2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
413 int type; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
458 static EVP_PKEY *load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
472 static EVP_PKEY *load_example_hmac_key(void)
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
482 NULL, key, sizeof(key));
489 static int test_EVP_set_default_properties(void)
495 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
496 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
501 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
502 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
508 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
509 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
514 OSSL_LIB_CTX_free(ctx);
518 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
519 static int test_fromdata(char *keytype, OSSL_PARAM *params)
521 EVP_PKEY_CTX *pctx = NULL;
522 EVP_PKEY *pkey = NULL;
525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
527 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
528 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
538 EVP_PKEY_CTX_free(pctx);
542 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
545 * Test combinations of private, public, missing and private + public key
546 * params to ensure they are all accepted
548 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
549 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
551 OSSL_PARAM_BLD *bld = NULL;
552 OSSL_PARAM *params = NULL;
553 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
557 * Setup the parameters for our pkey object. For our purposes they don't
558 * have to actually be *valid* parameters. We just need to set something.
560 if (!TEST_ptr(p = BN_new())
561 || !TEST_ptr(q = BN_new())
562 || !TEST_ptr(g = BN_new())
563 || !TEST_ptr(pub = BN_new())
564 || !TEST_ptr(priv = BN_new()))
567 /* Test !priv and !pub */
568 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
573 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
576 if (!test_fromdata(keytype, params))
578 OSSL_PARAM_free(params);
580 OSSL_PARAM_BLD_free(bld);
582 /* Test priv and !pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
590 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
593 if (!test_fromdata(keytype, params))
595 OSSL_PARAM_free(params);
597 OSSL_PARAM_BLD_free(bld);
599 /* Test !priv and pub */
600 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
607 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
610 if (!test_fromdata(keytype, params))
612 OSSL_PARAM_free(params);
614 OSSL_PARAM_BLD_free(bld);
616 /* Test priv and pub */
617 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
618 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
620 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
626 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
629 if (!test_fromdata(keytype, params))
634 OSSL_PARAM_free(params);
635 OSSL_PARAM_BLD_free(bld);
644 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
647 * Test combinations of private, public, missing and private + public key
648 * params to ensure they are all accepted for EC keys
650 #ifndef OPENSSL_NO_EC
651 static unsigned char ec_priv[] = {
652 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
653 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
654 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
656 static unsigned char ec_pub[] = {
657 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
658 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
659 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
660 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
661 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
662 0x08, 0x09, 0xb8, 0xdb, 0x03
665 static int test_EC_priv_pub(void)
667 OSSL_PARAM_BLD *bld = NULL;
668 OSSL_PARAM *params = NULL;
673 * Setup the parameters for our pkey object. For our purposes they don't
674 * have to actually be *valid* parameters. We just need to set something.
676 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
679 /* Test !priv and !pub */
680 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
681 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
682 OSSL_PKEY_PARAM_GROUP_NAME,
685 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
688 if (!test_fromdata("EC", params))
690 OSSL_PARAM_free(params);
692 OSSL_PARAM_BLD_free(bld);
694 /* Test priv and !pub */
695 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
696 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
697 OSSL_PKEY_PARAM_GROUP_NAME,
699 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
702 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
705 if (!test_fromdata("EC", params))
707 OSSL_PARAM_free(params);
709 OSSL_PARAM_BLD_free(bld);
711 /* Test !priv and pub */
712 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
713 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
714 OSSL_PKEY_PARAM_GROUP_NAME,
716 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
717 OSSL_PKEY_PARAM_PUB_KEY,
718 ec_pub, sizeof(ec_pub))))
720 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
723 if (!test_fromdata("EC", params))
725 OSSL_PARAM_free(params);
727 OSSL_PARAM_BLD_free(bld);
729 /* Test priv and pub */
730 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
731 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
732 OSSL_PKEY_PARAM_GROUP_NAME,
734 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
735 OSSL_PKEY_PARAM_PUB_KEY,
736 ec_pub, sizeof(ec_pub)))
737 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
740 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
743 if (!test_fromdata("EC", params))
748 OSSL_PARAM_free(params);
749 OSSL_PARAM_BLD_free(bld);
755 /* Test that using a legacy EC key with only a private key in it works */
756 # ifndef OPENSSL_NO_DEPRECATED_3_0
757 static int test_EC_priv_only_legacy(void)
761 EC_KEY *eckey = NULL;
762 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
763 EVP_MD_CTX *ctx = NULL;
765 /* Create the low level EC_KEY */
766 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
769 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
770 if (!TEST_ptr(eckey))
773 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
776 pkey = EVP_PKEY_new();
780 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
784 while (dup_pk == NULL) {
786 ctx = EVP_MD_CTX_new();
791 * The EVP_DigestSignInit function should create the key on the
792 * provider side which is sufficient for this test.
794 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
795 testpropq, pkey, NULL)))
797 EVP_MD_CTX_free(ctx);
800 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
802 /* EVP_PKEY_eq() returns -2 with missing public keys */
803 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
811 EVP_MD_CTX_free(ctx);
818 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
819 #endif /* OPENSSL_NO_EC */
821 static int test_EVP_Enveloped(void)
824 EVP_CIPHER_CTX *ctx = NULL;
825 EVP_PKEY *keypair = NULL;
826 unsigned char *kek = NULL;
827 unsigned char iv[EVP_MAX_IV_LENGTH];
828 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
829 int len, kek_len, ciphertext_len, plaintext_len;
830 unsigned char ciphertext[32], plaintext[16];
831 const EVP_CIPHER *type = NULL;
833 if (nullprov != NULL)
834 return TEST_skip("Test does not support a non-default library context");
836 type = EVP_aes_256_cbc();
838 if (!TEST_ptr(keypair = load_example_rsa_key())
839 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
840 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
841 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
843 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
845 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
849 ciphertext_len += len;
851 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
852 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
853 ciphertext, ciphertext_len))
854 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
857 plaintext_len += len;
858 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
864 EVP_PKEY_free(keypair);
865 EVP_CIPHER_CTX_free(ctx);
870 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
871 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
872 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
873 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
874 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
875 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
876 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
877 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
878 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
880 static int test_EVP_DigestSignInit(int tst)
883 EVP_PKEY *pkey = NULL;
884 unsigned char *sig = NULL;
886 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
887 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
888 BIO *mdbio = NULL, *membio = NULL;
891 EVP_MD *mdexp = NULL;
893 if (nullprov != NULL)
894 return TEST_skip("Test does not support a non-default library context");
897 membio = BIO_new(BIO_s_mem());
898 mdbio = BIO_new(BIO_f_md());
899 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
901 BIO_push(mdbio, membio);
902 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
905 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
906 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
910 if (tst == 0 || tst == 3 || tst == 6) {
911 if (!TEST_ptr(pkey = load_example_rsa_key()))
913 } else if (tst == 1 || tst == 4 || tst == 7) {
914 #ifndef OPENSSL_NO_DSA
915 if (!TEST_ptr(pkey = load_example_dsa_key()))
922 if (!TEST_ptr(pkey = load_example_hmac_key()))
926 if (tst >= 3 && tst <= 5)
927 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
931 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
935 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
938 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
942 /* Determine the size of the signature. */
943 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
944 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
945 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
949 if (!TEST_int_gt(BIO_reset(mdbio), 0)
950 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
955 * Ensure that the signature round-trips (Verification isn't supported for
956 * HMAC via EVP_DigestVerify*)
958 if (tst != 2 && tst != 5 && tst != 8) {
959 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
964 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
967 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
971 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
980 EVP_MD_CTX_free(a_md_ctx);
981 EVP_MD_CTX_free(a_md_ctx_verify);
989 static int test_EVP_DigestVerifyInit(void)
992 EVP_PKEY *pkey = NULL;
993 EVP_MD_CTX *md_ctx = NULL;
995 if (nullprov != NULL)
996 return TEST_skip("Test does not support a non-default library context");
998 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
999 || !TEST_ptr(pkey = load_example_rsa_key()))
1002 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1003 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1004 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1005 sizeof(kSignature))))
1010 EVP_MD_CTX_free(md_ctx);
1011 EVP_PKEY_free(pkey);
1016 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1018 static int test_EVP_Digest(void)
1021 EVP_MD_CTX *md_ctx = NULL;
1022 unsigned char md[EVP_MAX_MD_SIZE];
1023 EVP_MD *sha256 = NULL;
1024 EVP_MD *shake256 = NULL;
1026 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1029 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1030 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1036 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1037 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1040 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1041 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1042 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1043 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1044 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1046 * EVP_DigestInit_ex with NULL type should work on
1047 * pre-initialized context.
1049 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1052 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1053 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1054 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1055 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1056 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1057 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1062 EVP_MD_CTX_free(md_ctx);
1063 EVP_MD_free(sha256);
1064 EVP_MD_free(shake256);
1068 static int test_d2i_AutoPrivateKey(int i)
1071 const unsigned char *p;
1072 EVP_PKEY *pkey = NULL;
1073 const APK_DATA *ak = &keydata[i];
1074 const unsigned char *input = ak->kder;
1075 size_t input_len = ak->size;
1076 int expected_id = ak->evptype;
1079 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1080 || !TEST_ptr_eq(p, input + input_len)
1081 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1087 EVP_PKEY_free(pkey);
1091 #ifndef OPENSSL_NO_EC
1093 static const unsigned char ec_public_sect163k1_validxy[] = {
1094 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1095 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1096 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1097 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1098 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1099 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1102 static const unsigned char ec_public_sect163k1_badx[] = {
1103 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1104 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1105 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1106 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1107 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1108 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1111 static const unsigned char ec_public_sect163k1_bady[] = {
1112 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1113 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1114 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1115 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1116 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1117 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1120 static struct ec_der_pub_keys_st {
1121 const unsigned char *der;
1124 } ec_der_pub_keys[] = {
1125 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1126 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1127 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1131 * Tests the range of the decoded EC char2 public point.
1132 * See ec_GF2m_simple_oct2point().
1134 static int test_invalide_ec_char2_pub_range_decode(int id)
1139 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1140 ec_der_pub_keys[id].len);
1142 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1143 || TEST_ptr_null(pkey);
1144 EVP_PKEY_free(pkey);
1148 /* Tests loading a bad key in PKCS8 format */
1149 static int test_EVP_PKCS82PKEY(void)
1152 const unsigned char *derp = kExampleBadECKeyDER;
1153 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1154 EVP_PKEY *pkey = NULL;
1156 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1157 sizeof(kExampleBadECKeyDER))))
1160 if (!TEST_ptr_eq(derp,
1161 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1164 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1170 PKCS8_PRIV_KEY_INFO_free(p8inf);
1171 EVP_PKEY_free(pkey);
1177 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1179 EVP_PKEY *pkey = NULL;
1180 EVP_PKEY *pkey2 = NULL;
1182 char *membuf = NULL;
1183 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1186 if (testctx != NULL)
1187 /* test not supported with non-default context */
1190 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1191 || !TEST_ptr(pkey = load_example_rsa_key())
1192 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1193 NULL, 0, NULL, NULL),
1195 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1196 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1197 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1198 || !TEST_int_eq(ERR_get_error(), 0)) {
1204 EVP_PKEY_free(pkey);
1205 EVP_PKEY_free(pkey2);
1206 PKCS8_PRIV_KEY_INFO_free(p8inf);
1207 BIO_free_all(membio);
1211 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1212 static int test_privatekey_to_pkcs8(void)
1214 EVP_PKEY *pkey = NULL;
1216 char *membuf = NULL;
1217 long membuf_len = 0;
1220 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1221 || !TEST_ptr(pkey = load_example_rsa_key())
1222 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1223 NULL, 0, NULL, NULL),
1225 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1226 || !TEST_ptr(membuf)
1227 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1228 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1230 * We try to write PEM as well, just to see that it doesn't err, but
1231 * assume that the result is correct.
1233 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1234 NULL, 0, NULL, NULL),
1240 EVP_PKEY_free(pkey);
1241 BIO_free_all(membio);
1245 #ifndef OPENSSL_NO_EC
1246 static const struct {
1248 const char *encoding_name;
1249 } ec_encodings[] = {
1250 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1251 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1254 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1256 const OSSL_PARAM *p;
1257 const char *enc_name = NULL;
1263 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1264 OSSL_PKEY_PARAM_EC_ENCODING))
1265 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1268 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1269 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1270 *enc = ec_encodings[i].encoding;
1275 return (*enc != -1);
1278 static int test_EC_keygen_with_enc(int idx)
1280 EVP_PKEY *params = NULL, *key = NULL;
1281 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1285 enc = ec_encodings[idx].encoding;
1287 /* Create key parameters */
1288 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1289 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1290 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1291 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1292 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1293 || !TEST_ptr(params))
1297 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1298 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1299 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1303 /* Check that the encoding got all the way into the key */
1304 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1305 ec_export_get_encoding_cb, &enc))
1306 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1312 EVP_PKEY_free(params);
1313 EVP_PKEY_CTX_free(kctx);
1314 EVP_PKEY_CTX_free(pctx);
1319 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1321 static int test_EVP_SM2_verify(void)
1323 const char *pubkey =
1324 "-----BEGIN PUBLIC KEY-----\n"
1325 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1326 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1327 "-----END PUBLIC KEY-----\n";
1329 const char *msg = "message digest";
1330 const char *id = "ALICE123@YAHOO.COM";
1332 const uint8_t signature[] = {
1333 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1334 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1335 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1336 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1337 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1338 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1339 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1344 EVP_PKEY *pkey = NULL;
1345 EVP_MD_CTX *mctx = NULL;
1346 EVP_PKEY_CTX *pctx = NULL;
1349 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1350 if (!TEST_true(bio != NULL))
1353 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1354 if (!TEST_true(pkey != NULL))
1357 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1360 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1363 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1366 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1368 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1371 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1374 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1377 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1380 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1386 EVP_PKEY_free(pkey);
1387 EVP_PKEY_CTX_free(pctx);
1388 EVP_MD_CTX_free(mctx);
1393 static int test_EVP_SM2(void)
1396 EVP_PKEY *pkey = NULL;
1397 EVP_PKEY *pkeyparams = NULL;
1398 EVP_PKEY_CTX *pctx = NULL;
1399 EVP_PKEY_CTX *kctx = NULL;
1400 EVP_PKEY_CTX *sctx = NULL;
1402 unsigned char *sig = NULL;
1403 EVP_MD_CTX *md_ctx = NULL;
1404 EVP_MD_CTX *md_ctx_verify = NULL;
1405 EVP_PKEY_CTX *cctx = NULL;
1406 EVP_MD *check_md = NULL;
1408 uint8_t ciphertext[128];
1409 size_t ctext_len = sizeof(ciphertext);
1411 uint8_t plaintext[8];
1412 size_t ptext_len = sizeof(plaintext);
1414 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1416 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1417 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1419 char mdname[OSSL_MAX_NAME_SIZE];
1421 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1425 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1428 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1431 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1434 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1435 pkeyparams, testpropq)))
1438 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1441 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1444 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1447 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1450 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1453 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1454 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1456 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1459 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1462 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1465 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1468 /* Determine the size of the signature. */
1469 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1472 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1475 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1478 /* Ensure that the signature round-trips. */
1480 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1484 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1487 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1490 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1493 /* now check encryption/decryption */
1495 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1496 mdname, sizeof(mdname));
1497 for (i = 0; i < 2; i++) {
1498 const char *mdnames[] = {
1499 #ifndef OPENSSL_NO_SM3
1505 EVP_PKEY_CTX_free(cctx);
1507 if (mdnames[i] == NULL)
1511 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1512 (char *)mdnames[i], 0);
1514 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1518 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1521 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1524 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1528 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1531 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1534 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1538 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1542 * Test we're still using the digest we think we are.
1543 * Because of aliases, the easiest is to fetch the digest and
1544 * check the name with EVP_MD_is_a().
1546 EVP_MD_free(check_md);
1547 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1549 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1550 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1554 if (!TEST_true(ptext_len == sizeof(kMsg)))
1557 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1563 EVP_PKEY_CTX_free(pctx);
1564 EVP_PKEY_CTX_free(kctx);
1565 EVP_PKEY_CTX_free(sctx);
1566 EVP_PKEY_CTX_free(cctx);
1567 EVP_PKEY_free(pkey);
1568 EVP_PKEY_free(pkeyparams);
1569 EVP_MD_CTX_free(md_ctx);
1570 EVP_MD_CTX_free(md_ctx_verify);
1571 EVP_MD_free(check_md);
1578 static struct keys_st {
1584 EVP_PKEY_HMAC, "0123456789", NULL
1585 #ifndef OPENSSL_NO_POLY1305
1587 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1589 #ifndef OPENSSL_NO_SIPHASH
1591 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1594 #ifndef OPENSSL_NO_EC
1596 EVP_PKEY_X25519, "01234567890123456789012345678901",
1597 "abcdefghijklmnopqrstuvwxyzabcdef"
1599 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1600 "abcdefghijklmnopqrstuvwxyzabcdef"
1603 "01234567890123456789012345678901234567890123456789012345",
1604 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1607 "012345678901234567890123456789012345678901234567890123456",
1608 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1613 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1616 unsigned char buf[80];
1618 size_t inlen, len = 0;
1621 /* Check if this algorithm supports public keys */
1622 if (pub && keys[tst].pub == NULL)
1625 memset(buf, 0, sizeof(buf));
1628 #ifndef OPENSSL_NO_EC
1629 inlen = strlen(keys[tst].pub);
1630 in = (unsigned char *)keys[tst].pub;
1632 pkey = EVP_PKEY_new_raw_public_key_ex(
1634 OBJ_nid2sn(keys[tst].type),
1639 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1648 inlen = strlen(keys[tst].priv);
1649 in = (unsigned char *)keys[tst].priv;
1651 pkey = EVP_PKEY_new_raw_private_key_ex(
1652 testctx, OBJ_nid2sn(keys[tst].type),
1657 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1665 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1666 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1667 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1668 || !TEST_true(len == inlen)
1669 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1670 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1671 || !TEST_mem_eq(in, inlen, buf, len))
1676 EVP_PKEY_free(pkey);
1680 static int test_set_get_raw_keys(int tst)
1682 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1683 && test_set_get_raw_keys_int(tst, 0, 1)
1684 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1685 && test_set_get_raw_keys_int(tst, 1, 1);
1688 #ifndef OPENSSL_NO_DEPRECATED_3_0
1689 static int pkey_custom_check(EVP_PKEY *pkey)
1694 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1699 static int pkey_custom_param_check(EVP_PKEY *pkey)
1704 static EVP_PKEY_METHOD *custom_pmeth;
1707 static int test_EVP_PKEY_check(int i)
1710 EVP_PKEY *pkey = NULL;
1711 EVP_PKEY_CTX *ctx = NULL;
1712 #ifndef OPENSSL_NO_DEPRECATED_3_0
1713 EVP_PKEY_CTX *ctx2 = NULL;
1715 const APK_DATA *ak = &keycheckdata[i];
1716 const unsigned char *input = ak->kder;
1717 size_t input_len = ak->size;
1718 int expected_id = ak->evptype;
1719 int expected_check = ak->check;
1720 int expected_pub_check = ak->pub_check;
1721 int expected_param_check = ak->param_check;
1722 int type = ak->type;
1724 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1727 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1730 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1733 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1736 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1739 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1742 #ifndef OPENSSL_NO_DEPRECATED_3_0
1743 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1744 /* assign the pkey directly, as an internal test */
1745 EVP_PKEY_up_ref(pkey);
1748 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1751 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1754 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1761 EVP_PKEY_CTX_free(ctx);
1762 #ifndef OPENSSL_NO_DEPRECATED_3_0
1763 EVP_PKEY_CTX_free(ctx2);
1765 EVP_PKEY_free(pkey);
1769 #ifndef OPENSSL_NO_CMAC
1770 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1772 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1773 const char msg[] = "Hello World";
1777 if (!TEST_ptr(mdctx)
1778 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1779 testpropq, pkey, NULL))
1780 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1781 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1782 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1785 EVP_MD_CTX_free(mdctx);
1789 static int test_CMAC_keygen(void)
1791 static unsigned char key[] = {
1792 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1793 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1794 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1796 EVP_PKEY_CTX *kctx = NULL;
1798 EVP_PKEY *pkey = NULL;
1799 unsigned char mac[AES_BLOCK_SIZE];
1800 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1801 unsigned char mac2[AES_BLOCK_SIZE];
1804 if (nullprov != NULL)
1805 return TEST_skip("Test does not support a non-default library context");
1808 * This is a legacy method for CMACs, but should still work.
1809 * This verifies that it works without an ENGINE.
1811 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1813 /* Test a CMAC key created using the "generated" method */
1814 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1815 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1816 EVP_PKEY_CTRL_CIPHER,
1817 0, (void *)EVP_aes_256_ecb()), 0)
1818 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1819 EVP_PKEY_CTRL_SET_MAC_KEY,
1820 sizeof(key), (void *)key), 0)
1821 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1823 || !TEST_true(get_cmac_val(pkey, mac)))
1826 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1827 EVP_PKEY_free(pkey);
1830 * Test a CMAC key using the direct method, and compare with the mac
1833 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1835 || !TEST_true(get_cmac_val(pkey, mac2))
1836 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1843 EVP_PKEY_free(pkey);
1844 EVP_PKEY_CTX_free(kctx);
1849 static int test_HKDF(void)
1852 unsigned char out[20];
1855 unsigned char salt[] = "0123456789";
1856 unsigned char key[] = "012345678901234567890123456789";
1857 unsigned char info[] = "infostring";
1858 const unsigned char expected[] = {
1859 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1860 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1862 size_t expectedlen = sizeof(expected);
1864 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1867 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1868 for (i = 0; i < 2; i++) {
1869 outlen = sizeof(out);
1870 memset(out, 0, outlen);
1872 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1873 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1874 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1875 sizeof(salt) - 1), 0)
1876 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1877 sizeof(key) - 1), 0)
1878 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1879 sizeof(info) - 1), 0)
1880 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1881 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1888 EVP_PKEY_CTX_free(pctx);
1893 static int test_emptyikm_HKDF(void)
1896 unsigned char out[20];
1899 unsigned char salt[] = "9876543210";
1900 unsigned char key[] = "";
1901 unsigned char info[] = "stringinfo";
1902 const unsigned char expected[] = {
1903 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1904 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1906 size_t expectedlen = sizeof(expected);
1908 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1911 outlen = sizeof(out);
1912 memset(out, 0, outlen);
1914 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1915 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1916 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1917 sizeof(salt) - 1), 0)
1918 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1919 sizeof(key) - 1), 0)
1920 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1921 sizeof(info) - 1), 0)
1922 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1923 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1929 EVP_PKEY_CTX_free(pctx);
1934 #ifndef OPENSSL_NO_EC
1935 static int test_X509_PUBKEY_inplace(void)
1938 X509_PUBKEY *xp = NULL;
1939 const unsigned char *p = kExampleECPubKeyDER;
1940 size_t input_len = sizeof(kExampleECPubKeyDER);
1942 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1945 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1948 p = kExampleBadECPubKeyDER;
1949 input_len = sizeof(kExampleBadECPubKeyDER);
1951 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1954 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1960 X509_PUBKEY_free(xp);
1964 static int test_X509_PUBKEY_dup(void)
1967 X509_PUBKEY *xp = NULL, *xq = NULL;
1968 const unsigned char *p = kExampleECPubKeyDER;
1969 size_t input_len = sizeof(kExampleECPubKeyDER);
1971 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1972 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1973 || !TEST_ptr_ne(xp, xq))
1976 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1977 || !TEST_ptr(X509_PUBKEY_get0(xp))
1978 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1981 X509_PUBKEY_free(xq);
1983 p = kExampleBadECPubKeyDER;
1984 input_len = sizeof(kExampleBadECPubKeyDER);
1986 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1987 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1990 X509_PUBKEY_free(xp);
1992 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1998 X509_PUBKEY_free(xp);
1999 X509_PUBKEY_free(xq);
2002 #endif /* OPENSSL_NO_EC */
2004 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2005 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2007 EVP_MD_CTX *mdctx = NULL;
2008 EVP_PKEY_CTX *ctx = NULL;
2009 const OSSL_PARAM *params;
2010 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2013 char mdname[OSSL_MAX_NAME_SIZE];
2016 /* Initialise a sign operation */
2017 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2019 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2023 * We should be able to query the parameters now.
2025 params = EVP_PKEY_CTX_settable_params(ctx);
2026 if (!TEST_ptr(params)
2027 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2028 OSSL_SIGNATURE_PARAM_DIGEST)))
2031 params = EVP_PKEY_CTX_gettable_params(ctx);
2032 if (!TEST_ptr(params)
2033 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2034 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2035 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2036 OSSL_SIGNATURE_PARAM_DIGEST)))
2040 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2041 * EVP_PKEY_CTX_get_params()
2043 strcpy(mdname, "SHA512");
2045 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2047 *param++ = OSSL_PARAM_construct_end();
2049 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2053 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2054 mdname, sizeof(mdname));
2055 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2056 || !TEST_str_eq(mdname, "SHA512"))
2060 * Test the TEST_PKEY_CTX_set_signature_md() and
2061 * TEST_PKEY_CTX_get_signature_md() functions
2063 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2064 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2065 || !TEST_ptr_eq(md, EVP_sha256()))
2069 * Test getting MD parameters via an associated EVP_PKEY_CTX
2071 mdctx = EVP_MD_CTX_new();
2072 if (!TEST_ptr(mdctx)
2073 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2078 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2079 * able to obtain the digest's settable parameters from the provider.
2081 params = EVP_MD_CTX_settable_params(mdctx);
2082 if (!TEST_ptr(params)
2083 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2084 /* The final key should be NULL */
2085 || !TEST_ptr_null(params[1].key))
2089 memset(ssl3ms, 0, sizeof(ssl3ms));
2090 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2091 ssl3ms, sizeof(ssl3ms));
2092 *param++ = OSSL_PARAM_construct_end();
2094 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2100 EVP_MD_CTX_free(mdctx);
2101 EVP_PKEY_CTX_free(ctx);
2106 #ifndef OPENSSL_NO_DSA
2107 static int test_DSA_get_set_params(void)
2109 OSSL_PARAM_BLD *bld = NULL;
2110 OSSL_PARAM *params = NULL;
2111 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2112 EVP_PKEY_CTX *pctx = NULL;
2113 EVP_PKEY *pkey = NULL;
2117 * Setup the parameters for our DSA object. For our purposes they don't
2118 * have to actually be *valid* parameters. We just need to set something.
2120 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2121 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2122 || !TEST_ptr(p = BN_new())
2123 || !TEST_ptr(q = BN_new())
2124 || !TEST_ptr(g = BN_new())
2125 || !TEST_ptr(pub = BN_new())
2126 || !TEST_ptr(priv = BN_new()))
2128 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2130 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2133 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2136 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2139 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2140 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2144 if (!TEST_ptr(pkey))
2147 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2150 EVP_PKEY_free(pkey);
2151 EVP_PKEY_CTX_free(pctx);
2152 OSSL_PARAM_free(params);
2153 OSSL_PARAM_BLD_free(bld);
2164 * Test combinations of private, public, missing and private + public key
2165 * params to ensure they are all accepted
2167 static int test_DSA_priv_pub(void)
2169 return test_EVP_PKEY_ffc_priv_pub("DSA");
2172 #endif /* !OPENSSL_NO_DSA */
2174 static int test_RSA_get_set_params(void)
2176 OSSL_PARAM_BLD *bld = NULL;
2177 OSSL_PARAM *params = NULL;
2178 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2179 EVP_PKEY_CTX *pctx = NULL;
2180 EVP_PKEY *pkey = NULL;
2184 * Setup the parameters for our RSA object. For our purposes they don't
2185 * have to actually be *valid* parameters. We just need to set something.
2187 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2188 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2189 || !TEST_ptr(n = BN_new())
2190 || !TEST_ptr(e = BN_new())
2191 || !TEST_ptr(d = BN_new()))
2193 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2194 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2197 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2200 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2201 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2205 if (!TEST_ptr(pkey))
2208 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2211 EVP_PKEY_free(pkey);
2212 EVP_PKEY_CTX_free(pctx);
2213 OSSL_PARAM_free(params);
2214 OSSL_PARAM_BLD_free(bld);
2222 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2223 static int test_decrypt_null_chunks(void)
2225 EVP_CIPHER_CTX* ctx = NULL;
2226 EVP_CIPHER *cipher = NULL;
2227 const unsigned char key[32] = {
2228 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2229 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2230 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2232 unsigned char iv[12] = {
2233 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2235 unsigned char msg[] = "It was the best of times, it was the worst of times";
2236 unsigned char ciphertext[80];
2237 unsigned char plaintext[80];
2238 /* We initialise tmp to a non zero value on purpose */
2239 int ctlen, ptlen, tmp = 99;
2241 const int enc_offset = 10, dec_offset = 20;
2243 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2244 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2245 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2247 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2249 /* Deliberate add a zero length update */
2250 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2252 || !TEST_int_eq(tmp, 0)
2253 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2255 sizeof(msg) - enc_offset))
2256 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2257 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2258 || !TEST_int_eq(tmp, 0))
2261 /* Deliberately initialise tmp to a non zero value */
2263 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2264 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2267 * Deliberately add a zero length update. We also deliberately do
2268 * this at a different offset than for encryption.
2270 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2272 || !TEST_int_eq(tmp, 0)
2273 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2274 ciphertext + dec_offset,
2275 ctlen - dec_offset))
2276 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2277 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2278 || !TEST_int_eq(tmp, 0)
2279 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2284 EVP_CIPHER_CTX_free(ctx);
2285 EVP_CIPHER_free(cipher);
2288 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2290 #ifndef OPENSSL_NO_DH
2292 * Test combinations of private, public, missing and private + public key
2293 * params to ensure they are all accepted
2295 static int test_DH_priv_pub(void)
2297 return test_EVP_PKEY_ffc_priv_pub("DH");
2300 # ifndef OPENSSL_NO_DEPRECATED_3_0
2301 static int test_EVP_PKEY_set1_DH(void)
2303 DH *x942dh = NULL, *noqdh = NULL;
2304 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2306 BIGNUM *p, *g = NULL;
2308 if (!TEST_ptr(p = BN_new())
2309 || !TEST_ptr(g = BN_new())
2310 || !BN_set_word(p, 9999)
2311 || !BN_set_word(g, 2)
2312 || !TEST_ptr(noqdh = DH_new())
2313 || !DH_set0_pqg(noqdh, p, NULL, g))
2317 x942dh = DH_get_2048_256();
2318 pkey1 = EVP_PKEY_new();
2319 pkey2 = EVP_PKEY_new();
2320 if (!TEST_ptr(x942dh)
2323 || !TEST_ptr(pkey2))
2326 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2327 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2330 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2331 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2338 EVP_PKEY_free(pkey1);
2339 EVP_PKEY_free(pkey2);
2345 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2346 #endif /* !OPENSSL_NO_DH */
2349 * We test what happens with an empty template. For the sake of this test,
2350 * the template must be ignored, and we know that's the case for RSA keys
2351 * (this might arguably be a misfeature, but that's what we currently do,
2352 * even in provider code, since that's how the legacy RSA implementation
2355 static int test_keygen_with_empty_template(int n)
2357 EVP_PKEY_CTX *ctx = NULL;
2358 EVP_PKEY *pkey = NULL;
2359 EVP_PKEY *tkey = NULL;
2362 if (nullprov != NULL)
2363 return TEST_skip("Test does not support a non-default library context");
2367 /* We do test with no template at all as well */
2368 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2372 /* Here we create an empty RSA key that serves as our template */
2373 if (!TEST_ptr(tkey = EVP_PKEY_new())
2374 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2375 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2380 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2381 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2386 EVP_PKEY_CTX_free(ctx);
2387 EVP_PKEY_free(pkey);
2388 EVP_PKEY_free(tkey);
2393 * Test that we fail if we attempt to use an algorithm that is not available
2394 * in the current library context (unless we are using an algorithm that
2395 * should be made available via legacy codepaths).
2400 static int test_pkey_ctx_fail_without_provider(int tst)
2402 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2403 OSSL_PROVIDER *tmpnullprov = NULL;
2404 EVP_PKEY_CTX *pctx = NULL;
2405 const char *keytype = NULL;
2406 int expect_null = 0;
2409 if (!TEST_ptr(tmpctx))
2412 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2413 if (!TEST_ptr(tmpnullprov))
2417 * We check for certain algos in the null provider.
2418 * If an algo is expected to have a provider keymgmt, contructing an
2419 * EVP_PKEY_CTX is expected to fail (return NULL).
2420 * Otherwise, if it's expected to have legacy support, contructing an
2421 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2431 #ifdef OPENSSL_NO_EC
2432 TEST_info("EC disable, skipping SM2 check...");
2435 #ifdef OPENSSL_NO_SM2
2436 TEST_info("SM2 disable, skipping SM2 check...");
2441 TEST_error("No test for case %d", tst);
2445 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2446 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2449 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2455 EVP_PKEY_CTX_free(pctx);
2456 OSSL_PROVIDER_unload(tmpnullprov);
2457 OSSL_LIB_CTX_free(tmpctx);
2461 static int test_rand_agglomeration(void)
2465 OSSL_PARAM params[3], *p = params;
2467 unsigned int step = 7;
2468 static unsigned char seed[] = "It does not matter how slowly you go "
2469 "as long as you do not stop.";
2470 unsigned char out[sizeof(seed)];
2472 if (!TEST_int_ne(sizeof(seed) % step, 0)
2473 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2475 ctx = EVP_RAND_CTX_new(rand, NULL);
2476 EVP_RAND_free(rand);
2480 memset(out, 0, sizeof(out));
2481 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2482 seed, sizeof(seed));
2483 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2484 *p = OSSL_PARAM_construct_end();
2485 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2486 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2487 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2488 EVP_RAND_CTX_free(ctx);
2493 * Test that we correctly return the original or "running" IV after
2494 * an encryption operation.
2495 * Run multiple times for some different relevant algorithms/modes.
2497 static int test_evp_iv_aes(int idx)
2500 EVP_CIPHER_CTX *ctx = NULL;
2501 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2502 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2503 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2504 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2505 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2506 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2507 9, 10, 11, 12, 13, 14, 15, 16 };
2508 unsigned char ciphertext[32], oiv[16], iv[16];
2509 unsigned char *ref_iv;
2510 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2511 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2513 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2514 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2515 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2516 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2517 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2518 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2519 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2520 #ifndef OPENSSL_NO_OCB
2521 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2522 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2524 int len = sizeof(ciphertext);
2525 size_t ivlen, ref_len;
2526 const EVP_CIPHER *type = NULL;
2529 if (nullprov != NULL && idx < 6)
2530 return TEST_skip("Test does not support a non-default library context");
2534 type = EVP_aes_128_cbc();
2537 type = (type != NULL) ? type :
2538 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2540 ref_len = sizeof(cbc_state);
2544 type = EVP_aes_128_ofb();
2547 type = (type != NULL) ? type :
2548 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2550 ref_len = sizeof(ofb_state);
2554 type = EVP_aes_128_cfb();
2557 type = (type != NULL) ? type :
2558 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2560 ref_len = sizeof(cfb_state);
2564 type = EVP_aes_128_gcm();
2567 type = (type != NULL) ? type :
2568 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2570 ref_len = sizeof(gcm_state);
2573 type = EVP_aes_128_ccm();
2576 type = (type != NULL) ? type :
2577 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2579 ref_len = sizeof(ccm_state);
2581 #ifdef OPENSSL_NO_OCB
2587 type = EVP_aes_128_ocb();
2590 type = (type != NULL) ? type :
2591 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2593 ref_len = sizeof(ocb_state);
2601 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2602 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2603 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2605 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2606 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2607 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2609 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2610 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2611 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2614 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2615 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2616 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2619 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2622 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2628 EVP_CIPHER_CTX_free(ctx);
2630 EVP_CIPHER_free((EVP_CIPHER *)type);
2634 #ifndef OPENSSL_NO_DES
2635 static int test_evp_iv_des(int idx)
2638 EVP_CIPHER_CTX *ctx = NULL;
2639 static const unsigned char key[24] = {
2640 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2641 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2642 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2644 static const unsigned char init_iv[8] = {
2645 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2647 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2648 9, 10, 11, 12, 13, 14, 15, 16 };
2649 unsigned char ciphertext[32], oiv[8], iv[8];
2650 unsigned const char *ref_iv;
2651 static const unsigned char cbc_state_des[8] = {
2652 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2654 static const unsigned char cbc_state_3des[8] = {
2655 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2657 static const unsigned char ofb_state_des[8] = {
2658 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2660 static const unsigned char ofb_state_3des[8] = {
2661 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2663 static const unsigned char cfb_state_des[8] = {
2664 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2666 static const unsigned char cfb_state_3des[8] = {
2667 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2669 int len = sizeof(ciphertext);
2670 size_t ivlen, ref_len;
2671 EVP_CIPHER *type = NULL;
2673 if (lgcyprov == NULL && idx < 3)
2674 return TEST_skip("Test requires legacy provider to be loaded");
2678 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2679 ref_iv = cbc_state_des;
2680 ref_len = sizeof(cbc_state_des);
2683 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2684 ref_iv = ofb_state_des;
2685 ref_len = sizeof(ofb_state_des);
2688 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2689 ref_iv = cfb_state_des;
2690 ref_len = sizeof(cfb_state_des);
2693 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2694 ref_iv = cbc_state_3des;
2695 ref_len = sizeof(cbc_state_3des);
2698 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2699 ref_iv = ofb_state_3des;
2700 ref_len = sizeof(ofb_state_3des);
2703 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2704 ref_iv = cfb_state_3des;
2705 ref_len = sizeof(cfb_state_3des);
2712 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2713 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2714 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2716 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2717 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2718 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2720 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2721 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2722 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2725 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2726 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2728 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2733 EVP_CIPHER_CTX_free(ctx);
2734 EVP_CIPHER_free(type);
2739 #ifndef OPENSSL_NO_EC
2740 static int ecpub_nids[] = {
2741 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2742 NID_secp384r1, NID_secp521r1,
2743 # ifndef OPENSSL_NO_EC2M
2744 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2745 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2747 NID_brainpoolP384r1, NID_brainpoolP512r1
2750 static int test_ecpub(int idx)
2752 int ret = 0, len, savelen;
2754 unsigned char buf[1024];
2756 EVP_PKEY *pkey = NULL;
2757 EVP_PKEY_CTX *ctx = NULL;
2758 # ifndef OPENSSL_NO_DEPRECATED_3_0
2759 const unsigned char *q;
2760 EVP_PKEY *pkey2 = NULL;
2764 if (nullprov != NULL)
2765 return TEST_skip("Test does not support a non-default library context");
2767 nid = ecpub_nids[idx];
2769 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2771 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2772 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2773 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2775 len = i2d_PublicKey(pkey, NULL);
2777 if (!TEST_int_ge(len, 1)
2778 || !TEST_int_lt(len, 1024))
2781 len = i2d_PublicKey(pkey, &p);
2782 if (!TEST_int_ge(len, 1)
2783 || !TEST_int_eq(len, savelen))
2786 # ifndef OPENSSL_NO_DEPRECATED_3_0
2787 /* Now try to decode the just-created DER. */
2789 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2790 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2791 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2793 /* EC_KEY ownership transferred */
2795 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2797 /* The keys should match. */
2798 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2805 EVP_PKEY_CTX_free(ctx);
2806 EVP_PKEY_free(pkey);
2807 # ifndef OPENSSL_NO_DEPRECATED_3_0
2808 EVP_PKEY_free(pkey2);
2815 static int test_EVP_rsa_pss_with_keygen_bits(void)
2818 EVP_PKEY_CTX *ctx = NULL;
2819 EVP_PKEY *pkey = NULL;
2822 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2824 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2825 && TEST_true(EVP_PKEY_keygen_init(ctx))
2826 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2827 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2828 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2831 EVP_PKEY_free(pkey);
2832 EVP_PKEY_CTX_free(ctx);
2836 static int success = 1;
2837 static void md_names(const char *name, void *vctx)
2839 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2840 /* Force a namemap update */
2841 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2843 if (!TEST_ptr(aes128))
2846 EVP_CIPHER_free(aes128);
2850 * Test that changing the namemap in a user callback works in a names_do_all
2853 static int test_names_do_all(void)
2855 /* We use a custom libctx so that we know the state of the namemap */
2856 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2857 EVP_MD *sha256 = NULL;
2863 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2864 if (!TEST_ptr(sha256))
2868 * We loop through all the names for a given digest. This should still work
2869 * even if the namemap changes part way through.
2871 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2874 if (!TEST_true(success))
2879 EVP_MD_free(sha256);
2880 OSSL_LIB_CTX_free(ctx);
2884 typedef enum OPTION_choice {
2891 const OPTIONS *test_get_options(void)
2893 static const OPTIONS options[] = {
2894 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2895 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2901 int setup_tests(void)
2905 while ((o = opt_next()) != OPT_EOF) {
2908 /* Set up an alternate library context */
2909 testctx = OSSL_LIB_CTX_new();
2910 if (!TEST_ptr(testctx))
2912 /* Swap the libctx to test non-default context only */
2913 nullprov = OSSL_PROVIDER_load(NULL, "null");
2914 deflprov = OSSL_PROVIDER_load(testctx, "default");
2915 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2917 case OPT_TEST_CASES:
2924 ADD_TEST(test_EVP_set_default_properties);
2925 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2926 ADD_TEST(test_EVP_DigestVerifyInit);
2927 ADD_TEST(test_EVP_Digest);
2928 ADD_TEST(test_EVP_Enveloped);
2929 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2930 ADD_TEST(test_privatekey_to_pkcs8);
2931 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
2932 #ifndef OPENSSL_NO_EC
2933 ADD_TEST(test_EVP_PKCS82PKEY);
2935 #ifndef OPENSSL_NO_EC
2936 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2938 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2939 ADD_TEST(test_EVP_SM2);
2940 ADD_TEST(test_EVP_SM2_verify);
2942 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2943 #ifndef OPENSSL_NO_DEPRECATED_3_0
2944 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2945 if (!TEST_ptr(custom_pmeth))
2947 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2948 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2949 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2950 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2953 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2954 #ifndef OPENSSL_NO_CMAC
2955 ADD_TEST(test_CMAC_keygen);
2957 ADD_TEST(test_HKDF);
2958 ADD_TEST(test_emptyikm_HKDF);
2959 #ifndef OPENSSL_NO_EC
2960 ADD_TEST(test_X509_PUBKEY_inplace);
2961 ADD_TEST(test_X509_PUBKEY_dup);
2962 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2963 OSSL_NELEM(ec_der_pub_keys));
2965 #ifndef OPENSSL_NO_DSA
2966 ADD_TEST(test_DSA_get_set_params);
2967 ADD_TEST(test_DSA_priv_pub);
2969 ADD_TEST(test_RSA_get_set_params);
2970 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2971 ADD_TEST(test_decrypt_null_chunks);
2973 #ifndef OPENSSL_NO_DH
2974 ADD_TEST(test_DH_priv_pub);
2975 # ifndef OPENSSL_NO_DEPRECATED_3_0
2976 ADD_TEST(test_EVP_PKEY_set1_DH);
2979 #ifndef OPENSSL_NO_EC
2980 ADD_TEST(test_EC_priv_pub);
2981 # ifndef OPENSSL_NO_DEPRECATED_3_0
2982 ADD_TEST(test_EC_priv_only_legacy);
2985 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2986 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2988 ADD_TEST(test_rand_agglomeration);
2989 ADD_ALL_TESTS(test_evp_iv_aes, 12);
2990 #ifndef OPENSSL_NO_DES
2991 ADD_ALL_TESTS(test_evp_iv_des, 6);
2993 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2994 #ifndef OPENSSL_NO_EC
2995 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2998 ADD_TEST(test_names_do_all);
3003 void cleanup_tests(void)
3005 OSSL_PROVIDER_unload(nullprov);
3006 OSSL_PROVIDER_unload(deflprov);
3007 OSSL_PROVIDER_unload(lgcyprov);
3008 OSSL_LIB_CTX_free(testctx);