2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
41 static OSSL_LIB_CTX *testctx = NULL;
42 static char *testpropq = NULL;
44 static OSSL_PROVIDER *nullprov = NULL;
45 static OSSL_PROVIDER *deflprov = NULL;
46 static OSSL_PROVIDER *lgcyprov = NULL;
49 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
50 * should never use this key anywhere but in an example.
52 static const unsigned char kExampleRSAKeyDER[] = {
53 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
54 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
55 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
56 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
57 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
58 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
59 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
60 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
61 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
62 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
63 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
64 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
65 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
66 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
67 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
68 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
69 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
70 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
71 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
72 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
73 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
74 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
75 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
76 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
77 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
78 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
79 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
80 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
81 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
82 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
83 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
84 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
85 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
86 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
87 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
88 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
89 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
90 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
91 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
92 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
93 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
94 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
95 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
96 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
97 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
98 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
99 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
100 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
101 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
102 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
103 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
107 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
108 * should never use this key anywhere but in an example.
110 #ifndef OPENSSL_NO_DSA
111 static const unsigned char kExampleDSAKeyDER[] = {
112 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
113 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
114 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
115 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
116 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
117 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
118 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
119 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
120 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
121 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
122 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
123 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
124 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
125 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
126 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
127 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
128 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
129 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
130 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
131 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
132 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
133 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
134 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
135 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
136 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
137 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
138 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
139 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
140 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
141 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
142 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
143 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
144 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
145 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
146 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
147 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
148 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
154 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
155 * components are not correct.
157 static const unsigned char kExampleBadRSAKeyDER[] = {
158 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
159 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
160 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
161 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
162 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
163 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
164 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
165 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
166 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
167 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
168 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
169 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
170 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
171 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
172 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
173 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
174 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
175 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
176 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
177 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
178 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
179 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
180 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
181 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
182 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
183 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
184 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
185 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
186 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
187 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
188 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
189 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
190 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
191 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
192 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
193 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
194 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
195 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
196 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
197 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
198 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
199 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
200 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
201 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
202 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
203 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
204 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
205 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
206 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
207 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
208 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
209 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
210 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
211 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
212 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
213 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
214 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
215 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
216 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
217 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
218 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
219 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
220 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
221 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
222 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
223 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
224 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
225 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
226 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
227 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
228 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
229 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
230 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
231 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
232 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
233 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
234 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
235 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
236 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
237 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
238 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
239 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
240 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
241 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
242 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
243 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
244 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
245 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
246 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
250 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
253 static const unsigned char kExampleBad2RSAKeyDER[] = {
254 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
256 0x01, 0x00, 0x02, 0x01, 0x00
259 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
261 static const unsigned char kSignature[] = {
262 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
263 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
264 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
265 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
266 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
267 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
268 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
269 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
270 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
271 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
272 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
276 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
279 static const unsigned char kExampleRSAKeyPKCS8[] = {
280 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
281 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
282 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
283 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
284 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
285 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
286 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
287 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
288 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
289 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
290 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
291 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
292 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
293 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
294 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
295 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
296 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
297 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
298 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
299 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
300 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
301 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
302 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
303 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
304 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
305 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
306 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
307 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
308 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
309 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
310 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
311 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
312 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
313 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
314 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
315 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
316 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
317 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
318 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
319 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
320 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
321 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
322 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
323 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
324 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
325 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
326 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
327 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
328 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
329 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
330 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
331 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
332 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
335 #ifndef OPENSSL_NO_EC
337 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
340 static const unsigned char kExampleECKeyDER[] = {
341 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
342 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
343 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
344 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
345 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
346 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
347 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
348 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
349 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
350 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
355 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
356 * structure. The private key is equal to the order and will fail to import
358 static const unsigned char kExampleBadECKeyDER[] = {
359 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
360 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
361 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
362 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
363 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
364 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
365 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
366 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
367 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
371 static const unsigned char kExampleECPubKeyDER[] = {
372 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
373 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
374 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
375 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
376 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
377 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
378 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
379 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
384 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
386 static const unsigned char kExampleBadECPubKeyDER[] = {
387 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
388 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
389 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
390 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
391 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
392 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
393 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
394 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
397 static const unsigned char pExampleECParamDER[] = {
398 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
401 # ifndef OPENSSL_NO_ECX
402 static const unsigned char kExampleED25519KeyDER[] = {
403 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
404 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
405 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
406 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
409 static const unsigned char kExampleED25519PubKeyDER[] = {
410 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
411 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
412 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
413 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
416 # ifndef OPENSSL_NO_DEPRECATED_3_0
417 static const unsigned char kExampleX25519KeyDER[] = {
418 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
419 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
420 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
421 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
427 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
428 #ifndef OPENSSL_NO_DEPRECATED_3_0
429 # ifndef OPENSSL_NO_DH
430 static const unsigned char kExampleDHKeyDER[] = {
431 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
432 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
433 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
434 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
435 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
436 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
437 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
438 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
439 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
440 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
441 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
442 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
443 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
444 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
445 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
446 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
447 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
448 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
449 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
450 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
451 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
452 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
453 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
454 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
455 0x2e, 0x87, 0x2a, 0x0b, 0x7a
460 static const unsigned char kCFBDefaultKey[] = {
461 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
462 0x09, 0xCF, 0x4F, 0x3C
465 static const unsigned char kGCMDefaultKey[32] = { 0 };
467 static const unsigned char kGCMResetKey[] = {
468 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
469 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
470 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
473 static const unsigned char iCFBIV[] = {
474 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
475 0x0C, 0x0D, 0x0E, 0x0F
478 static const unsigned char iGCMDefaultIV[12] = { 0 };
480 static const unsigned char iGCMResetIV1[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
484 static const unsigned char iGCMResetIV2[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
488 static const unsigned char cfbPlaintext[] = {
489 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
490 0x73, 0x93, 0x17, 0x2A
493 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
495 static const unsigned char gcmResetPlaintext[] = {
496 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
497 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
498 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
499 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
500 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
503 static const unsigned char cfbCiphertext[] = {
504 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
505 0xE8, 0x3C, 0xFB, 0x4A
508 static const unsigned char gcmDefaultCiphertext[] = {
509 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
510 0xba, 0xf3, 0x9d, 0x18
513 static const unsigned char gcmResetCiphertext1[] = {
514 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
515 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
516 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
517 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
518 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
521 static const unsigned char gcmResetCiphertext2[] = {
522 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
523 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
524 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
525 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
526 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
529 static const unsigned char gcmAAD[] = {
530 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
531 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
534 static const unsigned char gcmDefaultTag[] = {
535 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
536 0xd4, 0x8a, 0xb9, 0x19
539 static const unsigned char gcmResetTag1[] = {
540 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
541 0xfe, 0x2e, 0xa8, 0xf2
544 static const unsigned char gcmResetTag2[] = {
545 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
546 0xbb, 0x2d, 0x55, 0x1b
549 typedef struct APK_DATA_st {
550 const unsigned char *kder;
557 int type; /* 0 for private, 1 for public, 2 for params */
560 static APK_DATA keydata[] = {
561 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
562 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
563 #ifndef OPENSSL_NO_EC
564 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
568 static APK_DATA keycheckdata[] = {
569 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
571 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
573 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
574 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
575 #ifndef OPENSSL_NO_EC
576 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
577 /* group is also associated in our pub key */
578 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
580 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
582 # ifndef OPENSSL_NO_ECX
583 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
584 EVP_PKEY_ED25519, 1, 1, 1, 0},
585 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
586 EVP_PKEY_ED25519, 0, 1, 1, 1},
591 static EVP_PKEY *load_example_key(const char *keytype,
592 const unsigned char *data, size_t data_len)
594 const unsigned char **pdata = &data;
595 EVP_PKEY *pkey = NULL;
596 OSSL_DECODER_CTX *dctx =
597 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
600 /* |pkey| will be NULL on error */
601 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
602 OSSL_DECODER_CTX_free(dctx);
606 static EVP_PKEY *load_example_rsa_key(void)
608 return load_example_key("RSA", kExampleRSAKeyDER,
609 sizeof(kExampleRSAKeyDER));
612 #ifndef OPENSSL_NO_DSA
613 static EVP_PKEY *load_example_dsa_key(void)
615 return load_example_key("DSA", kExampleDSAKeyDER,
616 sizeof(kExampleDSAKeyDER));
620 #ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ec_key(void)
623 return load_example_key("EC", kExampleECKeyDER,
624 sizeof(kExampleECKeyDER));
628 #ifndef OPENSSL_NO_DEPRECATED_3_0
629 # ifndef OPENSSL_NO_DH
630 static EVP_PKEY *load_example_dh_key(void)
632 return load_example_key("DH", kExampleDHKeyDER,
633 sizeof(kExampleDHKeyDER));
637 # ifndef OPENSSL_NO_ECX
638 static EVP_PKEY *load_example_ed25519_key(void)
640 return load_example_key("ED25519", kExampleED25519KeyDER,
641 sizeof(kExampleED25519KeyDER));
644 static EVP_PKEY *load_example_x25519_key(void)
646 return load_example_key("X25519", kExampleX25519KeyDER,
647 sizeof(kExampleX25519KeyDER));
650 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
652 static EVP_PKEY *load_example_hmac_key(void)
654 EVP_PKEY *pkey = NULL;
655 unsigned char key[] = {
656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
661 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
662 NULL, key, sizeof(key));
669 static int test_EVP_set_default_properties(void)
675 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
676 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
681 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
682 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
688 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
694 OSSL_LIB_CTX_free(ctx);
698 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
699 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
701 EVP_PKEY_CTX *pctx = NULL;
702 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
704 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
706 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
707 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
711 if (!TEST_ptr(tmp_pkey))
717 EVP_PKEY_free(tmp_pkey);
718 EVP_PKEY_CTX_free(pctx);
722 static int test_selection(EVP_PKEY *pkey, int selection)
726 BIO *bio = BIO_new(BIO_s_mem());
728 ret = PEM_write_bio_PUBKEY(bio, pkey);
729 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
733 if (!TEST_false(ret))
736 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
738 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
742 if (!TEST_false(ret))
752 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
755 * Test combinations of private, public, missing and private + public key
756 * params to ensure they are all accepted
758 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
759 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
761 OSSL_PARAM_BLD *bld = NULL;
762 OSSL_PARAM *params = NULL;
763 EVP_PKEY *just_params = NULL;
764 EVP_PKEY *params_and_priv = NULL;
765 EVP_PKEY *params_and_pub = NULL;
766 EVP_PKEY *params_and_keypair = NULL;
767 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
771 * Setup the parameters for our pkey object. For our purposes they don't
772 * have to actually be *valid* parameters. We just need to set something.
774 if (!TEST_ptr(p = BN_new())
775 || !TEST_ptr(q = BN_new())
776 || !TEST_ptr(g = BN_new())
777 || !TEST_ptr(pub = BN_new())
778 || !TEST_ptr(priv = BN_new()))
781 /* Test !priv and !pub */
782 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
787 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
788 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
791 OSSL_PARAM_free(params);
792 OSSL_PARAM_BLD_free(bld);
796 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
797 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
800 /* Test priv and !pub */
801 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
808 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
809 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
812 OSSL_PARAM_free(params);
813 OSSL_PARAM_BLD_free(bld);
817 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
818 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
821 /* Test !priv and pub */
822 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
824 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
825 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
829 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
830 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
833 OSSL_PARAM_free(params);
834 OSSL_PARAM_BLD_free(bld);
838 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
839 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
842 /* Test priv and pub */
843 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
845 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
846 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
847 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
849 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
852 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
853 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
856 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
861 OSSL_PARAM_free(params);
862 OSSL_PARAM_BLD_free(bld);
863 EVP_PKEY_free(just_params);
864 EVP_PKEY_free(params_and_priv);
865 EVP_PKEY_free(params_and_pub);
866 EVP_PKEY_free(params_and_keypair);
875 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
878 * Test combinations of private, public, missing and private + public key
879 * params to ensure they are all accepted for EC keys
881 #ifndef OPENSSL_NO_EC
882 static unsigned char ec_priv[] = {
883 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
884 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
885 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
887 static unsigned char ec_pub[] = {
888 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
889 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
890 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
891 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
892 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
893 0x08, 0x09, 0xb8, 0xdb, 0x03
896 static int test_EC_priv_pub(void)
898 OSSL_PARAM_BLD *bld = NULL;
899 OSSL_PARAM *params = NULL;
900 EVP_PKEY *just_params = NULL;
901 EVP_PKEY *params_and_priv = NULL;
902 EVP_PKEY *params_and_pub = NULL;
903 EVP_PKEY *params_and_keypair = NULL;
906 unsigned char *encoded = NULL;
908 unsigned char buffer[128];
911 * Setup the parameters for our pkey object. For our purposes they don't
912 * have to actually be *valid* parameters. We just need to set something.
914 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
917 /* Test !priv and !pub */
918 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
919 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
920 OSSL_PKEY_PARAM_GROUP_NAME,
923 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
924 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
927 OSSL_PARAM_free(params);
928 OSSL_PARAM_BLD_free(bld);
932 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
933 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
936 /* Test priv and !pub */
937 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
938 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
939 OSSL_PKEY_PARAM_GROUP_NAME,
941 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
944 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
945 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
948 OSSL_PARAM_free(params);
949 OSSL_PARAM_BLD_free(bld);
954 * We indicate only parameters here, in spite of having built a key that
955 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
956 * expected to fail because it does not support exporting a private EC
957 * key without a corresponding public key
959 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
960 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
963 /* Test !priv and pub */
964 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
965 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
966 OSSL_PKEY_PARAM_GROUP_NAME,
968 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
969 OSSL_PKEY_PARAM_PUB_KEY,
970 ec_pub, sizeof(ec_pub))))
972 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
973 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
976 OSSL_PARAM_free(params);
977 OSSL_PARAM_BLD_free(bld);
981 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
982 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
985 /* Test priv and pub */
986 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
987 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
988 OSSL_PKEY_PARAM_GROUP_NAME,
990 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
991 OSSL_PKEY_PARAM_PUB_KEY,
992 ec_pub, sizeof(ec_pub)))
993 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
996 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
997 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1000 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1003 /* Try key equality */
1004 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1005 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1007 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1009 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1011 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1012 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1013 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1014 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1017 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1018 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1020 OPENSSL_free(encoded);
1022 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1023 OPENSSL_free(encoded);
1028 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1029 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1030 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1031 buffer, sizeof(buffer), &len), 1)
1032 || !TEST_int_eq(len, 65))
1036 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1037 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1039 || !TEST_int_eq(len, 65))
1042 /* too-short buffer len*/
1043 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1044 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1045 buffer, 10, &len), 0))
1050 OSSL_PARAM_free(params);
1051 OSSL_PARAM_BLD_free(bld);
1052 EVP_PKEY_free(just_params);
1053 EVP_PKEY_free(params_and_priv);
1054 EVP_PKEY_free(params_and_pub);
1055 EVP_PKEY_free(params_and_keypair);
1061 /* Also test that we can read the EC PUB affine coordinates */
1062 static int test_evp_get_ec_pub(void)
1064 OSSL_PARAM_BLD *bld = NULL;
1065 OSSL_PARAM *params = NULL;
1066 unsigned char *pad = NULL;
1067 EVP_PKEY *keypair = NULL;
1068 BIGNUM *priv = NULL;
1073 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1076 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1077 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1078 OSSL_PKEY_PARAM_GROUP_NAME,
1080 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1081 OSSL_PKEY_PARAM_PUB_KEY,
1082 ec_pub, sizeof(ec_pub)))
1083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1087 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1088 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1091 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1094 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1095 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1098 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1102 BN_bn2bin(x, &pad[1]);
1103 BN_bn2bin(y, &pad[33]);
1104 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1110 OSSL_PARAM_free(params);
1111 OSSL_PARAM_BLD_free(bld);
1112 EVP_PKEY_free(keypair);
1120 /* Test that using a legacy EC key with only a private key in it works */
1121 # ifndef OPENSSL_NO_DEPRECATED_3_0
1122 static int test_EC_priv_only_legacy(void)
1124 BIGNUM *priv = NULL;
1126 EC_KEY *eckey = NULL;
1127 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1128 EVP_MD_CTX *ctx = NULL;
1130 /* Create the low level EC_KEY */
1131 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1134 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1135 if (!TEST_ptr(eckey))
1138 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1141 pkey = EVP_PKEY_new();
1142 if (!TEST_ptr(pkey))
1145 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1149 while (dup_pk == NULL) {
1151 ctx = EVP_MD_CTX_new();
1156 * The EVP_DigestSignInit function should create the key on the
1157 * provider side which is sufficient for this test.
1159 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1160 testpropq, pkey, NULL)))
1162 EVP_MD_CTX_free(ctx);
1165 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1167 /* EVP_PKEY_eq() returns -2 with missing public keys */
1168 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1169 EVP_PKEY_free(pkey);
1176 EVP_MD_CTX_free(ctx);
1177 EVP_PKEY_free(pkey);
1184 static int test_evp_get_ec_pub_legacy(void)
1186 OSSL_LIB_CTX *libctx = NULL;
1187 unsigned char *pad = NULL;
1188 EVP_PKEY *pkey = NULL;
1189 EC_KEY *eckey = NULL;
1190 BIGNUM *priv = NULL;
1195 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1198 /* Create the legacy key */
1199 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1200 NID_X9_62_prime256v1)))
1203 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1206 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1209 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1212 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1215 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1218 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1221 /* Transfer the legacy key */
1222 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1226 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1227 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1230 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1234 BN_bn2bin(x, &pad[1]);
1235 BN_bn2bin(y, &pad[33]);
1237 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1243 OSSL_LIB_CTX_free(libctx);
1244 EVP_PKEY_free(pkey);
1253 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1254 #endif /* OPENSSL_NO_EC */
1256 static int test_EVP_PKEY_sign(int tst)
1259 EVP_PKEY *pkey = NULL;
1260 unsigned char *sig = NULL;
1261 size_t sig_len = 0, shortsig_len = 1;
1262 EVP_PKEY_CTX *ctx = NULL;
1263 unsigned char tbs[] = {
1264 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1265 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1269 if (!TEST_ptr(pkey = load_example_rsa_key()))
1271 } else if (tst == 1) {
1272 #ifndef OPENSSL_NO_DSA
1273 if (!TEST_ptr(pkey = load_example_dsa_key()))
1280 #ifndef OPENSSL_NO_EC
1281 if (!TEST_ptr(pkey = load_example_ec_key()))
1289 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1291 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1292 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1295 sig = OPENSSL_malloc(sig_len);
1297 /* Test sending a signature buffer that is too short is rejected */
1298 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1300 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1302 /* Test the signature round-trips */
1303 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1304 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1310 EVP_PKEY_CTX_free(ctx);
1312 EVP_PKEY_free(pkey);
1317 * n = 0 => test using legacy cipher
1318 * n = 1 => test using fetched cipher
1320 static int test_EVP_Enveloped(int n)
1323 EVP_CIPHER_CTX *ctx = NULL;
1324 EVP_PKEY *keypair = NULL;
1325 unsigned char *kek = NULL;
1326 unsigned char iv[EVP_MAX_IV_LENGTH];
1327 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1328 int len, kek_len, ciphertext_len, plaintext_len;
1329 unsigned char ciphertext[32], plaintext[16];
1330 EVP_CIPHER *type = NULL;
1332 if (nullprov != NULL)
1333 return TEST_skip("Test does not support a non-default library context");
1336 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1337 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1341 if (!TEST_ptr(keypair = load_example_rsa_key())
1342 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1343 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1344 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1346 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1348 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1352 ciphertext_len += len;
1354 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1355 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1356 ciphertext, ciphertext_len))
1357 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1360 plaintext_len += len;
1361 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1367 EVP_CIPHER_free(type);
1369 EVP_PKEY_free(keypair);
1370 EVP_CIPHER_CTX_free(ctx);
1375 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1376 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1377 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1378 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1379 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1380 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1381 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1382 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1383 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1384 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1385 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1386 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1387 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1388 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1389 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1390 * Test 15-29: Same as above with reinitialization
1392 static int test_EVP_DigestSignInit(int tst)
1395 EVP_PKEY *pkey = NULL;
1396 unsigned char *sig = NULL, *sig2 = NULL;
1397 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1398 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1399 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1400 BIO *mdbio = NULL, *membio = NULL;
1403 EVP_MD *mdexp = NULL;
1406 if (nullprov != NULL)
1407 return TEST_skip("Test does not support a non-default library context");
1414 if (tst >= 6 && tst <= 8) {
1415 membio = BIO_new(BIO_s_mem());
1416 mdbio = BIO_new(BIO_f_md());
1417 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1419 BIO_push(mdbio, membio);
1420 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1423 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1424 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1429 if (!TEST_ptr(pkey = load_example_rsa_key()))
1431 } else if (tst % 3 == 1) {
1432 #ifndef OPENSSL_NO_DSA
1433 if (!TEST_ptr(pkey = load_example_dsa_key()))
1440 if (!TEST_ptr(pkey = load_example_hmac_key()))
1444 if (tst >= 3 && tst <= 5)
1445 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1449 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1452 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1455 if (tst >= 6 && tst <= 8) {
1456 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1458 } else if (tst < 6) {
1459 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1464 /* Determine the size of the signature. */
1465 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1467 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1470 /* Test that supply a short sig buffer fails */
1471 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1475 * We end here because once EVP_DigestSign() has failed you should
1476 * not call it again without re-initing the ctx
1481 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1485 /* Determine the size of the signature. */
1486 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1487 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1489 * Trying to create a signature with a deliberately short
1490 * buffer should fail.
1492 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1493 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1498 * Ensure that the signature round-trips (Verification isn't supported for
1499 * HMAC via EVP_DigestVerify*)
1502 if (tst >= 6 && tst <= 8) {
1503 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1504 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1508 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1512 if (tst >= 6 && tst <= 8) {
1513 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1516 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1520 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1523 /* Multiple calls to EVP_DigestVerifyFinal should work */
1524 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1528 * For HMAC a doubled call to DigestSignFinal should produce the same
1529 * value as finalization should not happen.
1531 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1532 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1533 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1536 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1545 EVP_MD_CTX_free(a_md_ctx);
1546 EVP_MD_CTX_free(a_md_ctx_verify);
1547 EVP_PKEY_free(pkey);
1555 static int test_EVP_DigestVerifyInit(void)
1558 EVP_PKEY *pkey = NULL;
1559 EVP_MD_CTX *md_ctx = NULL;
1561 if (nullprov != NULL)
1562 return TEST_skip("Test does not support a non-default library context");
1564 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1565 || !TEST_ptr(pkey = load_example_rsa_key()))
1568 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1569 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1570 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1571 sizeof(kSignature)), 0))
1574 /* test with reinitialization */
1575 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1576 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1577 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1578 sizeof(kSignature)), 0))
1583 EVP_MD_CTX_free(md_ctx);
1584 EVP_PKEY_free(pkey);
1588 #ifndef OPENSSL_NO_SIPHASH
1589 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1590 static int test_siphash_digestsign(void)
1592 unsigned char key[16];
1593 unsigned char buf[8], digest[8];
1594 unsigned char expected[8] = {
1595 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1597 EVP_PKEY *pkey = NULL;
1598 EVP_MD_CTX *mdctx = NULL;
1599 EVP_PKEY_CTX *ctx = NULL;
1603 if (nullprov != NULL)
1604 return TEST_skip("Test does not support a non-default library context");
1608 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1612 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1615 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1617 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1618 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1622 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1624 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1626 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1628 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1633 EVP_PKEY_free(pkey);
1634 EVP_MD_CTX_free(mdctx);
1640 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1642 static int test_EVP_Digest(void)
1645 EVP_MD_CTX *md_ctx = NULL;
1646 unsigned char md[EVP_MAX_MD_SIZE];
1647 EVP_MD *sha256 = NULL;
1648 EVP_MD *shake256 = NULL;
1650 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1653 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1654 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1657 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1658 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1659 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1660 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1661 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1664 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1665 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1666 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1667 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1668 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1670 * EVP_DigestInit_ex with NULL type should work on
1671 * pre-initialized context.
1673 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1676 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1677 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1678 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1679 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1680 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1681 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1686 EVP_MD_CTX_free(md_ctx);
1687 EVP_MD_free(sha256);
1688 EVP_MD_free(shake256);
1692 static int test_EVP_md_null(void)
1695 EVP_MD_CTX *md_ctx = NULL;
1696 const EVP_MD *md_null = EVP_md_null();
1697 unsigned char md_value[EVP_MAX_MD_SIZE];
1698 unsigned int md_len = sizeof(md_value);
1700 if (nullprov != NULL)
1701 return TEST_skip("Test does not support a non-default library context");
1703 if (!TEST_ptr(md_null)
1704 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1707 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1708 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1709 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1712 if (!TEST_uint_eq(md_len, 0))
1717 EVP_MD_CTX_free(md_ctx);
1721 static int test_d2i_AutoPrivateKey(int i)
1724 const unsigned char *p;
1725 EVP_PKEY *pkey = NULL;
1726 const APK_DATA *ak = &keydata[i];
1727 const unsigned char *input = ak->kder;
1728 size_t input_len = ak->size;
1729 int expected_id = ak->evptype;
1732 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1733 || !TEST_ptr_eq(p, input + input_len)
1734 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1740 EVP_PKEY_free(pkey);
1744 #ifndef OPENSSL_NO_EC
1746 static const unsigned char ec_public_sect163k1_validxy[] = {
1747 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1748 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1749 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1750 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1751 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1752 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1755 static const unsigned char ec_public_sect163k1_badx[] = {
1756 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1757 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1758 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1759 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1760 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1761 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1764 static const unsigned char ec_public_sect163k1_bady[] = {
1765 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1766 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1767 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1768 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1769 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1770 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1773 static struct ec_der_pub_keys_st {
1774 const unsigned char *der;
1777 } ec_der_pub_keys[] = {
1778 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1779 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1780 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1784 * Tests the range of the decoded EC char2 public point.
1785 * See ec_GF2m_simple_oct2point().
1787 static int test_invalide_ec_char2_pub_range_decode(int id)
1792 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1793 ec_der_pub_keys[id].len);
1795 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1796 || TEST_ptr_null(pkey);
1797 EVP_PKEY_free(pkey);
1801 /* Tests loading a bad key in PKCS8 format */
1802 static int test_EVP_PKCS82PKEY(void)
1805 const unsigned char *derp = kExampleBadECKeyDER;
1806 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1807 EVP_PKEY *pkey = NULL;
1809 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1810 sizeof(kExampleBadECKeyDER))))
1813 if (!TEST_ptr_eq(derp,
1814 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1817 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1823 PKCS8_PRIV_KEY_INFO_free(p8inf);
1824 EVP_PKEY_free(pkey);
1830 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1832 EVP_PKEY *pkey = NULL;
1833 EVP_PKEY *pkey2 = NULL;
1835 char *membuf = NULL;
1836 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1839 if (testctx != NULL)
1840 /* test not supported with non-default context */
1843 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1844 || !TEST_ptr(pkey = load_example_rsa_key())
1845 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1846 NULL, 0, NULL, NULL),
1848 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1849 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1850 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1851 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1857 EVP_PKEY_free(pkey);
1858 EVP_PKEY_free(pkey2);
1859 PKCS8_PRIV_KEY_INFO_free(p8inf);
1860 BIO_free_all(membio);
1864 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1865 static int test_privatekey_to_pkcs8(void)
1867 EVP_PKEY *pkey = NULL;
1869 char *membuf = NULL;
1870 long membuf_len = 0;
1873 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1874 || !TEST_ptr(pkey = load_example_rsa_key())
1875 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1876 NULL, 0, NULL, NULL),
1878 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1879 || !TEST_ptr(membuf)
1880 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1881 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1883 * We try to write PEM as well, just to see that it doesn't err, but
1884 * assume that the result is correct.
1886 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1887 NULL, 0, NULL, NULL),
1893 EVP_PKEY_free(pkey);
1894 BIO_free_all(membio);
1898 #ifndef OPENSSL_NO_EC
1899 static const struct {
1901 const char *encoding_name;
1902 } ec_encodings[] = {
1903 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1904 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1907 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1909 const OSSL_PARAM *p;
1910 const char *enc_name = NULL;
1916 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1917 OSSL_PKEY_PARAM_EC_ENCODING))
1918 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1921 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1922 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1923 *enc = ec_encodings[i].encoding;
1928 return (*enc != -1);
1931 static int test_EC_keygen_with_enc(int idx)
1933 EVP_PKEY *params = NULL, *key = NULL;
1934 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1938 enc = ec_encodings[idx].encoding;
1940 /* Create key parameters */
1941 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1942 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1943 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1944 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1945 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1946 || !TEST_ptr(params))
1950 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1951 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1952 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1956 /* Check that the encoding got all the way into the key */
1957 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1958 ec_export_get_encoding_cb, &enc))
1959 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1965 EVP_PKEY_free(params);
1966 EVP_PKEY_CTX_free(kctx);
1967 EVP_PKEY_CTX_free(pctx);
1972 #if !defined(OPENSSL_NO_SM2)
1974 static int test_EVP_SM2_verify(void)
1976 const char *pubkey =
1977 "-----BEGIN PUBLIC KEY-----\n"
1978 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1979 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1980 "-----END PUBLIC KEY-----\n";
1982 const char *msg = "message digest";
1983 const char *id = "ALICE123@YAHOO.COM";
1985 const uint8_t signature[] = {
1986 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1987 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1988 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1989 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1990 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1991 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1992 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1997 EVP_PKEY *pkey = NULL;
1998 EVP_MD_CTX *mctx = NULL;
1999 EVP_PKEY_CTX *pctx = NULL;
2002 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2003 if (!TEST_true(bio != NULL))
2006 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2007 if (!TEST_true(pkey != NULL))
2010 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2013 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2016 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2019 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2021 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2024 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2027 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2030 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2033 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2039 EVP_PKEY_free(pkey);
2040 EVP_PKEY_CTX_free(pctx);
2041 EVP_MD_CTX_free(mctx);
2046 static int test_EVP_SM2(void)
2049 EVP_PKEY *pkey = NULL;
2050 EVP_PKEY *pkeyparams = NULL;
2051 EVP_PKEY_CTX *pctx = NULL;
2052 EVP_PKEY_CTX *kctx = NULL;
2053 EVP_PKEY_CTX *sctx = NULL;
2055 unsigned char *sig = NULL;
2056 EVP_MD_CTX *md_ctx = NULL;
2057 EVP_MD_CTX *md_ctx_verify = NULL;
2058 EVP_PKEY_CTX *cctx = NULL;
2059 EVP_MD *check_md = NULL;
2061 uint8_t ciphertext[128];
2062 size_t ctext_len = sizeof(ciphertext);
2064 uint8_t plaintext[8];
2065 size_t ptext_len = sizeof(plaintext);
2067 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2069 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2070 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2072 char mdname[OSSL_MAX_NAME_SIZE];
2074 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2078 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2081 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2084 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2087 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2088 pkeyparams, testpropq)))
2091 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2094 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2097 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2100 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2103 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2106 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2107 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2109 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2112 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2115 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2118 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2121 /* Determine the size of the signature. */
2122 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2125 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2128 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2131 /* Ensure that the signature round-trips. */
2133 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2137 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2140 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2143 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2147 * Try verify again with non-matching 0 length id but ensure that it can
2148 * be set on the context and overrides the previous value.
2151 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2155 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2158 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2161 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2164 /* now check encryption/decryption */
2166 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2167 mdname, sizeof(mdname));
2168 for (i = 0; i < 2; i++) {
2169 const char *mdnames[] = {
2170 #ifndef OPENSSL_NO_SM3
2176 EVP_PKEY_CTX_free(cctx);
2178 if (mdnames[i] == NULL)
2182 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2183 (char *)mdnames[i], 0);
2185 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2189 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2192 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2195 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2199 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2202 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2205 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2209 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2213 * Test we're still using the digest we think we are.
2214 * Because of aliases, the easiest is to fetch the digest and
2215 * check the name with EVP_MD_is_a().
2217 EVP_MD_free(check_md);
2218 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2220 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2221 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2225 if (!TEST_true(ptext_len == sizeof(kMsg)))
2228 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2234 EVP_PKEY_CTX_free(pctx);
2235 EVP_PKEY_CTX_free(kctx);
2236 EVP_PKEY_CTX_free(sctx);
2237 EVP_PKEY_CTX_free(cctx);
2238 EVP_PKEY_free(pkey);
2239 EVP_PKEY_free(pkeyparams);
2240 EVP_MD_CTX_free(md_ctx);
2241 EVP_MD_CTX_free(md_ctx_verify);
2242 EVP_MD_free(check_md);
2249 static struct keys_st {
2255 EVP_PKEY_HMAC, "0123456789", NULL
2258 EVP_PKEY_HMAC, "", NULL
2259 #ifndef OPENSSL_NO_POLY1305
2261 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2263 #ifndef OPENSSL_NO_SIPHASH
2265 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2268 #ifndef OPENSSL_NO_ECX
2270 EVP_PKEY_X25519, "01234567890123456789012345678901",
2271 "abcdefghijklmnopqrstuvwxyzabcdef"
2273 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2274 "abcdefghijklmnopqrstuvwxyzabcdef"
2277 "01234567890123456789012345678901234567890123456789012345",
2278 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2281 "012345678901234567890123456789012345678901234567890123456",
2282 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2287 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2290 unsigned char buf[80];
2292 size_t inlen, len = 0, shortlen = 1;
2295 /* Check if this algorithm supports public keys */
2296 if (pub && keys[tst].pub == NULL)
2299 memset(buf, 0, sizeof(buf));
2302 #ifndef OPENSSL_NO_EC
2303 inlen = strlen(keys[tst].pub);
2304 in = (unsigned char *)keys[tst].pub;
2306 pkey = EVP_PKEY_new_raw_public_key_ex(
2308 OBJ_nid2sn(keys[tst].type),
2313 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2322 inlen = strlen(keys[tst].priv);
2323 in = (unsigned char *)keys[tst].priv;
2325 pkey = EVP_PKEY_new_raw_private_key_ex(
2326 testctx, OBJ_nid2sn(keys[tst].type),
2331 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2339 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2340 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2341 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2342 || !TEST_true(len == inlen))
2346 * Test that supplying a buffer that is too small fails. Doesn't apply
2347 * to HMAC with a zero length key
2349 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2351 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2355 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2356 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2357 || !TEST_mem_eq(in, inlen, buf, len))
2362 EVP_PKEY_free(pkey);
2366 static int test_set_get_raw_keys(int tst)
2368 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2369 && test_set_get_raw_keys_int(tst, 0, 1)
2370 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2371 && test_set_get_raw_keys_int(tst, 1, 1);
2374 #ifndef OPENSSL_NO_DEPRECATED_3_0
2375 static int pkey_custom_check(EVP_PKEY *pkey)
2380 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2385 static int pkey_custom_param_check(EVP_PKEY *pkey)
2390 static EVP_PKEY_METHOD *custom_pmeth;
2393 static int test_EVP_PKEY_check(int i)
2396 EVP_PKEY *pkey = NULL;
2397 EVP_PKEY_CTX *ctx = NULL;
2398 #ifndef OPENSSL_NO_DEPRECATED_3_0
2399 EVP_PKEY_CTX *ctx2 = NULL;
2401 const APK_DATA *ak = &keycheckdata[i];
2402 const unsigned char *input = ak->kder;
2403 size_t input_len = ak->size;
2404 int expected_id = ak->evptype;
2405 int expected_check = ak->check;
2406 int expected_pub_check = ak->pub_check;
2407 int expected_param_check = ak->param_check;
2408 int type = ak->type;
2410 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2413 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2416 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2419 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2422 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2425 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2428 #ifndef OPENSSL_NO_DEPRECATED_3_0
2429 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2430 /* assign the pkey directly, as an internal test */
2431 EVP_PKEY_up_ref(pkey);
2434 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2437 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2440 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2447 EVP_PKEY_CTX_free(ctx);
2448 #ifndef OPENSSL_NO_DEPRECATED_3_0
2449 EVP_PKEY_CTX_free(ctx2);
2451 EVP_PKEY_free(pkey);
2455 #ifndef OPENSSL_NO_CMAC
2456 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2458 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2459 const char msg[] = "Hello World";
2460 size_t maclen = AES_BLOCK_SIZE;
2463 if (!TEST_ptr(mdctx)
2464 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2465 testpropq, pkey, NULL))
2466 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2467 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2468 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2471 EVP_MD_CTX_free(mdctx);
2475 static int test_CMAC_keygen(void)
2477 static unsigned char key[] = {
2478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2479 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2480 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2482 EVP_PKEY_CTX *kctx = NULL;
2484 EVP_PKEY *pkey = NULL;
2485 unsigned char mac[AES_BLOCK_SIZE];
2486 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2487 unsigned char mac2[AES_BLOCK_SIZE];
2490 if (nullprov != NULL)
2491 return TEST_skip("Test does not support a non-default library context");
2494 * This is a legacy method for CMACs, but should still work.
2495 * This verifies that it works without an ENGINE.
2497 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2499 /* Test a CMAC key created using the "generated" method */
2500 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2501 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2502 EVP_PKEY_CTRL_CIPHER,
2503 0, (void *)EVP_aes_256_cbc()), 0)
2504 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2505 EVP_PKEY_CTRL_SET_MAC_KEY,
2506 sizeof(key), (void *)key), 0)
2507 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2509 || !TEST_true(get_cmac_val(pkey, mac)))
2512 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2513 EVP_PKEY_free(pkey);
2516 * Test a CMAC key using the direct method, and compare with the mac
2519 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2521 || !TEST_true(get_cmac_val(pkey, mac2))
2522 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2529 EVP_PKEY_free(pkey);
2530 EVP_PKEY_CTX_free(kctx);
2535 static int test_HKDF(void)
2538 unsigned char out[20];
2541 unsigned char salt[] = "0123456789";
2542 unsigned char key[] = "012345678901234567890123456789";
2543 unsigned char info[] = "infostring";
2544 const unsigned char expected[] = {
2545 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2546 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2548 size_t expectedlen = sizeof(expected);
2550 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2553 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2554 for (i = 0; i < 2; i++) {
2555 outlen = sizeof(out);
2556 memset(out, 0, outlen);
2558 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2559 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2560 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2561 sizeof(salt) - 1), 0)
2562 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2563 sizeof(key) - 1), 0)
2564 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2565 sizeof(info) - 1), 0)
2566 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2567 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2574 EVP_PKEY_CTX_free(pctx);
2579 static int test_emptyikm_HKDF(void)
2582 unsigned char out[20];
2585 unsigned char salt[] = "9876543210";
2586 unsigned char key[] = "";
2587 unsigned char info[] = "stringinfo";
2588 const unsigned char expected[] = {
2589 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2590 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2592 size_t expectedlen = sizeof(expected);
2594 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2597 outlen = sizeof(out);
2598 memset(out, 0, outlen);
2600 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2601 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2602 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2603 sizeof(salt) - 1), 0)
2604 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2605 sizeof(key) - 1), 0)
2606 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2607 sizeof(info) - 1), 0)
2608 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2609 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2615 EVP_PKEY_CTX_free(pctx);
2620 #ifndef OPENSSL_NO_EC
2621 static int test_X509_PUBKEY_inplace(void)
2624 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2625 const unsigned char *p = kExampleECPubKeyDER;
2626 size_t input_len = sizeof(kExampleECPubKeyDER);
2630 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2633 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2636 p = kExampleBadECPubKeyDER;
2637 input_len = sizeof(kExampleBadECPubKeyDER);
2639 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2642 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2648 X509_PUBKEY_free(xp);
2652 static int test_X509_PUBKEY_dup(void)
2655 X509_PUBKEY *xp = NULL, *xq = NULL;
2656 const unsigned char *p = kExampleECPubKeyDER;
2657 size_t input_len = sizeof(kExampleECPubKeyDER);
2659 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2661 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2662 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2663 || !TEST_ptr_ne(xp, xq))
2666 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2667 || !TEST_ptr(X509_PUBKEY_get0(xp))
2668 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2671 X509_PUBKEY_free(xq);
2673 p = kExampleBadECPubKeyDER;
2674 input_len = sizeof(kExampleBadECPubKeyDER);
2676 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2677 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2680 X509_PUBKEY_free(xp);
2682 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2688 X509_PUBKEY_free(xp);
2689 X509_PUBKEY_free(xq);
2692 #endif /* OPENSSL_NO_EC */
2694 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2695 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2697 EVP_MD_CTX *mdctx = NULL;
2698 EVP_PKEY_CTX *ctx = NULL;
2699 const OSSL_PARAM *params;
2700 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2703 char mdname[OSSL_MAX_NAME_SIZE];
2706 /* Initialise a sign operation */
2707 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2709 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2713 * We should be able to query the parameters now.
2715 params = EVP_PKEY_CTX_settable_params(ctx);
2716 if (!TEST_ptr(params)
2717 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2718 OSSL_SIGNATURE_PARAM_DIGEST)))
2721 params = EVP_PKEY_CTX_gettable_params(ctx);
2722 if (!TEST_ptr(params)
2723 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2724 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2725 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2726 OSSL_SIGNATURE_PARAM_DIGEST)))
2730 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2731 * EVP_PKEY_CTX_get_params()
2733 strcpy(mdname, "SHA512");
2735 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2737 *param++ = OSSL_PARAM_construct_end();
2739 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2743 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2744 mdname, sizeof(mdname));
2745 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2746 || !TEST_str_eq(mdname, "SHA512"))
2750 * Test the TEST_PKEY_CTX_set_signature_md() and
2751 * TEST_PKEY_CTX_get_signature_md() functions
2753 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2754 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2755 || !TEST_ptr_eq(md, EVP_sha256()))
2759 * Test getting MD parameters via an associated EVP_PKEY_CTX
2761 mdctx = EVP_MD_CTX_new();
2762 if (!TEST_ptr(mdctx)
2763 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2768 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2769 * able to obtain the digest's settable parameters from the provider.
2771 params = EVP_MD_CTX_settable_params(mdctx);
2772 if (!TEST_ptr(params)
2773 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2774 /* The final key should be NULL */
2775 || !TEST_ptr_null(params[1].key))
2779 memset(ssl3ms, 0, sizeof(ssl3ms));
2780 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2781 ssl3ms, sizeof(ssl3ms));
2782 *param++ = OSSL_PARAM_construct_end();
2784 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2790 EVP_MD_CTX_free(mdctx);
2791 EVP_PKEY_CTX_free(ctx);
2796 #ifndef OPENSSL_NO_DSA
2797 static int test_DSA_get_set_params(void)
2799 OSSL_PARAM_BLD *bld = NULL;
2800 OSSL_PARAM *params = NULL;
2801 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2802 EVP_PKEY_CTX *pctx = NULL;
2803 EVP_PKEY *pkey = NULL;
2807 * Setup the parameters for our DSA object. For our purposes they don't
2808 * have to actually be *valid* parameters. We just need to set something.
2810 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2811 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2812 || !TEST_ptr(p = BN_new())
2813 || !TEST_ptr(q = BN_new())
2814 || !TEST_ptr(g = BN_new())
2815 || !TEST_ptr(pub = BN_new())
2816 || !TEST_ptr(priv = BN_new()))
2818 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2826 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2829 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2830 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2834 if (!TEST_ptr(pkey))
2837 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2840 EVP_PKEY_free(pkey);
2841 EVP_PKEY_CTX_free(pctx);
2842 OSSL_PARAM_free(params);
2843 OSSL_PARAM_BLD_free(bld);
2854 * Test combinations of private, public, missing and private + public key
2855 * params to ensure they are all accepted
2857 static int test_DSA_priv_pub(void)
2859 return test_EVP_PKEY_ffc_priv_pub("DSA");
2862 #endif /* !OPENSSL_NO_DSA */
2864 static int test_RSA_get_set_params(void)
2866 OSSL_PARAM_BLD *bld = NULL;
2867 OSSL_PARAM *params = NULL;
2868 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2869 EVP_PKEY_CTX *pctx = NULL;
2870 EVP_PKEY *pkey = NULL;
2874 * Setup the parameters for our RSA object. For our purposes they don't
2875 * have to actually be *valid* parameters. We just need to set something.
2877 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2878 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2879 || !TEST_ptr(n = BN_new())
2880 || !TEST_ptr(e = BN_new())
2881 || !TEST_ptr(d = BN_new()))
2883 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2885 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2890 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2891 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2895 if (!TEST_ptr(pkey))
2898 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2901 EVP_PKEY_free(pkey);
2902 EVP_PKEY_CTX_free(pctx);
2903 OSSL_PARAM_free(params);
2904 OSSL_PARAM_BLD_free(bld);
2912 static int test_RSA_OAEP_set_get_params(void)
2915 EVP_PKEY *key = NULL;
2916 EVP_PKEY_CTX *key_ctx = NULL;
2918 if (nullprov != NULL)
2919 return TEST_skip("Test does not support a non-default library context");
2921 if (!TEST_ptr(key = load_example_rsa_key())
2922 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2926 int padding = RSA_PKCS1_OAEP_PADDING;
2927 OSSL_PARAM params[4];
2929 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2930 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2931 OSSL_DIGEST_NAME_SHA2_256, 0);
2932 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2933 OSSL_DIGEST_NAME_SHA1, 0);
2934 params[3] = OSSL_PARAM_construct_end();
2936 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2940 OSSL_PARAM params[3];
2941 char oaepmd[30] = { '\0' };
2942 char mgf1md[30] = { '\0' };
2944 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2945 oaepmd, sizeof(oaepmd));
2946 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2947 mgf1md, sizeof(mgf1md));
2948 params[2] = OSSL_PARAM_construct_end();
2950 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2953 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2954 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2962 EVP_PKEY_CTX_free(key_ctx);
2967 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2968 static int test_decrypt_null_chunks(void)
2970 EVP_CIPHER_CTX* ctx = NULL;
2971 EVP_CIPHER *cipher = NULL;
2972 const unsigned char key[32] = {
2973 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2974 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2975 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2977 unsigned char iv[12] = {
2978 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2980 unsigned char msg[] = "It was the best of times, it was the worst of times";
2981 unsigned char ciphertext[80];
2982 unsigned char plaintext[80];
2983 /* We initialise tmp to a non zero value on purpose */
2984 int ctlen, ptlen, tmp = 99;
2986 const int enc_offset = 10, dec_offset = 20;
2988 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2989 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2990 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2992 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2994 /* Deliberate add a zero length update */
2995 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2997 || !TEST_int_eq(tmp, 0)
2998 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3000 sizeof(msg) - enc_offset))
3001 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3002 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3003 || !TEST_int_eq(tmp, 0))
3006 /* Deliberately initialise tmp to a non zero value */
3008 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3009 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3012 * Deliberately add a zero length update. We also deliberately do
3013 * this at a different offset than for encryption.
3015 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3017 || !TEST_int_eq(tmp, 0)
3018 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3019 ciphertext + dec_offset,
3020 ctlen - dec_offset))
3021 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3022 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3023 || !TEST_int_eq(tmp, 0)
3024 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3029 EVP_CIPHER_CTX_free(ctx);
3030 EVP_CIPHER_free(cipher);
3033 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3035 #ifndef OPENSSL_NO_DH
3037 * Test combinations of private, public, missing and private + public key
3038 * params to ensure they are all accepted
3040 static int test_DH_priv_pub(void)
3042 return test_EVP_PKEY_ffc_priv_pub("DH");
3045 # ifndef OPENSSL_NO_DEPRECATED_3_0
3046 static int test_EVP_PKEY_set1_DH(void)
3048 DH *x942dh = NULL, *noqdh = NULL;
3049 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3051 BIGNUM *p, *g = NULL;
3052 BIGNUM *pubkey = NULL;
3053 unsigned char pub[2048 / 8];
3056 if (!TEST_ptr(p = BN_new())
3057 || !TEST_ptr(g = BN_new())
3058 || !TEST_ptr(pubkey = BN_new())
3059 || !TEST_true(BN_set_word(p, 9999))
3060 || !TEST_true(BN_set_word(g, 2))
3061 || !TEST_true(BN_set_word(pubkey, 4321))
3062 || !TEST_ptr(noqdh = DH_new())
3063 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3064 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3065 || !TEST_ptr(pubkey = BN_new())
3066 || !TEST_true(BN_set_word(pubkey, 4321)))
3070 x942dh = DH_get_2048_256();
3071 pkey1 = EVP_PKEY_new();
3072 pkey2 = EVP_PKEY_new();
3073 if (!TEST_ptr(x942dh)
3077 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3081 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3082 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3085 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3087 || !TEST_ptr(pubkey))
3090 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3091 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3094 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3095 OSSL_PKEY_PARAM_PUB_KEY,
3096 pub, sizeof(pub), &len))
3097 || !TEST_size_t_ne(len, 0))
3105 EVP_PKEY_free(pkey1);
3106 EVP_PKEY_free(pkey2);
3112 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3113 #endif /* !OPENSSL_NO_DH */
3116 * We test what happens with an empty template. For the sake of this test,
3117 * the template must be ignored, and we know that's the case for RSA keys
3118 * (this might arguably be a misfeature, but that's what we currently do,
3119 * even in provider code, since that's how the legacy RSA implementation
3122 static int test_keygen_with_empty_template(int n)
3124 EVP_PKEY_CTX *ctx = NULL;
3125 EVP_PKEY *pkey = NULL;
3126 EVP_PKEY *tkey = NULL;
3129 if (nullprov != NULL)
3130 return TEST_skip("Test does not support a non-default library context");
3134 /* We do test with no template at all as well */
3135 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3139 /* Here we create an empty RSA key that serves as our template */
3140 if (!TEST_ptr(tkey = EVP_PKEY_new())
3141 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3142 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3147 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3148 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3153 EVP_PKEY_CTX_free(ctx);
3154 EVP_PKEY_free(pkey);
3155 EVP_PKEY_free(tkey);
3160 * Test that we fail if we attempt to use an algorithm that is not available
3161 * in the current library context (unless we are using an algorithm that
3162 * should be made available via legacy codepaths).
3167 static int test_pkey_ctx_fail_without_provider(int tst)
3169 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3170 OSSL_PROVIDER *tmpnullprov = NULL;
3171 EVP_PKEY_CTX *pctx = NULL;
3172 const char *keytype = NULL;
3173 int expect_null = 0;
3176 if (!TEST_ptr(tmpctx))
3179 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3180 if (!TEST_ptr(tmpnullprov))
3184 * We check for certain algos in the null provider.
3185 * If an algo is expected to have a provider keymgmt, constructing an
3186 * EVP_PKEY_CTX is expected to fail (return NULL).
3187 * Otherwise, if it's expected to have legacy support, constructing an
3188 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3198 #ifdef OPENSSL_NO_EC
3199 TEST_info("EC disable, skipping SM2 check...");
3202 #ifdef OPENSSL_NO_SM2
3203 TEST_info("SM2 disable, skipping SM2 check...");
3208 TEST_error("No test for case %d", tst);
3212 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3213 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3216 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3222 EVP_PKEY_CTX_free(pctx);
3223 OSSL_PROVIDER_unload(tmpnullprov);
3224 OSSL_LIB_CTX_free(tmpctx);
3228 static int test_rand_agglomeration(void)
3232 OSSL_PARAM params[3], *p = params;
3234 unsigned int step = 7;
3235 static unsigned char seed[] = "It does not matter how slowly you go "
3236 "as long as you do not stop.";
3237 unsigned char out[sizeof(seed)];
3239 if (!TEST_int_ne(sizeof(seed) % step, 0)
3240 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3242 ctx = EVP_RAND_CTX_new(rand, NULL);
3243 EVP_RAND_free(rand);
3247 memset(out, 0, sizeof(out));
3248 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3249 seed, sizeof(seed));
3250 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3251 *p = OSSL_PARAM_construct_end();
3252 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3253 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3254 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3255 EVP_RAND_CTX_free(ctx);
3260 * Test that we correctly return the original or "running" IV after
3261 * an encryption operation.
3262 * Run multiple times for some different relevant algorithms/modes.
3264 static int test_evp_iv_aes(int idx)
3267 EVP_CIPHER_CTX *ctx = NULL;
3268 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3269 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3270 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3271 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3272 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3273 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3274 9, 10, 11, 12, 13, 14, 15, 16 };
3275 unsigned char ciphertext[32], oiv[16], iv[16];
3276 unsigned char *ref_iv;
3277 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3278 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3280 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3281 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3282 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3283 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3284 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3285 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3286 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3287 #ifndef OPENSSL_NO_OCB
3288 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3289 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3291 int len = sizeof(ciphertext);
3292 size_t ivlen, ref_len;
3293 const EVP_CIPHER *type = NULL;
3296 if (nullprov != NULL && idx < 6)
3297 return TEST_skip("Test does not support a non-default library context");
3301 type = EVP_aes_128_cbc();
3304 type = (type != NULL) ? type :
3305 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3307 ref_len = sizeof(cbc_state);
3311 type = EVP_aes_128_ofb();
3314 type = (type != NULL) ? type :
3315 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3317 ref_len = sizeof(ofb_state);
3321 type = EVP_aes_128_cfb();
3324 type = (type != NULL) ? type :
3325 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3327 ref_len = sizeof(cfb_state);
3331 type = EVP_aes_128_gcm();
3334 type = (type != NULL) ? type :
3335 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3337 ref_len = sizeof(gcm_state);
3340 type = EVP_aes_128_ccm();
3343 type = (type != NULL) ? type :
3344 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3346 ref_len = sizeof(ccm_state);
3348 #ifdef OPENSSL_NO_OCB
3354 type = EVP_aes_128_ocb();
3357 type = (type != NULL) ? type :
3358 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3360 ref_len = sizeof(ocb_state);
3368 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3369 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3370 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3372 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3373 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3374 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3376 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3377 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3378 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3381 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3382 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3383 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3386 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3389 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3395 EVP_CIPHER_CTX_free(ctx);
3397 EVP_CIPHER_free((EVP_CIPHER *)type);
3401 #ifndef OPENSSL_NO_DES
3402 static int test_evp_iv_des(int idx)
3405 EVP_CIPHER_CTX *ctx = NULL;
3406 static const unsigned char key[24] = {
3407 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3408 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3409 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3411 static const unsigned char init_iv[8] = {
3412 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3414 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3415 9, 10, 11, 12, 13, 14, 15, 16 };
3416 unsigned char ciphertext[32], oiv[8], iv[8];
3417 unsigned const char *ref_iv;
3418 static const unsigned char cbc_state_des[8] = {
3419 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3421 static const unsigned char cbc_state_3des[8] = {
3422 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3424 static const unsigned char ofb_state_des[8] = {
3425 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3427 static const unsigned char ofb_state_3des[8] = {
3428 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3430 static const unsigned char cfb_state_des[8] = {
3431 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3433 static const unsigned char cfb_state_3des[8] = {
3434 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3436 int len = sizeof(ciphertext);
3437 size_t ivlen, ref_len;
3438 EVP_CIPHER *type = NULL;
3440 if (lgcyprov == NULL && idx < 3)
3441 return TEST_skip("Test requires legacy provider to be loaded");
3445 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3446 ref_iv = cbc_state_des;
3447 ref_len = sizeof(cbc_state_des);
3450 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3451 ref_iv = ofb_state_des;
3452 ref_len = sizeof(ofb_state_des);
3455 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3456 ref_iv = cfb_state_des;
3457 ref_len = sizeof(cfb_state_des);
3460 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3461 ref_iv = cbc_state_3des;
3462 ref_len = sizeof(cbc_state_3des);
3465 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3466 ref_iv = ofb_state_3des;
3467 ref_len = sizeof(ofb_state_3des);
3470 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3471 ref_iv = cfb_state_3des;
3472 ref_len = sizeof(cfb_state_3des);
3479 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3480 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3481 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3483 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3484 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3485 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3487 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3488 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3489 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3492 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3493 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3495 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3500 EVP_CIPHER_CTX_free(ctx);
3501 EVP_CIPHER_free(type);
3506 #ifndef OPENSSL_NO_BF
3507 static int test_evp_bf_default_keylen(int idx)
3510 static const char *algos[4] = {
3511 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3513 int ivlen[4] = { 0, 8, 8, 8 };
3514 EVP_CIPHER *cipher = NULL;
3516 if (lgcyprov == NULL)
3517 return TEST_skip("Test requires legacy provider to be loaded");
3519 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3520 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3521 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3526 EVP_CIPHER_free(cipher);
3531 #ifndef OPENSSL_NO_EC
3532 static int ecpub_nids[] = {
3533 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3534 NID_secp384r1, NID_secp521r1,
3535 # ifndef OPENSSL_NO_EC2M
3536 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3537 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3539 NID_brainpoolP384r1, NID_brainpoolP512r1
3542 static int test_ecpub(int idx)
3544 int ret = 0, len, savelen;
3546 unsigned char buf[1024];
3548 EVP_PKEY *pkey = NULL;
3549 EVP_PKEY_CTX *ctx = NULL;
3550 # ifndef OPENSSL_NO_DEPRECATED_3_0
3551 const unsigned char *q;
3552 EVP_PKEY *pkey2 = NULL;
3556 if (nullprov != NULL)
3557 return TEST_skip("Test does not support a non-default library context");
3559 nid = ecpub_nids[idx];
3561 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3563 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3564 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3565 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3567 len = i2d_PublicKey(pkey, NULL);
3569 if (!TEST_int_ge(len, 1)
3570 || !TEST_int_lt(len, 1024))
3573 len = i2d_PublicKey(pkey, &p);
3574 if (!TEST_int_ge(len, 1)
3575 || !TEST_int_eq(len, savelen))
3578 # ifndef OPENSSL_NO_DEPRECATED_3_0
3579 /* Now try to decode the just-created DER. */
3581 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3582 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3583 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3585 /* EC_KEY ownership transferred */
3587 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3589 /* The keys should match. */
3590 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3597 EVP_PKEY_CTX_free(ctx);
3598 EVP_PKEY_free(pkey);
3599 # ifndef OPENSSL_NO_DEPRECATED_3_0
3600 EVP_PKEY_free(pkey2);
3607 static int test_EVP_rsa_pss_with_keygen_bits(void)
3610 EVP_PKEY_CTX *ctx = NULL;
3611 EVP_PKEY *pkey = NULL;
3614 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3616 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3617 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3618 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3619 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3620 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3623 EVP_PKEY_free(pkey);
3624 EVP_PKEY_CTX_free(ctx);
3628 static int test_EVP_rsa_pss_set_saltlen(void)
3631 EVP_PKEY *pkey = NULL;
3632 EVP_PKEY_CTX *pkey_ctx = NULL;
3633 EVP_MD *sha256 = NULL;
3634 EVP_MD_CTX *sha256_ctx = NULL;
3635 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3636 const int test_value = 32;
3638 ret = TEST_ptr(pkey = load_example_rsa_key())
3639 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3640 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3641 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3642 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3643 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3644 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3645 && TEST_int_eq(saltlen, test_value);
3647 EVP_MD_CTX_free(sha256_ctx);
3648 EVP_PKEY_free(pkey);
3649 EVP_MD_free(sha256);
3654 static int success = 1;
3655 static void md_names(const char *name, void *vctx)
3657 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3658 /* Force a namemap update */
3659 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3661 if (!TEST_ptr(aes128))
3664 EVP_CIPHER_free(aes128);
3668 * Test that changing the namemap in a user callback works in a names_do_all
3671 static int test_names_do_all(void)
3673 /* We use a custom libctx so that we know the state of the namemap */
3674 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3675 EVP_MD *sha256 = NULL;
3681 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3682 if (!TEST_ptr(sha256))
3686 * We loop through all the names for a given digest. This should still work
3687 * even if the namemap changes part way through.
3689 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3692 if (!TEST_true(success))
3697 EVP_MD_free(sha256);
3698 OSSL_LIB_CTX_free(ctx);
3704 const unsigned char *key;
3705 const unsigned char *iv;
3706 const unsigned char *input;
3707 const unsigned char *expected;
3708 const unsigned char *tag;
3709 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3718 static const EVP_INIT_TEST_st evp_init_tests[] = {
3720 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3721 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3725 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3726 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3727 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3728 sizeof(gcmDefaultTag), 1, 0, 1
3731 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3732 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3736 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3737 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3738 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3739 sizeof(gcmDefaultTag), 0, 0, 1
3742 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3743 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3747 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3748 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3749 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3750 sizeof(gcmDefaultTag), 1, 1, 0
3753 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3754 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3758 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3759 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3760 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3761 sizeof(gcmDefaultTag), 0, 1, 0
3765 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3769 if (t->ivlen != 0) {
3770 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3773 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3781 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3782 * arguments are given one at a time and a final adjustment to the enc
3783 * parameter sets the correct operation.
3785 static int test_evp_init_seq(int idx)
3787 int outlen1, outlen2;
3789 unsigned char outbuf[1024];
3790 unsigned char tag[16];
3791 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3792 EVP_CIPHER_CTX *ctx = NULL;
3793 EVP_CIPHER *type = NULL;
3794 size_t taglen = sizeof(tag);
3795 char *errmsg = NULL;
3797 ctx = EVP_CIPHER_CTX_new();
3799 errmsg = "CTX_ALLOC";
3802 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3803 errmsg = "CIPHER_FETCH";
3806 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3807 errmsg = "EMPTY_ENC_INIT";
3810 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3814 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3815 errmsg = "KEY_INIT (before iv)";
3818 if (!evp_init_seq_set_iv(ctx, t)) {
3822 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3823 errmsg = "KEY_INIT (after iv)";
3826 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3827 errmsg = "FINAL_ENC_INIT";
3830 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3831 errmsg = "CIPHER_UPDATE";
3834 if (t->finalenc == 0 && t->tag != NULL) {
3835 /* Set expected tag */
3836 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3837 t->taglen, (void *)t->tag), 0)) {
3842 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3843 errmsg = "CIPHER_FINAL";
3846 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3847 errmsg = "WRONG_RESULT";
3850 if (t->finalenc != 0 && t->tag != NULL) {
3851 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3855 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3856 errmsg = "TAG_ERROR";
3863 TEST_info("evp_init_test %d: %s", idx, errmsg);
3864 EVP_CIPHER_CTX_free(ctx);
3865 EVP_CIPHER_free(type);
3870 const unsigned char *input;
3871 const unsigned char *expected;
3875 } EVP_RESET_TEST_st;
3877 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3879 cfbPlaintext, cfbCiphertext,
3880 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3883 cfbCiphertext, cfbPlaintext,
3884 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3889 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3892 static int test_evp_reset(int idx)
3894 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3895 int outlen1, outlen2;
3897 unsigned char outbuf[1024];
3898 EVP_CIPHER_CTX *ctx = NULL;
3899 EVP_CIPHER *type = NULL;
3900 char *errmsg = NULL;
3902 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3903 errmsg = "CTX_ALLOC";
3906 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3907 errmsg = "CIPHER_FETCH";
3910 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3911 errmsg = "CIPHER_INIT";
3914 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3918 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3919 errmsg = "CIPHER_UPDATE";
3922 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3923 errmsg = "CIPHER_FINAL";
3926 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3927 errmsg = "WRONG_RESULT";
3930 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3931 errmsg = "CIPHER_REINIT";
3934 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3935 errmsg = "CIPHER_UPDATE (reinit)";
3938 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3939 errmsg = "CIPHER_FINAL (reinit)";
3942 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3943 errmsg = "WRONG_RESULT (reinit)";
3949 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3950 EVP_CIPHER_CTX_free(ctx);
3951 EVP_CIPHER_free(type);
3958 } EVP_UPDATED_IV_TEST_st;
3960 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4000 * Test that the IV in the context is updated during a crypto operation for CFB
4003 static int test_evp_updated_iv(int idx)
4005 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4006 int outlen1, outlen2;
4008 unsigned char outbuf[1024];
4009 EVP_CIPHER_CTX *ctx = NULL;
4010 EVP_CIPHER *type = NULL;
4011 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4013 char *errmsg = NULL;
4015 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4016 errmsg = "CTX_ALLOC";
4019 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4020 TEST_info("cipher %s not supported, skipping", t->cipher);
4024 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4025 errmsg = "CIPHER_INIT";
4028 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4032 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4033 errmsg = "CIPHER_UPDATE";
4036 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4037 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4040 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
4041 errmsg = "CIPHER_CTX_GET_IV_LEN";
4044 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4045 errmsg = "IV_NOT_UPDATED";
4048 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4049 errmsg = "CIPHER_FINAL";
4056 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4057 EVP_CIPHER_CTX_free(ctx);
4058 EVP_CIPHER_free(type);
4063 const unsigned char *iv1;
4064 const unsigned char *iv2;
4065 const unsigned char *expected1;
4066 const unsigned char *expected2;
4067 const unsigned char *tag1;
4068 const unsigned char *tag2;
4071 size_t expectedlen1;
4072 size_t expectedlen2;
4073 } TEST_GCM_IV_REINIT_st;
4075 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4077 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4078 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4079 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4082 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4083 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4084 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4088 static int test_gcm_reinit(int idx)
4090 int outlen1, outlen2, outlen3;
4092 unsigned char outbuf[1024];
4093 unsigned char tag[16];
4094 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4095 EVP_CIPHER_CTX *ctx = NULL;
4096 EVP_CIPHER *type = NULL;
4097 size_t taglen = sizeof(tag);
4098 char *errmsg = NULL;
4100 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4101 errmsg = "CTX_ALLOC";
4104 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4105 errmsg = "CIPHER_FETCH";
4108 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4109 errmsg = "ENC_INIT";
4112 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4113 errmsg = "SET_IVLEN1";
4116 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4120 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4124 EVP_CIPHER_CTX_set_padding(ctx, 0);
4125 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4126 sizeof(gcmResetPlaintext)))) {
4127 errmsg = "CIPHER_UPDATE1";
4130 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4131 errmsg = "CIPHER_FINAL1";
4134 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4135 errmsg = "WRONG_RESULT1";
4138 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4139 errmsg = "GET_TAG1";
4142 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4143 errmsg = "TAG_ERROR1";
4147 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4148 errmsg = "SET_IVLEN2";
4151 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4155 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4159 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4160 sizeof(gcmResetPlaintext)))) {
4161 errmsg = "CIPHER_UPDATE2";
4164 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4165 errmsg = "CIPHER_FINAL2";
4168 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4169 errmsg = "WRONG_RESULT2";
4172 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4173 errmsg = "GET_TAG2";
4176 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4177 errmsg = "TAG_ERROR2";
4183 TEST_info("evp_init_test %d: %s", idx, errmsg);
4184 EVP_CIPHER_CTX_free(ctx);
4185 EVP_CIPHER_free(type);
4189 #ifndef OPENSSL_NO_DEPRECATED_3_0
4190 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4191 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4193 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4195 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4197 int (*pinit)(EVP_PKEY_CTX *ctx);
4199 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4203 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4205 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4207 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4211 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4212 size_t *outlen, const unsigned char *in,
4215 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4216 const unsigned char *tbs, size_t tbslen);
4218 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4219 return psign(ctx, out, outlen, in, inlen);
4222 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4223 size_t *siglen, const unsigned char *tbs,
4226 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4227 const unsigned char *tbs, size_t tbslen);
4229 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4230 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4233 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4236 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4238 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4239 return pderive(ctx, key, keylen);
4242 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4244 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4246 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4247 return pcopy(dst, src);
4250 static int ctrl_called;
4252 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4254 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4256 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4258 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4263 return pctrl(ctx, type, p1, p2);
4266 static int test_custom_pmeth(int idx)
4268 EVP_PKEY_CTX *pctx = NULL;
4269 EVP_MD_CTX *ctx = NULL;
4270 EVP_PKEY *pkey = NULL;
4271 int id, orig_id, orig_flags;
4274 unsigned char *res = NULL;
4275 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4276 const EVP_MD *md = EVP_sha256();
4281 /* We call deprecated APIs so this test doesn't support a custom libctx */
4282 if (testctx != NULL)
4289 pkey = load_example_rsa_key();
4293 # ifndef OPENSSL_NO_DSA
4295 pkey = load_example_dsa_key();
4302 # ifndef OPENSSL_NO_EC
4304 pkey = load_example_ec_key();
4311 # ifndef OPENSSL_NO_ECX
4312 id = EVP_PKEY_ED25519;
4314 pkey = load_example_ed25519_key();
4321 # ifndef OPENSSL_NO_DH
4324 pkey = load_example_dh_key();
4331 # ifndef OPENSSL_NO_ECX
4332 id = EVP_PKEY_X25519;
4334 pkey = load_example_x25519_key();
4340 TEST_error("Should not happen");
4344 if (!TEST_ptr(pkey))
4348 if (!TEST_true(evp_pkey_is_provided(pkey)))
4351 EVP_PKEY *tmp = pkey;
4353 /* Convert to a legacy key */
4354 pkey = EVP_PKEY_new();
4355 if (!TEST_ptr(pkey)) {
4359 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4364 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4368 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4372 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4373 if (!TEST_int_eq(orig_id, id)
4374 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4377 if (id == EVP_PKEY_ED25519) {
4378 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4379 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4380 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4382 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4384 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4385 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4386 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4387 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4389 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4390 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4394 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4396 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4397 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4398 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4400 || !TEST_int_eq(ctrl_called, 1)
4401 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4402 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4403 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4404 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4407 ctx = EVP_MD_CTX_new();
4408 reslen = EVP_PKEY_size(pkey);
4409 res = OPENSSL_malloc(reslen);
4412 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4413 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4414 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4416 || !TEST_int_eq(ctrl_called, 1))
4419 if (id == EVP_PKEY_ED25519) {
4420 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4423 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4424 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4432 EVP_MD_CTX_free(ctx);
4434 EVP_PKEY_CTX_free(pctx);
4435 EVP_PKEY_free(pkey);
4436 EVP_PKEY_meth_remove(custom_pmeth);
4437 EVP_PKEY_meth_free(custom_pmeth);
4438 custom_pmeth = NULL;
4442 static int test_evp_md_cipher_meth(void)
4444 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4445 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4448 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4454 EVP_MD_meth_free(md);
4455 EVP_CIPHER_meth_free(ciph);
4464 static int custom_md_init_called = 0;
4465 static int custom_md_cleanup_called = 0;
4467 static int custom_md_init(EVP_MD_CTX *ctx)
4469 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4474 custom_md_init_called++;
4478 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4480 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4486 custom_md_cleanup_called++;
4490 static int test_custom_md_meth(void)
4492 EVP_MD_CTX *mdctx = NULL;
4494 char mess[] = "Test Message\n";
4495 unsigned char md_value[EVP_MAX_MD_SIZE];
4496 unsigned int md_len;
4501 * We are testing deprecated functions. We don't support a non-default
4502 * library context in this test.
4504 if (testctx != NULL)
4505 return TEST_skip("Non-default libctx");
4507 custom_md_init_called = custom_md_cleanup_called = 0;
4509 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4510 if (!TEST_int_ne(nid, NID_undef))
4512 tmp = EVP_MD_meth_new(nid, NID_undef);
4516 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4517 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4518 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4519 sizeof(custom_dgst_ctx))))
4522 mdctx = EVP_MD_CTX_new();
4523 if (!TEST_ptr(mdctx)
4525 * Initing our custom md and then initing another md should
4526 * result in the init and cleanup functions of the custom md
4529 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4530 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4531 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4532 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4533 || !TEST_int_eq(custom_md_init_called, 1)
4534 || !TEST_int_eq(custom_md_cleanup_called, 1))
4539 EVP_MD_CTX_free(mdctx);
4540 EVP_MD_meth_free(tmp);
4548 static int custom_ciph_init_called = 0;
4549 static int custom_ciph_cleanup_called = 0;
4551 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4552 const unsigned char *iv, int enc)
4554 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4559 custom_ciph_init_called++;
4563 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4565 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4571 custom_ciph_cleanup_called++;
4575 static int test_custom_ciph_meth(void)
4577 EVP_CIPHER_CTX *ciphctx = NULL;
4578 EVP_CIPHER *tmp = NULL;
4583 * We are testing deprecated functions. We don't support a non-default
4584 * library context in this test.
4586 if (testctx != NULL)
4587 return TEST_skip("Non-default libctx");
4589 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4591 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4592 if (!TEST_int_ne(nid, NID_undef))
4594 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4598 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4599 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4600 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4601 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4602 sizeof(custom_ciph_ctx))))
4605 ciphctx = EVP_CIPHER_CTX_new();
4606 if (!TEST_ptr(ciphctx)
4608 * Initing our custom cipher and then initing another cipher
4609 * should result in the init and cleanup functions of the custom
4610 * cipher being called.
4612 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4613 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4615 || !TEST_int_eq(custom_ciph_init_called, 1)
4616 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4621 EVP_CIPHER_CTX_free(ciphctx);
4622 EVP_CIPHER_meth_free(tmp);
4626 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4627 /* Test we can create a signature keys with an associated ENGINE */
4628 static int test_signatures_with_engine(int tst)
4631 const char *engine_id = "dasync";
4632 EVP_PKEY *pkey = NULL;
4633 const unsigned char badcmackey[] = { 0x00, 0x01 };
4634 const unsigned char cmackey[] = {
4635 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4636 0x0c, 0x0d, 0x0e, 0x0f
4638 const unsigned char ed25519key[] = {
4639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4643 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4645 EVP_MD_CTX *ctx = NULL;
4646 unsigned char *mac = NULL;
4650 # ifdef OPENSSL_NO_CMAC
4651 /* Skip CMAC tests in a no-cmac build */
4655 # ifdef OPENSSL_NO_ECX
4656 /* Skip ECX tests in a no-ecx build */
4661 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4664 if (!TEST_true(ENGINE_init(e))) {
4671 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4675 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4679 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4680 sizeof(ed25519key));
4683 TEST_error("Invalid test case");
4686 if (!TEST_ptr(pkey))
4689 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4692 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4695 if (!TEST_true(ret))
4698 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4699 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4702 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4705 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4708 /* We used a bad key. We expect a failure here */
4709 if (!TEST_false(ret))
4715 EVP_MD_CTX_free(ctx);
4717 EVP_PKEY_free(pkey);
4724 static int test_cipher_with_engine(void)
4727 const char *engine_id = "dasync";
4728 const unsigned char keyiv[] = {
4729 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4730 0x0c, 0x0d, 0x0e, 0x0f
4732 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4734 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4735 unsigned char buf[AES_BLOCK_SIZE];
4738 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4741 if (!TEST_true(ENGINE_init(e))) {
4746 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4747 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4750 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4753 /* Copy the ctx, and complete the operation with the new ctx */
4754 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4757 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4758 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4763 EVP_CIPHER_CTX_free(ctx);
4764 EVP_CIPHER_CTX_free(ctx2);
4770 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4771 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4773 #ifndef OPENSSL_NO_ECX
4774 static int ecxnids[] = {
4781 /* Test that creating ECX keys with a short private key fails as expected */
4782 static int test_ecx_short_keys(int tst)
4784 unsigned char ecxkeydata = 1;
4788 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4789 NULL, &ecxkeydata, 1);
4790 if (!TEST_ptr_null(pkey)) {
4791 EVP_PKEY_free(pkey);
4799 typedef enum OPTION_choice {
4806 const OPTIONS *test_get_options(void)
4808 static const OPTIONS options[] = {
4809 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4810 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4816 #ifndef OPENSSL_NO_ECX
4817 /* Test that trying to sign with a public key errors out gracefully */
4818 static int test_ecx_not_private_key(int tst)
4820 EVP_PKEY *pkey = NULL;
4822 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4824 EVP_MD_CTX *ctx = NULL;
4825 unsigned char *mac = NULL;
4827 unsigned char *pubkey;
4830 switch (keys[tst].type) {
4833 return TEST_skip("signing not supported for X25519/X448");
4836 /* Check if this algorithm supports public keys */
4837 if (keys[tst].pub == NULL)
4838 return TEST_skip("no public key present");
4840 pubkey = (unsigned char *)keys[tst].pub;
4841 pubkeylen = strlen(keys[tst].pub);
4843 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4844 NULL, pubkey, pubkeylen);
4845 if (!TEST_ptr(pkey))
4848 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4851 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4854 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4857 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4860 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4865 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4866 * but we relax the check to allow error also thrown by
4867 * EVP_DigestSignInit and EVP_DigestSign.
4869 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4875 EVP_MD_CTX_free(ctx);
4877 EVP_PKEY_free(pkey);
4881 #endif /* OPENSSL_NO_ECX */
4883 static int test_sign_continuation(void)
4885 OSSL_PROVIDER *fake_rsa = NULL;
4887 EVP_PKEY *pkey = NULL;
4888 EVP_PKEY_CTX *pctx = NULL;
4889 EVP_MD_CTX *mctx = NULL;
4890 const char sigbuf[] = "To Be Signed";
4891 unsigned char signature[256];
4892 size_t siglen = 256;
4893 static int nodupnum = 1;
4894 static const OSSL_PARAM nodup_params[] = {
4895 OSSL_PARAM_int("NO_DUP", &nodupnum),
4899 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
4902 /* Construct a pkey using precise propq to use our provider */
4903 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
4904 "provider=fake-rsa"))
4905 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
4906 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
4910 /* First test it continues (classic behavior) */
4911 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
4912 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
4914 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
4915 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
4916 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
4917 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
4920 EVP_MD_CTX_free(mctx);
4922 /* try again but failing the continuation */
4923 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
4924 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
4925 NULL, pkey, nodup_params))
4926 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
4927 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
4928 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
4929 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
4935 EVP_MD_CTX_free(mctx);
4936 EVP_PKEY_free(pkey);
4937 EVP_PKEY_CTX_free(pctx);
4938 fake_rsa_finish(fake_rsa);
4942 int setup_tests(void)
4946 while ((o = opt_next()) != OPT_EOF) {
4949 /* Set up an alternate library context */
4950 testctx = OSSL_LIB_CTX_new();
4951 if (!TEST_ptr(testctx))
4953 /* Swap the libctx to test non-default context only */
4954 nullprov = OSSL_PROVIDER_load(NULL, "null");
4955 deflprov = OSSL_PROVIDER_load(testctx, "default");
4956 #ifndef OPENSSL_SYS_TANDEM
4957 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4960 case OPT_TEST_CASES:
4967 ADD_TEST(test_EVP_set_default_properties);
4968 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4969 ADD_TEST(test_EVP_DigestVerifyInit);
4970 #ifndef OPENSSL_NO_SIPHASH
4971 ADD_TEST(test_siphash_digestsign);
4973 ADD_TEST(test_EVP_Digest);
4974 ADD_TEST(test_EVP_md_null);
4975 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4976 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4977 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4978 ADD_TEST(test_privatekey_to_pkcs8);
4979 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4980 #ifndef OPENSSL_NO_EC
4981 ADD_TEST(test_EVP_PKCS82PKEY);
4983 #ifndef OPENSSL_NO_EC
4984 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4986 #if !defined(OPENSSL_NO_SM2)
4987 ADD_TEST(test_EVP_SM2);
4988 ADD_TEST(test_EVP_SM2_verify);
4990 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4991 #ifndef OPENSSL_NO_DEPRECATED_3_0
4992 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4993 if (!TEST_ptr(custom_pmeth))
4995 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4996 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4997 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4998 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5001 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5002 #ifndef OPENSSL_NO_CMAC
5003 ADD_TEST(test_CMAC_keygen);
5005 ADD_TEST(test_HKDF);
5006 ADD_TEST(test_emptyikm_HKDF);
5007 #ifndef OPENSSL_NO_EC
5008 ADD_TEST(test_X509_PUBKEY_inplace);
5009 ADD_TEST(test_X509_PUBKEY_dup);
5010 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5011 OSSL_NELEM(ec_der_pub_keys));
5013 #ifndef OPENSSL_NO_DSA
5014 ADD_TEST(test_DSA_get_set_params);
5015 ADD_TEST(test_DSA_priv_pub);
5017 ADD_TEST(test_RSA_get_set_params);
5018 ADD_TEST(test_RSA_OAEP_set_get_params);
5019 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5020 ADD_TEST(test_decrypt_null_chunks);
5022 #ifndef OPENSSL_NO_DH
5023 ADD_TEST(test_DH_priv_pub);
5024 # ifndef OPENSSL_NO_DEPRECATED_3_0
5025 ADD_TEST(test_EVP_PKEY_set1_DH);
5028 #ifndef OPENSSL_NO_EC
5029 ADD_TEST(test_EC_priv_pub);
5030 ADD_TEST(test_evp_get_ec_pub);
5031 # ifndef OPENSSL_NO_DEPRECATED_3_0
5032 ADD_TEST(test_EC_priv_only_legacy);
5033 ADD_TEST(test_evp_get_ec_pub_legacy);
5036 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5037 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5039 ADD_TEST(test_rand_agglomeration);
5040 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5041 #ifndef OPENSSL_NO_DES
5042 ADD_ALL_TESTS(test_evp_iv_des, 6);
5044 #ifndef OPENSSL_NO_BF
5045 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5047 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5048 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5049 #ifndef OPENSSL_NO_EC
5050 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5053 ADD_TEST(test_names_do_all);
5055 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5056 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5057 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5058 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5060 #ifndef OPENSSL_NO_DEPRECATED_3_0
5061 ADD_ALL_TESTS(test_custom_pmeth, 12);
5062 ADD_TEST(test_evp_md_cipher_meth);
5063 ADD_TEST(test_custom_md_meth);
5064 ADD_TEST(test_custom_ciph_meth);
5066 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5067 /* Tests only support the default libctx */
5068 if (testctx == NULL) {
5069 # ifndef OPENSSL_NO_EC
5070 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5072 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5074 ADD_TEST(test_cipher_with_engine);
5079 #ifndef OPENSSL_NO_ECX
5080 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5081 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5084 ADD_TEST(test_sign_continuation);
5089 void cleanup_tests(void)
5091 OSSL_PROVIDER_unload(nullprov);
5092 OSSL_PROVIDER_unload(deflprov);
5093 #ifndef OPENSSL_SYS_TANDEM
5094 OSSL_PROVIDER_unload(lgcyprov);
5096 OSSL_LIB_CTX_free(testctx);