2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 static const unsigned char kCFBDefaultKey[] = {
406 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
407 0x09, 0xCF, 0x4F, 0x3C
410 static const unsigned char kGCMDefaultKey[32] = { 0 };
412 static const unsigned char kGCMResetKey[] = {
413 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
414 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
415 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
418 static const unsigned char iCFBIV[] = {
419 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
420 0x0C, 0x0D, 0x0E, 0x0F
423 static const unsigned char iGCMDefaultIV[12] = { 0 };
425 static const unsigned char iGCMResetIV1[] = {
426 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
429 static const unsigned char iGCMResetIV2[] = {
430 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
433 static const unsigned char cfbPlaintext[] = {
434 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
435 0x73, 0x93, 0x17, 0x2A
438 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
440 static const unsigned char gcmResetPlaintext[] = {
441 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
442 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
443 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
444 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
445 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
448 static const unsigned char cfbCiphertext[] = {
449 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
450 0xE8, 0x3C, 0xFB, 0x4A
453 static const unsigned char gcmDefaultCiphertext[] = {
454 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
455 0xba, 0xf3, 0x9d, 0x18
458 static const unsigned char gcmResetCiphertext1[] = {
459 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
460 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
461 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
462 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
463 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
466 static const unsigned char gcmResetCiphertext2[] = {
467 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
468 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
469 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
470 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
471 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
474 static const unsigned char gcmAAD[] = {
475 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
476 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
479 static const unsigned char gcmDefaultTag[] = {
480 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
481 0xd4, 0x8a, 0xb9, 0x19
484 static const unsigned char gcmResetTag1[] = {
485 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
486 0xfe, 0x2e, 0xa8, 0xf2
489 static const unsigned char gcmResetTag2[] = {
490 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
491 0xbb, 0x2d, 0x55, 0x1b
494 typedef struct APK_DATA_st {
495 const unsigned char *kder;
502 int type; /* 0 for private, 1 for public, 2 for params */
505 static APK_DATA keydata[] = {
506 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
507 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
508 #ifndef OPENSSL_NO_EC
509 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
513 static APK_DATA keycheckdata[] = {
514 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
516 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
518 #ifndef OPENSSL_NO_EC
519 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
520 /* group is also associated in our pub key */
521 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
523 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
525 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
526 EVP_PKEY_ED25519, 1, 1, 1, 0},
527 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
528 EVP_PKEY_ED25519, 0, 1, 1, 1},
532 static EVP_PKEY *load_example_key(const char *keytype,
533 const unsigned char *data, size_t data_len)
535 const unsigned char **pdata = &data;
536 EVP_PKEY *pkey = NULL;
537 OSSL_DECODER_CTX *dctx =
538 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
541 /* |pkey| will be NULL on error */
542 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
543 OSSL_DECODER_CTX_free(dctx);
547 static EVP_PKEY *load_example_rsa_key(void)
549 return load_example_key("RSA", kExampleRSAKeyDER,
550 sizeof(kExampleRSAKeyDER));
553 #ifndef OPENSSL_NO_DSA
554 static EVP_PKEY *load_example_dsa_key(void)
556 return load_example_key("DSA", kExampleDSAKeyDER,
557 sizeof(kExampleDSAKeyDER));
561 static EVP_PKEY *load_example_hmac_key(void)
563 EVP_PKEY *pkey = NULL;
564 unsigned char key[] = {
565 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
566 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
567 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
570 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
571 NULL, key, sizeof(key));
578 static int test_EVP_set_default_properties(void)
584 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
585 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
590 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
591 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
592 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
597 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
598 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
603 OSSL_LIB_CTX_free(ctx);
607 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
608 static int test_fromdata(char *keytype, OSSL_PARAM *params)
610 EVP_PKEY_CTX *pctx = NULL;
611 EVP_PKEY *pkey = NULL;
614 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
616 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
617 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
627 EVP_PKEY_CTX_free(pctx);
631 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
634 * Test combinations of private, public, missing and private + public key
635 * params to ensure they are all accepted
637 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
638 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
640 OSSL_PARAM_BLD *bld = NULL;
641 OSSL_PARAM *params = NULL;
642 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
646 * Setup the parameters for our pkey object. For our purposes they don't
647 * have to actually be *valid* parameters. We just need to set something.
649 if (!TEST_ptr(p = BN_new())
650 || !TEST_ptr(q = BN_new())
651 || !TEST_ptr(g = BN_new())
652 || !TEST_ptr(pub = BN_new())
653 || !TEST_ptr(priv = BN_new()))
656 /* Test !priv and !pub */
657 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
658 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
659 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
660 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
662 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
665 if (!test_fromdata(keytype, params))
667 OSSL_PARAM_free(params);
669 OSSL_PARAM_BLD_free(bld);
671 /* Test priv and !pub */
672 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
673 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
674 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
675 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
676 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
679 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
682 if (!test_fromdata(keytype, params))
684 OSSL_PARAM_free(params);
686 OSSL_PARAM_BLD_free(bld);
688 /* Test !priv and pub */
689 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
690 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
691 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
692 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
693 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
696 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
699 if (!test_fromdata(keytype, params))
701 OSSL_PARAM_free(params);
703 OSSL_PARAM_BLD_free(bld);
705 /* Test priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
708 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
709 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
710 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
712 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
715 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
718 if (!test_fromdata(keytype, params))
723 OSSL_PARAM_free(params);
724 OSSL_PARAM_BLD_free(bld);
733 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
736 * Test combinations of private, public, missing and private + public key
737 * params to ensure they are all accepted for EC keys
739 #ifndef OPENSSL_NO_EC
740 static unsigned char ec_priv[] = {
741 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
742 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
743 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
745 static unsigned char ec_pub[] = {
746 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
747 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
748 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
749 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
750 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
751 0x08, 0x09, 0xb8, 0xdb, 0x03
754 static int test_EC_priv_pub(void)
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
762 * Setup the parameters for our pkey object. For our purposes they don't
763 * have to actually be *valid* parameters. We just need to set something.
765 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
768 /* Test !priv and !pub */
769 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
770 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
771 OSSL_PKEY_PARAM_GROUP_NAME,
774 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
777 if (!test_fromdata("EC", params))
779 OSSL_PARAM_free(params);
781 OSSL_PARAM_BLD_free(bld);
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
786 OSSL_PKEY_PARAM_GROUP_NAME,
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
791 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
794 if (!test_fromdata("EC", params))
796 OSSL_PARAM_free(params);
798 OSSL_PARAM_BLD_free(bld);
800 /* Test !priv and pub */
801 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
802 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
803 OSSL_PKEY_PARAM_GROUP_NAME,
805 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
806 OSSL_PKEY_PARAM_PUB_KEY,
807 ec_pub, sizeof(ec_pub))))
809 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 if (!test_fromdata("EC", params))
814 OSSL_PARAM_free(params);
816 OSSL_PARAM_BLD_free(bld);
818 /* Test priv and pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
821 OSSL_PKEY_PARAM_GROUP_NAME,
823 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
824 OSSL_PKEY_PARAM_PUB_KEY,
825 ec_pub, sizeof(ec_pub)))
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
829 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
832 if (!test_fromdata("EC", params))
837 OSSL_PARAM_free(params);
838 OSSL_PARAM_BLD_free(bld);
844 /* Test that using a legacy EC key with only a private key in it works */
845 # ifndef OPENSSL_NO_DEPRECATED_3_0
846 static int test_EC_priv_only_legacy(void)
850 EC_KEY *eckey = NULL;
851 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
852 EVP_MD_CTX *ctx = NULL;
854 /* Create the low level EC_KEY */
855 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
858 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
859 if (!TEST_ptr(eckey))
862 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
865 pkey = EVP_PKEY_new();
869 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
873 while (dup_pk == NULL) {
875 ctx = EVP_MD_CTX_new();
880 * The EVP_DigestSignInit function should create the key on the
881 * provider side which is sufficient for this test.
883 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
884 testpropq, pkey, NULL)))
886 EVP_MD_CTX_free(ctx);
889 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
891 /* EVP_PKEY_eq() returns -2 with missing public keys */
892 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
900 EVP_MD_CTX_free(ctx);
907 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
908 #endif /* OPENSSL_NO_EC */
911 * n = 0 => test using legacy cipher
912 * n = 1 => test using fetched cipher
914 static int test_EVP_Enveloped(int n)
917 EVP_CIPHER_CTX *ctx = NULL;
918 EVP_PKEY *keypair = NULL;
919 unsigned char *kek = NULL;
920 unsigned char iv[EVP_MAX_IV_LENGTH];
921 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
922 int len, kek_len, ciphertext_len, plaintext_len;
923 unsigned char ciphertext[32], plaintext[16];
924 EVP_CIPHER *type = NULL;
926 if (nullprov != NULL)
927 return TEST_skip("Test does not support a non-default library context");
930 type = (EVP_CIPHER *)EVP_aes_256_cbc();
931 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
935 if (!TEST_ptr(keypair = load_example_rsa_key())
936 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
937 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
938 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
940 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
942 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
946 ciphertext_len += len;
948 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
949 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
950 ciphertext, ciphertext_len))
951 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
954 plaintext_len += len;
955 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
961 EVP_CIPHER_free(type);
963 EVP_PKEY_free(keypair);
964 EVP_CIPHER_CTX_free(ctx);
969 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
970 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
971 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
972 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
973 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
974 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
975 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
976 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
977 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
979 static int test_EVP_DigestSignInit(int tst)
982 EVP_PKEY *pkey = NULL;
983 unsigned char *sig = NULL;
985 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
986 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
987 BIO *mdbio = NULL, *membio = NULL;
990 EVP_MD *mdexp = NULL;
992 if (nullprov != NULL)
993 return TEST_skip("Test does not support a non-default library context");
996 membio = BIO_new(BIO_s_mem());
997 mdbio = BIO_new(BIO_f_md());
998 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1000 BIO_push(mdbio, membio);
1001 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1004 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1005 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1009 if (tst == 0 || tst == 3 || tst == 6) {
1010 if (!TEST_ptr(pkey = load_example_rsa_key()))
1012 } else if (tst == 1 || tst == 4 || tst == 7) {
1013 #ifndef OPENSSL_NO_DSA
1014 if (!TEST_ptr(pkey = load_example_dsa_key()))
1021 if (!TEST_ptr(pkey = load_example_hmac_key()))
1025 if (tst >= 3 && tst <= 5)
1026 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1030 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1034 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1037 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1041 /* Determine the size of the signature. */
1042 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1043 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1044 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1048 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1049 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1054 * Ensure that the signature round-trips (Verification isn't supported for
1055 * HMAC via EVP_DigestVerify*)
1057 if (tst != 2 && tst != 5 && tst != 8) {
1058 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1063 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1066 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1070 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1079 EVP_MD_CTX_free(a_md_ctx);
1080 EVP_MD_CTX_free(a_md_ctx_verify);
1081 EVP_PKEY_free(pkey);
1088 static int test_EVP_DigestVerifyInit(void)
1091 EVP_PKEY *pkey = NULL;
1092 EVP_MD_CTX *md_ctx = NULL;
1094 if (nullprov != NULL)
1095 return TEST_skip("Test does not support a non-default library context");
1097 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1098 || !TEST_ptr(pkey = load_example_rsa_key()))
1101 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1102 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1103 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1104 sizeof(kSignature))))
1109 EVP_MD_CTX_free(md_ctx);
1110 EVP_PKEY_free(pkey);
1115 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1117 static int test_EVP_Digest(void)
1120 EVP_MD_CTX *md_ctx = NULL;
1121 unsigned char md[EVP_MAX_MD_SIZE];
1122 EVP_MD *sha256 = NULL;
1123 EVP_MD *shake256 = NULL;
1125 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1128 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1129 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1132 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1133 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1134 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1135 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1136 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1139 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1140 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1141 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1142 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1143 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1145 * EVP_DigestInit_ex with NULL type should work on
1146 * pre-initialized context.
1148 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1151 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1152 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1153 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1154 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1155 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1156 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1161 EVP_MD_CTX_free(md_ctx);
1162 EVP_MD_free(sha256);
1163 EVP_MD_free(shake256);
1167 static int test_d2i_AutoPrivateKey(int i)
1170 const unsigned char *p;
1171 EVP_PKEY *pkey = NULL;
1172 const APK_DATA *ak = &keydata[i];
1173 const unsigned char *input = ak->kder;
1174 size_t input_len = ak->size;
1175 int expected_id = ak->evptype;
1178 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1179 || !TEST_ptr_eq(p, input + input_len)
1180 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1186 EVP_PKEY_free(pkey);
1190 #ifndef OPENSSL_NO_EC
1192 static const unsigned char ec_public_sect163k1_validxy[] = {
1193 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1194 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1195 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1196 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1197 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1198 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1201 static const unsigned char ec_public_sect163k1_badx[] = {
1202 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1203 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1204 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1205 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1206 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1207 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1210 static const unsigned char ec_public_sect163k1_bady[] = {
1211 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1212 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1213 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1214 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1215 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1216 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1219 static struct ec_der_pub_keys_st {
1220 const unsigned char *der;
1223 } ec_der_pub_keys[] = {
1224 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1225 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1226 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1230 * Tests the range of the decoded EC char2 public point.
1231 * See ec_GF2m_simple_oct2point().
1233 static int test_invalide_ec_char2_pub_range_decode(int id)
1238 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1239 ec_der_pub_keys[id].len);
1241 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1242 || TEST_ptr_null(pkey);
1243 EVP_PKEY_free(pkey);
1247 /* Tests loading a bad key in PKCS8 format */
1248 static int test_EVP_PKCS82PKEY(void)
1251 const unsigned char *derp = kExampleBadECKeyDER;
1252 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1253 EVP_PKEY *pkey = NULL;
1255 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1256 sizeof(kExampleBadECKeyDER))))
1259 if (!TEST_ptr_eq(derp,
1260 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1263 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1269 PKCS8_PRIV_KEY_INFO_free(p8inf);
1270 EVP_PKEY_free(pkey);
1276 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1278 EVP_PKEY *pkey = NULL;
1279 EVP_PKEY *pkey2 = NULL;
1281 char *membuf = NULL;
1282 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1285 if (testctx != NULL)
1286 /* test not supported with non-default context */
1289 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1290 || !TEST_ptr(pkey = load_example_rsa_key())
1291 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1292 NULL, 0, NULL, NULL),
1294 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1295 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1296 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1297 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1303 EVP_PKEY_free(pkey);
1304 EVP_PKEY_free(pkey2);
1305 PKCS8_PRIV_KEY_INFO_free(p8inf);
1306 BIO_free_all(membio);
1310 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1311 static int test_privatekey_to_pkcs8(void)
1313 EVP_PKEY *pkey = NULL;
1315 char *membuf = NULL;
1316 long membuf_len = 0;
1319 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1320 || !TEST_ptr(pkey = load_example_rsa_key())
1321 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1322 NULL, 0, NULL, NULL),
1324 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1325 || !TEST_ptr(membuf)
1326 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1327 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1329 * We try to write PEM as well, just to see that it doesn't err, but
1330 * assume that the result is correct.
1332 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1333 NULL, 0, NULL, NULL),
1339 EVP_PKEY_free(pkey);
1340 BIO_free_all(membio);
1344 #ifndef OPENSSL_NO_EC
1345 static const struct {
1347 const char *encoding_name;
1348 } ec_encodings[] = {
1349 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1350 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1353 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1355 const OSSL_PARAM *p;
1356 const char *enc_name = NULL;
1362 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1363 OSSL_PKEY_PARAM_EC_ENCODING))
1364 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1367 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1368 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1369 *enc = ec_encodings[i].encoding;
1374 return (*enc != -1);
1377 static int test_EC_keygen_with_enc(int idx)
1379 EVP_PKEY *params = NULL, *key = NULL;
1380 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1384 enc = ec_encodings[idx].encoding;
1386 /* Create key parameters */
1387 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1388 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1389 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1390 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1391 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1392 || !TEST_ptr(params))
1396 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1397 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1398 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1402 /* Check that the encoding got all the way into the key */
1403 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1404 ec_export_get_encoding_cb, &enc))
1405 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1411 EVP_PKEY_free(params);
1412 EVP_PKEY_CTX_free(kctx);
1413 EVP_PKEY_CTX_free(pctx);
1418 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1420 static int test_EVP_SM2_verify(void)
1422 const char *pubkey =
1423 "-----BEGIN PUBLIC KEY-----\n"
1424 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1425 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1426 "-----END PUBLIC KEY-----\n";
1428 const char *msg = "message digest";
1429 const char *id = "ALICE123@YAHOO.COM";
1431 const uint8_t signature[] = {
1432 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1433 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1434 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1435 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1436 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1437 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1438 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1443 EVP_PKEY *pkey = NULL;
1444 EVP_MD_CTX *mctx = NULL;
1445 EVP_PKEY_CTX *pctx = NULL;
1448 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1449 if (!TEST_true(bio != NULL))
1452 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1453 if (!TEST_true(pkey != NULL))
1456 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1459 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1462 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1465 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1467 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1470 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1473 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1476 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1479 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1485 EVP_PKEY_free(pkey);
1486 EVP_PKEY_CTX_free(pctx);
1487 EVP_MD_CTX_free(mctx);
1492 static int test_EVP_SM2(void)
1495 EVP_PKEY *pkey = NULL;
1496 EVP_PKEY *pkeyparams = NULL;
1497 EVP_PKEY_CTX *pctx = NULL;
1498 EVP_PKEY_CTX *kctx = NULL;
1499 EVP_PKEY_CTX *sctx = NULL;
1501 unsigned char *sig = NULL;
1502 EVP_MD_CTX *md_ctx = NULL;
1503 EVP_MD_CTX *md_ctx_verify = NULL;
1504 EVP_PKEY_CTX *cctx = NULL;
1505 EVP_MD *check_md = NULL;
1507 uint8_t ciphertext[128];
1508 size_t ctext_len = sizeof(ciphertext);
1510 uint8_t plaintext[8];
1511 size_t ptext_len = sizeof(plaintext);
1513 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1515 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1516 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1518 char mdname[OSSL_MAX_NAME_SIZE];
1520 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1524 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1527 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1530 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1533 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1534 pkeyparams, testpropq)))
1537 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1540 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1543 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1546 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1549 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1552 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1553 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1555 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1558 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1561 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1564 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1567 /* Determine the size of the signature. */
1568 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1571 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1574 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1577 /* Ensure that the signature round-trips. */
1579 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1583 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1586 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1589 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1592 /* now check encryption/decryption */
1594 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1595 mdname, sizeof(mdname));
1596 for (i = 0; i < 2; i++) {
1597 const char *mdnames[] = {
1598 #ifndef OPENSSL_NO_SM3
1604 EVP_PKEY_CTX_free(cctx);
1606 if (mdnames[i] == NULL)
1610 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1611 (char *)mdnames[i], 0);
1613 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1617 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1620 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1623 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1627 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1630 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1633 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1637 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1641 * Test we're still using the digest we think we are.
1642 * Because of aliases, the easiest is to fetch the digest and
1643 * check the name with EVP_MD_is_a().
1645 EVP_MD_free(check_md);
1646 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1648 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1649 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1653 if (!TEST_true(ptext_len == sizeof(kMsg)))
1656 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1662 EVP_PKEY_CTX_free(pctx);
1663 EVP_PKEY_CTX_free(kctx);
1664 EVP_PKEY_CTX_free(sctx);
1665 EVP_PKEY_CTX_free(cctx);
1666 EVP_PKEY_free(pkey);
1667 EVP_PKEY_free(pkeyparams);
1668 EVP_MD_CTX_free(md_ctx);
1669 EVP_MD_CTX_free(md_ctx_verify);
1670 EVP_MD_free(check_md);
1677 static struct keys_st {
1683 EVP_PKEY_HMAC, "0123456789", NULL
1686 EVP_PKEY_HMAC, "", NULL
1687 #ifndef OPENSSL_NO_POLY1305
1689 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1691 #ifndef OPENSSL_NO_SIPHASH
1693 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1696 #ifndef OPENSSL_NO_EC
1698 EVP_PKEY_X25519, "01234567890123456789012345678901",
1699 "abcdefghijklmnopqrstuvwxyzabcdef"
1701 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1702 "abcdefghijklmnopqrstuvwxyzabcdef"
1705 "01234567890123456789012345678901234567890123456789012345",
1706 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1709 "012345678901234567890123456789012345678901234567890123456",
1710 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1715 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1718 unsigned char buf[80];
1720 size_t inlen, len = 0;
1723 /* Check if this algorithm supports public keys */
1724 if (pub && keys[tst].pub == NULL)
1727 memset(buf, 0, sizeof(buf));
1730 #ifndef OPENSSL_NO_EC
1731 inlen = strlen(keys[tst].pub);
1732 in = (unsigned char *)keys[tst].pub;
1734 pkey = EVP_PKEY_new_raw_public_key_ex(
1736 OBJ_nid2sn(keys[tst].type),
1741 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1750 inlen = strlen(keys[tst].priv);
1751 in = (unsigned char *)keys[tst].priv;
1753 pkey = EVP_PKEY_new_raw_private_key_ex(
1754 testctx, OBJ_nid2sn(keys[tst].type),
1759 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1767 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1768 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1769 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1770 || !TEST_true(len == inlen)
1771 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1772 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1773 || !TEST_mem_eq(in, inlen, buf, len))
1778 EVP_PKEY_free(pkey);
1782 static int test_set_get_raw_keys(int tst)
1784 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1785 && test_set_get_raw_keys_int(tst, 0, 1)
1786 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1787 && test_set_get_raw_keys_int(tst, 1, 1);
1790 #ifndef OPENSSL_NO_DEPRECATED_3_0
1791 static int pkey_custom_check(EVP_PKEY *pkey)
1796 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1801 static int pkey_custom_param_check(EVP_PKEY *pkey)
1806 static EVP_PKEY_METHOD *custom_pmeth;
1809 static int test_EVP_PKEY_check(int i)
1812 EVP_PKEY *pkey = NULL;
1813 EVP_PKEY_CTX *ctx = NULL;
1814 #ifndef OPENSSL_NO_DEPRECATED_3_0
1815 EVP_PKEY_CTX *ctx2 = NULL;
1817 const APK_DATA *ak = &keycheckdata[i];
1818 const unsigned char *input = ak->kder;
1819 size_t input_len = ak->size;
1820 int expected_id = ak->evptype;
1821 int expected_check = ak->check;
1822 int expected_pub_check = ak->pub_check;
1823 int expected_param_check = ak->param_check;
1824 int type = ak->type;
1826 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1829 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1832 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1835 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1838 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1841 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1844 #ifndef OPENSSL_NO_DEPRECATED_3_0
1845 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1846 /* assign the pkey directly, as an internal test */
1847 EVP_PKEY_up_ref(pkey);
1850 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1853 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1856 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1863 EVP_PKEY_CTX_free(ctx);
1864 #ifndef OPENSSL_NO_DEPRECATED_3_0
1865 EVP_PKEY_CTX_free(ctx2);
1867 EVP_PKEY_free(pkey);
1871 #ifndef OPENSSL_NO_CMAC
1872 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1874 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1875 const char msg[] = "Hello World";
1879 if (!TEST_ptr(mdctx)
1880 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1881 testpropq, pkey, NULL))
1882 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1883 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1884 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1887 EVP_MD_CTX_free(mdctx);
1891 static int test_CMAC_keygen(void)
1893 static unsigned char key[] = {
1894 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1895 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1896 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1898 EVP_PKEY_CTX *kctx = NULL;
1900 EVP_PKEY *pkey = NULL;
1901 unsigned char mac[AES_BLOCK_SIZE];
1902 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1903 unsigned char mac2[AES_BLOCK_SIZE];
1906 if (nullprov != NULL)
1907 return TEST_skip("Test does not support a non-default library context");
1910 * This is a legacy method for CMACs, but should still work.
1911 * This verifies that it works without an ENGINE.
1913 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1915 /* Test a CMAC key created using the "generated" method */
1916 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1917 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1918 EVP_PKEY_CTRL_CIPHER,
1919 0, (void *)EVP_aes_256_ecb()), 0)
1920 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1921 EVP_PKEY_CTRL_SET_MAC_KEY,
1922 sizeof(key), (void *)key), 0)
1923 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1925 || !TEST_true(get_cmac_val(pkey, mac)))
1928 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1929 EVP_PKEY_free(pkey);
1932 * Test a CMAC key using the direct method, and compare with the mac
1935 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1937 || !TEST_true(get_cmac_val(pkey, mac2))
1938 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1945 EVP_PKEY_free(pkey);
1946 EVP_PKEY_CTX_free(kctx);
1951 static int test_HKDF(void)
1954 unsigned char out[20];
1957 unsigned char salt[] = "0123456789";
1958 unsigned char key[] = "012345678901234567890123456789";
1959 unsigned char info[] = "infostring";
1960 const unsigned char expected[] = {
1961 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1962 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1964 size_t expectedlen = sizeof(expected);
1966 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1969 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1970 for (i = 0; i < 2; i++) {
1971 outlen = sizeof(out);
1972 memset(out, 0, outlen);
1974 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1975 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1976 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1977 sizeof(salt) - 1), 0)
1978 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1979 sizeof(key) - 1), 0)
1980 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1981 sizeof(info) - 1), 0)
1982 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1983 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1990 EVP_PKEY_CTX_free(pctx);
1995 static int test_emptyikm_HKDF(void)
1998 unsigned char out[20];
2001 unsigned char salt[] = "9876543210";
2002 unsigned char key[] = "";
2003 unsigned char info[] = "stringinfo";
2004 const unsigned char expected[] = {
2005 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2006 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2008 size_t expectedlen = sizeof(expected);
2010 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2013 outlen = sizeof(out);
2014 memset(out, 0, outlen);
2016 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2017 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2018 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2019 sizeof(salt) - 1), 0)
2020 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2021 sizeof(key) - 1), 0)
2022 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2023 sizeof(info) - 1), 0)
2024 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2025 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2031 EVP_PKEY_CTX_free(pctx);
2036 #ifndef OPENSSL_NO_EC
2037 static int test_X509_PUBKEY_inplace(void)
2040 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2041 const unsigned char *p = kExampleECPubKeyDER;
2042 size_t input_len = sizeof(kExampleECPubKeyDER);
2046 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2049 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2052 p = kExampleBadECPubKeyDER;
2053 input_len = sizeof(kExampleBadECPubKeyDER);
2055 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2058 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2064 X509_PUBKEY_free(xp);
2068 static int test_X509_PUBKEY_dup(void)
2071 X509_PUBKEY *xp = NULL, *xq = NULL;
2072 const unsigned char *p = kExampleECPubKeyDER;
2073 size_t input_len = sizeof(kExampleECPubKeyDER);
2075 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2077 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2078 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2079 || !TEST_ptr_ne(xp, xq))
2082 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2083 || !TEST_ptr(X509_PUBKEY_get0(xp))
2084 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2087 X509_PUBKEY_free(xq);
2089 p = kExampleBadECPubKeyDER;
2090 input_len = sizeof(kExampleBadECPubKeyDER);
2092 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2093 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2096 X509_PUBKEY_free(xp);
2098 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2104 X509_PUBKEY_free(xp);
2105 X509_PUBKEY_free(xq);
2108 #endif /* OPENSSL_NO_EC */
2110 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2111 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2113 EVP_MD_CTX *mdctx = NULL;
2114 EVP_PKEY_CTX *ctx = NULL;
2115 const OSSL_PARAM *params;
2116 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2119 char mdname[OSSL_MAX_NAME_SIZE];
2122 /* Initialise a sign operation */
2123 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2125 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2129 * We should be able to query the parameters now.
2131 params = EVP_PKEY_CTX_settable_params(ctx);
2132 if (!TEST_ptr(params)
2133 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2134 OSSL_SIGNATURE_PARAM_DIGEST)))
2137 params = EVP_PKEY_CTX_gettable_params(ctx);
2138 if (!TEST_ptr(params)
2139 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2140 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2141 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2142 OSSL_SIGNATURE_PARAM_DIGEST)))
2146 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2147 * EVP_PKEY_CTX_get_params()
2149 strcpy(mdname, "SHA512");
2151 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2153 *param++ = OSSL_PARAM_construct_end();
2155 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2159 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2160 mdname, sizeof(mdname));
2161 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2162 || !TEST_str_eq(mdname, "SHA512"))
2166 * Test the TEST_PKEY_CTX_set_signature_md() and
2167 * TEST_PKEY_CTX_get_signature_md() functions
2169 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2170 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2171 || !TEST_ptr_eq(md, EVP_sha256()))
2175 * Test getting MD parameters via an associated EVP_PKEY_CTX
2177 mdctx = EVP_MD_CTX_new();
2178 if (!TEST_ptr(mdctx)
2179 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2184 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2185 * able to obtain the digest's settable parameters from the provider.
2187 params = EVP_MD_CTX_settable_params(mdctx);
2188 if (!TEST_ptr(params)
2189 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2190 /* The final key should be NULL */
2191 || !TEST_ptr_null(params[1].key))
2195 memset(ssl3ms, 0, sizeof(ssl3ms));
2196 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2197 ssl3ms, sizeof(ssl3ms));
2198 *param++ = OSSL_PARAM_construct_end();
2200 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2206 EVP_MD_CTX_free(mdctx);
2207 EVP_PKEY_CTX_free(ctx);
2212 #ifndef OPENSSL_NO_DSA
2213 static int test_DSA_get_set_params(void)
2215 OSSL_PARAM_BLD *bld = NULL;
2216 OSSL_PARAM *params = NULL;
2217 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2218 EVP_PKEY_CTX *pctx = NULL;
2219 EVP_PKEY *pkey = NULL;
2223 * Setup the parameters for our DSA object. For our purposes they don't
2224 * have to actually be *valid* parameters. We just need to set something.
2226 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2227 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2228 || !TEST_ptr(p = BN_new())
2229 || !TEST_ptr(q = BN_new())
2230 || !TEST_ptr(g = BN_new())
2231 || !TEST_ptr(pub = BN_new())
2232 || !TEST_ptr(priv = BN_new()))
2234 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2235 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2236 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2237 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2239 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2242 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2245 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2246 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2250 if (!TEST_ptr(pkey))
2253 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2256 EVP_PKEY_free(pkey);
2257 EVP_PKEY_CTX_free(pctx);
2258 OSSL_PARAM_free(params);
2259 OSSL_PARAM_BLD_free(bld);
2270 * Test combinations of private, public, missing and private + public key
2271 * params to ensure they are all accepted
2273 static int test_DSA_priv_pub(void)
2275 return test_EVP_PKEY_ffc_priv_pub("DSA");
2278 #endif /* !OPENSSL_NO_DSA */
2280 static int test_RSA_get_set_params(void)
2282 OSSL_PARAM_BLD *bld = NULL;
2283 OSSL_PARAM *params = NULL;
2284 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2285 EVP_PKEY_CTX *pctx = NULL;
2286 EVP_PKEY *pkey = NULL;
2290 * Setup the parameters for our RSA object. For our purposes they don't
2291 * have to actually be *valid* parameters. We just need to set something.
2293 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2294 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2295 || !TEST_ptr(n = BN_new())
2296 || !TEST_ptr(e = BN_new())
2297 || !TEST_ptr(d = BN_new()))
2299 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2300 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2301 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2303 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2306 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2307 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2311 if (!TEST_ptr(pkey))
2314 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2317 EVP_PKEY_free(pkey);
2318 EVP_PKEY_CTX_free(pctx);
2319 OSSL_PARAM_free(params);
2320 OSSL_PARAM_BLD_free(bld);
2328 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2329 static int test_decrypt_null_chunks(void)
2331 EVP_CIPHER_CTX* ctx = NULL;
2332 EVP_CIPHER *cipher = NULL;
2333 const unsigned char key[32] = {
2334 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2335 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2336 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2338 unsigned char iv[12] = {
2339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2341 unsigned char msg[] = "It was the best of times, it was the worst of times";
2342 unsigned char ciphertext[80];
2343 unsigned char plaintext[80];
2344 /* We initialise tmp to a non zero value on purpose */
2345 int ctlen, ptlen, tmp = 99;
2347 const int enc_offset = 10, dec_offset = 20;
2349 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2350 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2351 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2353 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2355 /* Deliberate add a zero length update */
2356 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2358 || !TEST_int_eq(tmp, 0)
2359 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2361 sizeof(msg) - enc_offset))
2362 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2363 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2364 || !TEST_int_eq(tmp, 0))
2367 /* Deliberately initialise tmp to a non zero value */
2369 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2370 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2373 * Deliberately add a zero length update. We also deliberately do
2374 * this at a different offset than for encryption.
2376 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2378 || !TEST_int_eq(tmp, 0)
2379 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2380 ciphertext + dec_offset,
2381 ctlen - dec_offset))
2382 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2383 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2384 || !TEST_int_eq(tmp, 0)
2385 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2390 EVP_CIPHER_CTX_free(ctx);
2391 EVP_CIPHER_free(cipher);
2394 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2396 #ifndef OPENSSL_NO_DH
2398 * Test combinations of private, public, missing and private + public key
2399 * params to ensure they are all accepted
2401 static int test_DH_priv_pub(void)
2403 return test_EVP_PKEY_ffc_priv_pub("DH");
2406 # ifndef OPENSSL_NO_DEPRECATED_3_0
2407 static int test_EVP_PKEY_set1_DH(void)
2409 DH *x942dh = NULL, *noqdh = NULL;
2410 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2412 BIGNUM *p, *g = NULL;
2414 if (!TEST_ptr(p = BN_new())
2415 || !TEST_ptr(g = BN_new())
2416 || !BN_set_word(p, 9999)
2417 || !BN_set_word(g, 2)
2418 || !TEST_ptr(noqdh = DH_new())
2419 || !DH_set0_pqg(noqdh, p, NULL, g))
2423 x942dh = DH_get_2048_256();
2424 pkey1 = EVP_PKEY_new();
2425 pkey2 = EVP_PKEY_new();
2426 if (!TEST_ptr(x942dh)
2429 || !TEST_ptr(pkey2))
2432 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2433 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2436 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2437 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2444 EVP_PKEY_free(pkey1);
2445 EVP_PKEY_free(pkey2);
2451 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2452 #endif /* !OPENSSL_NO_DH */
2455 * We test what happens with an empty template. For the sake of this test,
2456 * the template must be ignored, and we know that's the case for RSA keys
2457 * (this might arguably be a misfeature, but that's what we currently do,
2458 * even in provider code, since that's how the legacy RSA implementation
2461 static int test_keygen_with_empty_template(int n)
2463 EVP_PKEY_CTX *ctx = NULL;
2464 EVP_PKEY *pkey = NULL;
2465 EVP_PKEY *tkey = NULL;
2468 if (nullprov != NULL)
2469 return TEST_skip("Test does not support a non-default library context");
2473 /* We do test with no template at all as well */
2474 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2478 /* Here we create an empty RSA key that serves as our template */
2479 if (!TEST_ptr(tkey = EVP_PKEY_new())
2480 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2481 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2486 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2487 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2492 EVP_PKEY_CTX_free(ctx);
2493 EVP_PKEY_free(pkey);
2494 EVP_PKEY_free(tkey);
2499 * Test that we fail if we attempt to use an algorithm that is not available
2500 * in the current library context (unless we are using an algorithm that
2501 * should be made available via legacy codepaths).
2506 static int test_pkey_ctx_fail_without_provider(int tst)
2508 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2509 OSSL_PROVIDER *tmpnullprov = NULL;
2510 EVP_PKEY_CTX *pctx = NULL;
2511 const char *keytype = NULL;
2512 int expect_null = 0;
2515 if (!TEST_ptr(tmpctx))
2518 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2519 if (!TEST_ptr(tmpnullprov))
2523 * We check for certain algos in the null provider.
2524 * If an algo is expected to have a provider keymgmt, contructing an
2525 * EVP_PKEY_CTX is expected to fail (return NULL).
2526 * Otherwise, if it's expected to have legacy support, contructing an
2527 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2537 #ifdef OPENSSL_NO_EC
2538 TEST_info("EC disable, skipping SM2 check...");
2541 #ifdef OPENSSL_NO_SM2
2542 TEST_info("SM2 disable, skipping SM2 check...");
2547 TEST_error("No test for case %d", tst);
2551 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2552 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2555 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2561 EVP_PKEY_CTX_free(pctx);
2562 OSSL_PROVIDER_unload(tmpnullprov);
2563 OSSL_LIB_CTX_free(tmpctx);
2567 static int test_rand_agglomeration(void)
2571 OSSL_PARAM params[3], *p = params;
2573 unsigned int step = 7;
2574 static unsigned char seed[] = "It does not matter how slowly you go "
2575 "as long as you do not stop.";
2576 unsigned char out[sizeof(seed)];
2578 if (!TEST_int_ne(sizeof(seed) % step, 0)
2579 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2581 ctx = EVP_RAND_CTX_new(rand, NULL);
2582 EVP_RAND_free(rand);
2586 memset(out, 0, sizeof(out));
2587 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2588 seed, sizeof(seed));
2589 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2590 *p = OSSL_PARAM_construct_end();
2591 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2592 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2593 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2594 EVP_RAND_CTX_free(ctx);
2599 * Test that we correctly return the original or "running" IV after
2600 * an encryption operation.
2601 * Run multiple times for some different relevant algorithms/modes.
2603 static int test_evp_iv_aes(int idx)
2606 EVP_CIPHER_CTX *ctx = NULL;
2607 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2608 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2609 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2610 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2611 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2612 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2613 9, 10, 11, 12, 13, 14, 15, 16 };
2614 unsigned char ciphertext[32], oiv[16], iv[16];
2615 unsigned char *ref_iv;
2616 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2617 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2619 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2620 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2621 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2622 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2623 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2624 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2625 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2626 #ifndef OPENSSL_NO_OCB
2627 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2628 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2630 int len = sizeof(ciphertext);
2631 size_t ivlen, ref_len;
2632 const EVP_CIPHER *type = NULL;
2635 if (nullprov != NULL && idx < 6)
2636 return TEST_skip("Test does not support a non-default library context");
2640 type = EVP_aes_128_cbc();
2643 type = (type != NULL) ? type :
2644 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2646 ref_len = sizeof(cbc_state);
2650 type = EVP_aes_128_ofb();
2653 type = (type != NULL) ? type :
2654 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2656 ref_len = sizeof(ofb_state);
2660 type = EVP_aes_128_cfb();
2663 type = (type != NULL) ? type :
2664 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2666 ref_len = sizeof(cfb_state);
2670 type = EVP_aes_128_gcm();
2673 type = (type != NULL) ? type :
2674 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2676 ref_len = sizeof(gcm_state);
2679 type = EVP_aes_128_ccm();
2682 type = (type != NULL) ? type :
2683 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2685 ref_len = sizeof(ccm_state);
2687 #ifdef OPENSSL_NO_OCB
2693 type = EVP_aes_128_ocb();
2696 type = (type != NULL) ? type :
2697 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2699 ref_len = sizeof(ocb_state);
2707 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2708 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2709 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2711 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2712 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2713 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2715 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2716 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2717 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2720 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2721 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2722 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2725 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2728 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2734 EVP_CIPHER_CTX_free(ctx);
2736 EVP_CIPHER_free((EVP_CIPHER *)type);
2740 #ifndef OPENSSL_NO_DES
2741 static int test_evp_iv_des(int idx)
2744 EVP_CIPHER_CTX *ctx = NULL;
2745 static const unsigned char key[24] = {
2746 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2747 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2748 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2750 static const unsigned char init_iv[8] = {
2751 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2753 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2754 9, 10, 11, 12, 13, 14, 15, 16 };
2755 unsigned char ciphertext[32], oiv[8], iv[8];
2756 unsigned const char *ref_iv;
2757 static const unsigned char cbc_state_des[8] = {
2758 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2760 static const unsigned char cbc_state_3des[8] = {
2761 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2763 static const unsigned char ofb_state_des[8] = {
2764 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2766 static const unsigned char ofb_state_3des[8] = {
2767 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2769 static const unsigned char cfb_state_des[8] = {
2770 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2772 static const unsigned char cfb_state_3des[8] = {
2773 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2775 int len = sizeof(ciphertext);
2776 size_t ivlen, ref_len;
2777 EVP_CIPHER *type = NULL;
2779 if (lgcyprov == NULL && idx < 3)
2780 return TEST_skip("Test requires legacy provider to be loaded");
2784 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2785 ref_iv = cbc_state_des;
2786 ref_len = sizeof(cbc_state_des);
2789 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2790 ref_iv = ofb_state_des;
2791 ref_len = sizeof(ofb_state_des);
2794 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2795 ref_iv = cfb_state_des;
2796 ref_len = sizeof(cfb_state_des);
2799 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2800 ref_iv = cbc_state_3des;
2801 ref_len = sizeof(cbc_state_3des);
2804 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2805 ref_iv = ofb_state_3des;
2806 ref_len = sizeof(ofb_state_3des);
2809 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2810 ref_iv = cfb_state_3des;
2811 ref_len = sizeof(cfb_state_3des);
2818 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2819 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2820 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2822 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2823 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2824 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2826 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2827 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2828 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2831 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2832 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2834 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2839 EVP_CIPHER_CTX_free(ctx);
2840 EVP_CIPHER_free(type);
2845 #ifndef OPENSSL_NO_EC
2846 static int ecpub_nids[] = {
2847 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2848 NID_secp384r1, NID_secp521r1,
2849 # ifndef OPENSSL_NO_EC2M
2850 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2851 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2853 NID_brainpoolP384r1, NID_brainpoolP512r1
2856 static int test_ecpub(int idx)
2858 int ret = 0, len, savelen;
2860 unsigned char buf[1024];
2862 EVP_PKEY *pkey = NULL;
2863 EVP_PKEY_CTX *ctx = NULL;
2864 # ifndef OPENSSL_NO_DEPRECATED_3_0
2865 const unsigned char *q;
2866 EVP_PKEY *pkey2 = NULL;
2870 if (nullprov != NULL)
2871 return TEST_skip("Test does not support a non-default library context");
2873 nid = ecpub_nids[idx];
2875 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2877 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2878 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2879 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2881 len = i2d_PublicKey(pkey, NULL);
2883 if (!TEST_int_ge(len, 1)
2884 || !TEST_int_lt(len, 1024))
2887 len = i2d_PublicKey(pkey, &p);
2888 if (!TEST_int_ge(len, 1)
2889 || !TEST_int_eq(len, savelen))
2892 # ifndef OPENSSL_NO_DEPRECATED_3_0
2893 /* Now try to decode the just-created DER. */
2895 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2896 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2897 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2899 /* EC_KEY ownership transferred */
2901 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2903 /* The keys should match. */
2904 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2911 EVP_PKEY_CTX_free(ctx);
2912 EVP_PKEY_free(pkey);
2913 # ifndef OPENSSL_NO_DEPRECATED_3_0
2914 EVP_PKEY_free(pkey2);
2921 static int test_EVP_rsa_pss_with_keygen_bits(void)
2924 EVP_PKEY_CTX *ctx = NULL;
2925 EVP_PKEY *pkey = NULL;
2928 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2930 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2931 && TEST_true(EVP_PKEY_keygen_init(ctx))
2932 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2933 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2934 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2937 EVP_PKEY_free(pkey);
2938 EVP_PKEY_CTX_free(ctx);
2942 static int success = 1;
2943 static void md_names(const char *name, void *vctx)
2945 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2946 /* Force a namemap update */
2947 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2949 if (!TEST_ptr(aes128))
2952 EVP_CIPHER_free(aes128);
2956 * Test that changing the namemap in a user callback works in a names_do_all
2959 static int test_names_do_all(void)
2961 /* We use a custom libctx so that we know the state of the namemap */
2962 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2963 EVP_MD *sha256 = NULL;
2969 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2970 if (!TEST_ptr(sha256))
2974 * We loop through all the names for a given digest. This should still work
2975 * even if the namemap changes part way through.
2977 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2980 if (!TEST_true(success))
2985 EVP_MD_free(sha256);
2986 OSSL_LIB_CTX_free(ctx);
2992 const unsigned char *key;
2993 const unsigned char *iv;
2994 const unsigned char *input;
2995 const unsigned char *expected;
2996 const unsigned char *tag;
2997 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3006 static const EVP_INIT_TEST_st evp_init_tests[] = {
3008 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3009 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3013 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3014 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3015 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3016 sizeof(gcmDefaultTag), 1, 0, 1
3019 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3020 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3024 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3025 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3026 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3027 sizeof(gcmDefaultTag), 0, 0, 1
3030 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3031 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3035 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3036 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3037 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3038 sizeof(gcmDefaultTag), 1, 1, 0
3041 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3042 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3046 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3047 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3048 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3049 sizeof(gcmDefaultTag), 0, 1, 0
3053 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3057 if (t->ivlen != 0) {
3058 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3061 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3069 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3070 * arguments are given one at a time and a final adjustment to the enc
3071 * parameter sets the correct operation.
3073 static int test_evp_init_seq(int idx)
3075 int outlen1, outlen2;
3077 unsigned char outbuf[1024];
3078 unsigned char tag[16];
3079 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3080 EVP_CIPHER_CTX *ctx = NULL;
3081 EVP_CIPHER *type = NULL;
3082 size_t taglen = sizeof(tag);
3083 char *errmsg = NULL;
3085 ctx = EVP_CIPHER_CTX_new();
3087 errmsg = "CTX_ALLOC";
3090 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3091 errmsg = "CIPHER_FETCH";
3094 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3095 errmsg = "EMPTY_ENC_INIT";
3098 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3102 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3103 errmsg = "KEY_INIT (before iv)";
3106 if (!evp_init_seq_set_iv(ctx, t)) {
3110 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3111 errmsg = "KEY_INIT (after iv)";
3114 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3115 errmsg = "FINAL_ENC_INIT";
3118 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3119 errmsg = "CIPHER_UPDATE";
3122 if (t->finalenc == 0 && t->tag != NULL) {
3123 /* Set expected tag */
3124 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3125 t->taglen, (void *)t->tag))) {
3130 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3131 errmsg = "CIPHER_FINAL";
3134 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3135 errmsg = "WRONG_RESULT";
3138 if (t->finalenc != 0 && t->tag != NULL) {
3139 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3143 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3144 errmsg = "TAG_ERROR";
3151 TEST_info("evp_init_test %d: %s", idx, errmsg);
3152 EVP_CIPHER_CTX_free(ctx);
3153 EVP_CIPHER_free(type);
3158 const unsigned char *input;
3159 const unsigned char *expected;
3163 } EVP_RESET_TEST_st;
3165 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3167 cfbPlaintext, cfbCiphertext,
3168 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3171 cfbCiphertext, cfbPlaintext,
3172 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3177 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3180 static int test_evp_reset(int idx)
3182 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3183 int outlen1, outlen2;
3185 unsigned char outbuf[1024];
3186 EVP_CIPHER_CTX *ctx = NULL;
3187 EVP_CIPHER *type = NULL;
3188 char *errmsg = NULL;
3190 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3191 errmsg = "CTX_ALLOC";
3194 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3195 errmsg = "CIPHER_FETCH";
3198 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3199 errmsg = "CIPHER_INIT";
3202 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3206 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3207 errmsg = "CIPHER_UPDATE";
3210 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3211 errmsg = "CIPHER_FINAL";
3214 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3215 errmsg = "WRONG_RESULT";
3218 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3219 errmsg = "CIPHER_REINIT";
3222 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3223 errmsg = "CIPHER_UPDATE (reinit)";
3226 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3227 errmsg = "CIPHER_FINAL (reinit)";
3230 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3231 errmsg = "WRONG_RESULT (reinit)";
3237 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3238 EVP_CIPHER_CTX_free(ctx);
3239 EVP_CIPHER_free(type);
3244 const unsigned char *iv1;
3245 const unsigned char *iv2;
3246 const unsigned char *expected1;
3247 const unsigned char *expected2;
3248 const unsigned char *tag1;
3249 const unsigned char *tag2;
3252 size_t expectedlen1;
3253 size_t expectedlen2;
3254 } TEST_GCM_IV_REINIT_st;
3256 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3258 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3259 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3260 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3263 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3264 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3265 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3269 static int test_gcm_reinit(int idx)
3271 int outlen1, outlen2, outlen3;
3273 unsigned char outbuf[1024];
3274 unsigned char tag[16];
3275 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3276 EVP_CIPHER_CTX *ctx = NULL;
3277 EVP_CIPHER *type = NULL;
3278 size_t taglen = sizeof(tag);
3279 char *errmsg = NULL;
3281 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3282 errmsg = "CTX_ALLOC";
3285 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3286 errmsg = "CIPHER_FETCH";
3289 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3290 errmsg = "ENC_INIT";
3293 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3294 errmsg = "SET_IVLEN1";
3297 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3301 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3305 EVP_CIPHER_CTX_set_padding(ctx, 0);
3306 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3307 sizeof(gcmResetPlaintext)))) {
3308 errmsg = "CIPHER_UPDATE1";
3311 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3312 errmsg = "CIPHER_FINAL1";
3315 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3316 errmsg = "WRONG_RESULT1";
3319 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3320 errmsg = "GET_TAG1";
3323 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3324 errmsg = "TAG_ERROR1";
3328 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3329 errmsg = "SET_IVLEN2";
3332 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3336 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3340 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3341 sizeof(gcmResetPlaintext)))) {
3342 errmsg = "CIPHER_UPDATE2";
3345 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3346 errmsg = "CIPHER_FINAL2";
3349 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3350 errmsg = "WRONG_RESULT2";
3353 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3354 errmsg = "GET_TAG2";
3357 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3358 errmsg = "TAG_ERROR2";
3364 TEST_info("evp_init_test %d: %s", idx, errmsg);
3365 EVP_CIPHER_CTX_free(ctx);
3366 EVP_CIPHER_free(type);
3371 typedef enum OPTION_choice {
3378 const OPTIONS *test_get_options(void)
3380 static const OPTIONS options[] = {
3381 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3382 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3388 int setup_tests(void)
3392 while ((o = opt_next()) != OPT_EOF) {
3395 /* Set up an alternate library context */
3396 testctx = OSSL_LIB_CTX_new();
3397 if (!TEST_ptr(testctx))
3399 /* Swap the libctx to test non-default context only */
3400 nullprov = OSSL_PROVIDER_load(NULL, "null");
3401 deflprov = OSSL_PROVIDER_load(testctx, "default");
3402 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3404 case OPT_TEST_CASES:
3411 ADD_TEST(test_EVP_set_default_properties);
3412 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
3413 ADD_TEST(test_EVP_DigestVerifyInit);
3414 ADD_TEST(test_EVP_Digest);
3415 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
3416 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
3417 ADD_TEST(test_privatekey_to_pkcs8);
3418 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
3419 #ifndef OPENSSL_NO_EC
3420 ADD_TEST(test_EVP_PKCS82PKEY);
3422 #ifndef OPENSSL_NO_EC
3423 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3425 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
3426 ADD_TEST(test_EVP_SM2);
3427 ADD_TEST(test_EVP_SM2_verify);
3429 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
3430 #ifndef OPENSSL_NO_DEPRECATED_3_0
3431 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3432 if (!TEST_ptr(custom_pmeth))
3434 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
3435 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3436 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
3437 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3440 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
3441 #ifndef OPENSSL_NO_CMAC
3442 ADD_TEST(test_CMAC_keygen);
3444 ADD_TEST(test_HKDF);
3445 ADD_TEST(test_emptyikm_HKDF);
3446 #ifndef OPENSSL_NO_EC
3447 ADD_TEST(test_X509_PUBKEY_inplace);
3448 ADD_TEST(test_X509_PUBKEY_dup);
3449 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3450 OSSL_NELEM(ec_der_pub_keys));
3452 #ifndef OPENSSL_NO_DSA
3453 ADD_TEST(test_DSA_get_set_params);
3454 ADD_TEST(test_DSA_priv_pub);
3456 ADD_TEST(test_RSA_get_set_params);
3457 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3458 ADD_TEST(test_decrypt_null_chunks);
3460 #ifndef OPENSSL_NO_DH
3461 ADD_TEST(test_DH_priv_pub);
3462 # ifndef OPENSSL_NO_DEPRECATED_3_0
3463 ADD_TEST(test_EVP_PKEY_set1_DH);
3466 #ifndef OPENSSL_NO_EC
3467 ADD_TEST(test_EC_priv_pub);
3468 # ifndef OPENSSL_NO_DEPRECATED_3_0
3469 ADD_TEST(test_EC_priv_only_legacy);
3472 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
3473 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
3475 ADD_TEST(test_rand_agglomeration);
3476 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3477 #ifndef OPENSSL_NO_DES
3478 ADD_ALL_TESTS(test_evp_iv_des, 6);
3480 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3481 #ifndef OPENSSL_NO_EC
3482 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3485 ADD_TEST(test_names_do_all);
3487 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3488 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3489 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3494 void cleanup_tests(void)
3496 OSSL_PROVIDER_unload(nullprov);
3497 OSSL_PROVIDER_unload(deflprov);
3498 OSSL_PROVIDER_unload(lgcyprov);
3499 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob