2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
251 static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
257 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
259 static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
277 static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
333 #ifndef OPENSSL_NO_EC
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
356 static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
369 static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
395 static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
399 static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
406 static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
413 # ifndef OPENSSL_NO_DEPRECATED_3_0
414 static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
423 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424 #ifndef OPENSSL_NO_DEPRECATED_3_0
425 # ifndef OPENSSL_NO_DH
426 static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
456 static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
461 static const unsigned char kGCMDefaultKey[32] = { 0 };
463 static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
469 static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
474 static const unsigned char iGCMDefaultIV[12] = { 0 };
476 static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
480 static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
484 static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
489 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
491 static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
499 static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
504 static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
509 static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
517 static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
525 static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
530 static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
535 static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
540 static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
545 typedef struct APK_DATA_st {
546 const unsigned char *kder;
553 int type; /* 0 for private, 1 for public, 2 for params */
556 static APK_DATA keydata[] = {
557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
564 static APK_DATA keycheckdata[] = {
565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
571 #ifndef OPENSSL_NO_EC
572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
573 /* group is also associated in our pub key */
574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
585 static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
588 const unsigned char **pdata = &data;
589 EVP_PKEY *pkey = NULL;
590 OSSL_DECODER_CTX *dctx =
591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
600 static EVP_PKEY *load_example_rsa_key(void)
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
606 #ifndef OPENSSL_NO_DSA
607 static EVP_PKEY *load_example_dsa_key(void)
609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
614 #ifndef OPENSSL_NO_EC
615 static EVP_PKEY *load_example_ec_key(void)
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
622 #ifndef OPENSSL_NO_DEPRECATED_3_0
623 # ifndef OPENSSL_NO_DH
624 static EVP_PKEY *load_example_dh_key(void)
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
631 # ifndef OPENSSL_NO_EC
632 static EVP_PKEY *load_example_ed25519_key(void)
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
638 static EVP_PKEY *load_example_x25519_key(void)
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
644 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
646 static EVP_PKEY *load_example_hmac_key(void)
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
663 static int test_EVP_set_default_properties(void)
669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
688 OSSL_LIB_CTX_free(ctx);
692 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
693 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
695 EVP_PKEY_CTX *pctx = NULL;
696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
705 if (!TEST_ptr(tmp_pkey))
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
716 static int test_selection(EVP_PKEY *pkey, int selection)
720 BIO *bio = BIO_new(BIO_s_mem());
722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
727 if (!TEST_false(ret))
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
736 if (!TEST_false(ret))
746 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
749 * Test combinations of private, public, missing and private + public key
750 * params to ensure they are all accepted
752 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
753 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
768 if (!TEST_ptr(p = BN_new())
769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
785 OSSL_PARAM_free(params);
786 OSSL_PARAM_BLD_free(bld);
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
806 OSSL_PARAM_free(params);
807 OSSL_PARAM_BLD_free(bld);
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
827 OSSL_PARAM_free(params);
828 OSSL_PARAM_BLD_free(bld);
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
855 OSSL_PARAM_free(params);
856 OSSL_PARAM_BLD_free(bld);
857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
869 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
875 #ifndef OPENSSL_NO_EC
876 static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881 static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
890 static int test_EC_priv_pub(void)
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
902 * Setup the parameters for our pkey object. For our purposes they don't
903 * have to actually be *valid* parameters. We just need to set something.
905 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
908 /* Test !priv and !pub */
909 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
910 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
911 OSSL_PKEY_PARAM_GROUP_NAME,
914 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
915 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
918 OSSL_PARAM_free(params);
919 OSSL_PARAM_BLD_free(bld);
923 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
924 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
927 /* Test priv and !pub */
928 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
929 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
930 OSSL_PKEY_PARAM_GROUP_NAME,
932 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
935 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
936 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
945 * We indicate only parameters here, in spite of having built a key that
946 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
947 * expected to fail because it does not support exporting a private EC
948 * key without a corresponding public key
950 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
954 /* Test !priv and pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
959 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
960 OSSL_PKEY_PARAM_PUB_KEY,
961 ec_pub, sizeof(ec_pub))))
963 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
964 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
967 OSSL_PARAM_free(params);
968 OSSL_PARAM_BLD_free(bld);
972 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
973 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
976 /* Test priv and pub */
977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
979 OSSL_PKEY_PARAM_GROUP_NAME,
981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
982 OSSL_PKEY_PARAM_PUB_KEY,
983 ec_pub, sizeof(ec_pub)))
984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
987 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
988 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
991 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
994 /* Try key equality */
995 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
996 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
998 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1002 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1010 OSSL_PARAM_free(params);
1011 OSSL_PARAM_BLD_free(bld);
1012 EVP_PKEY_free(just_params);
1013 EVP_PKEY_free(params_and_priv);
1014 EVP_PKEY_free(params_and_pub);
1015 EVP_PKEY_free(params_and_keypair);
1021 /* Test that using a legacy EC key with only a private key in it works */
1022 # ifndef OPENSSL_NO_DEPRECATED_3_0
1023 static int test_EC_priv_only_legacy(void)
1025 BIGNUM *priv = NULL;
1027 EC_KEY *eckey = NULL;
1028 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1029 EVP_MD_CTX *ctx = NULL;
1031 /* Create the low level EC_KEY */
1032 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1035 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1036 if (!TEST_ptr(eckey))
1039 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1042 pkey = EVP_PKEY_new();
1043 if (!TEST_ptr(pkey))
1046 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1050 while (dup_pk == NULL) {
1052 ctx = EVP_MD_CTX_new();
1057 * The EVP_DigestSignInit function should create the key on the
1058 * provider side which is sufficient for this test.
1060 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1061 testpropq, pkey, NULL)))
1063 EVP_MD_CTX_free(ctx);
1066 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1068 /* EVP_PKEY_eq() returns -2 with missing public keys */
1069 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1070 EVP_PKEY_free(pkey);
1077 EVP_MD_CTX_free(ctx);
1078 EVP_PKEY_free(pkey);
1084 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1085 #endif /* OPENSSL_NO_EC */
1087 static int test_EVP_PKEY_sign(int tst)
1090 EVP_PKEY *pkey = NULL;
1091 unsigned char *sig = NULL;
1092 size_t sig_len = 0, shortsig_len = 1;
1093 EVP_PKEY_CTX *ctx = NULL;
1094 unsigned char tbs[] = {
1095 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1096 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1100 if (!TEST_ptr(pkey = load_example_rsa_key()))
1102 } else if (tst == 1) {
1103 #ifndef OPENSSL_NO_DSA
1104 if (!TEST_ptr(pkey = load_example_dsa_key()))
1111 #ifndef OPENSSL_NO_EC
1112 if (!TEST_ptr(pkey = load_example_ec_key()))
1120 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1122 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1123 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1126 sig = OPENSSL_malloc(sig_len);
1128 /* Test sending a signature buffer that is too short is rejected */
1129 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1131 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1133 /* Test the signature round-trips */
1134 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1141 EVP_PKEY_CTX_free(ctx);
1143 EVP_PKEY_free(pkey);
1148 * n = 0 => test using legacy cipher
1149 * n = 1 => test using fetched cipher
1151 static int test_EVP_Enveloped(int n)
1154 EVP_CIPHER_CTX *ctx = NULL;
1155 EVP_PKEY *keypair = NULL;
1156 unsigned char *kek = NULL;
1157 unsigned char iv[EVP_MAX_IV_LENGTH];
1158 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1159 int len, kek_len, ciphertext_len, plaintext_len;
1160 unsigned char ciphertext[32], plaintext[16];
1161 EVP_CIPHER *type = NULL;
1163 if (nullprov != NULL)
1164 return TEST_skip("Test does not support a non-default library context");
1167 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1168 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1172 if (!TEST_ptr(keypair = load_example_rsa_key())
1173 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1174 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1175 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1177 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1179 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1183 ciphertext_len += len;
1185 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1186 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1187 ciphertext, ciphertext_len))
1188 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1191 plaintext_len += len;
1192 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1198 EVP_CIPHER_free(type);
1200 EVP_PKEY_free(keypair);
1201 EVP_CIPHER_CTX_free(ctx);
1206 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1207 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1208 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1209 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1210 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1211 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1212 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1213 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1214 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1215 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1216 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1217 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1218 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1219 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1220 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1221 * Test 15-29: Same as above with reinitialization
1223 static int test_EVP_DigestSignInit(int tst)
1226 EVP_PKEY *pkey = NULL;
1227 unsigned char *sig = NULL, *sig2 = NULL;
1228 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1229 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1230 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1231 BIO *mdbio = NULL, *membio = NULL;
1234 EVP_MD *mdexp = NULL;
1237 if (nullprov != NULL)
1238 return TEST_skip("Test does not support a non-default library context");
1245 if (tst >= 6 && tst <= 8) {
1246 membio = BIO_new(BIO_s_mem());
1247 mdbio = BIO_new(BIO_f_md());
1248 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1250 BIO_push(mdbio, membio);
1251 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1254 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1255 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1260 if (!TEST_ptr(pkey = load_example_rsa_key()))
1262 } else if (tst % 3 == 1) {
1263 #ifndef OPENSSL_NO_DSA
1264 if (!TEST_ptr(pkey = load_example_dsa_key()))
1271 if (!TEST_ptr(pkey = load_example_hmac_key()))
1275 if (tst >= 3 && tst <= 5)
1276 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1280 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1283 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1286 if (tst >= 6 && tst <= 8) {
1287 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1289 } else if (tst < 6) {
1290 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1295 /* Determine the size of the signature. */
1296 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1298 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1301 /* Test that supply a short sig buffer fails */
1302 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1306 * We end here because once EVP_DigestSign() has failed you should
1307 * not call it again without re-initing the ctx
1312 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1316 /* Determine the size of the signature. */
1317 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1318 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1320 * Trying to create a signature with a deliberately short
1321 * buffer should fail.
1323 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1324 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1329 * Ensure that the signature round-trips (Verification isn't supported for
1330 * HMAC via EVP_DigestVerify*)
1333 if (tst >= 6 && tst <= 8) {
1334 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1335 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1339 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1343 if (tst >= 6 && tst <= 8) {
1344 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1347 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1351 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1354 /* Multiple calls to EVP_DigestVerifyFinal should work */
1355 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1359 * For HMAC a doubled call to DigestSignFinal should produce the same
1360 * value as finalization should not happen.
1362 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1363 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1364 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1367 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1376 EVP_MD_CTX_free(a_md_ctx);
1377 EVP_MD_CTX_free(a_md_ctx_verify);
1378 EVP_PKEY_free(pkey);
1386 static int test_EVP_DigestVerifyInit(void)
1389 EVP_PKEY *pkey = NULL;
1390 EVP_MD_CTX *md_ctx = NULL;
1392 if (nullprov != NULL)
1393 return TEST_skip("Test does not support a non-default library context");
1395 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1396 || !TEST_ptr(pkey = load_example_rsa_key()))
1399 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1400 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1401 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1402 sizeof(kSignature)), 0))
1405 /* test with reinitialization */
1406 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1407 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1408 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1409 sizeof(kSignature)), 0))
1414 EVP_MD_CTX_free(md_ctx);
1415 EVP_PKEY_free(pkey);
1419 #ifndef OPENSSL_NO_SIPHASH
1420 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1421 static int test_siphash_digestsign(void)
1423 unsigned char key[16];
1424 unsigned char buf[8], digest[8];
1425 unsigned char expected[8] = {
1426 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1428 EVP_PKEY *pkey = NULL;
1429 EVP_MD_CTX *mdctx = NULL;
1430 EVP_PKEY_CTX *ctx = NULL;
1434 if (nullprov != NULL)
1435 return TEST_skip("Test does not support a non-default library context");
1439 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1443 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1446 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1448 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1449 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1453 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1455 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1457 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1459 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1464 EVP_PKEY_free(pkey);
1465 EVP_MD_CTX_free(mdctx);
1471 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1473 static int test_EVP_Digest(void)
1476 EVP_MD_CTX *md_ctx = NULL;
1477 unsigned char md[EVP_MAX_MD_SIZE];
1478 EVP_MD *sha256 = NULL;
1479 EVP_MD *shake256 = NULL;
1481 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1484 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1485 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1488 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1489 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1490 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1491 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1492 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1495 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1496 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1497 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1498 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1499 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1501 * EVP_DigestInit_ex with NULL type should work on
1502 * pre-initialized context.
1504 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1510 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1512 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1517 EVP_MD_CTX_free(md_ctx);
1518 EVP_MD_free(sha256);
1519 EVP_MD_free(shake256);
1523 static int test_EVP_md_null(void)
1526 EVP_MD_CTX *md_ctx = NULL;
1527 const EVP_MD *md_null = EVP_md_null();
1528 unsigned char md_value[EVP_MAX_MD_SIZE];
1529 unsigned int md_len = sizeof(md_value);
1531 if (nullprov != NULL)
1532 return TEST_skip("Test does not support a non-default library context");
1534 if (!TEST_ptr(md_null)
1535 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1538 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1539 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1540 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1543 if (!TEST_uint_eq(md_len, 0))
1548 EVP_MD_CTX_free(md_ctx);
1552 static int test_d2i_AutoPrivateKey(int i)
1555 const unsigned char *p;
1556 EVP_PKEY *pkey = NULL;
1557 const APK_DATA *ak = &keydata[i];
1558 const unsigned char *input = ak->kder;
1559 size_t input_len = ak->size;
1560 int expected_id = ak->evptype;
1563 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1564 || !TEST_ptr_eq(p, input + input_len)
1565 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1571 EVP_PKEY_free(pkey);
1575 #ifndef OPENSSL_NO_EC
1577 static const unsigned char ec_public_sect163k1_validxy[] = {
1578 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1579 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1580 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1581 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1582 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1583 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1586 static const unsigned char ec_public_sect163k1_badx[] = {
1587 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1588 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1589 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1590 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1591 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1592 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1595 static const unsigned char ec_public_sect163k1_bady[] = {
1596 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1597 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1598 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1599 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1600 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1601 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1604 static struct ec_der_pub_keys_st {
1605 const unsigned char *der;
1608 } ec_der_pub_keys[] = {
1609 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1610 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1611 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1615 * Tests the range of the decoded EC char2 public point.
1616 * See ec_GF2m_simple_oct2point().
1618 static int test_invalide_ec_char2_pub_range_decode(int id)
1623 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1624 ec_der_pub_keys[id].len);
1626 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1627 || TEST_ptr_null(pkey);
1628 EVP_PKEY_free(pkey);
1632 /* Tests loading a bad key in PKCS8 format */
1633 static int test_EVP_PKCS82PKEY(void)
1636 const unsigned char *derp = kExampleBadECKeyDER;
1637 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1638 EVP_PKEY *pkey = NULL;
1640 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1641 sizeof(kExampleBadECKeyDER))))
1644 if (!TEST_ptr_eq(derp,
1645 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1648 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1654 PKCS8_PRIV_KEY_INFO_free(p8inf);
1655 EVP_PKEY_free(pkey);
1661 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1663 EVP_PKEY *pkey = NULL;
1664 EVP_PKEY *pkey2 = NULL;
1666 char *membuf = NULL;
1667 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1670 if (testctx != NULL)
1671 /* test not supported with non-default context */
1674 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1675 || !TEST_ptr(pkey = load_example_rsa_key())
1676 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1677 NULL, 0, NULL, NULL),
1679 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1680 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1681 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1682 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1688 EVP_PKEY_free(pkey);
1689 EVP_PKEY_free(pkey2);
1690 PKCS8_PRIV_KEY_INFO_free(p8inf);
1691 BIO_free_all(membio);
1695 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1696 static int test_privatekey_to_pkcs8(void)
1698 EVP_PKEY *pkey = NULL;
1700 char *membuf = NULL;
1701 long membuf_len = 0;
1704 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1705 || !TEST_ptr(pkey = load_example_rsa_key())
1706 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1707 NULL, 0, NULL, NULL),
1709 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1710 || !TEST_ptr(membuf)
1711 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1712 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1714 * We try to write PEM as well, just to see that it doesn't err, but
1715 * assume that the result is correct.
1717 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1718 NULL, 0, NULL, NULL),
1724 EVP_PKEY_free(pkey);
1725 BIO_free_all(membio);
1729 #ifndef OPENSSL_NO_EC
1730 static const struct {
1732 const char *encoding_name;
1733 } ec_encodings[] = {
1734 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1735 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1738 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1740 const OSSL_PARAM *p;
1741 const char *enc_name = NULL;
1747 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1748 OSSL_PKEY_PARAM_EC_ENCODING))
1749 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1752 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1753 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1754 *enc = ec_encodings[i].encoding;
1759 return (*enc != -1);
1762 static int test_EC_keygen_with_enc(int idx)
1764 EVP_PKEY *params = NULL, *key = NULL;
1765 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1769 enc = ec_encodings[idx].encoding;
1771 /* Create key parameters */
1772 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1773 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1774 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1775 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1776 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1777 || !TEST_ptr(params))
1781 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1782 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1783 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1787 /* Check that the encoding got all the way into the key */
1788 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1789 ec_export_get_encoding_cb, &enc))
1790 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1796 EVP_PKEY_free(params);
1797 EVP_PKEY_CTX_free(kctx);
1798 EVP_PKEY_CTX_free(pctx);
1803 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1805 static int test_EVP_SM2_verify(void)
1807 const char *pubkey =
1808 "-----BEGIN PUBLIC KEY-----\n"
1809 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1810 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1811 "-----END PUBLIC KEY-----\n";
1813 const char *msg = "message digest";
1814 const char *id = "ALICE123@YAHOO.COM";
1816 const uint8_t signature[] = {
1817 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1818 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1819 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1820 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1821 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1822 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1823 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1828 EVP_PKEY *pkey = NULL;
1829 EVP_MD_CTX *mctx = NULL;
1830 EVP_PKEY_CTX *pctx = NULL;
1833 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1834 if (!TEST_true(bio != NULL))
1837 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1838 if (!TEST_true(pkey != NULL))
1841 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1844 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1847 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1850 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1852 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1855 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1858 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1861 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1864 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1870 EVP_PKEY_free(pkey);
1871 EVP_PKEY_CTX_free(pctx);
1872 EVP_MD_CTX_free(mctx);
1877 static int test_EVP_SM2(void)
1880 EVP_PKEY *pkey = NULL;
1881 EVP_PKEY *pkeyparams = NULL;
1882 EVP_PKEY_CTX *pctx = NULL;
1883 EVP_PKEY_CTX *kctx = NULL;
1884 EVP_PKEY_CTX *sctx = NULL;
1886 unsigned char *sig = NULL;
1887 EVP_MD_CTX *md_ctx = NULL;
1888 EVP_MD_CTX *md_ctx_verify = NULL;
1889 EVP_PKEY_CTX *cctx = NULL;
1890 EVP_MD *check_md = NULL;
1892 uint8_t ciphertext[128];
1893 size_t ctext_len = sizeof(ciphertext);
1895 uint8_t plaintext[8];
1896 size_t ptext_len = sizeof(plaintext);
1898 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1900 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1901 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1903 char mdname[OSSL_MAX_NAME_SIZE];
1905 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1909 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1912 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1915 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1918 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1919 pkeyparams, testpropq)))
1922 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1925 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1928 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1931 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1934 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1937 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1938 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1940 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1943 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1946 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1949 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1952 /* Determine the size of the signature. */
1953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1956 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1959 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1962 /* Ensure that the signature round-trips. */
1964 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1968 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1971 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1974 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1978 * Try verify again with non-matching 0 length id but ensure that it can
1979 * be set on the context and overrides the previous value.
1982 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1986 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1989 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1992 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1995 /* now check encryption/decryption */
1997 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1998 mdname, sizeof(mdname));
1999 for (i = 0; i < 2; i++) {
2000 const char *mdnames[] = {
2001 #ifndef OPENSSL_NO_SM3
2007 EVP_PKEY_CTX_free(cctx);
2009 if (mdnames[i] == NULL)
2013 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2014 (char *)mdnames[i], 0);
2016 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2020 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2023 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2026 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2030 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2033 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2036 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2040 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2044 * Test we're still using the digest we think we are.
2045 * Because of aliases, the easiest is to fetch the digest and
2046 * check the name with EVP_MD_is_a().
2048 EVP_MD_free(check_md);
2049 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2051 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2052 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2056 if (!TEST_true(ptext_len == sizeof(kMsg)))
2059 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2065 EVP_PKEY_CTX_free(pctx);
2066 EVP_PKEY_CTX_free(kctx);
2067 EVP_PKEY_CTX_free(sctx);
2068 EVP_PKEY_CTX_free(cctx);
2069 EVP_PKEY_free(pkey);
2070 EVP_PKEY_free(pkeyparams);
2071 EVP_MD_CTX_free(md_ctx);
2072 EVP_MD_CTX_free(md_ctx_verify);
2073 EVP_MD_free(check_md);
2080 static struct keys_st {
2086 EVP_PKEY_HMAC, "0123456789", NULL
2089 EVP_PKEY_HMAC, "", NULL
2090 #ifndef OPENSSL_NO_POLY1305
2092 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2094 #ifndef OPENSSL_NO_SIPHASH
2096 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2099 #ifndef OPENSSL_NO_EC
2101 EVP_PKEY_X25519, "01234567890123456789012345678901",
2102 "abcdefghijklmnopqrstuvwxyzabcdef"
2104 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2105 "abcdefghijklmnopqrstuvwxyzabcdef"
2108 "01234567890123456789012345678901234567890123456789012345",
2109 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2112 "012345678901234567890123456789012345678901234567890123456",
2113 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2118 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2121 unsigned char buf[80];
2123 size_t inlen, len = 0, shortlen = 1;
2126 /* Check if this algorithm supports public keys */
2127 if (pub && keys[tst].pub == NULL)
2130 memset(buf, 0, sizeof(buf));
2133 #ifndef OPENSSL_NO_EC
2134 inlen = strlen(keys[tst].pub);
2135 in = (unsigned char *)keys[tst].pub;
2137 pkey = EVP_PKEY_new_raw_public_key_ex(
2139 OBJ_nid2sn(keys[tst].type),
2144 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2153 inlen = strlen(keys[tst].priv);
2154 in = (unsigned char *)keys[tst].priv;
2156 pkey = EVP_PKEY_new_raw_private_key_ex(
2157 testctx, OBJ_nid2sn(keys[tst].type),
2162 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2170 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2171 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2172 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2173 || !TEST_true(len == inlen))
2177 * Test that supplying a buffer that is too small fails. Doesn't apply
2178 * to HMAC with a zero length key
2180 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2182 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2186 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2187 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2188 || !TEST_mem_eq(in, inlen, buf, len))
2193 EVP_PKEY_free(pkey);
2197 static int test_set_get_raw_keys(int tst)
2199 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2200 && test_set_get_raw_keys_int(tst, 0, 1)
2201 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2202 && test_set_get_raw_keys_int(tst, 1, 1);
2205 #ifndef OPENSSL_NO_DEPRECATED_3_0
2206 static int pkey_custom_check(EVP_PKEY *pkey)
2211 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2216 static int pkey_custom_param_check(EVP_PKEY *pkey)
2221 static EVP_PKEY_METHOD *custom_pmeth;
2224 static int test_EVP_PKEY_check(int i)
2227 EVP_PKEY *pkey = NULL;
2228 EVP_PKEY_CTX *ctx = NULL;
2229 #ifndef OPENSSL_NO_DEPRECATED_3_0
2230 EVP_PKEY_CTX *ctx2 = NULL;
2232 const APK_DATA *ak = &keycheckdata[i];
2233 const unsigned char *input = ak->kder;
2234 size_t input_len = ak->size;
2235 int expected_id = ak->evptype;
2236 int expected_check = ak->check;
2237 int expected_pub_check = ak->pub_check;
2238 int expected_param_check = ak->param_check;
2239 int type = ak->type;
2241 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2244 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2247 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2250 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2253 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2256 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2259 #ifndef OPENSSL_NO_DEPRECATED_3_0
2260 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2261 /* assign the pkey directly, as an internal test */
2262 EVP_PKEY_up_ref(pkey);
2265 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2268 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2271 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2278 EVP_PKEY_CTX_free(ctx);
2279 #ifndef OPENSSL_NO_DEPRECATED_3_0
2280 EVP_PKEY_CTX_free(ctx2);
2282 EVP_PKEY_free(pkey);
2286 #ifndef OPENSSL_NO_CMAC
2287 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2289 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2290 const char msg[] = "Hello World";
2291 size_t maclen = AES_BLOCK_SIZE;
2294 if (!TEST_ptr(mdctx)
2295 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2296 testpropq, pkey, NULL))
2297 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2298 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2299 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2302 EVP_MD_CTX_free(mdctx);
2306 static int test_CMAC_keygen(void)
2308 static unsigned char key[] = {
2309 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2310 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2311 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2313 EVP_PKEY_CTX *kctx = NULL;
2315 EVP_PKEY *pkey = NULL;
2316 unsigned char mac[AES_BLOCK_SIZE];
2317 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2318 unsigned char mac2[AES_BLOCK_SIZE];
2321 if (nullprov != NULL)
2322 return TEST_skip("Test does not support a non-default library context");
2325 * This is a legacy method for CMACs, but should still work.
2326 * This verifies that it works without an ENGINE.
2328 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2330 /* Test a CMAC key created using the "generated" method */
2331 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2332 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2333 EVP_PKEY_CTRL_CIPHER,
2334 0, (void *)EVP_aes_256_ecb()), 0)
2335 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2336 EVP_PKEY_CTRL_SET_MAC_KEY,
2337 sizeof(key), (void *)key), 0)
2338 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2340 || !TEST_true(get_cmac_val(pkey, mac)))
2343 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2344 EVP_PKEY_free(pkey);
2347 * Test a CMAC key using the direct method, and compare with the mac
2350 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2352 || !TEST_true(get_cmac_val(pkey, mac2))
2353 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2360 EVP_PKEY_free(pkey);
2361 EVP_PKEY_CTX_free(kctx);
2366 static int test_HKDF(void)
2369 unsigned char out[20];
2372 unsigned char salt[] = "0123456789";
2373 unsigned char key[] = "012345678901234567890123456789";
2374 unsigned char info[] = "infostring";
2375 const unsigned char expected[] = {
2376 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2377 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2379 size_t expectedlen = sizeof(expected);
2381 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2384 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2385 for (i = 0; i < 2; i++) {
2386 outlen = sizeof(out);
2387 memset(out, 0, outlen);
2389 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2390 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2391 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2392 sizeof(salt) - 1), 0)
2393 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2394 sizeof(key) - 1), 0)
2395 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2396 sizeof(info) - 1), 0)
2397 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2398 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2405 EVP_PKEY_CTX_free(pctx);
2410 static int test_emptyikm_HKDF(void)
2413 unsigned char out[20];
2416 unsigned char salt[] = "9876543210";
2417 unsigned char key[] = "";
2418 unsigned char info[] = "stringinfo";
2419 const unsigned char expected[] = {
2420 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2421 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2423 size_t expectedlen = sizeof(expected);
2425 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2428 outlen = sizeof(out);
2429 memset(out, 0, outlen);
2431 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2432 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2433 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2434 sizeof(salt) - 1), 0)
2435 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2436 sizeof(key) - 1), 0)
2437 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2438 sizeof(info) - 1), 0)
2439 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2440 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2446 EVP_PKEY_CTX_free(pctx);
2451 #ifndef OPENSSL_NO_EC
2452 static int test_X509_PUBKEY_inplace(void)
2455 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2456 const unsigned char *p = kExampleECPubKeyDER;
2457 size_t input_len = sizeof(kExampleECPubKeyDER);
2461 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2464 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2467 p = kExampleBadECPubKeyDER;
2468 input_len = sizeof(kExampleBadECPubKeyDER);
2470 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2473 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2479 X509_PUBKEY_free(xp);
2483 static int test_X509_PUBKEY_dup(void)
2486 X509_PUBKEY *xp = NULL, *xq = NULL;
2487 const unsigned char *p = kExampleECPubKeyDER;
2488 size_t input_len = sizeof(kExampleECPubKeyDER);
2490 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2492 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2493 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2494 || !TEST_ptr_ne(xp, xq))
2497 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2498 || !TEST_ptr(X509_PUBKEY_get0(xp))
2499 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2502 X509_PUBKEY_free(xq);
2504 p = kExampleBadECPubKeyDER;
2505 input_len = sizeof(kExampleBadECPubKeyDER);
2507 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2508 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2511 X509_PUBKEY_free(xp);
2513 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2519 X509_PUBKEY_free(xp);
2520 X509_PUBKEY_free(xq);
2523 #endif /* OPENSSL_NO_EC */
2525 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2526 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2528 EVP_MD_CTX *mdctx = NULL;
2529 EVP_PKEY_CTX *ctx = NULL;
2530 const OSSL_PARAM *params;
2531 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2534 char mdname[OSSL_MAX_NAME_SIZE];
2537 /* Initialise a sign operation */
2538 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2540 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2544 * We should be able to query the parameters now.
2546 params = EVP_PKEY_CTX_settable_params(ctx);
2547 if (!TEST_ptr(params)
2548 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2549 OSSL_SIGNATURE_PARAM_DIGEST)))
2552 params = EVP_PKEY_CTX_gettable_params(ctx);
2553 if (!TEST_ptr(params)
2554 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2555 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2556 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2557 OSSL_SIGNATURE_PARAM_DIGEST)))
2561 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2562 * EVP_PKEY_CTX_get_params()
2564 strcpy(mdname, "SHA512");
2566 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2568 *param++ = OSSL_PARAM_construct_end();
2570 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2574 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2575 mdname, sizeof(mdname));
2576 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2577 || !TEST_str_eq(mdname, "SHA512"))
2581 * Test the TEST_PKEY_CTX_set_signature_md() and
2582 * TEST_PKEY_CTX_get_signature_md() functions
2584 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2585 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2586 || !TEST_ptr_eq(md, EVP_sha256()))
2590 * Test getting MD parameters via an associated EVP_PKEY_CTX
2592 mdctx = EVP_MD_CTX_new();
2593 if (!TEST_ptr(mdctx)
2594 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2599 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2600 * able to obtain the digest's settable parameters from the provider.
2602 params = EVP_MD_CTX_settable_params(mdctx);
2603 if (!TEST_ptr(params)
2604 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2605 /* The final key should be NULL */
2606 || !TEST_ptr_null(params[1].key))
2610 memset(ssl3ms, 0, sizeof(ssl3ms));
2611 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2612 ssl3ms, sizeof(ssl3ms));
2613 *param++ = OSSL_PARAM_construct_end();
2615 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2621 EVP_MD_CTX_free(mdctx);
2622 EVP_PKEY_CTX_free(ctx);
2627 #ifndef OPENSSL_NO_DSA
2628 static int test_DSA_get_set_params(void)
2630 OSSL_PARAM_BLD *bld = NULL;
2631 OSSL_PARAM *params = NULL;
2632 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2633 EVP_PKEY_CTX *pctx = NULL;
2634 EVP_PKEY *pkey = NULL;
2638 * Setup the parameters for our DSA object. For our purposes they don't
2639 * have to actually be *valid* parameters. We just need to set something.
2641 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2642 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2643 || !TEST_ptr(p = BN_new())
2644 || !TEST_ptr(q = BN_new())
2645 || !TEST_ptr(g = BN_new())
2646 || !TEST_ptr(pub = BN_new())
2647 || !TEST_ptr(priv = BN_new()))
2649 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2650 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2651 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2652 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2654 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2657 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2660 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2661 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2665 if (!TEST_ptr(pkey))
2668 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2671 EVP_PKEY_free(pkey);
2672 EVP_PKEY_CTX_free(pctx);
2673 OSSL_PARAM_free(params);
2674 OSSL_PARAM_BLD_free(bld);
2685 * Test combinations of private, public, missing and private + public key
2686 * params to ensure they are all accepted
2688 static int test_DSA_priv_pub(void)
2690 return test_EVP_PKEY_ffc_priv_pub("DSA");
2693 #endif /* !OPENSSL_NO_DSA */
2695 static int test_RSA_get_set_params(void)
2697 OSSL_PARAM_BLD *bld = NULL;
2698 OSSL_PARAM *params = NULL;
2699 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2700 EVP_PKEY_CTX *pctx = NULL;
2701 EVP_PKEY *pkey = NULL;
2705 * Setup the parameters for our RSA object. For our purposes they don't
2706 * have to actually be *valid* parameters. We just need to set something.
2708 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2709 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2710 || !TEST_ptr(n = BN_new())
2711 || !TEST_ptr(e = BN_new())
2712 || !TEST_ptr(d = BN_new()))
2714 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2715 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2716 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2718 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2721 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2722 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2726 if (!TEST_ptr(pkey))
2729 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2732 EVP_PKEY_free(pkey);
2733 EVP_PKEY_CTX_free(pctx);
2734 OSSL_PARAM_free(params);
2735 OSSL_PARAM_BLD_free(bld);
2743 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2744 static int test_decrypt_null_chunks(void)
2746 EVP_CIPHER_CTX* ctx = NULL;
2747 EVP_CIPHER *cipher = NULL;
2748 const unsigned char key[32] = {
2749 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2750 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2751 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2753 unsigned char iv[12] = {
2754 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2756 unsigned char msg[] = "It was the best of times, it was the worst of times";
2757 unsigned char ciphertext[80];
2758 unsigned char plaintext[80];
2759 /* We initialise tmp to a non zero value on purpose */
2760 int ctlen, ptlen, tmp = 99;
2762 const int enc_offset = 10, dec_offset = 20;
2764 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2765 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2766 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2768 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2770 /* Deliberate add a zero length update */
2771 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2773 || !TEST_int_eq(tmp, 0)
2774 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2776 sizeof(msg) - enc_offset))
2777 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2778 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2779 || !TEST_int_eq(tmp, 0))
2782 /* Deliberately initialise tmp to a non zero value */
2784 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2785 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2788 * Deliberately add a zero length update. We also deliberately do
2789 * this at a different offset than for encryption.
2791 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2793 || !TEST_int_eq(tmp, 0)
2794 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2795 ciphertext + dec_offset,
2796 ctlen - dec_offset))
2797 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2798 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2799 || !TEST_int_eq(tmp, 0)
2800 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2805 EVP_CIPHER_CTX_free(ctx);
2806 EVP_CIPHER_free(cipher);
2809 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2811 #ifndef OPENSSL_NO_DH
2813 * Test combinations of private, public, missing and private + public key
2814 * params to ensure they are all accepted
2816 static int test_DH_priv_pub(void)
2818 return test_EVP_PKEY_ffc_priv_pub("DH");
2821 # ifndef OPENSSL_NO_DEPRECATED_3_0
2822 static int test_EVP_PKEY_set1_DH(void)
2824 DH *x942dh = NULL, *noqdh = NULL;
2825 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2827 BIGNUM *p, *g = NULL;
2828 BIGNUM *pubkey = NULL;
2829 unsigned char pub[2048 / 8];
2832 if (!TEST_ptr(p = BN_new())
2833 || !TEST_ptr(g = BN_new())
2834 || !TEST_ptr(pubkey = BN_new())
2835 || !TEST_true(BN_set_word(p, 9999))
2836 || !TEST_true(BN_set_word(g, 2))
2837 || !TEST_true(BN_set_word(pubkey, 4321))
2838 || !TEST_ptr(noqdh = DH_new())
2839 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2840 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2841 || !TEST_ptr(pubkey = BN_new())
2842 || !TEST_true(BN_set_word(pubkey, 4321)))
2846 x942dh = DH_get_2048_256();
2847 pkey1 = EVP_PKEY_new();
2848 pkey2 = EVP_PKEY_new();
2849 if (!TEST_ptr(x942dh)
2853 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2857 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2858 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2861 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2863 || !TEST_ptr(pubkey))
2866 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2867 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2870 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2871 OSSL_PKEY_PARAM_PUB_KEY,
2872 pub, sizeof(pub), &len))
2873 || !TEST_size_t_ne(len, 0))
2881 EVP_PKEY_free(pkey1);
2882 EVP_PKEY_free(pkey2);
2888 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2889 #endif /* !OPENSSL_NO_DH */
2892 * We test what happens with an empty template. For the sake of this test,
2893 * the template must be ignored, and we know that's the case for RSA keys
2894 * (this might arguably be a misfeature, but that's what we currently do,
2895 * even in provider code, since that's how the legacy RSA implementation
2898 static int test_keygen_with_empty_template(int n)
2900 EVP_PKEY_CTX *ctx = NULL;
2901 EVP_PKEY *pkey = NULL;
2902 EVP_PKEY *tkey = NULL;
2905 if (nullprov != NULL)
2906 return TEST_skip("Test does not support a non-default library context");
2910 /* We do test with no template at all as well */
2911 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2915 /* Here we create an empty RSA key that serves as our template */
2916 if (!TEST_ptr(tkey = EVP_PKEY_new())
2917 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2918 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2923 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2924 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2929 EVP_PKEY_CTX_free(ctx);
2930 EVP_PKEY_free(pkey);
2931 EVP_PKEY_free(tkey);
2936 * Test that we fail if we attempt to use an algorithm that is not available
2937 * in the current library context (unless we are using an algorithm that
2938 * should be made available via legacy codepaths).
2943 static int test_pkey_ctx_fail_without_provider(int tst)
2945 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2946 OSSL_PROVIDER *tmpnullprov = NULL;
2947 EVP_PKEY_CTX *pctx = NULL;
2948 const char *keytype = NULL;
2949 int expect_null = 0;
2952 if (!TEST_ptr(tmpctx))
2955 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2956 if (!TEST_ptr(tmpnullprov))
2960 * We check for certain algos in the null provider.
2961 * If an algo is expected to have a provider keymgmt, constructing an
2962 * EVP_PKEY_CTX is expected to fail (return NULL).
2963 * Otherwise, if it's expected to have legacy support, constructing an
2964 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2974 #ifdef OPENSSL_NO_EC
2975 TEST_info("EC disable, skipping SM2 check...");
2978 #ifdef OPENSSL_NO_SM2
2979 TEST_info("SM2 disable, skipping SM2 check...");
2984 TEST_error("No test for case %d", tst);
2988 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2989 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2992 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2998 EVP_PKEY_CTX_free(pctx);
2999 OSSL_PROVIDER_unload(tmpnullprov);
3000 OSSL_LIB_CTX_free(tmpctx);
3004 static int test_rand_agglomeration(void)
3008 OSSL_PARAM params[3], *p = params;
3010 unsigned int step = 7;
3011 static unsigned char seed[] = "It does not matter how slowly you go "
3012 "as long as you do not stop.";
3013 unsigned char out[sizeof(seed)];
3015 if (!TEST_int_ne(sizeof(seed) % step, 0)
3016 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3018 ctx = EVP_RAND_CTX_new(rand, NULL);
3019 EVP_RAND_free(rand);
3023 memset(out, 0, sizeof(out));
3024 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3025 seed, sizeof(seed));
3026 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3027 *p = OSSL_PARAM_construct_end();
3028 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3029 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3030 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3031 EVP_RAND_CTX_free(ctx);
3036 * Test that we correctly return the original or "running" IV after
3037 * an encryption operation.
3038 * Run multiple times for some different relevant algorithms/modes.
3040 static int test_evp_iv_aes(int idx)
3043 EVP_CIPHER_CTX *ctx = NULL;
3044 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3045 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3046 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3047 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3048 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3049 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3050 9, 10, 11, 12, 13, 14, 15, 16 };
3051 unsigned char ciphertext[32], oiv[16], iv[16];
3052 unsigned char *ref_iv;
3053 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3054 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3056 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3057 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3058 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3059 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3060 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3061 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3062 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3063 #ifndef OPENSSL_NO_OCB
3064 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3065 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3067 int len = sizeof(ciphertext);
3068 size_t ivlen, ref_len;
3069 const EVP_CIPHER *type = NULL;
3072 if (nullprov != NULL && idx < 6)
3073 return TEST_skip("Test does not support a non-default library context");
3077 type = EVP_aes_128_cbc();
3080 type = (type != NULL) ? type :
3081 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3083 ref_len = sizeof(cbc_state);
3087 type = EVP_aes_128_ofb();
3090 type = (type != NULL) ? type :
3091 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3093 ref_len = sizeof(ofb_state);
3097 type = EVP_aes_128_cfb();
3100 type = (type != NULL) ? type :
3101 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3103 ref_len = sizeof(cfb_state);
3107 type = EVP_aes_128_gcm();
3110 type = (type != NULL) ? type :
3111 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3113 ref_len = sizeof(gcm_state);
3116 type = EVP_aes_128_ccm();
3119 type = (type != NULL) ? type :
3120 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3122 ref_len = sizeof(ccm_state);
3124 #ifdef OPENSSL_NO_OCB
3130 type = EVP_aes_128_ocb();
3133 type = (type != NULL) ? type :
3134 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3136 ref_len = sizeof(ocb_state);
3144 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3145 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3146 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3148 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3149 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3150 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3152 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3153 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3154 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3157 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3158 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3159 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3162 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3165 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3171 EVP_CIPHER_CTX_free(ctx);
3173 EVP_CIPHER_free((EVP_CIPHER *)type);
3177 #ifndef OPENSSL_NO_DES
3178 static int test_evp_iv_des(int idx)
3181 EVP_CIPHER_CTX *ctx = NULL;
3182 static const unsigned char key[24] = {
3183 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3184 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3185 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3187 static const unsigned char init_iv[8] = {
3188 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3190 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3191 9, 10, 11, 12, 13, 14, 15, 16 };
3192 unsigned char ciphertext[32], oiv[8], iv[8];
3193 unsigned const char *ref_iv;
3194 static const unsigned char cbc_state_des[8] = {
3195 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3197 static const unsigned char cbc_state_3des[8] = {
3198 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3200 static const unsigned char ofb_state_des[8] = {
3201 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3203 static const unsigned char ofb_state_3des[8] = {
3204 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3206 static const unsigned char cfb_state_des[8] = {
3207 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3209 static const unsigned char cfb_state_3des[8] = {
3210 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3212 int len = sizeof(ciphertext);
3213 size_t ivlen, ref_len;
3214 EVP_CIPHER *type = NULL;
3216 if (lgcyprov == NULL && idx < 3)
3217 return TEST_skip("Test requires legacy provider to be loaded");
3221 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3222 ref_iv = cbc_state_des;
3223 ref_len = sizeof(cbc_state_des);
3226 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3227 ref_iv = ofb_state_des;
3228 ref_len = sizeof(ofb_state_des);
3231 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3232 ref_iv = cfb_state_des;
3233 ref_len = sizeof(cfb_state_des);
3236 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3237 ref_iv = cbc_state_3des;
3238 ref_len = sizeof(cbc_state_3des);
3241 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3242 ref_iv = ofb_state_3des;
3243 ref_len = sizeof(ofb_state_3des);
3246 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3247 ref_iv = cfb_state_3des;
3248 ref_len = sizeof(cfb_state_3des);
3255 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3256 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3257 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3259 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3260 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3261 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3263 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3264 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3265 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3268 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3269 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3271 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3276 EVP_CIPHER_CTX_free(ctx);
3277 EVP_CIPHER_free(type);
3282 #ifndef OPENSSL_NO_BF
3283 static int test_evp_bf_default_keylen(int idx)
3286 static const char *algos[4] = {
3287 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3289 int ivlen[4] = { 0, 8, 8, 8 };
3290 EVP_CIPHER *cipher = NULL;
3292 if (lgcyprov == NULL)
3293 return TEST_skip("Test requires legacy provider to be loaded");
3295 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3296 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3297 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3302 EVP_CIPHER_free(cipher);
3307 #ifndef OPENSSL_NO_EC
3308 static int ecpub_nids[] = {
3309 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3310 NID_secp384r1, NID_secp521r1,
3311 # ifndef OPENSSL_NO_EC2M
3312 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3313 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3315 NID_brainpoolP384r1, NID_brainpoolP512r1
3318 static int test_ecpub(int idx)
3320 int ret = 0, len, savelen;
3322 unsigned char buf[1024];
3324 EVP_PKEY *pkey = NULL;
3325 EVP_PKEY_CTX *ctx = NULL;
3326 # ifndef OPENSSL_NO_DEPRECATED_3_0
3327 const unsigned char *q;
3328 EVP_PKEY *pkey2 = NULL;
3332 if (nullprov != NULL)
3333 return TEST_skip("Test does not support a non-default library context");
3335 nid = ecpub_nids[idx];
3337 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3339 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3340 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3341 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3343 len = i2d_PublicKey(pkey, NULL);
3345 if (!TEST_int_ge(len, 1)
3346 || !TEST_int_lt(len, 1024))
3349 len = i2d_PublicKey(pkey, &p);
3350 if (!TEST_int_ge(len, 1)
3351 || !TEST_int_eq(len, savelen))
3354 # ifndef OPENSSL_NO_DEPRECATED_3_0
3355 /* Now try to decode the just-created DER. */
3357 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3358 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3359 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3361 /* EC_KEY ownership transferred */
3363 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3365 /* The keys should match. */
3366 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3373 EVP_PKEY_CTX_free(ctx);
3374 EVP_PKEY_free(pkey);
3375 # ifndef OPENSSL_NO_DEPRECATED_3_0
3376 EVP_PKEY_free(pkey2);
3383 static int test_EVP_rsa_pss_with_keygen_bits(void)
3386 EVP_PKEY_CTX *ctx = NULL;
3387 EVP_PKEY *pkey = NULL;
3390 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3392 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3393 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3394 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3395 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3396 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3399 EVP_PKEY_free(pkey);
3400 EVP_PKEY_CTX_free(ctx);
3404 static int test_EVP_rsa_pss_set_saltlen(void)
3407 EVP_PKEY *pkey = NULL;
3408 EVP_PKEY_CTX *pkey_ctx = NULL;
3409 EVP_MD *sha256 = NULL;
3410 EVP_MD_CTX *sha256_ctx = NULL;
3411 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3412 const int test_value = 32;
3414 ret = TEST_ptr(pkey = load_example_rsa_key())
3415 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3416 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3417 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3418 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3419 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3420 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3421 && TEST_int_eq(saltlen, test_value);
3423 EVP_MD_CTX_free(sha256_ctx);
3424 EVP_PKEY_free(pkey);
3425 EVP_MD_free(sha256);
3430 static int success = 1;
3431 static void md_names(const char *name, void *vctx)
3433 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3434 /* Force a namemap update */
3435 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3437 if (!TEST_ptr(aes128))
3440 EVP_CIPHER_free(aes128);
3444 * Test that changing the namemap in a user callback works in a names_do_all
3447 static int test_names_do_all(void)
3449 /* We use a custom libctx so that we know the state of the namemap */
3450 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3451 EVP_MD *sha256 = NULL;
3457 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3458 if (!TEST_ptr(sha256))
3462 * We loop through all the names for a given digest. This should still work
3463 * even if the namemap changes part way through.
3465 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3468 if (!TEST_true(success))
3473 EVP_MD_free(sha256);
3474 OSSL_LIB_CTX_free(ctx);
3480 const unsigned char *key;
3481 const unsigned char *iv;
3482 const unsigned char *input;
3483 const unsigned char *expected;
3484 const unsigned char *tag;
3485 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3494 static const EVP_INIT_TEST_st evp_init_tests[] = {
3496 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3497 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3501 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3502 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3503 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3504 sizeof(gcmDefaultTag), 1, 0, 1
3507 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3508 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3512 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3513 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3514 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3515 sizeof(gcmDefaultTag), 0, 0, 1
3518 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3519 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3523 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3524 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3525 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3526 sizeof(gcmDefaultTag), 1, 1, 0
3529 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3530 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3534 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3535 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3536 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3537 sizeof(gcmDefaultTag), 0, 1, 0
3541 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3545 if (t->ivlen != 0) {
3546 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3557 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3558 * arguments are given one at a time and a final adjustment to the enc
3559 * parameter sets the correct operation.
3561 static int test_evp_init_seq(int idx)
3563 int outlen1, outlen2;
3565 unsigned char outbuf[1024];
3566 unsigned char tag[16];
3567 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3568 EVP_CIPHER_CTX *ctx = NULL;
3569 EVP_CIPHER *type = NULL;
3570 size_t taglen = sizeof(tag);
3571 char *errmsg = NULL;
3573 ctx = EVP_CIPHER_CTX_new();
3575 errmsg = "CTX_ALLOC";
3578 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3579 errmsg = "CIPHER_FETCH";
3582 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3583 errmsg = "EMPTY_ENC_INIT";
3586 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3590 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3591 errmsg = "KEY_INIT (before iv)";
3594 if (!evp_init_seq_set_iv(ctx, t)) {
3598 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3599 errmsg = "KEY_INIT (after iv)";
3602 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3603 errmsg = "FINAL_ENC_INIT";
3606 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3607 errmsg = "CIPHER_UPDATE";
3610 if (t->finalenc == 0 && t->tag != NULL) {
3611 /* Set expected tag */
3612 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3613 t->taglen, (void *)t->tag), 0)) {
3618 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3619 errmsg = "CIPHER_FINAL";
3622 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3623 errmsg = "WRONG_RESULT";
3626 if (t->finalenc != 0 && t->tag != NULL) {
3627 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3631 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3632 errmsg = "TAG_ERROR";
3639 TEST_info("evp_init_test %d: %s", idx, errmsg);
3640 EVP_CIPHER_CTX_free(ctx);
3641 EVP_CIPHER_free(type);
3646 const unsigned char *input;
3647 const unsigned char *expected;
3651 } EVP_RESET_TEST_st;
3653 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3655 cfbPlaintext, cfbCiphertext,
3656 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3659 cfbCiphertext, cfbPlaintext,
3660 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3665 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3668 static int test_evp_reset(int idx)
3670 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3671 int outlen1, outlen2;
3673 unsigned char outbuf[1024];
3674 EVP_CIPHER_CTX *ctx = NULL;
3675 EVP_CIPHER *type = NULL;
3676 char *errmsg = NULL;
3678 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3679 errmsg = "CTX_ALLOC";
3682 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3683 errmsg = "CIPHER_FETCH";
3686 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3687 errmsg = "CIPHER_INIT";
3690 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3694 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3695 errmsg = "CIPHER_UPDATE";
3698 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3699 errmsg = "CIPHER_FINAL";
3702 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3703 errmsg = "WRONG_RESULT";
3706 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3707 errmsg = "CIPHER_REINIT";
3710 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3711 errmsg = "CIPHER_UPDATE (reinit)";
3714 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3715 errmsg = "CIPHER_FINAL (reinit)";
3718 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3719 errmsg = "WRONG_RESULT (reinit)";
3725 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3726 EVP_CIPHER_CTX_free(ctx);
3727 EVP_CIPHER_free(type);
3734 } EVP_UPDATED_IV_TEST_st;
3736 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3776 * Test that the IV in the context is updated during a crypto operation for CFB
3779 static int test_evp_updated_iv(int idx)
3781 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3782 int outlen1, outlen2;
3784 unsigned char outbuf[1024];
3785 EVP_CIPHER_CTX *ctx = NULL;
3786 EVP_CIPHER *type = NULL;
3787 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3789 char *errmsg = NULL;
3791 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3792 errmsg = "CTX_ALLOC";
3795 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3796 TEST_info("cipher %s not supported, skipping", t->cipher);
3800 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3801 errmsg = "CIPHER_INIT";
3804 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3808 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3809 errmsg = "CIPHER_UPDATE";
3812 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3813 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3816 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3817 errmsg = "CIPHER_CTX_GET_IV_LEN";
3820 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3821 errmsg = "IV_NOT_UPDATED";
3824 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3825 errmsg = "CIPHER_FINAL";
3832 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3833 EVP_CIPHER_CTX_free(ctx);
3834 EVP_CIPHER_free(type);
3839 const unsigned char *iv1;
3840 const unsigned char *iv2;
3841 const unsigned char *expected1;
3842 const unsigned char *expected2;
3843 const unsigned char *tag1;
3844 const unsigned char *tag2;
3847 size_t expectedlen1;
3848 size_t expectedlen2;
3849 } TEST_GCM_IV_REINIT_st;
3851 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3853 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3854 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3855 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3858 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3859 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3860 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3864 static int test_gcm_reinit(int idx)
3866 int outlen1, outlen2, outlen3;
3868 unsigned char outbuf[1024];
3869 unsigned char tag[16];
3870 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3871 EVP_CIPHER_CTX *ctx = NULL;
3872 EVP_CIPHER *type = NULL;
3873 size_t taglen = sizeof(tag);
3874 char *errmsg = NULL;
3876 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3877 errmsg = "CTX_ALLOC";
3880 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3881 errmsg = "CIPHER_FETCH";
3884 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3885 errmsg = "ENC_INIT";
3888 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3889 errmsg = "SET_IVLEN1";
3892 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3896 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3900 EVP_CIPHER_CTX_set_padding(ctx, 0);
3901 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3902 sizeof(gcmResetPlaintext)))) {
3903 errmsg = "CIPHER_UPDATE1";
3906 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3907 errmsg = "CIPHER_FINAL1";
3910 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3911 errmsg = "WRONG_RESULT1";
3914 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3915 errmsg = "GET_TAG1";
3918 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3919 errmsg = "TAG_ERROR1";
3923 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3924 errmsg = "SET_IVLEN2";
3927 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3931 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3935 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3936 sizeof(gcmResetPlaintext)))) {
3937 errmsg = "CIPHER_UPDATE2";
3940 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3941 errmsg = "CIPHER_FINAL2";
3944 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3945 errmsg = "WRONG_RESULT2";
3948 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3949 errmsg = "GET_TAG2";
3952 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3953 errmsg = "TAG_ERROR2";
3959 TEST_info("evp_init_test %d: %s", idx, errmsg);
3960 EVP_CIPHER_CTX_free(ctx);
3961 EVP_CIPHER_free(type);
3965 #ifndef OPENSSL_NO_DEPRECATED_3_0
3966 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3967 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3969 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3971 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3973 int (*pinit)(EVP_PKEY_CTX *ctx);
3975 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3979 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3981 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3983 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3987 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3988 size_t *outlen, const unsigned char *in,
3991 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3992 const unsigned char *tbs, size_t tbslen);
3994 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3995 return psign(ctx, out, outlen, in, inlen);
3998 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3999 size_t *siglen, const unsigned char *tbs,
4002 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4003 const unsigned char *tbs, size_t tbslen);
4005 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4006 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4009 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4012 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4014 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4015 return pderive(ctx, key, keylen);
4018 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4020 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4022 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4023 return pcopy(dst, src);
4026 static int ctrl_called;
4028 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4030 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4032 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4034 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4039 return pctrl(ctx, type, p1, p2);
4042 static int test_custom_pmeth(int idx)
4044 EVP_PKEY_CTX *pctx = NULL;
4045 EVP_MD_CTX *ctx = NULL;
4046 EVP_PKEY *pkey = NULL;
4047 int id, orig_id, orig_flags;
4050 unsigned char *res = NULL;
4051 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4052 const EVP_MD *md = EVP_sha256();
4057 /* We call deprecated APIs so this test doesn't support a custom libctx */
4058 if (testctx != NULL)
4065 pkey = load_example_rsa_key();
4069 # ifndef OPENSSL_NO_DSA
4071 pkey = load_example_dsa_key();
4078 # ifndef OPENSSL_NO_EC
4080 pkey = load_example_ec_key();
4087 # ifndef OPENSSL_NO_EC
4088 id = EVP_PKEY_ED25519;
4090 pkey = load_example_ed25519_key();
4097 # ifndef OPENSSL_NO_DH
4100 pkey = load_example_dh_key();
4107 # ifndef OPENSSL_NO_EC
4108 id = EVP_PKEY_X25519;
4110 pkey = load_example_x25519_key();
4116 TEST_error("Should not happen");
4120 if (!TEST_ptr(pkey))
4124 if (!TEST_true(evp_pkey_is_provided(pkey)))
4127 EVP_PKEY *tmp = pkey;
4129 /* Convert to a legacy key */
4130 pkey = EVP_PKEY_new();
4131 if (!TEST_ptr(pkey)) {
4135 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4140 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4144 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4148 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4149 if (!TEST_int_eq(orig_id, id)
4150 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4153 if (id == EVP_PKEY_ED25519) {
4154 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4155 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4156 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4158 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4160 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4161 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4162 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4163 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4165 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4166 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4170 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4172 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4173 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4174 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4176 || !TEST_int_eq(ctrl_called, 1)
4177 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4178 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4179 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4180 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4183 ctx = EVP_MD_CTX_new();
4184 reslen = EVP_PKEY_size(pkey);
4185 res = OPENSSL_malloc(reslen);
4188 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4189 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4190 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4192 || !TEST_int_eq(ctrl_called, 1))
4195 if (id == EVP_PKEY_ED25519) {
4196 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4199 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4200 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4208 EVP_MD_CTX_free(ctx);
4210 EVP_PKEY_CTX_free(pctx);
4211 EVP_PKEY_free(pkey);
4212 EVP_PKEY_meth_remove(custom_pmeth);
4213 EVP_PKEY_meth_free(custom_pmeth);
4214 custom_pmeth = NULL;
4218 static int test_evp_md_cipher_meth(void)
4220 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4221 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4224 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4230 EVP_MD_meth_free(md);
4231 EVP_CIPHER_meth_free(ciph);
4240 static int custom_md_init_called = 0;
4241 static int custom_md_cleanup_called = 0;
4243 static int custom_md_init(EVP_MD_CTX *ctx)
4245 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4250 custom_md_init_called++;
4254 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4256 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4262 custom_md_cleanup_called++;
4266 static int test_custom_md_meth(void)
4268 EVP_MD_CTX *mdctx = NULL;
4270 char mess[] = "Test Message\n";
4271 unsigned char md_value[EVP_MAX_MD_SIZE];
4272 unsigned int md_len;
4277 * We are testing deprecated functions. We don't support a non-default
4278 * library context in this test.
4280 if (testctx != NULL)
4283 custom_md_init_called = custom_md_cleanup_called = 0;
4285 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4286 if (!TEST_int_ne(nid, NID_undef))
4288 tmp = EVP_MD_meth_new(nid, NID_undef);
4292 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4293 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4294 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4295 sizeof(custom_dgst_ctx))))
4298 mdctx = EVP_MD_CTX_new();
4299 if (!TEST_ptr(mdctx)
4301 * Initing our custom md and then initing another md should
4302 * result in the init and cleanup functions of the custom md
4303 * from being called.
4305 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4306 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4307 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4308 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4309 || !TEST_int_eq(custom_md_init_called, 1)
4310 || !TEST_int_eq(custom_md_cleanup_called, 1))
4315 EVP_MD_CTX_free(mdctx);
4316 EVP_MD_meth_free(tmp);
4320 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4321 /* Test we can create a signature keys with an associated ENGINE */
4322 static int test_signatures_with_engine(int tst)
4325 const char *engine_id = "dasync";
4326 EVP_PKEY *pkey = NULL;
4327 const unsigned char badcmackey[] = { 0x00, 0x01 };
4328 const unsigned char cmackey[] = {
4329 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4330 0x0c, 0x0d, 0x0e, 0x0f
4332 const unsigned char ed25519key[] = {
4333 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4334 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4335 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4337 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4339 EVP_MD_CTX *ctx = NULL;
4340 unsigned char *mac = NULL;
4344 # ifdef OPENSSL_NO_CMAC
4345 /* Skip CMAC tests in a no-cmac build */
4350 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4353 if (!TEST_true(ENGINE_init(e))) {
4360 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4364 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4368 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4369 sizeof(ed25519key));
4372 TEST_error("Invalid test case");
4375 if (!TEST_ptr(pkey))
4378 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4381 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4384 if (!TEST_true(ret))
4387 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4388 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4391 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4394 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4397 /* We used a bad key. We expect a failure here */
4398 if (!TEST_false(ret))
4404 EVP_MD_CTX_free(ctx);
4406 EVP_PKEY_free(pkey);
4413 static int test_cipher_with_engine(void)
4416 const char *engine_id = "dasync";
4417 const unsigned char keyiv[] = {
4418 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4419 0x0c, 0x0d, 0x0e, 0x0f
4421 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4423 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4424 unsigned char buf[AES_BLOCK_SIZE];
4427 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4430 if (!TEST_true(ENGINE_init(e))) {
4435 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4436 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4439 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4442 /* Copy the ctx, and complete the operation with the new ctx */
4443 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4446 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4447 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4452 EVP_CIPHER_CTX_free(ctx);
4453 EVP_CIPHER_CTX_free(ctx2);
4459 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4460 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4462 static int ecxnids[] = {
4469 /* Test that creating ECX keys with a short private key fails as expected */
4470 static int test_ecx_short_keys(int tst)
4472 unsigned char ecxkeydata = 1;
4476 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4477 if (!TEST_ptr_null(pkey)) {
4478 EVP_PKEY_free(pkey);
4484 typedef enum OPTION_choice {
4491 const OPTIONS *test_get_options(void)
4493 static const OPTIONS options[] = {
4494 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4495 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4501 int setup_tests(void)
4505 while ((o = opt_next()) != OPT_EOF) {
4508 /* Set up an alternate library context */
4509 testctx = OSSL_LIB_CTX_new();
4510 if (!TEST_ptr(testctx))
4512 /* Swap the libctx to test non-default context only */
4513 nullprov = OSSL_PROVIDER_load(NULL, "null");
4514 deflprov = OSSL_PROVIDER_load(testctx, "default");
4515 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4517 case OPT_TEST_CASES:
4524 ADD_TEST(test_EVP_set_default_properties);
4525 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4526 ADD_TEST(test_EVP_DigestVerifyInit);
4527 #ifndef OPENSSL_NO_SIPHASH
4528 ADD_TEST(test_siphash_digestsign);
4530 ADD_TEST(test_EVP_Digest);
4531 ADD_TEST(test_EVP_md_null);
4532 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4533 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4534 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4535 ADD_TEST(test_privatekey_to_pkcs8);
4536 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4537 #ifndef OPENSSL_NO_EC
4538 ADD_TEST(test_EVP_PKCS82PKEY);
4540 #ifndef OPENSSL_NO_EC
4541 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4543 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4544 ADD_TEST(test_EVP_SM2);
4545 ADD_TEST(test_EVP_SM2_verify);
4547 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4548 #ifndef OPENSSL_NO_DEPRECATED_3_0
4549 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4550 if (!TEST_ptr(custom_pmeth))
4552 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4553 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4554 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4555 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4558 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4559 #ifndef OPENSSL_NO_CMAC
4560 ADD_TEST(test_CMAC_keygen);
4562 ADD_TEST(test_HKDF);
4563 ADD_TEST(test_emptyikm_HKDF);
4564 #ifndef OPENSSL_NO_EC
4565 ADD_TEST(test_X509_PUBKEY_inplace);
4566 ADD_TEST(test_X509_PUBKEY_dup);
4567 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4568 OSSL_NELEM(ec_der_pub_keys));
4570 #ifndef OPENSSL_NO_DSA
4571 ADD_TEST(test_DSA_get_set_params);
4572 ADD_TEST(test_DSA_priv_pub);
4574 ADD_TEST(test_RSA_get_set_params);
4575 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4576 ADD_TEST(test_decrypt_null_chunks);
4578 #ifndef OPENSSL_NO_DH
4579 ADD_TEST(test_DH_priv_pub);
4580 # ifndef OPENSSL_NO_DEPRECATED_3_0
4581 ADD_TEST(test_EVP_PKEY_set1_DH);
4584 #ifndef OPENSSL_NO_EC
4585 ADD_TEST(test_EC_priv_pub);
4586 # ifndef OPENSSL_NO_DEPRECATED_3_0
4587 ADD_TEST(test_EC_priv_only_legacy);
4590 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4591 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4593 ADD_TEST(test_rand_agglomeration);
4594 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4595 #ifndef OPENSSL_NO_DES
4596 ADD_ALL_TESTS(test_evp_iv_des, 6);
4598 #ifndef OPENSSL_NO_BF
4599 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4601 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4602 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4603 #ifndef OPENSSL_NO_EC
4604 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4607 ADD_TEST(test_names_do_all);
4609 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4610 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4611 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4612 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4614 #ifndef OPENSSL_NO_DEPRECATED_3_0
4615 ADD_ALL_TESTS(test_custom_pmeth, 12);
4616 ADD_TEST(test_evp_md_cipher_meth);
4617 ADD_TEST(test_custom_md_meth);
4619 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4620 /* Tests only support the default libctx */
4621 if (testctx == NULL) {
4622 # ifndef OPENSSL_NO_EC
4623 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4625 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4627 ADD_TEST(test_cipher_with_engine);
4632 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4637 void cleanup_tests(void)
4639 OSSL_PROVIDER_unload(nullprov);
4640 OSSL_PROVIDER_unload(deflprov);
4641 OSSL_PROVIDER_unload(lgcyprov);
4642 OSSL_LIB_CTX_free(testctx);