2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
413 int type; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
458 static EVP_PKEY *load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
472 static EVP_PKEY *load_example_hmac_key(void)
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
482 NULL, key, sizeof(key));
489 static int test_EVP_set_default_properties(void)
495 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
496 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
501 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
502 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
508 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
509 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
514 OSSL_LIB_CTX_free(ctx);
518 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
519 static int test_fromdata(char *keytype, OSSL_PARAM *params)
521 EVP_PKEY_CTX *pctx = NULL;
522 EVP_PKEY *pkey = NULL;
525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
527 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
528 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
538 EVP_PKEY_CTX_free(pctx);
542 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
545 * Test combinations of private, public, missing and private + public key
546 * params to ensure they are all accepted
548 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
549 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
551 OSSL_PARAM_BLD *bld = NULL;
552 OSSL_PARAM *params = NULL;
553 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
557 * Setup the parameters for our pkey object. For our purposes they don't
558 * have to actually be *valid* parameters. We just need to set something.
560 if (!TEST_ptr(p = BN_new())
561 || !TEST_ptr(q = BN_new())
562 || !TEST_ptr(g = BN_new())
563 || !TEST_ptr(pub = BN_new())
564 || !TEST_ptr(priv = BN_new()))
567 /* Test !priv and !pub */
568 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
573 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
576 if (!test_fromdata(keytype, params))
578 OSSL_PARAM_free(params);
580 OSSL_PARAM_BLD_free(bld);
582 /* Test priv and !pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
590 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
593 if (!test_fromdata(keytype, params))
595 OSSL_PARAM_free(params);
597 OSSL_PARAM_BLD_free(bld);
599 /* Test !priv and pub */
600 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
607 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
610 if (!test_fromdata(keytype, params))
612 OSSL_PARAM_free(params);
614 OSSL_PARAM_BLD_free(bld);
616 /* Test priv and pub */
617 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
618 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
620 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
626 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
629 if (!test_fromdata(keytype, params))
634 OSSL_PARAM_free(params);
635 OSSL_PARAM_BLD_free(bld);
644 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
647 * Test combinations of private, public, missing and private + public key
648 * params to ensure they are all accepted for EC keys
650 #ifndef OPENSSL_NO_EC
651 static unsigned char ec_priv[] = {
652 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
653 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
654 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
656 static unsigned char ec_pub[] = {
657 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
658 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
659 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
660 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
661 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
662 0x08, 0x09, 0xb8, 0xdb, 0x03
665 static int test_EC_priv_pub(void)
667 OSSL_PARAM_BLD *bld = NULL;
668 OSSL_PARAM *params = NULL;
673 * Setup the parameters for our pkey object. For our purposes they don't
674 * have to actually be *valid* parameters. We just need to set something.
676 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
679 /* Test !priv and !pub */
680 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
681 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
682 OSSL_PKEY_PARAM_GROUP_NAME,
685 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
688 if (!test_fromdata("EC", params))
690 OSSL_PARAM_free(params);
692 OSSL_PARAM_BLD_free(bld);
694 /* Test priv and !pub */
695 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
696 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
697 OSSL_PKEY_PARAM_GROUP_NAME,
699 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
702 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
705 if (!test_fromdata("EC", params))
707 OSSL_PARAM_free(params);
709 OSSL_PARAM_BLD_free(bld);
711 /* Test !priv and pub */
712 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
713 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
714 OSSL_PKEY_PARAM_GROUP_NAME,
716 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
717 OSSL_PKEY_PARAM_PUB_KEY,
718 ec_pub, sizeof(ec_pub))))
720 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
723 if (!test_fromdata("EC", params))
725 OSSL_PARAM_free(params);
727 OSSL_PARAM_BLD_free(bld);
729 /* Test priv and pub */
730 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
731 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
732 OSSL_PKEY_PARAM_GROUP_NAME,
734 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
735 OSSL_PKEY_PARAM_PUB_KEY,
736 ec_pub, sizeof(ec_pub)))
737 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
740 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
743 if (!test_fromdata("EC", params))
748 OSSL_PARAM_free(params);
749 OSSL_PARAM_BLD_free(bld);
755 /* Test that using a legacy EC key with only a private key in it works */
756 # ifndef OPENSSL_NO_DEPRECATED_3_0
757 static int test_EC_priv_only_legacy(void)
761 EC_KEY *eckey = NULL;
762 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
763 EVP_MD_CTX *ctx = NULL;
765 /* Create the low level EC_KEY */
766 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
769 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
770 if (!TEST_ptr(eckey))
773 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
776 pkey = EVP_PKEY_new();
780 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
784 while (dup_pk == NULL) {
786 ctx = EVP_MD_CTX_new();
791 * The EVP_DigestSignInit function should create the key on the
792 * provider side which is sufficient for this test.
794 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
795 testpropq, pkey, NULL)))
797 EVP_MD_CTX_free(ctx);
800 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
802 /* EVP_PKEY_eq() returns -2 with missing public keys */
803 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
811 EVP_MD_CTX_free(ctx);
818 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
819 #endif /* OPENSSL_NO_EC */
822 * n = 0 => test using legacy cipher
823 * n = 1 => test using fetched cipher
825 static int test_EVP_Enveloped(int n)
828 EVP_CIPHER_CTX *ctx = NULL;
829 EVP_PKEY *keypair = NULL;
830 unsigned char *kek = NULL;
831 unsigned char iv[EVP_MAX_IV_LENGTH];
832 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
833 int len, kek_len, ciphertext_len, plaintext_len;
834 unsigned char ciphertext[32], plaintext[16];
835 EVP_CIPHER *type = NULL;
837 if (nullprov != NULL)
838 return TEST_skip("Test does not support a non-default library context");
841 type = (EVP_CIPHER *)EVP_aes_256_cbc();
842 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
846 if (!TEST_ptr(keypair = load_example_rsa_key())
847 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
848 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
849 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
851 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
853 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
857 ciphertext_len += len;
859 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
860 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
861 ciphertext, ciphertext_len))
862 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
865 plaintext_len += len;
866 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
872 EVP_CIPHER_free(type);
874 EVP_PKEY_free(keypair);
875 EVP_CIPHER_CTX_free(ctx);
880 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
881 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
882 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
883 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
884 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
885 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
886 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
887 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
888 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
890 static int test_EVP_DigestSignInit(int tst)
893 EVP_PKEY *pkey = NULL;
894 unsigned char *sig = NULL;
896 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
897 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
898 BIO *mdbio = NULL, *membio = NULL;
901 EVP_MD *mdexp = NULL;
903 if (nullprov != NULL)
904 return TEST_skip("Test does not support a non-default library context");
907 membio = BIO_new(BIO_s_mem());
908 mdbio = BIO_new(BIO_f_md());
909 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
911 BIO_push(mdbio, membio);
912 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
915 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
916 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
920 if (tst == 0 || tst == 3 || tst == 6) {
921 if (!TEST_ptr(pkey = load_example_rsa_key()))
923 } else if (tst == 1 || tst == 4 || tst == 7) {
924 #ifndef OPENSSL_NO_DSA
925 if (!TEST_ptr(pkey = load_example_dsa_key()))
932 if (!TEST_ptr(pkey = load_example_hmac_key()))
936 if (tst >= 3 && tst <= 5)
937 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
941 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
945 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
948 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
952 /* Determine the size of the signature. */
953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
954 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
955 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
959 if (!TEST_int_gt(BIO_reset(mdbio), 0)
960 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
965 * Ensure that the signature round-trips (Verification isn't supported for
966 * HMAC via EVP_DigestVerify*)
968 if (tst != 2 && tst != 5 && tst != 8) {
969 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
974 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
977 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
981 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
990 EVP_MD_CTX_free(a_md_ctx);
991 EVP_MD_CTX_free(a_md_ctx_verify);
999 static int test_EVP_DigestVerifyInit(void)
1002 EVP_PKEY *pkey = NULL;
1003 EVP_MD_CTX *md_ctx = NULL;
1005 if (nullprov != NULL)
1006 return TEST_skip("Test does not support a non-default library context");
1008 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1009 || !TEST_ptr(pkey = load_example_rsa_key()))
1012 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1013 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1014 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1015 sizeof(kSignature))))
1020 EVP_MD_CTX_free(md_ctx);
1021 EVP_PKEY_free(pkey);
1026 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1028 static int test_EVP_Digest(void)
1031 EVP_MD_CTX *md_ctx = NULL;
1032 unsigned char md[EVP_MAX_MD_SIZE];
1033 EVP_MD *sha256 = NULL;
1034 EVP_MD *shake256 = NULL;
1036 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1039 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1040 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1043 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1044 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1045 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1046 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1047 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1050 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1051 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1052 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1053 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1054 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1056 * EVP_DigestInit_ex with NULL type should work on
1057 * pre-initialized context.
1059 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1062 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1063 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1064 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1065 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1066 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1067 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1072 EVP_MD_CTX_free(md_ctx);
1073 EVP_MD_free(sha256);
1074 EVP_MD_free(shake256);
1078 static int test_d2i_AutoPrivateKey(int i)
1081 const unsigned char *p;
1082 EVP_PKEY *pkey = NULL;
1083 const APK_DATA *ak = &keydata[i];
1084 const unsigned char *input = ak->kder;
1085 size_t input_len = ak->size;
1086 int expected_id = ak->evptype;
1089 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1090 || !TEST_ptr_eq(p, input + input_len)
1091 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1097 EVP_PKEY_free(pkey);
1101 #ifndef OPENSSL_NO_EC
1103 static const unsigned char ec_public_sect163k1_validxy[] = {
1104 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1105 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1106 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1107 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1108 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1109 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1112 static const unsigned char ec_public_sect163k1_badx[] = {
1113 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1114 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1115 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1116 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1117 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1118 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1121 static const unsigned char ec_public_sect163k1_bady[] = {
1122 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1123 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1124 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1125 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1126 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1127 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1130 static struct ec_der_pub_keys_st {
1131 const unsigned char *der;
1134 } ec_der_pub_keys[] = {
1135 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1136 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1137 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1141 * Tests the range of the decoded EC char2 public point.
1142 * See ec_GF2m_simple_oct2point().
1144 static int test_invalide_ec_char2_pub_range_decode(int id)
1149 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1150 ec_der_pub_keys[id].len);
1152 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1153 || TEST_ptr_null(pkey);
1154 EVP_PKEY_free(pkey);
1158 /* Tests loading a bad key in PKCS8 format */
1159 static int test_EVP_PKCS82PKEY(void)
1162 const unsigned char *derp = kExampleBadECKeyDER;
1163 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1164 EVP_PKEY *pkey = NULL;
1166 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1167 sizeof(kExampleBadECKeyDER))))
1170 if (!TEST_ptr_eq(derp,
1171 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1174 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1180 PKCS8_PRIV_KEY_INFO_free(p8inf);
1181 EVP_PKEY_free(pkey);
1187 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1189 EVP_PKEY *pkey = NULL;
1190 EVP_PKEY *pkey2 = NULL;
1192 char *membuf = NULL;
1193 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1196 if (testctx != NULL)
1197 /* test not supported with non-default context */
1200 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1201 || !TEST_ptr(pkey = load_example_rsa_key())
1202 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1203 NULL, 0, NULL, NULL),
1205 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1206 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1207 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1208 || !TEST_int_eq(ERR_get_error(), 0)) {
1214 EVP_PKEY_free(pkey);
1215 EVP_PKEY_free(pkey2);
1216 PKCS8_PRIV_KEY_INFO_free(p8inf);
1217 BIO_free_all(membio);
1221 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1222 static int test_privatekey_to_pkcs8(void)
1224 EVP_PKEY *pkey = NULL;
1226 char *membuf = NULL;
1227 long membuf_len = 0;
1230 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1231 || !TEST_ptr(pkey = load_example_rsa_key())
1232 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1233 NULL, 0, NULL, NULL),
1235 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1236 || !TEST_ptr(membuf)
1237 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1238 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1240 * We try to write PEM as well, just to see that it doesn't err, but
1241 * assume that the result is correct.
1243 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1244 NULL, 0, NULL, NULL),
1250 EVP_PKEY_free(pkey);
1251 BIO_free_all(membio);
1255 #ifndef OPENSSL_NO_EC
1256 static const struct {
1258 const char *encoding_name;
1259 } ec_encodings[] = {
1260 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1261 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1264 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1266 const OSSL_PARAM *p;
1267 const char *enc_name = NULL;
1273 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1274 OSSL_PKEY_PARAM_EC_ENCODING))
1275 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1278 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1279 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1280 *enc = ec_encodings[i].encoding;
1285 return (*enc != -1);
1288 static int test_EC_keygen_with_enc(int idx)
1290 EVP_PKEY *params = NULL, *key = NULL;
1291 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1295 enc = ec_encodings[idx].encoding;
1297 /* Create key parameters */
1298 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1299 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1300 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1301 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1302 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1303 || !TEST_ptr(params))
1307 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1308 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1309 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1313 /* Check that the encoding got all the way into the key */
1314 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1315 ec_export_get_encoding_cb, &enc))
1316 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1322 EVP_PKEY_free(params);
1323 EVP_PKEY_CTX_free(kctx);
1324 EVP_PKEY_CTX_free(pctx);
1329 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1331 static int test_EVP_SM2_verify(void)
1333 const char *pubkey =
1334 "-----BEGIN PUBLIC KEY-----\n"
1335 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1336 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1337 "-----END PUBLIC KEY-----\n";
1339 const char *msg = "message digest";
1340 const char *id = "ALICE123@YAHOO.COM";
1342 const uint8_t signature[] = {
1343 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1344 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1345 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1346 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1347 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1348 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1349 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1354 EVP_PKEY *pkey = NULL;
1355 EVP_MD_CTX *mctx = NULL;
1356 EVP_PKEY_CTX *pctx = NULL;
1359 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1360 if (!TEST_true(bio != NULL))
1363 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1364 if (!TEST_true(pkey != NULL))
1367 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1370 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1373 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1376 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1378 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1381 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1384 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1387 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1390 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1396 EVP_PKEY_free(pkey);
1397 EVP_PKEY_CTX_free(pctx);
1398 EVP_MD_CTX_free(mctx);
1403 static int test_EVP_SM2(void)
1406 EVP_PKEY *pkey = NULL;
1407 EVP_PKEY *pkeyparams = NULL;
1408 EVP_PKEY_CTX *pctx = NULL;
1409 EVP_PKEY_CTX *kctx = NULL;
1410 EVP_PKEY_CTX *sctx = NULL;
1412 unsigned char *sig = NULL;
1413 EVP_MD_CTX *md_ctx = NULL;
1414 EVP_MD_CTX *md_ctx_verify = NULL;
1415 EVP_PKEY_CTX *cctx = NULL;
1416 EVP_MD *check_md = NULL;
1418 uint8_t ciphertext[128];
1419 size_t ctext_len = sizeof(ciphertext);
1421 uint8_t plaintext[8];
1422 size_t ptext_len = sizeof(plaintext);
1424 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1426 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1427 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1429 char mdname[OSSL_MAX_NAME_SIZE];
1431 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1435 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1438 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1441 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1444 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1445 pkeyparams, testpropq)))
1448 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1451 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1454 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1457 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1460 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1463 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1464 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1466 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1469 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1472 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1475 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1478 /* Determine the size of the signature. */
1479 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1482 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1485 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1488 /* Ensure that the signature round-trips. */
1490 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1494 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1497 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1500 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1503 /* now check encryption/decryption */
1505 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1506 mdname, sizeof(mdname));
1507 for (i = 0; i < 2; i++) {
1508 const char *mdnames[] = {
1509 #ifndef OPENSSL_NO_SM3
1515 EVP_PKEY_CTX_free(cctx);
1517 if (mdnames[i] == NULL)
1521 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1522 (char *)mdnames[i], 0);
1524 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1528 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1531 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1534 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1538 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1541 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1544 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1548 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1552 * Test we're still using the digest we think we are.
1553 * Because of aliases, the easiest is to fetch the digest and
1554 * check the name with EVP_MD_is_a().
1556 EVP_MD_free(check_md);
1557 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1559 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1560 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1564 if (!TEST_true(ptext_len == sizeof(kMsg)))
1567 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1573 EVP_PKEY_CTX_free(pctx);
1574 EVP_PKEY_CTX_free(kctx);
1575 EVP_PKEY_CTX_free(sctx);
1576 EVP_PKEY_CTX_free(cctx);
1577 EVP_PKEY_free(pkey);
1578 EVP_PKEY_free(pkeyparams);
1579 EVP_MD_CTX_free(md_ctx);
1580 EVP_MD_CTX_free(md_ctx_verify);
1581 EVP_MD_free(check_md);
1588 static struct keys_st {
1594 EVP_PKEY_HMAC, "0123456789", NULL
1595 #ifndef OPENSSL_NO_POLY1305
1597 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1599 #ifndef OPENSSL_NO_SIPHASH
1601 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1604 #ifndef OPENSSL_NO_EC
1606 EVP_PKEY_X25519, "01234567890123456789012345678901",
1607 "abcdefghijklmnopqrstuvwxyzabcdef"
1609 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1610 "abcdefghijklmnopqrstuvwxyzabcdef"
1613 "01234567890123456789012345678901234567890123456789012345",
1614 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1617 "012345678901234567890123456789012345678901234567890123456",
1618 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1623 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1626 unsigned char buf[80];
1628 size_t inlen, len = 0;
1631 /* Check if this algorithm supports public keys */
1632 if (pub && keys[tst].pub == NULL)
1635 memset(buf, 0, sizeof(buf));
1638 #ifndef OPENSSL_NO_EC
1639 inlen = strlen(keys[tst].pub);
1640 in = (unsigned char *)keys[tst].pub;
1642 pkey = EVP_PKEY_new_raw_public_key_ex(
1644 OBJ_nid2sn(keys[tst].type),
1649 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1658 inlen = strlen(keys[tst].priv);
1659 in = (unsigned char *)keys[tst].priv;
1661 pkey = EVP_PKEY_new_raw_private_key_ex(
1662 testctx, OBJ_nid2sn(keys[tst].type),
1667 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1675 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1676 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1677 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1678 || !TEST_true(len == inlen)
1679 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1680 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1681 || !TEST_mem_eq(in, inlen, buf, len))
1686 EVP_PKEY_free(pkey);
1690 static int test_set_get_raw_keys(int tst)
1692 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1693 && test_set_get_raw_keys_int(tst, 0, 1)
1694 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1695 && test_set_get_raw_keys_int(tst, 1, 1);
1698 #ifndef OPENSSL_NO_DEPRECATED_3_0
1699 static int pkey_custom_check(EVP_PKEY *pkey)
1704 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1709 static int pkey_custom_param_check(EVP_PKEY *pkey)
1714 static EVP_PKEY_METHOD *custom_pmeth;
1717 static int test_EVP_PKEY_check(int i)
1720 EVP_PKEY *pkey = NULL;
1721 EVP_PKEY_CTX *ctx = NULL;
1722 #ifndef OPENSSL_NO_DEPRECATED_3_0
1723 EVP_PKEY_CTX *ctx2 = NULL;
1725 const APK_DATA *ak = &keycheckdata[i];
1726 const unsigned char *input = ak->kder;
1727 size_t input_len = ak->size;
1728 int expected_id = ak->evptype;
1729 int expected_check = ak->check;
1730 int expected_pub_check = ak->pub_check;
1731 int expected_param_check = ak->param_check;
1732 int type = ak->type;
1734 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1737 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1740 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1743 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1746 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1749 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1752 #ifndef OPENSSL_NO_DEPRECATED_3_0
1753 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1754 /* assign the pkey directly, as an internal test */
1755 EVP_PKEY_up_ref(pkey);
1758 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1761 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1764 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1771 EVP_PKEY_CTX_free(ctx);
1772 #ifndef OPENSSL_NO_DEPRECATED_3_0
1773 EVP_PKEY_CTX_free(ctx2);
1775 EVP_PKEY_free(pkey);
1779 #ifndef OPENSSL_NO_CMAC
1780 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1782 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1783 const char msg[] = "Hello World";
1787 if (!TEST_ptr(mdctx)
1788 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1789 testpropq, pkey, NULL))
1790 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1791 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1792 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1795 EVP_MD_CTX_free(mdctx);
1799 static int test_CMAC_keygen(void)
1801 static unsigned char key[] = {
1802 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1803 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1804 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1806 EVP_PKEY_CTX *kctx = NULL;
1808 EVP_PKEY *pkey = NULL;
1809 unsigned char mac[AES_BLOCK_SIZE];
1810 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1811 unsigned char mac2[AES_BLOCK_SIZE];
1814 if (nullprov != NULL)
1815 return TEST_skip("Test does not support a non-default library context");
1818 * This is a legacy method for CMACs, but should still work.
1819 * This verifies that it works without an ENGINE.
1821 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1823 /* Test a CMAC key created using the "generated" method */
1824 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1825 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1826 EVP_PKEY_CTRL_CIPHER,
1827 0, (void *)EVP_aes_256_ecb()), 0)
1828 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1829 EVP_PKEY_CTRL_SET_MAC_KEY,
1830 sizeof(key), (void *)key), 0)
1831 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1833 || !TEST_true(get_cmac_val(pkey, mac)))
1836 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1837 EVP_PKEY_free(pkey);
1840 * Test a CMAC key using the direct method, and compare with the mac
1843 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1845 || !TEST_true(get_cmac_val(pkey, mac2))
1846 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1853 EVP_PKEY_free(pkey);
1854 EVP_PKEY_CTX_free(kctx);
1859 static int test_HKDF(void)
1862 unsigned char out[20];
1865 unsigned char salt[] = "0123456789";
1866 unsigned char key[] = "012345678901234567890123456789";
1867 unsigned char info[] = "infostring";
1868 const unsigned char expected[] = {
1869 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1870 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1872 size_t expectedlen = sizeof(expected);
1874 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1877 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1878 for (i = 0; i < 2; i++) {
1879 outlen = sizeof(out);
1880 memset(out, 0, outlen);
1882 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1883 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1884 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1885 sizeof(salt) - 1), 0)
1886 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1887 sizeof(key) - 1), 0)
1888 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1889 sizeof(info) - 1), 0)
1890 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1891 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1898 EVP_PKEY_CTX_free(pctx);
1903 static int test_emptyikm_HKDF(void)
1906 unsigned char out[20];
1909 unsigned char salt[] = "9876543210";
1910 unsigned char key[] = "";
1911 unsigned char info[] = "stringinfo";
1912 const unsigned char expected[] = {
1913 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1914 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1916 size_t expectedlen = sizeof(expected);
1918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1921 outlen = sizeof(out);
1922 memset(out, 0, outlen);
1924 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1925 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1926 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1927 sizeof(salt) - 1), 0)
1928 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1929 sizeof(key) - 1), 0)
1930 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1931 sizeof(info) - 1), 0)
1932 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1933 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1939 EVP_PKEY_CTX_free(pctx);
1944 #ifndef OPENSSL_NO_EC
1945 static int test_X509_PUBKEY_inplace(void)
1948 X509_PUBKEY *xp = NULL;
1949 const unsigned char *p = kExampleECPubKeyDER;
1950 size_t input_len = sizeof(kExampleECPubKeyDER);
1952 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1955 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1958 p = kExampleBadECPubKeyDER;
1959 input_len = sizeof(kExampleBadECPubKeyDER);
1961 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1964 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1970 X509_PUBKEY_free(xp);
1974 static int test_X509_PUBKEY_dup(void)
1977 X509_PUBKEY *xp = NULL, *xq = NULL;
1978 const unsigned char *p = kExampleECPubKeyDER;
1979 size_t input_len = sizeof(kExampleECPubKeyDER);
1981 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1982 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1983 || !TEST_ptr_ne(xp, xq))
1986 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1987 || !TEST_ptr(X509_PUBKEY_get0(xp))
1988 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1991 X509_PUBKEY_free(xq);
1993 p = kExampleBadECPubKeyDER;
1994 input_len = sizeof(kExampleBadECPubKeyDER);
1996 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1997 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2000 X509_PUBKEY_free(xp);
2002 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2008 X509_PUBKEY_free(xp);
2009 X509_PUBKEY_free(xq);
2012 #endif /* OPENSSL_NO_EC */
2014 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2015 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2017 EVP_MD_CTX *mdctx = NULL;
2018 EVP_PKEY_CTX *ctx = NULL;
2019 const OSSL_PARAM *params;
2020 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2023 char mdname[OSSL_MAX_NAME_SIZE];
2026 /* Initialise a sign operation */
2027 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2029 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2033 * We should be able to query the parameters now.
2035 params = EVP_PKEY_CTX_settable_params(ctx);
2036 if (!TEST_ptr(params)
2037 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2038 OSSL_SIGNATURE_PARAM_DIGEST)))
2041 params = EVP_PKEY_CTX_gettable_params(ctx);
2042 if (!TEST_ptr(params)
2043 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2044 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2045 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2046 OSSL_SIGNATURE_PARAM_DIGEST)))
2050 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2051 * EVP_PKEY_CTX_get_params()
2053 strcpy(mdname, "SHA512");
2055 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2057 *param++ = OSSL_PARAM_construct_end();
2059 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2063 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2064 mdname, sizeof(mdname));
2065 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2066 || !TEST_str_eq(mdname, "SHA512"))
2070 * Test the TEST_PKEY_CTX_set_signature_md() and
2071 * TEST_PKEY_CTX_get_signature_md() functions
2073 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2074 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2075 || !TEST_ptr_eq(md, EVP_sha256()))
2079 * Test getting MD parameters via an associated EVP_PKEY_CTX
2081 mdctx = EVP_MD_CTX_new();
2082 if (!TEST_ptr(mdctx)
2083 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2088 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2089 * able to obtain the digest's settable parameters from the provider.
2091 params = EVP_MD_CTX_settable_params(mdctx);
2092 if (!TEST_ptr(params)
2093 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2094 /* The final key should be NULL */
2095 || !TEST_ptr_null(params[1].key))
2099 memset(ssl3ms, 0, sizeof(ssl3ms));
2100 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2101 ssl3ms, sizeof(ssl3ms));
2102 *param++ = OSSL_PARAM_construct_end();
2104 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2110 EVP_MD_CTX_free(mdctx);
2111 EVP_PKEY_CTX_free(ctx);
2116 #ifndef OPENSSL_NO_DSA
2117 static int test_DSA_get_set_params(void)
2119 OSSL_PARAM_BLD *bld = NULL;
2120 OSSL_PARAM *params = NULL;
2121 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2122 EVP_PKEY_CTX *pctx = NULL;
2123 EVP_PKEY *pkey = NULL;
2127 * Setup the parameters for our DSA object. For our purposes they don't
2128 * have to actually be *valid* parameters. We just need to set something.
2130 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2131 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2132 || !TEST_ptr(p = BN_new())
2133 || !TEST_ptr(q = BN_new())
2134 || !TEST_ptr(g = BN_new())
2135 || !TEST_ptr(pub = BN_new())
2136 || !TEST_ptr(priv = BN_new()))
2138 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2139 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2140 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2141 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2143 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2146 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2149 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2150 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2154 if (!TEST_ptr(pkey))
2157 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2160 EVP_PKEY_free(pkey);
2161 EVP_PKEY_CTX_free(pctx);
2162 OSSL_PARAM_free(params);
2163 OSSL_PARAM_BLD_free(bld);
2174 * Test combinations of private, public, missing and private + public key
2175 * params to ensure they are all accepted
2177 static int test_DSA_priv_pub(void)
2179 return test_EVP_PKEY_ffc_priv_pub("DSA");
2182 #endif /* !OPENSSL_NO_DSA */
2184 static int test_RSA_get_set_params(void)
2186 OSSL_PARAM_BLD *bld = NULL;
2187 OSSL_PARAM *params = NULL;
2188 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2189 EVP_PKEY_CTX *pctx = NULL;
2190 EVP_PKEY *pkey = NULL;
2194 * Setup the parameters for our RSA object. For our purposes they don't
2195 * have to actually be *valid* parameters. We just need to set something.
2197 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2198 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2199 || !TEST_ptr(n = BN_new())
2200 || !TEST_ptr(e = BN_new())
2201 || !TEST_ptr(d = BN_new()))
2203 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2204 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2205 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2207 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2210 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2211 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2215 if (!TEST_ptr(pkey))
2218 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2221 EVP_PKEY_free(pkey);
2222 EVP_PKEY_CTX_free(pctx);
2223 OSSL_PARAM_free(params);
2224 OSSL_PARAM_BLD_free(bld);
2232 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2233 static int test_decrypt_null_chunks(void)
2235 EVP_CIPHER_CTX* ctx = NULL;
2236 EVP_CIPHER *cipher = NULL;
2237 const unsigned char key[32] = {
2238 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2239 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2240 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2242 unsigned char iv[12] = {
2243 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2245 unsigned char msg[] = "It was the best of times, it was the worst of times";
2246 unsigned char ciphertext[80];
2247 unsigned char plaintext[80];
2248 /* We initialise tmp to a non zero value on purpose */
2249 int ctlen, ptlen, tmp = 99;
2251 const int enc_offset = 10, dec_offset = 20;
2253 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2254 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2255 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2257 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2259 /* Deliberate add a zero length update */
2260 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2262 || !TEST_int_eq(tmp, 0)
2263 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2265 sizeof(msg) - enc_offset))
2266 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2267 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2268 || !TEST_int_eq(tmp, 0))
2271 /* Deliberately initialise tmp to a non zero value */
2273 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2274 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2277 * Deliberately add a zero length update. We also deliberately do
2278 * this at a different offset than for encryption.
2280 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2282 || !TEST_int_eq(tmp, 0)
2283 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2284 ciphertext + dec_offset,
2285 ctlen - dec_offset))
2286 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2287 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2288 || !TEST_int_eq(tmp, 0)
2289 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2294 EVP_CIPHER_CTX_free(ctx);
2295 EVP_CIPHER_free(cipher);
2298 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2300 #ifndef OPENSSL_NO_DH
2302 * Test combinations of private, public, missing and private + public key
2303 * params to ensure they are all accepted
2305 static int test_DH_priv_pub(void)
2307 return test_EVP_PKEY_ffc_priv_pub("DH");
2310 # ifndef OPENSSL_NO_DEPRECATED_3_0
2311 static int test_EVP_PKEY_set1_DH(void)
2313 DH *x942dh = NULL, *noqdh = NULL;
2314 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2316 BIGNUM *p, *g = NULL;
2318 if (!TEST_ptr(p = BN_new())
2319 || !TEST_ptr(g = BN_new())
2320 || !BN_set_word(p, 9999)
2321 || !BN_set_word(g, 2)
2322 || !TEST_ptr(noqdh = DH_new())
2323 || !DH_set0_pqg(noqdh, p, NULL, g))
2327 x942dh = DH_get_2048_256();
2328 pkey1 = EVP_PKEY_new();
2329 pkey2 = EVP_PKEY_new();
2330 if (!TEST_ptr(x942dh)
2333 || !TEST_ptr(pkey2))
2336 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2337 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2340 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2341 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2348 EVP_PKEY_free(pkey1);
2349 EVP_PKEY_free(pkey2);
2355 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2356 #endif /* !OPENSSL_NO_DH */
2359 * We test what happens with an empty template. For the sake of this test,
2360 * the template must be ignored, and we know that's the case for RSA keys
2361 * (this might arguably be a misfeature, but that's what we currently do,
2362 * even in provider code, since that's how the legacy RSA implementation
2365 static int test_keygen_with_empty_template(int n)
2367 EVP_PKEY_CTX *ctx = NULL;
2368 EVP_PKEY *pkey = NULL;
2369 EVP_PKEY *tkey = NULL;
2372 if (nullprov != NULL)
2373 return TEST_skip("Test does not support a non-default library context");
2377 /* We do test with no template at all as well */
2378 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2382 /* Here we create an empty RSA key that serves as our template */
2383 if (!TEST_ptr(tkey = EVP_PKEY_new())
2384 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2385 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2390 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2391 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2396 EVP_PKEY_CTX_free(ctx);
2397 EVP_PKEY_free(pkey);
2398 EVP_PKEY_free(tkey);
2403 * Test that we fail if we attempt to use an algorithm that is not available
2404 * in the current library context (unless we are using an algorithm that
2405 * should be made available via legacy codepaths).
2410 static int test_pkey_ctx_fail_without_provider(int tst)
2412 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2413 OSSL_PROVIDER *tmpnullprov = NULL;
2414 EVP_PKEY_CTX *pctx = NULL;
2415 const char *keytype = NULL;
2416 int expect_null = 0;
2419 if (!TEST_ptr(tmpctx))
2422 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2423 if (!TEST_ptr(tmpnullprov))
2427 * We check for certain algos in the null provider.
2428 * If an algo is expected to have a provider keymgmt, contructing an
2429 * EVP_PKEY_CTX is expected to fail (return NULL).
2430 * Otherwise, if it's expected to have legacy support, contructing an
2431 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2441 #ifdef OPENSSL_NO_EC
2442 TEST_info("EC disable, skipping SM2 check...");
2445 #ifdef OPENSSL_NO_SM2
2446 TEST_info("SM2 disable, skipping SM2 check...");
2451 TEST_error("No test for case %d", tst);
2455 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2456 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2459 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2465 EVP_PKEY_CTX_free(pctx);
2466 OSSL_PROVIDER_unload(tmpnullprov);
2467 OSSL_LIB_CTX_free(tmpctx);
2471 static int test_rand_agglomeration(void)
2475 OSSL_PARAM params[3], *p = params;
2477 unsigned int step = 7;
2478 static unsigned char seed[] = "It does not matter how slowly you go "
2479 "as long as you do not stop.";
2480 unsigned char out[sizeof(seed)];
2482 if (!TEST_int_ne(sizeof(seed) % step, 0)
2483 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2485 ctx = EVP_RAND_CTX_new(rand, NULL);
2486 EVP_RAND_free(rand);
2490 memset(out, 0, sizeof(out));
2491 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2492 seed, sizeof(seed));
2493 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2494 *p = OSSL_PARAM_construct_end();
2495 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2496 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2497 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2498 EVP_RAND_CTX_free(ctx);
2503 * Test that we correctly return the original or "running" IV after
2504 * an encryption operation.
2505 * Run multiple times for some different relevant algorithms/modes.
2507 static int test_evp_iv_aes(int idx)
2510 EVP_CIPHER_CTX *ctx = NULL;
2511 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2512 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2513 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2514 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2515 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2516 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2517 9, 10, 11, 12, 13, 14, 15, 16 };
2518 unsigned char ciphertext[32], oiv[16], iv[16];
2519 unsigned char *ref_iv;
2520 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2521 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2523 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2524 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2525 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2526 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2527 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2528 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2529 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2530 #ifndef OPENSSL_NO_OCB
2531 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2532 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2534 int len = sizeof(ciphertext);
2535 size_t ivlen, ref_len;
2536 const EVP_CIPHER *type = NULL;
2539 if (nullprov != NULL && idx < 6)
2540 return TEST_skip("Test does not support a non-default library context");
2544 type = EVP_aes_128_cbc();
2547 type = (type != NULL) ? type :
2548 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2550 ref_len = sizeof(cbc_state);
2554 type = EVP_aes_128_ofb();
2557 type = (type != NULL) ? type :
2558 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2560 ref_len = sizeof(ofb_state);
2564 type = EVP_aes_128_cfb();
2567 type = (type != NULL) ? type :
2568 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2570 ref_len = sizeof(cfb_state);
2574 type = EVP_aes_128_gcm();
2577 type = (type != NULL) ? type :
2578 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2580 ref_len = sizeof(gcm_state);
2583 type = EVP_aes_128_ccm();
2586 type = (type != NULL) ? type :
2587 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2589 ref_len = sizeof(ccm_state);
2591 #ifdef OPENSSL_NO_OCB
2597 type = EVP_aes_128_ocb();
2600 type = (type != NULL) ? type :
2601 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2603 ref_len = sizeof(ocb_state);
2611 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2612 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2613 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2615 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2616 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2617 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2619 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2620 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2621 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2624 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2625 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2626 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2629 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2632 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2638 EVP_CIPHER_CTX_free(ctx);
2640 EVP_CIPHER_free((EVP_CIPHER *)type);
2644 #ifndef OPENSSL_NO_DES
2645 static int test_evp_iv_des(int idx)
2648 EVP_CIPHER_CTX *ctx = NULL;
2649 static const unsigned char key[24] = {
2650 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2651 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2652 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2654 static const unsigned char init_iv[8] = {
2655 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2657 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2658 9, 10, 11, 12, 13, 14, 15, 16 };
2659 unsigned char ciphertext[32], oiv[8], iv[8];
2660 unsigned const char *ref_iv;
2661 static const unsigned char cbc_state_des[8] = {
2662 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2664 static const unsigned char cbc_state_3des[8] = {
2665 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2667 static const unsigned char ofb_state_des[8] = {
2668 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2670 static const unsigned char ofb_state_3des[8] = {
2671 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2673 static const unsigned char cfb_state_des[8] = {
2674 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2676 static const unsigned char cfb_state_3des[8] = {
2677 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2679 int len = sizeof(ciphertext);
2680 size_t ivlen, ref_len;
2681 EVP_CIPHER *type = NULL;
2683 if (lgcyprov == NULL && idx < 3)
2684 return TEST_skip("Test requires legacy provider to be loaded");
2688 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2689 ref_iv = cbc_state_des;
2690 ref_len = sizeof(cbc_state_des);
2693 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2694 ref_iv = ofb_state_des;
2695 ref_len = sizeof(ofb_state_des);
2698 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2699 ref_iv = cfb_state_des;
2700 ref_len = sizeof(cfb_state_des);
2703 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2704 ref_iv = cbc_state_3des;
2705 ref_len = sizeof(cbc_state_3des);
2708 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2709 ref_iv = ofb_state_3des;
2710 ref_len = sizeof(ofb_state_3des);
2713 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2714 ref_iv = cfb_state_3des;
2715 ref_len = sizeof(cfb_state_3des);
2722 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2723 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2724 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2726 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2727 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2728 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2730 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2731 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2732 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2735 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2736 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2738 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2743 EVP_CIPHER_CTX_free(ctx);
2744 EVP_CIPHER_free(type);
2749 #ifndef OPENSSL_NO_EC
2750 static int ecpub_nids[] = {
2751 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2752 NID_secp384r1, NID_secp521r1,
2753 # ifndef OPENSSL_NO_EC2M
2754 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2755 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2757 NID_brainpoolP384r1, NID_brainpoolP512r1
2760 static int test_ecpub(int idx)
2762 int ret = 0, len, savelen;
2764 unsigned char buf[1024];
2766 EVP_PKEY *pkey = NULL;
2767 EVP_PKEY_CTX *ctx = NULL;
2768 # ifndef OPENSSL_NO_DEPRECATED_3_0
2769 const unsigned char *q;
2770 EVP_PKEY *pkey2 = NULL;
2774 if (nullprov != NULL)
2775 return TEST_skip("Test does not support a non-default library context");
2777 nid = ecpub_nids[idx];
2779 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2781 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2782 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2783 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2785 len = i2d_PublicKey(pkey, NULL);
2787 if (!TEST_int_ge(len, 1)
2788 || !TEST_int_lt(len, 1024))
2791 len = i2d_PublicKey(pkey, &p);
2792 if (!TEST_int_ge(len, 1)
2793 || !TEST_int_eq(len, savelen))
2796 # ifndef OPENSSL_NO_DEPRECATED_3_0
2797 /* Now try to decode the just-created DER. */
2799 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2800 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2801 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2803 /* EC_KEY ownership transferred */
2805 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2807 /* The keys should match. */
2808 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2815 EVP_PKEY_CTX_free(ctx);
2816 EVP_PKEY_free(pkey);
2817 # ifndef OPENSSL_NO_DEPRECATED_3_0
2818 EVP_PKEY_free(pkey2);
2825 static int test_EVP_rsa_pss_with_keygen_bits(void)
2828 EVP_PKEY_CTX *ctx = NULL;
2829 EVP_PKEY *pkey = NULL;
2832 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2834 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2835 && TEST_true(EVP_PKEY_keygen_init(ctx))
2836 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2837 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2838 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2841 EVP_PKEY_free(pkey);
2842 EVP_PKEY_CTX_free(ctx);
2846 static int success = 1;
2847 static void md_names(const char *name, void *vctx)
2849 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2850 /* Force a namemap update */
2851 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2853 if (!TEST_ptr(aes128))
2856 EVP_CIPHER_free(aes128);
2860 * Test that changing the namemap in a user callback works in a names_do_all
2863 static int test_names_do_all(void)
2865 /* We use a custom libctx so that we know the state of the namemap */
2866 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2867 EVP_MD *sha256 = NULL;
2873 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2874 if (!TEST_ptr(sha256))
2878 * We loop through all the names for a given digest. This should still work
2879 * even if the namemap changes part way through.
2881 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2884 if (!TEST_true(success))
2889 EVP_MD_free(sha256);
2890 OSSL_LIB_CTX_free(ctx);
2894 typedef enum OPTION_choice {
2901 const OPTIONS *test_get_options(void)
2903 static const OPTIONS options[] = {
2904 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2905 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2911 int setup_tests(void)
2915 while ((o = opt_next()) != OPT_EOF) {
2918 /* Set up an alternate library context */
2919 testctx = OSSL_LIB_CTX_new();
2920 if (!TEST_ptr(testctx))
2922 /* Swap the libctx to test non-default context only */
2923 nullprov = OSSL_PROVIDER_load(NULL, "null");
2924 deflprov = OSSL_PROVIDER_load(testctx, "default");
2925 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2927 case OPT_TEST_CASES:
2934 ADD_TEST(test_EVP_set_default_properties);
2935 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2936 ADD_TEST(test_EVP_DigestVerifyInit);
2937 ADD_TEST(test_EVP_Digest);
2938 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
2939 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2940 ADD_TEST(test_privatekey_to_pkcs8);
2941 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
2942 #ifndef OPENSSL_NO_EC
2943 ADD_TEST(test_EVP_PKCS82PKEY);
2945 #ifndef OPENSSL_NO_EC
2946 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2948 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2949 ADD_TEST(test_EVP_SM2);
2950 ADD_TEST(test_EVP_SM2_verify);
2952 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2953 #ifndef OPENSSL_NO_DEPRECATED_3_0
2954 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2955 if (!TEST_ptr(custom_pmeth))
2957 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2958 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2959 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2960 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2963 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2964 #ifndef OPENSSL_NO_CMAC
2965 ADD_TEST(test_CMAC_keygen);
2967 ADD_TEST(test_HKDF);
2968 ADD_TEST(test_emptyikm_HKDF);
2969 #ifndef OPENSSL_NO_EC
2970 ADD_TEST(test_X509_PUBKEY_inplace);
2971 ADD_TEST(test_X509_PUBKEY_dup);
2972 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2973 OSSL_NELEM(ec_der_pub_keys));
2975 #ifndef OPENSSL_NO_DSA
2976 ADD_TEST(test_DSA_get_set_params);
2977 ADD_TEST(test_DSA_priv_pub);
2979 ADD_TEST(test_RSA_get_set_params);
2980 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2981 ADD_TEST(test_decrypt_null_chunks);
2983 #ifndef OPENSSL_NO_DH
2984 ADD_TEST(test_DH_priv_pub);
2985 # ifndef OPENSSL_NO_DEPRECATED_3_0
2986 ADD_TEST(test_EVP_PKEY_set1_DH);
2989 #ifndef OPENSSL_NO_EC
2990 ADD_TEST(test_EC_priv_pub);
2991 # ifndef OPENSSL_NO_DEPRECATED_3_0
2992 ADD_TEST(test_EC_priv_only_legacy);
2995 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2996 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2998 ADD_TEST(test_rand_agglomeration);
2999 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3000 #ifndef OPENSSL_NO_DES
3001 ADD_ALL_TESTS(test_evp_iv_des, 6);
3003 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3004 #ifndef OPENSSL_NO_EC
3005 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3008 ADD_TEST(test_names_do_all);
3013 void cleanup_tests(void)
3015 OSSL_PROVIDER_unload(nullprov);
3016 OSSL_PROVIDER_unload(deflprov);
3017 OSSL_PROVIDER_unload(lgcyprov);
3018 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob