey2);
3371 static int test_EVP_rsa_pss_with_keygen_bits(void)
3374 EVP_PKEY_CTX *ctx = NULL;
3375 EVP_PKEY *pkey = NULL;
3378 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3380 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3381 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3382 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3383 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3384 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3387 EVP_PKEY_free(pkey);
3388 EVP_PKEY_CTX_free(ctx);
3392 static int test_EVP_rsa_pss_set_saltlen(void)
3395 EVP_PKEY *pkey = NULL;
3396 EVP_PKEY_CTX *pkey_ctx = NULL;
3397 EVP_MD *sha256 = NULL;
3398 EVP_MD_CTX *sha256_ctx = NULL;
3399 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3400 const int test_value = 32;
3402 ret = TEST_ptr(pkey = load_example_rsa_key())
3403 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3404 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3405 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3406 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3407 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
3408 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
3409 && TEST_int_eq(saltlen, test_value);
3411 EVP_MD_CTX_free(sha256_ctx);
3412 EVP_PKEY_free(pkey);
3413 EVP_MD_free(sha256);
3418 static int success = 1;
3419 static void md_names(const char *name, void *vctx)
3421 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3422 /* Force a namemap update */
3423 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3425 if (!TEST_ptr(aes128))
3428 EVP_CIPHER_free(aes128);
3432 * Test that changing the namemap in a user callback works in a names_do_all
3435 static int test_names_do_all(void)
3437 /* We use a custom libctx so that we know the state of the namemap */
3438 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3439 EVP_MD *sha256 = NULL;
3445 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3446 if (!TEST_ptr(sha256))
3450 * We loop through all the names for a given digest. This should still work
3451 * even if the namemap changes part way through.
3453 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3456 if (!TEST_true(success))
3461 EVP_MD_free(sha256);
3462 OSSL_LIB_CTX_free(ctx);
3468 const unsigned char *key;
3469 const unsigned char *iv;
3470 const unsigned char *input;
3471 const unsigned char *expected;
3472 const unsigned char *tag;
3473 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3482 static const EVP_INIT_TEST_st evp_init_tests[] = {
3484 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3485 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3489 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3490 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3491 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3492 sizeof(gcmDefaultTag), 1, 0, 1
3495 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3496 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3500 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3501 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3502 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3503 sizeof(gcmDefaultTag), 0, 0, 1
3506 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3507 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3511 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3512 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3513 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3514 sizeof(gcmDefaultTag), 1, 1, 0
3517 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3518 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3522 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3523 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3524 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3525 sizeof(gcmDefaultTag), 0, 1, 0
3529 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3533 if (t->ivlen != 0) {
3534 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3537 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3545 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3546 * arguments are given one at a time and a final adjustment to the enc
3547 * parameter sets the correct operation.
3549 static int test_evp_init_seq(int idx)
3551 int outlen1, outlen2;
3553 unsigned char outbuf[1024];
3554 unsigned char tag[16];
3555 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3556 EVP_CIPHER_CTX *ctx = NULL;
3557 EVP_CIPHER *type = NULL;
3558 size_t taglen = sizeof(tag);
3559 char *errmsg = NULL;
3561 ctx = EVP_CIPHER_CTX_new();
3563 errmsg = "CTX_ALLOC";
3566 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3567 errmsg = "CIPHER_FETCH";
3570 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3571 errmsg = "EMPTY_ENC_INIT";
3574 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3578 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3579 errmsg = "KEY_INIT (before iv)";
3582 if (!evp_init_seq_set_iv(ctx, t)) {
3586 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3587 errmsg = "KEY_INIT (after iv)";
3590 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3591 errmsg = "FINAL_ENC_INIT";
3594 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3595 errmsg = "CIPHER_UPDATE";
3598 if (t->finalenc == 0 && t->tag != NULL) {
3599 /* Set expected tag */
3600 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3601 t->taglen, (void *)t->tag), 0)) {
3606 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3607 errmsg = "CIPHER_FINAL";
3610 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3611 errmsg = "WRONG_RESULT";
3614 if (t->finalenc != 0 && t->tag != NULL) {
3615 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3619 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3620 errmsg = "TAG_ERROR";
3627 TEST_info("evp_init_test %d: %s", idx, errmsg);
3628 EVP_CIPHER_CTX_free(ctx);
3629 EVP_CIPHER_free(type);
3634 const unsigned char *input;
3635 const unsigned char *expected;
3639 } EVP_RESET_TEST_st;
3641 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3643 cfbPlaintext, cfbCiphertext,
3644 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3647 cfbCiphertext, cfbPlaintext,
3648 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3653 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3656 static int test_evp_reset(int idx)
3658 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3659 int outlen1, outlen2;
3661 unsigned char outbuf[1024];
3662 EVP_CIPHER_CTX *ctx = NULL;
3663 EVP_CIPHER *type = NULL;
3664 char *errmsg = NULL;
3666 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3667 errmsg = "CTX_ALLOC";
3670 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3671 errmsg = "CIPHER_FETCH";
3674 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3675 errmsg = "CIPHER_INIT";
3678 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3682 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3683 errmsg = "CIPHER_UPDATE";
3686 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3687 errmsg = "CIPHER_FINAL";
3690 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3691 errmsg = "WRONG_RESULT";
3694 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3695 errmsg = "CIPHER_REINIT";
3698 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3699 errmsg = "CIPHER_UPDATE (reinit)";
3702 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3703 errmsg = "CIPHER_FINAL (reinit)";
3706 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3707 errmsg = "WRONG_RESULT (reinit)";
3713 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3714 EVP_CIPHER_CTX_free(ctx);
3715 EVP_CIPHER_free(type);
3722 } EVP_UPDATED_IV_TEST_st;
3724 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3764 * Test that the IV in the context is updated during a crypto operation for CFB
3767 static int test_evp_updated_iv(int idx)
3769 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3770 int outlen1, outlen2;
3772 unsigned char outbuf[1024];
3773 EVP_CIPHER_CTX *ctx = NULL;
3774 EVP_CIPHER *type = NULL;
3775 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3777 char *errmsg = NULL;
3779 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3780 errmsg = "CTX_ALLOC";
3783 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3784 TEST_info("cipher %s not supported, skipping", t->cipher);
3788 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3789 errmsg = "CIPHER_INIT";
3792 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3796 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3797 errmsg = "CIPHER_UPDATE";
3800 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3801 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3804 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3805 errmsg = "CIPHER_CTX_GET_IV_LEN";
3808 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3809 errmsg = "IV_NOT_UPDATED";
3812 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3813 errmsg = "CIPHER_FINAL";
3820 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3821 EVP_CIPHER_CTX_free(ctx);
3822 EVP_CIPHER_free(type);
3827 const unsigned char *iv1;
3828 const unsigned char *iv2;
3829 const unsigned char *expected1;
3830 const unsigned char *expected2;
3831 const unsigned char *tag1;
3832 const unsigned char *tag2;
3835 size_t expectedlen1;
3836 size_t expectedlen2;
3837 } TEST_GCM_IV_REINIT_st;
3839 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3841 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3842 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3843 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3846 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3847 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3848 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3852 static int test_gcm_reinit(int idx)
3854 int outlen1, outlen2, outlen3;
3856 unsigned char outbuf[1024];
3857 unsigned char tag[16];
3858 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3859 EVP_CIPHER_CTX *ctx = NULL;
3860 EVP_CIPHER *type = NULL;
3861 size_t taglen = sizeof(tag);
3862 char *errmsg = NULL;
3864 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3865 errmsg = "CTX_ALLOC";
3868 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3869 errmsg = "CIPHER_FETCH";
3872 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3873 errmsg = "ENC_INIT";
3876 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3877 errmsg = "SET_IVLEN1";
3880 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3884 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3888 EVP_CIPHER_CTX_set_padding(ctx, 0);
3889 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3890 sizeof(gcmResetPlaintext)))) {
3891 errmsg = "CIPHER_UPDATE1";
3894 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3895 errmsg = "CIPHER_FINAL1";
3898 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3899 errmsg = "WRONG_RESULT1";
3902 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3903 errmsg = "GET_TAG1";
3906 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3907 errmsg = "TAG_ERROR1";
3911 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3912 errmsg = "SET_IVLEN2";
3915 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3919 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3923 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3924 sizeof(gcmResetPlaintext)))) {
3925 errmsg = "CIPHER_UPDATE2";
3928 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3929 errmsg = "CIPHER_FINAL2";
3932 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3933 errmsg = "WRONG_RESULT2";
3936 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3937 errmsg = "GET_TAG2";
3940 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3941 errmsg = "TAG_ERROR2";
3947 TEST_info("evp_init_test %d: %s", idx, errmsg);
3948 EVP_CIPHER_CTX_free(ctx);
3949 EVP_CIPHER_free(type);
3953 #ifndef OPENSSL_NO_DEPRECATED_3_0
3954 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3955 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3957 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3959 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3961 int (*pinit)(EVP_PKEY_CTX *ctx);
3963 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3967 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3969 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3971 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3975 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3976 size_t *outlen, const unsigned char *in,
3979 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3980 const unsigned char *tbs, size_t tbslen);
3982 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3983 return psign(ctx, out, outlen, in, inlen);
3986 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3987 size_t *siglen, const unsigned char *tbs,
3990 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3991 const unsigned char *tbs, size_t tbslen);
3993 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3994 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3997 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4000 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4002 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4003 return pderive(ctx, key, keylen);
4006 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4008 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4010 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4011 return pcopy(dst, src);
4014 static int ctrl_called;
4016 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4018 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4020 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4022 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4027 return pctrl(ctx, type, p1, p2);
4030 static int test_custom_pmeth(int idx)
4032 EVP_PKEY_CTX *pctx = NULL;
4033 EVP_MD_CTX *ctx = NULL;
4034 EVP_PKEY *pkey = NULL;
4035 int id, orig_id, orig_flags;
4038 unsigned char *res = NULL;
4039 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4040 const EVP_MD *md = EVP_sha256();
4045 /* We call deprecated APIs so this test doesn't support a custom libctx */
4046 if (testctx != NULL)
4053 pkey = load_example_rsa_key();
4057 # ifndef OPENSSL_NO_DSA
4059 pkey = load_example_dsa_key();
4066 # ifndef OPENSSL_NO_EC
4068 pkey = load_example_ec_key();
4075 # ifndef OPENSSL_NO_EC
4076 id = EVP_PKEY_ED25519;
4078 pkey = load_example_ed25519_key();
4085 # ifndef OPENSSL_NO_DH
4088 pkey = load_example_dh_key();
4095 # ifndef OPENSSL_NO_EC
4096 id = EVP_PKEY_X25519;
4098 pkey = load_example_x25519_key();
4104 TEST_error("Should not happen");
4108 if (!TEST_ptr(pkey))
4112 if (!TEST_true(evp_pkey_is_provided(pkey)))
4115 EVP_PKEY *tmp = pkey;
4117 /* Convert to a legacy key */
4118 pkey = EVP_PKEY_new();
4119 if (!TEST_ptr(pkey)) {
4123 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4128 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4132 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4136 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4137 if (!TEST_int_eq(orig_id, id)
4138 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4141 if (id == EVP_PKEY_ED25519) {
4142 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4143 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4144 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4146 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4148 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4149 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4150 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4151 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4153 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4154 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4158 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4160 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4161 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4162 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4164 || !TEST_int_eq(ctrl_called, 1)
4165 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4166 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4167 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4168 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4171 ctx = EVP_MD_CTX_new();
4172 reslen = EVP_PKEY_size(pkey);
4173 res = OPENSSL_malloc(reslen);
4176 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4177 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4178 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4180 || !TEST_int_eq(ctrl_called, 1))
4183 if (id == EVP_PKEY_ED25519) {
4184 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4187 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4188 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4196 EVP_MD_CTX_free(ctx);
4198 EVP_PKEY_CTX_free(pctx);
4199 EVP_PKEY_free(pkey);
4200 EVP_PKEY_meth_remove(custom_pmeth);
4201 EVP_PKEY_meth_free(custom_pmeth);
4202 custom_pmeth = NULL;
4206 static int test_evp_md_cipher_meth(void)
4208 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4209 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4212 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4218 EVP_MD_meth_free(md);
4219 EVP_CIPHER_meth_free(ciph);
4228 static int custom_md_init_called = 0;
4229 static int custom_md_cleanup_called = 0;
4231 static int custom_md_init(EVP_MD_CTX *ctx)
4233 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4238 custom_md_init_called++;
4242 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4244 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4250 custom_md_cleanup_called++;
4254 static int test_custom_md_meth(void)
4256 EVP_MD_CTX *mdctx = NULL;
4258 char mess[] = "Test Message\n";
4259 unsigned char md_value[EVP_MAX_MD_SIZE];
4260 unsigned int md_len;
4265 * We are testing deprecated functions. We don't support a non-default
4266 * library context in this test.
4268 if (testctx != NULL)
4271 custom_md_init_called = custom_md_cleanup_called = 0;
4273 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4274 if (!TEST_int_ne(nid, NID_undef))
4276 tmp = EVP_MD_meth_new(nid, NID_undef);
4280 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4281 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4282 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4283 sizeof(custom_dgst_ctx))))
4286 mdctx = EVP_MD_CTX_new();
4287 if (!TEST_ptr(mdctx)
4289 * Initing our custom md and then initing another md should
4290 * result in the init and cleanup functions of the custom md
4291 * from being called.
4293 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4294 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4295 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4296 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4297 || !TEST_int_eq(custom_md_init_called, 1)
4298 || !TEST_int_eq(custom_md_cleanup_called, 1))
4303 EVP_MD_CTX_free(mdctx);
4304 EVP_MD_meth_free(tmp);
4308 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4309 /* Test we can create a signature keys with an associated ENGINE */
4310 static int test_signatures_with_engine(int tst)
4313 const char *engine_id = "dasync";
4314 EVP_PKEY *pkey = NULL;
4315 const unsigned char badcmackey[] = { 0x00, 0x01 };
4316 const unsigned char cmackey[] = {
4317 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4318 0x0c, 0x0d, 0x0e, 0x0f
4320 const unsigned char ed25519key[] = {
4321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4325 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4327 EVP_MD_CTX *ctx = NULL;
4328 unsigned char *mac = NULL;
4332 # ifdef OPENSSL_NO_CMAC
4333 /* Skip CMAC tests in a no-cmac build */
4338 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4341 if (!TEST_true(ENGINE_init(e))) {
4348 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4352 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4356 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4357 sizeof(ed25519key));
4360 TEST_error("Invalid test case");
4363 if (!TEST_ptr(pkey))
4366 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4369 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4372 if (!TEST_true(ret))
4375 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4376 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4379 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4382 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4385 /* We used a bad key. We expect a failure here */
4386 if (!TEST_false(ret))
4392 EVP_MD_CTX_free(ctx);
4394 EVP_PKEY_free(pkey);
4401 static int test_cipher_with_engine(void)
4404 const char *engine_id = "dasync";
4405 const unsigned char keyiv[] = {
4406 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4407 0x0c, 0x0d, 0x0e, 0x0f
4409 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4411 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4412 unsigned char buf[AES_BLOCK_SIZE];
4415 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4418 if (!TEST_true(ENGINE_init(e))) {
4423 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4424 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4427 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4430 /* Copy the ctx, and complete the operation with the new ctx */
4431 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4434 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4435 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4440 EVP_CIPHER_CTX_free(ctx);
4441 EVP_CIPHER_CTX_free(ctx2);
4447 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4448 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4450 static int ecxnids[] = {
4457 /* Test that creating ECX keys with a short private key fails as expected */
4458 static int test_ecx_short_keys(int tst)
4460 unsigned char ecxkeydata = 1;
4464 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4465 if (!TEST_ptr_null(pkey)) {
4466 EVP_PKEY_free(pkey);
4472 typedef enum OPTION_choice {
4479 const OPTIONS *test_get_options(void)
4481 static const OPTIONS options[] = {
4482 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4483 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4489 int setup_tests(void)
4493 while ((o = opt_next()) != OPT_EOF) {
4496 /* Set up an alternate library context */
4497 testctx = OSSL_LIB_CTX_new();
4498 if (!TEST_ptr(testctx))
4500 /* Swap the libctx to test non-default context only */
4501 nullprov = OSSL_PROVIDER_load(NULL, "null");
4502 deflprov = OSSL_PROVIDER_load(testctx, "default");
4503 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4505 case OPT_TEST_CASES:
4512 ADD_TEST(test_EVP_set_default_properties);
4513 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4514 ADD_TEST(test_EVP_DigestVerifyInit);
4515 #ifndef OPENSSL_NO_SIPHASH
4516 ADD_TEST(test_siphash_digestsign);
4518 ADD_TEST(test_EVP_Digest);
4519 ADD_TEST(test_EVP_md_null);
4520 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4521 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4522 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4523 ADD_TEST(test_privatekey_to_pkcs8);
4524 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4525 #ifndef OPENSSL_NO_EC
4526 ADD_TEST(test_EVP_PKCS82PKEY);
4528 #ifndef OPENSSL_NO_EC
4529 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4531 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4532 ADD_TEST(test_EVP_SM2);
4533 ADD_TEST(test_EVP_SM2_verify);
4535 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4536 #ifndef OPENSSL_NO_DEPRECATED_3_0
4537 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4538 if (!TEST_ptr(custom_pmeth))
4540 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4541 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4542 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4543 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4546 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4547 #ifndef OPENSSL_NO_CMAC
4548 ADD_TEST(test_CMAC_keygen);
4550 ADD_TEST(test_HKDF);
4551 ADD_TEST(test_emptyikm_HKDF);
4552 #ifndef OPENSSL_NO_EC
4553 ADD_TEST(test_X509_PUBKEY_inplace);
4554 ADD_TEST(test_X509_PUBKEY_dup);
4555 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4556 OSSL_NELEM(ec_der_pub_keys));
4558 #ifndef OPENSSL_NO_DSA
4559 ADD_TEST(test_DSA_get_set_params);
4560 ADD_TEST(test_DSA_priv_pub);
4562 ADD_TEST(test_RSA_get_set_params);
4563 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4564 ADD_TEST(test_decrypt_null_chunks);
4566 #ifndef OPENSSL_NO_DH
4567 ADD_TEST(test_DH_priv_pub);
4568 # ifndef OPENSSL_NO_DEPRECATED_3_0
4569 ADD_TEST(test_EVP_PKEY_set1_DH);
4572 #ifndef OPENSSL_NO_EC
4573 ADD_TEST(test_EC_priv_pub);
4574 # ifndef OPENSSL_NO_DEPRECATED_3_0
4575 ADD_TEST(test_EC_priv_only_legacy);
4578 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4579 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4581 ADD_TEST(test_rand_agglomeration);
4582 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4583 #ifndef OPENSSL_NO_DES
4584 ADD_ALL_TESTS(test_evp_iv_des, 6);
4586 #ifndef OPENSSL_NO_BF
4587 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4589 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4590 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4591 #ifndef OPENSSL_NO_EC
4592 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4595 ADD_TEST(test_names_do_all);
4597 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4598 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4599 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4600 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4602 #ifndef OPENSSL_NO_DEPRECATED_3_0
4603 ADD_ALL_TESTS(test_custom_pmeth, 12);
4604 ADD_TEST(test_evp_md_cipher_meth);
4605 ADD_TEST(test_custom_md_meth);
4607 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4608 /* Tests only support the default libctx */
4609 if (testctx == NULL) {
4610 # ifndef OPENSSL_NO_EC
4611 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4613 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4615 ADD_TEST(test_cipher_with_engine);
4620 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4625 void cleanup_tests(void)
4627 OSSL_PROVIDER_unload(nullprov);
4628 OSSL_PROVIDER_unload(deflprov);
4629 OSSL_PROVIDER_unload(lgcyprov);
4630 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob