2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
413 int type; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
458 static EVP_PKEY *load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
472 static EVP_PKEY *load_example_hmac_key(void)
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
482 NULL, key, sizeof(key));
489 static int test_EVP_set_default_properties(void)
495 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
496 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
501 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
502 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
508 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
509 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
514 OSSL_LIB_CTX_free(ctx);
518 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
519 static int test_fromdata(char *keytype, OSSL_PARAM *params)
521 EVP_PKEY_CTX *pctx = NULL;
522 EVP_PKEY *pkey = NULL;
525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
527 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
528 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
538 EVP_PKEY_CTX_free(pctx);
542 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
545 * Test combinations of private, public, missing and private + public key
546 * params to ensure they are all accepted
548 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
549 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
551 OSSL_PARAM_BLD *bld = NULL;
552 OSSL_PARAM *params = NULL;
553 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
557 * Setup the parameters for our pkey object. For our purposes they don't
558 * have to actually be *valid* parameters. We just need to set something.
560 if (!TEST_ptr(p = BN_new())
561 || !TEST_ptr(q = BN_new())
562 || !TEST_ptr(g = BN_new())
563 || !TEST_ptr(pub = BN_new())
564 || !TEST_ptr(priv = BN_new()))
567 /* Test !priv and !pub */
568 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
573 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
576 if (!test_fromdata(keytype, params))
578 OSSL_PARAM_free(params);
580 OSSL_PARAM_BLD_free(bld);
582 /* Test priv and !pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
590 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
593 if (!test_fromdata(keytype, params))
595 OSSL_PARAM_free(params);
597 OSSL_PARAM_BLD_free(bld);
599 /* Test !priv and pub */
600 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
607 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
610 if (!test_fromdata(keytype, params))
612 OSSL_PARAM_free(params);
614 OSSL_PARAM_BLD_free(bld);
616 /* Test priv and pub */
617 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
618 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
620 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
626 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
629 if (!test_fromdata(keytype, params))
634 OSSL_PARAM_free(params);
635 OSSL_PARAM_BLD_free(bld);
644 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
647 * Test combinations of private, public, missing and private + public key
648 * params to ensure they are all accepted for EC keys
650 #ifndef OPENSSL_NO_EC
651 static unsigned char ec_priv[] = {
652 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
653 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
654 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
656 static unsigned char ec_pub[] = {
657 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
658 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
659 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
660 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
661 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
662 0x08, 0x09, 0xb8, 0xdb, 0x03
665 static int test_EC_priv_pub(void)
667 OSSL_PARAM_BLD *bld = NULL;
668 OSSL_PARAM *params = NULL;
673 * Setup the parameters for our pkey object. For our purposes they don't
674 * have to actually be *valid* parameters. We just need to set something.
676 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
679 /* Test !priv and !pub */
680 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
681 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
682 OSSL_PKEY_PARAM_GROUP_NAME,
685 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
688 if (!test_fromdata("EC", params))
690 OSSL_PARAM_free(params);
691 OSSL_PARAM_BLD_free(bld);
693 /* Test priv and !pub */
694 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
695 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
696 OSSL_PKEY_PARAM_GROUP_NAME,
698 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
701 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
704 if (!test_fromdata("EC", params))
706 OSSL_PARAM_free(params);
707 OSSL_PARAM_BLD_free(bld);
709 /* Test !priv and pub */
710 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
711 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
712 OSSL_PKEY_PARAM_GROUP_NAME,
714 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
715 OSSL_PKEY_PARAM_PUB_KEY,
716 ec_pub, sizeof(ec_pub))))
718 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
721 if (!test_fromdata("EC", params))
723 OSSL_PARAM_free(params);
724 OSSL_PARAM_BLD_free(bld);
726 /* Test priv and pub */
727 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
728 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
729 OSSL_PKEY_PARAM_GROUP_NAME,
731 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
732 OSSL_PKEY_PARAM_PUB_KEY,
733 ec_pub, sizeof(ec_pub)))
734 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
737 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
740 if (!test_fromdata("EC", params))
745 OSSL_PARAM_free(params);
746 OSSL_PARAM_BLD_free(bld);
752 /* Test that using a legacy EC key with only a private key in it works */
753 # ifndef OPENSSL_NO_DEPRECATED_3_0
754 static int test_EC_priv_only_legacy(void)
758 EC_KEY *eckey = NULL;
759 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
760 EVP_MD_CTX *ctx = NULL;
762 /* Create the low level EC_KEY */
763 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
766 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
767 if (!TEST_ptr(eckey))
770 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
773 pkey = EVP_PKEY_new();
777 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
781 while (dup_pk == NULL) {
783 ctx = EVP_MD_CTX_new();
788 * The EVP_DigestSignInit function should create the key on the
789 * provider side which is sufficient for this test.
791 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
792 testpropq, pkey, NULL)))
794 EVP_MD_CTX_free(ctx);
797 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
799 /* EVP_PKEY_eq() returns -2 with missing public keys */
800 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
808 EVP_MD_CTX_free(ctx);
815 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
816 #endif /* OPENSSL_NO_EC */
818 static int test_EVP_Enveloped(void)
821 EVP_CIPHER_CTX *ctx = NULL;
822 EVP_PKEY *keypair = NULL;
823 unsigned char *kek = NULL;
824 unsigned char iv[EVP_MAX_IV_LENGTH];
825 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
826 int len, kek_len, ciphertext_len, plaintext_len;
827 unsigned char ciphertext[32], plaintext[16];
828 const EVP_CIPHER *type = NULL;
830 if (nullprov != NULL)
831 return TEST_skip("Test does not support a non-default library context");
833 type = EVP_aes_256_cbc();
835 if (!TEST_ptr(keypair = load_example_rsa_key())
836 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
837 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
838 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
840 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
842 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
846 ciphertext_len += len;
848 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
849 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
850 ciphertext, ciphertext_len))
851 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
854 plaintext_len += len;
855 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
861 EVP_PKEY_free(keypair);
862 EVP_CIPHER_CTX_free(ctx);
867 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
868 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
869 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
870 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
871 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
872 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
873 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
874 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
875 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
877 static int test_EVP_DigestSignInit(int tst)
880 EVP_PKEY *pkey = NULL;
881 unsigned char *sig = NULL;
883 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
884 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
885 BIO *mdbio = NULL, *membio = NULL;
888 EVP_MD *mdexp = NULL;
890 if (nullprov != NULL)
891 return TEST_skip("Test does not support a non-default library context");
894 membio = BIO_new(BIO_s_mem());
895 mdbio = BIO_new(BIO_f_md());
896 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
898 BIO_push(mdbio, membio);
899 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
902 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
903 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
907 if (tst == 0 || tst == 3 || tst == 6) {
908 if (!TEST_ptr(pkey = load_example_rsa_key()))
910 } else if (tst == 1 || tst == 4 || tst == 7) {
911 #ifndef OPENSSL_NO_DSA
912 if (!TEST_ptr(pkey = load_example_dsa_key()))
919 if (!TEST_ptr(pkey = load_example_hmac_key()))
923 if (tst >= 3 && tst <= 5)
924 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
928 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
932 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
935 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
939 /* Determine the size of the signature. */
940 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
941 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
942 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
946 if (!TEST_int_gt(BIO_reset(mdbio), 0)
947 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
952 * Ensure that the signature round-trips (Verification isn't supported for
953 * HMAC via EVP_DigestVerify*)
955 if (tst != 2 && tst != 5 && tst != 8) {
956 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
961 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
964 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
968 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
977 EVP_MD_CTX_free(a_md_ctx);
978 EVP_MD_CTX_free(a_md_ctx_verify);
986 static int test_EVP_DigestVerifyInit(void)
989 EVP_PKEY *pkey = NULL;
990 EVP_MD_CTX *md_ctx = NULL;
992 if (nullprov != NULL)
993 return TEST_skip("Test does not support a non-default library context");
995 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
996 || !TEST_ptr(pkey = load_example_rsa_key()))
999 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1000 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1001 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1002 sizeof(kSignature))))
1007 EVP_MD_CTX_free(md_ctx);
1008 EVP_PKEY_free(pkey);
1013 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1015 static int test_EVP_Digest(void)
1018 EVP_MD_CTX *md_ctx = NULL;
1019 unsigned char md[EVP_MAX_MD_SIZE];
1020 EVP_MD *sha256 = NULL;
1021 EVP_MD *shake256 = NULL;
1023 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1026 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1027 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1030 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1031 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1032 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1033 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1034 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1037 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1038 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1039 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1040 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1041 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1043 * EVP_DigestInit_ex with NULL type should work on
1044 * pre-initialized context.
1046 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1049 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1050 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1051 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1052 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1053 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1054 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1059 EVP_MD_CTX_free(md_ctx);
1060 EVP_MD_free(sha256);
1061 EVP_MD_free(shake256);
1065 static int test_d2i_AutoPrivateKey(int i)
1068 const unsigned char *p;
1069 EVP_PKEY *pkey = NULL;
1070 const APK_DATA *ak = &keydata[i];
1071 const unsigned char *input = ak->kder;
1072 size_t input_len = ak->size;
1073 int expected_id = ak->evptype;
1076 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1077 || !TEST_ptr_eq(p, input + input_len)
1078 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1084 EVP_PKEY_free(pkey);
1088 #ifndef OPENSSL_NO_EC
1090 static const unsigned char ec_public_sect163k1_validxy[] = {
1091 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1092 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1093 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1094 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1095 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1096 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1099 static const unsigned char ec_public_sect163k1_badx[] = {
1100 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1101 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1102 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1103 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1104 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1105 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1108 static const unsigned char ec_public_sect163k1_bady[] = {
1109 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1110 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1111 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1112 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1113 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1114 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1117 static struct ec_der_pub_keys_st {
1118 const unsigned char *der;
1121 } ec_der_pub_keys[] = {
1122 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1123 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1124 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1128 * Tests the range of the decoded EC char2 public point.
1129 * See ec_GF2m_simple_oct2point().
1131 static int test_invalide_ec_char2_pub_range_decode(int id)
1136 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1137 ec_der_pub_keys[id].len);
1139 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1140 || TEST_ptr_null(pkey);
1141 EVP_PKEY_free(pkey);
1145 /* Tests loading a bad key in PKCS8 format */
1146 static int test_EVP_PKCS82PKEY(void)
1149 const unsigned char *derp = kExampleBadECKeyDER;
1150 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1151 EVP_PKEY *pkey = NULL;
1153 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1154 sizeof(kExampleBadECKeyDER))))
1157 if (!TEST_ptr_eq(derp,
1158 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1161 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1167 PKCS8_PRIV_KEY_INFO_free(p8inf);
1168 EVP_PKEY_free(pkey);
1174 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1175 static int test_privatekey_to_pkcs8(void)
1177 EVP_PKEY *pkey = NULL;
1179 char *membuf = NULL;
1180 long membuf_len = 0;
1183 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1184 || !TEST_ptr(pkey = load_example_rsa_key())
1185 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1186 NULL, 0, NULL, NULL),
1188 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1189 || !TEST_ptr(membuf)
1190 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1191 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1193 * We try to write PEM as well, just to see that it doesn't err, but
1194 * assume that the result is correct.
1196 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1197 NULL, 0, NULL, NULL),
1203 EVP_PKEY_free(pkey);
1204 BIO_free_all(membio);
1208 #ifndef OPENSSL_NO_EC
1209 static const struct {
1211 const char *encoding_name;
1212 } ec_encodings[] = {
1213 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1214 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1217 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1219 const OSSL_PARAM *p;
1220 const char *enc_name = NULL;
1226 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1227 OSSL_PKEY_PARAM_EC_ENCODING))
1228 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1231 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1232 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1233 *enc = ec_encodings[i].encoding;
1238 return (*enc != -1);
1241 static int test_EC_keygen_with_enc(int idx)
1243 EVP_PKEY *params = NULL, *key = NULL;
1244 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1248 enc = ec_encodings[idx].encoding;
1250 /* Create key parameters */
1251 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1252 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1253 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1254 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1255 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1256 || !TEST_ptr(params))
1260 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1261 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1262 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1266 /* Check that the encoding got all the way into the key */
1267 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1268 ec_export_get_encoding_cb, &enc))
1269 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1275 EVP_PKEY_free(params);
1276 EVP_PKEY_CTX_free(kctx);
1277 EVP_PKEY_CTX_free(pctx);
1282 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1284 static int test_EVP_SM2_verify(void)
1286 const char *pubkey =
1287 "-----BEGIN PUBLIC KEY-----\n"
1288 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1289 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1290 "-----END PUBLIC KEY-----\n";
1292 const char *msg = "message digest";
1293 const char *id = "ALICE123@YAHOO.COM";
1295 const uint8_t signature[] = {
1296 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1297 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1298 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1299 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1300 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1301 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1302 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1307 EVP_PKEY *pkey = NULL;
1308 EVP_MD_CTX *mctx = NULL;
1309 EVP_PKEY_CTX *pctx = NULL;
1312 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1313 if (!TEST_true(bio != NULL))
1316 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1317 if (!TEST_true(pkey != NULL))
1320 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1323 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1326 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1329 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1331 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1334 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1337 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1340 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1343 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1349 EVP_PKEY_free(pkey);
1350 EVP_PKEY_CTX_free(pctx);
1351 EVP_MD_CTX_free(mctx);
1356 static int test_EVP_SM2(void)
1359 EVP_PKEY *pkey = NULL;
1360 EVP_PKEY *pkeyparams = NULL;
1361 EVP_PKEY_CTX *pctx = NULL;
1362 EVP_PKEY_CTX *kctx = NULL;
1363 EVP_PKEY_CTX *sctx = NULL;
1365 unsigned char *sig = NULL;
1366 EVP_MD_CTX *md_ctx = NULL;
1367 EVP_MD_CTX *md_ctx_verify = NULL;
1368 EVP_PKEY_CTX *cctx = NULL;
1369 EVP_MD *check_md = NULL;
1371 uint8_t ciphertext[128];
1372 size_t ctext_len = sizeof(ciphertext);
1374 uint8_t plaintext[8];
1375 size_t ptext_len = sizeof(plaintext);
1377 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1379 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1380 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1382 char mdname[OSSL_MAX_NAME_SIZE];
1384 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1388 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1391 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1394 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1397 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1398 pkeyparams, testpropq)))
1401 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1404 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1410 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1413 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1416 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1417 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1419 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1422 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1425 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1428 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1431 /* Determine the size of the signature. */
1432 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1435 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1438 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1441 /* Ensure that the signature round-trips. */
1443 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1447 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1450 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1453 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1456 /* now check encryption/decryption */
1458 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1459 mdname, sizeof(mdname));
1460 for (i = 0; i < 2; i++) {
1461 const char *mdnames[] = {
1462 #ifndef OPENSSL_NO_SM3
1468 EVP_PKEY_CTX_free(cctx);
1470 if (mdnames[i] == NULL)
1474 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1475 (char *)mdnames[i], 0);
1477 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1481 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1484 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1487 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1491 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1494 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1497 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1501 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1505 * Test we're still using the digest we think we are.
1506 * Because of aliases, the easiest is to fetch the digest and
1507 * check the name with EVP_MD_is_a().
1509 EVP_MD_free(check_md);
1510 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1512 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1513 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1517 if (!TEST_true(ptext_len == sizeof(kMsg)))
1520 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1526 EVP_PKEY_CTX_free(pctx);
1527 EVP_PKEY_CTX_free(kctx);
1528 EVP_PKEY_CTX_free(sctx);
1529 EVP_PKEY_CTX_free(cctx);
1530 EVP_PKEY_free(pkey);
1531 EVP_PKEY_free(pkeyparams);
1532 EVP_MD_CTX_free(md_ctx);
1533 EVP_MD_CTX_free(md_ctx_verify);
1534 EVP_MD_free(check_md);
1541 static struct keys_st {
1547 EVP_PKEY_HMAC, "0123456789", NULL
1548 #ifndef OPENSSL_NO_POLY1305
1550 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1552 #ifndef OPENSSL_NO_SIPHASH
1554 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1557 #ifndef OPENSSL_NO_EC
1559 EVP_PKEY_X25519, "01234567890123456789012345678901",
1560 "abcdefghijklmnopqrstuvwxyzabcdef"
1562 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1563 "abcdefghijklmnopqrstuvwxyzabcdef"
1566 "01234567890123456789012345678901234567890123456789012345",
1567 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1570 "012345678901234567890123456789012345678901234567890123456",
1571 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1576 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1579 unsigned char buf[80];
1581 size_t inlen, len = 0;
1584 /* Check if this algorithm supports public keys */
1585 if (pub && keys[tst].pub == NULL)
1588 memset(buf, 0, sizeof(buf));
1591 #ifndef OPENSSL_NO_EC
1592 inlen = strlen(keys[tst].pub);
1593 in = (unsigned char *)keys[tst].pub;
1595 pkey = EVP_PKEY_new_raw_public_key_ex(
1597 OBJ_nid2sn(keys[tst].type),
1602 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1611 inlen = strlen(keys[tst].priv);
1612 in = (unsigned char *)keys[tst].priv;
1614 pkey = EVP_PKEY_new_raw_private_key_ex(
1615 testctx, OBJ_nid2sn(keys[tst].type),
1620 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1628 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1629 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1630 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1631 || !TEST_true(len == inlen)
1632 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1633 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1634 || !TEST_mem_eq(in, inlen, buf, len))
1639 EVP_PKEY_free(pkey);
1643 static int test_set_get_raw_keys(int tst)
1645 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1646 && test_set_get_raw_keys_int(tst, 0, 1)
1647 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1648 && test_set_get_raw_keys_int(tst, 1, 1);
1651 #ifndef OPENSSL_NO_DEPRECATED_3_0
1652 static int pkey_custom_check(EVP_PKEY *pkey)
1657 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1662 static int pkey_custom_param_check(EVP_PKEY *pkey)
1667 static EVP_PKEY_METHOD *custom_pmeth;
1670 static int test_EVP_PKEY_check(int i)
1673 EVP_PKEY *pkey = NULL;
1674 EVP_PKEY_CTX *ctx = NULL;
1675 #ifndef OPENSSL_NO_DEPRECATED_3_0
1676 EVP_PKEY_CTX *ctx2 = NULL;
1678 const APK_DATA *ak = &keycheckdata[i];
1679 const unsigned char *input = ak->kder;
1680 size_t input_len = ak->size;
1681 int expected_id = ak->evptype;
1682 int expected_check = ak->check;
1683 int expected_pub_check = ak->pub_check;
1684 int expected_param_check = ak->param_check;
1685 int type = ak->type;
1687 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1690 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1693 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1696 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1699 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1702 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1705 #ifndef OPENSSL_NO_DEPRECATED_3_0
1706 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1707 /* assign the pkey directly, as an internal test */
1708 EVP_PKEY_up_ref(pkey);
1711 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1714 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1717 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1724 EVP_PKEY_CTX_free(ctx);
1725 #ifndef OPENSSL_NO_DEPRECATED_3_0
1726 EVP_PKEY_CTX_free(ctx2);
1728 EVP_PKEY_free(pkey);
1732 #ifndef OPENSSL_NO_CMAC
1733 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1735 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1736 const char msg[] = "Hello World";
1740 if (!TEST_ptr(mdctx)
1741 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1742 testpropq, pkey, NULL))
1743 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1744 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1745 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1748 EVP_MD_CTX_free(mdctx);
1752 static int test_CMAC_keygen(void)
1754 static unsigned char key[] = {
1755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1756 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1757 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1759 EVP_PKEY_CTX *kctx = NULL;
1761 EVP_PKEY *pkey = NULL;
1762 unsigned char mac[AES_BLOCK_SIZE];
1763 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1764 unsigned char mac2[AES_BLOCK_SIZE];
1767 if (nullprov != NULL)
1768 return TEST_skip("Test does not support a non-default library context");
1771 * This is a legacy method for CMACs, but should still work.
1772 * This verifies that it works without an ENGINE.
1774 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1776 /* Test a CMAC key created using the "generated" method */
1777 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1778 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1779 EVP_PKEY_CTRL_CIPHER,
1780 0, (void *)EVP_aes_256_ecb()), 0)
1781 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1782 EVP_PKEY_CTRL_SET_MAC_KEY,
1783 sizeof(key), (void *)key), 0)
1784 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1786 || !TEST_true(get_cmac_val(pkey, mac)))
1789 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1790 EVP_PKEY_free(pkey);
1793 * Test a CMAC key using the direct method, and compare with the mac
1796 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1798 || !TEST_true(get_cmac_val(pkey, mac2))
1799 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1806 EVP_PKEY_free(pkey);
1807 EVP_PKEY_CTX_free(kctx);
1812 static int test_HKDF(void)
1815 unsigned char out[20];
1818 unsigned char salt[] = "0123456789";
1819 unsigned char key[] = "012345678901234567890123456789";
1820 unsigned char info[] = "infostring";
1821 const unsigned char expected[] = {
1822 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1823 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1825 size_t expectedlen = sizeof(expected);
1827 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1830 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1831 for (i = 0; i < 2; i++) {
1832 outlen = sizeof(out);
1833 memset(out, 0, outlen);
1835 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1836 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1837 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1838 sizeof(salt) - 1), 0)
1839 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1840 sizeof(key) - 1), 0)
1841 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1842 sizeof(info) - 1), 0)
1843 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1844 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1851 EVP_PKEY_CTX_free(pctx);
1856 static int test_emptyikm_HKDF(void)
1859 unsigned char out[20];
1862 unsigned char salt[] = "9876543210";
1863 unsigned char key[] = "";
1864 unsigned char info[] = "stringinfo";
1865 const unsigned char expected[] = {
1866 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1867 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1869 size_t expectedlen = sizeof(expected);
1871 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1874 outlen = sizeof(out);
1875 memset(out, 0, outlen);
1877 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1878 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1879 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1880 sizeof(salt) - 1), 0)
1881 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1882 sizeof(key) - 1), 0)
1883 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1884 sizeof(info) - 1), 0)
1885 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1886 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1892 EVP_PKEY_CTX_free(pctx);
1897 #ifndef OPENSSL_NO_EC
1898 static int test_X509_PUBKEY_inplace(void)
1901 X509_PUBKEY *xp = NULL;
1902 const unsigned char *p = kExampleECPubKeyDER;
1903 size_t input_len = sizeof(kExampleECPubKeyDER);
1905 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1908 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1911 p = kExampleBadECPubKeyDER;
1912 input_len = sizeof(kExampleBadECPubKeyDER);
1914 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1917 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1923 X509_PUBKEY_free(xp);
1927 static int test_X509_PUBKEY_dup(void)
1930 X509_PUBKEY *xp = NULL, *xq = NULL;
1931 const unsigned char *p = kExampleECPubKeyDER;
1932 size_t input_len = sizeof(kExampleECPubKeyDER);
1934 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1935 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1936 || !TEST_ptr_ne(xp, xq))
1939 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1940 || !TEST_ptr(X509_PUBKEY_get0(xp))
1941 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1944 X509_PUBKEY_free(xq);
1946 p = kExampleBadECPubKeyDER;
1947 input_len = sizeof(kExampleBadECPubKeyDER);
1949 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1950 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1953 X509_PUBKEY_free(xp);
1955 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1961 X509_PUBKEY_free(xp);
1962 X509_PUBKEY_free(xq);
1965 #endif /* OPENSSL_NO_EC */
1967 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1968 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1970 EVP_MD_CTX *mdctx = NULL;
1971 EVP_PKEY_CTX *ctx = NULL;
1972 const OSSL_PARAM *params;
1973 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1976 char mdname[OSSL_MAX_NAME_SIZE];
1979 /* Initialise a sign operation */
1980 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1982 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1986 * We should be able to query the parameters now.
1988 params = EVP_PKEY_CTX_settable_params(ctx);
1989 if (!TEST_ptr(params)
1990 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1991 OSSL_SIGNATURE_PARAM_DIGEST)))
1994 params = EVP_PKEY_CTX_gettable_params(ctx);
1995 if (!TEST_ptr(params)
1996 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1997 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1998 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1999 OSSL_SIGNATURE_PARAM_DIGEST)))
2003 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2004 * EVP_PKEY_CTX_get_params()
2006 strcpy(mdname, "SHA512");
2008 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2010 *param++ = OSSL_PARAM_construct_end();
2012 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2016 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2017 mdname, sizeof(mdname));
2018 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2019 || !TEST_str_eq(mdname, "SHA512"))
2023 * Test the TEST_PKEY_CTX_set_signature_md() and
2024 * TEST_PKEY_CTX_get_signature_md() functions
2026 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2027 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2028 || !TEST_ptr_eq(md, EVP_sha256()))
2032 * Test getting MD parameters via an associated EVP_PKEY_CTX
2034 mdctx = EVP_MD_CTX_new();
2035 if (!TEST_ptr(mdctx)
2036 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2041 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2042 * able to obtain the digest's settable parameters from the provider.
2044 params = EVP_MD_CTX_settable_params(mdctx);
2045 if (!TEST_ptr(params)
2046 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2047 /* The final key should be NULL */
2048 || !TEST_ptr_null(params[1].key))
2052 memset(ssl3ms, 0, sizeof(ssl3ms));
2053 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2054 ssl3ms, sizeof(ssl3ms));
2055 *param++ = OSSL_PARAM_construct_end();
2057 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2063 EVP_MD_CTX_free(mdctx);
2064 EVP_PKEY_CTX_free(ctx);
2069 #ifndef OPENSSL_NO_DSA
2070 static int test_DSA_get_set_params(void)
2072 OSSL_PARAM_BLD *bld = NULL;
2073 OSSL_PARAM *params = NULL;
2074 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2075 EVP_PKEY_CTX *pctx = NULL;
2076 EVP_PKEY *pkey = NULL;
2080 * Setup the parameters for our DSA object. For our purposes they don't
2081 * have to actually be *valid* parameters. We just need to set something.
2083 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2084 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2085 || !TEST_ptr(p = BN_new())
2086 || !TEST_ptr(q = BN_new())
2087 || !TEST_ptr(g = BN_new())
2088 || !TEST_ptr(pub = BN_new())
2089 || !TEST_ptr(priv = BN_new()))
2091 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2092 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2093 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2094 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2096 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2099 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2102 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2103 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2107 if (!TEST_ptr(pkey))
2110 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2113 EVP_PKEY_free(pkey);
2114 EVP_PKEY_CTX_free(pctx);
2115 OSSL_PARAM_free(params);
2116 OSSL_PARAM_BLD_free(bld);
2127 * Test combinations of private, public, missing and private + public key
2128 * params to ensure they are all accepted
2130 static int test_DSA_priv_pub(void)
2132 return test_EVP_PKEY_ffc_priv_pub("DSA");
2135 #endif /* !OPENSSL_NO_DSA */
2137 static int test_RSA_get_set_params(void)
2139 OSSL_PARAM_BLD *bld = NULL;
2140 OSSL_PARAM *params = NULL;
2141 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2142 EVP_PKEY_CTX *pctx = NULL;
2143 EVP_PKEY *pkey = NULL;
2147 * Setup the parameters for our RSA object. For our purposes they don't
2148 * have to actually be *valid* parameters. We just need to set something.
2150 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2151 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2152 || !TEST_ptr(n = BN_new())
2153 || !TEST_ptr(e = BN_new())
2154 || !TEST_ptr(d = BN_new()))
2156 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2157 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2158 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2160 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2163 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2164 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2168 if (!TEST_ptr(pkey))
2171 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2174 EVP_PKEY_free(pkey);
2175 EVP_PKEY_CTX_free(pctx);
2176 OSSL_PARAM_free(params);
2177 OSSL_PARAM_BLD_free(bld);
2185 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2186 static int test_decrypt_null_chunks(void)
2188 EVP_CIPHER_CTX* ctx = NULL;
2189 EVP_CIPHER *cipher = NULL;
2190 const unsigned char key[32] = {
2191 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2192 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2193 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2195 unsigned char iv[12] = {
2196 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2198 unsigned char msg[] = "It was the best of times, it was the worst of times";
2199 unsigned char ciphertext[80];
2200 unsigned char plaintext[80];
2201 /* We initialise tmp to a non zero value on purpose */
2202 int ctlen, ptlen, tmp = 99;
2204 const int enc_offset = 10, dec_offset = 20;
2206 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2207 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2208 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2210 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2212 /* Deliberate add a zero length update */
2213 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2215 || !TEST_int_eq(tmp, 0)
2216 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2218 sizeof(msg) - enc_offset))
2219 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2220 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2221 || !TEST_int_eq(tmp, 0))
2224 /* Deliberately initialise tmp to a non zero value */
2226 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2227 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2230 * Deliberately add a zero length update. We also deliberately do
2231 * this at a different offset than for encryption.
2233 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2235 || !TEST_int_eq(tmp, 0)
2236 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2237 ciphertext + dec_offset,
2238 ctlen - dec_offset))
2239 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2240 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2241 || !TEST_int_eq(tmp, 0)
2242 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2247 EVP_CIPHER_CTX_free(ctx);
2248 EVP_CIPHER_free(cipher);
2251 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2253 #ifndef OPENSSL_NO_DH
2255 * Test combinations of private, public, missing and private + public key
2256 * params to ensure they are all accepted
2258 static int test_DH_priv_pub(void)
2260 return test_EVP_PKEY_ffc_priv_pub("DH");
2263 # ifndef OPENSSL_NO_DEPRECATED_3_0
2264 static int test_EVP_PKEY_set1_DH(void)
2266 DH *x942dh = NULL, *noqdh = NULL;
2267 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2269 BIGNUM *p, *g = NULL;
2271 if (!TEST_ptr(p = BN_new())
2272 || !TEST_ptr(g = BN_new())
2273 || !BN_set_word(p, 9999)
2274 || !BN_set_word(g, 2)
2275 || !TEST_ptr(noqdh = DH_new())
2276 || !DH_set0_pqg(noqdh, p, NULL, g))
2280 x942dh = DH_get_2048_256();
2281 pkey1 = EVP_PKEY_new();
2282 pkey2 = EVP_PKEY_new();
2283 if (!TEST_ptr(x942dh)
2286 || !TEST_ptr(pkey2))
2289 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2290 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2293 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2294 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2301 EVP_PKEY_free(pkey1);
2302 EVP_PKEY_free(pkey2);
2308 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2309 #endif /* !OPENSSL_NO_DH */
2312 * We test what happens with an empty template. For the sake of this test,
2313 * the template must be ignored, and we know that's the case for RSA keys
2314 * (this might arguably be a misfeature, but that's what we currently do,
2315 * even in provider code, since that's how the legacy RSA implementation
2318 static int test_keygen_with_empty_template(int n)
2320 EVP_PKEY_CTX *ctx = NULL;
2321 EVP_PKEY *pkey = NULL;
2322 EVP_PKEY *tkey = NULL;
2325 if (nullprov != NULL)
2326 return TEST_skip("Test does not support a non-default library context");
2330 /* We do test with no template at all as well */
2331 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2335 /* Here we create an empty RSA key that serves as our template */
2336 if (!TEST_ptr(tkey = EVP_PKEY_new())
2337 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2338 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2349 EVP_PKEY_CTX_free(ctx);
2350 EVP_PKEY_free(pkey);
2351 EVP_PKEY_free(tkey);
2356 * Test that we fail if we attempt to use an algorithm that is not available
2357 * in the current library context (unless we are using an algorithm that
2358 * should be made available via legacy codepaths).
2363 static int test_pkey_ctx_fail_without_provider(int tst)
2365 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2366 OSSL_PROVIDER *tmpnullprov = NULL;
2367 EVP_PKEY_CTX *pctx = NULL;
2368 const char *keytype = NULL;
2369 int expect_null = 0;
2372 if (!TEST_ptr(tmpctx))
2375 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2376 if (!TEST_ptr(tmpnullprov))
2380 * We check for certain algos in the null provider.
2381 * If an algo is expected to have a provider keymgmt, contructing an
2382 * EVP_PKEY_CTX is expected to fail (return NULL).
2383 * Otherwise, if it's expected to have legacy support, contructing an
2384 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2394 #ifdef OPENSSL_NO_EC
2395 TEST_info("EC disable, skipping SM2 check...");
2398 #ifdef OPENSSL_NO_SM2
2399 TEST_info("SM2 disable, skipping SM2 check...");
2404 TEST_error("No test for case %d", tst);
2408 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2409 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2412 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2418 EVP_PKEY_CTX_free(pctx);
2419 OSSL_PROVIDER_unload(tmpnullprov);
2420 OSSL_LIB_CTX_free(tmpctx);
2424 static int test_rand_agglomeration(void)
2428 OSSL_PARAM params[3], *p = params;
2430 unsigned int step = 7;
2431 static unsigned char seed[] = "It does not matter how slowly you go "
2432 "as long as you do not stop.";
2433 unsigned char out[sizeof(seed)];
2435 if (!TEST_int_ne(sizeof(seed) % step, 0)
2436 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2438 ctx = EVP_RAND_CTX_new(rand, NULL);
2439 EVP_RAND_free(rand);
2443 memset(out, 0, sizeof(out));
2444 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2445 seed, sizeof(seed));
2446 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2447 *p = OSSL_PARAM_construct_end();
2448 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2449 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2450 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2451 EVP_RAND_CTX_free(ctx);
2456 * Test that we correctly return the original or "running" IV after
2457 * an encryption operation.
2458 * Run multiple times for some different relevant algorithms/modes.
2460 static int test_evp_iv_aes(int idx)
2463 EVP_CIPHER_CTX *ctx = NULL;
2464 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2465 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2466 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2467 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2468 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2469 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2470 9, 10, 11, 12, 13, 14, 15, 16 };
2471 unsigned char ciphertext[32], oiv[16], iv[16];
2472 unsigned char *ref_iv;
2473 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2474 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2476 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2477 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2478 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2479 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2480 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2481 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2482 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2483 #ifndef OPENSSL_NO_OCB
2484 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2485 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2487 int len = sizeof(ciphertext);
2488 size_t ivlen, ref_len;
2489 const EVP_CIPHER *type = NULL;
2492 if (nullprov != NULL && idx < 6)
2493 return TEST_skip("Test does not support a non-default library context");
2497 type = EVP_aes_128_cbc();
2500 type = (type != NULL) ? type :
2501 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2503 ref_len = sizeof(cbc_state);
2507 type = EVP_aes_128_ofb();
2510 type = (type != NULL) ? type :
2511 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2513 ref_len = sizeof(ofb_state);
2517 type = EVP_aes_128_cfb();
2520 type = (type != NULL) ? type :
2521 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2523 ref_len = sizeof(cfb_state);
2527 type = EVP_aes_128_gcm();
2530 type = (type != NULL) ? type :
2531 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2533 ref_len = sizeof(gcm_state);
2536 type = EVP_aes_128_ccm();
2539 type = (type != NULL) ? type :
2540 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2542 ref_len = sizeof(ccm_state);
2544 #ifdef OPENSSL_NO_OCB
2550 type = EVP_aes_128_ocb();
2553 type = (type != NULL) ? type :
2554 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2556 ref_len = sizeof(ocb_state);
2564 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2565 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2566 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2568 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2569 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2570 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2572 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2573 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2574 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2577 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2578 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2579 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2582 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2585 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2591 EVP_CIPHER_CTX_free(ctx);
2593 EVP_CIPHER_free((EVP_CIPHER *)type);
2597 #ifndef OPENSSL_NO_DES
2598 static int test_evp_iv_des(int idx)
2601 EVP_CIPHER_CTX *ctx = NULL;
2602 static const unsigned char key[24] = {
2603 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2604 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2605 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2607 static const unsigned char init_iv[8] = {
2608 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2610 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2611 9, 10, 11, 12, 13, 14, 15, 16 };
2612 unsigned char ciphertext[32], oiv[8], iv[8];
2613 unsigned const char *ref_iv;
2614 static const unsigned char cbc_state_des[8] = {
2615 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2617 static const unsigned char cbc_state_3des[8] = {
2618 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2620 static const unsigned char ofb_state_des[8] = {
2621 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2623 static const unsigned char ofb_state_3des[8] = {
2624 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2626 static const unsigned char cfb_state_des[8] = {
2627 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2629 static const unsigned char cfb_state_3des[8] = {
2630 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2632 int len = sizeof(ciphertext);
2633 size_t ivlen, ref_len;
2634 EVP_CIPHER *type = NULL;
2636 if (lgcyprov == NULL && idx < 3)
2637 return TEST_skip("Test requires legacy provider to be loaded");
2641 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2642 ref_iv = cbc_state_des;
2643 ref_len = sizeof(cbc_state_des);
2646 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2647 ref_iv = ofb_state_des;
2648 ref_len = sizeof(ofb_state_des);
2651 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2652 ref_iv = cfb_state_des;
2653 ref_len = sizeof(cfb_state_des);
2656 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2657 ref_iv = cbc_state_3des;
2658 ref_len = sizeof(cbc_state_3des);
2661 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2662 ref_iv = ofb_state_3des;
2663 ref_len = sizeof(ofb_state_3des);
2666 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2667 ref_iv = cfb_state_3des;
2668 ref_len = sizeof(cfb_state_3des);
2675 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2676 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2677 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2679 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2680 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2681 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2683 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2684 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2685 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2688 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2689 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2691 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2696 EVP_CIPHER_CTX_free(ctx);
2697 EVP_CIPHER_free(type);
2702 #ifndef OPENSSL_NO_EC
2703 static int ecpub_nids[] = {
2704 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2705 NID_secp384r1, NID_secp521r1,
2706 # ifndef OPENSSL_NO_EC2M
2707 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2708 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2710 NID_brainpoolP384r1, NID_brainpoolP512r1
2713 static int test_ecpub(int idx)
2715 int ret = 0, len, savelen;
2717 unsigned char buf[1024];
2719 EVP_PKEY *pkey = NULL;
2720 EVP_PKEY_CTX *ctx = NULL;
2721 # ifndef OPENSSL_NO_DEPRECATED_3_0
2722 const unsigned char *q;
2723 EVP_PKEY *pkey2 = NULL;
2727 if (nullprov != NULL)
2728 return TEST_skip("Test does not support a non-default library context");
2730 nid = ecpub_nids[idx];
2732 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2734 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2735 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2736 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2738 len = i2d_PublicKey(pkey, NULL);
2740 if (!TEST_int_ge(len, 1)
2741 || !TEST_int_lt(len, 1024))
2744 len = i2d_PublicKey(pkey, &p);
2745 if (!TEST_int_ge(len, 1)
2746 || !TEST_int_eq(len, savelen))
2749 # ifndef OPENSSL_NO_DEPRECATED_3_0
2750 /* Now try to decode the just-created DER. */
2752 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2753 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2754 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2756 /* EC_KEY ownership transferred */
2758 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2760 /* The keys should match. */
2761 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2768 EVP_PKEY_CTX_free(ctx);
2769 EVP_PKEY_free(pkey);
2770 # ifndef OPENSSL_NO_DEPRECATED_3_0
2771 EVP_PKEY_free(pkey2);
2778 static int test_EVP_rsa_pss_with_keygen_bits(void)
2781 EVP_PKEY_CTX *ctx = NULL;
2782 EVP_PKEY *pkey = NULL;
2785 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2787 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2788 && TEST_true(EVP_PKEY_keygen_init(ctx))
2789 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2790 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2791 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2794 EVP_PKEY_free(pkey);
2795 EVP_PKEY_CTX_free(ctx);
2799 static int success = 1;
2800 static void md_names(const char *name, void *vctx)
2802 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2803 /* Force a namemap update */
2804 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2806 if (!TEST_ptr(aes128))
2809 EVP_CIPHER_free(aes128);
2813 * Test that changing the namemap in a user callback works in a names_do_all
2816 static int test_names_do_all(void)
2818 /* We use a custom libctx so that we know the state of the namemap */
2819 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2820 EVP_MD *sha256 = NULL;
2826 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2827 if (!TEST_ptr(sha256))
2831 * We loop through all the names for a given digest. This should still work
2832 * even if the namemap changes part way through.
2834 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2837 if (!TEST_true(success))
2842 EVP_MD_free(sha256);
2843 OSSL_LIB_CTX_free(ctx);
2847 typedef enum OPTION_choice {
2854 const OPTIONS *test_get_options(void)
2856 static const OPTIONS options[] = {
2857 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2858 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2864 int setup_tests(void)
2868 while ((o = opt_next()) != OPT_EOF) {
2871 /* Set up an alternate library context */
2872 testctx = OSSL_LIB_CTX_new();
2873 if (!TEST_ptr(testctx))
2875 /* Swap the libctx to test non-default context only */
2876 nullprov = OSSL_PROVIDER_load(NULL, "null");
2877 deflprov = OSSL_PROVIDER_load(testctx, "default");
2878 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2880 case OPT_TEST_CASES:
2887 ADD_TEST(test_EVP_set_default_properties);
2888 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2889 ADD_TEST(test_EVP_DigestVerifyInit);
2890 ADD_TEST(test_EVP_Digest);
2891 ADD_TEST(test_EVP_Enveloped);
2892 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2893 ADD_TEST(test_privatekey_to_pkcs8);
2894 #ifndef OPENSSL_NO_EC
2895 ADD_TEST(test_EVP_PKCS82PKEY);
2897 #ifndef OPENSSL_NO_EC
2898 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2900 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2901 ADD_TEST(test_EVP_SM2);
2902 ADD_TEST(test_EVP_SM2_verify);
2904 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2905 #ifndef OPENSSL_NO_DEPRECATED_3_0
2906 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2907 if (!TEST_ptr(custom_pmeth))
2909 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2910 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2911 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2912 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2915 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2916 #ifndef OPENSSL_NO_CMAC
2917 ADD_TEST(test_CMAC_keygen);
2919 ADD_TEST(test_HKDF);
2920 ADD_TEST(test_emptyikm_HKDF);
2921 #ifndef OPENSSL_NO_EC
2922 ADD_TEST(test_X509_PUBKEY_inplace);
2923 ADD_TEST(test_X509_PUBKEY_dup);
2924 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2925 OSSL_NELEM(ec_der_pub_keys));
2927 #ifndef OPENSSL_NO_DSA
2928 ADD_TEST(test_DSA_get_set_params);
2929 ADD_TEST(test_DSA_priv_pub);
2931 ADD_TEST(test_RSA_get_set_params);
2932 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2933 ADD_TEST(test_decrypt_null_chunks);
2935 #ifndef OPENSSL_NO_DH
2936 ADD_TEST(test_DH_priv_pub);
2937 # ifndef OPENSSL_NO_DEPRECATED_3_0
2938 ADD_TEST(test_EVP_PKEY_set1_DH);
2941 #ifndef OPENSSL_NO_EC
2942 ADD_TEST(test_EC_priv_pub);
2943 # ifndef OPENSSL_NO_DEPRECATED_3_0
2944 ADD_TEST(test_EC_priv_only_legacy);
2947 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2948 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2950 ADD_TEST(test_rand_agglomeration);
2951 ADD_ALL_TESTS(test_evp_iv_aes, 12);
2952 #ifndef OPENSSL_NO_DES
2953 ADD_ALL_TESTS(test_evp_iv_des, 6);
2955 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2956 #ifndef OPENSSL_NO_EC
2957 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2960 ADD_TEST(test_names_do_all);
2965 void cleanup_tests(void)
2967 OSSL_PROVIDER_unload(nullprov);
2968 OSSL_PROVIDER_unload(deflprov);
2969 OSSL_PROVIDER_unload(lgcyprov);
2970 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob