2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
252 static const unsigned char kExampleBad2RSAKeyDER[] = {
253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00
258 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
260 static const unsigned char kSignature[] = {
261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
278 static const unsigned char kExampleRSAKeyPKCS8[] = {
279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
334 #ifndef OPENSSL_NO_EC
336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
339 static const unsigned char kExampleECKeyDER[] = {
340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
355 * structure. The private key is equal to the order and will fail to import
357 static const unsigned char kExampleBadECKeyDER[] = {
358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
370 static const unsigned char kExampleECPubKeyDER[] = {
371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
385 static const unsigned char kExampleBadECPubKeyDER[] = {
386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
396 static const unsigned char pExampleECParamDER[] = {
397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
400 static const unsigned char kExampleED25519KeyDER[] = {
401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
407 static const unsigned char kExampleED25519PubKeyDER[] = {
408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
414 # ifndef OPENSSL_NO_DEPRECATED_3_0
415 static const unsigned char kExampleX25519KeyDER[] = {
416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
424 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
425 #ifndef OPENSSL_NO_DEPRECATED_3_0
426 # ifndef OPENSSL_NO_DH
427 static const unsigned char kExampleDHKeyDER[] = {
428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
452 0x2e, 0x87, 0x2a, 0x0b, 0x7a
457 static const unsigned char kCFBDefaultKey[] = {
458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
459 0x09, 0xCF, 0x4F, 0x3C
462 static const unsigned char kGCMDefaultKey[32] = { 0 };
464 static const unsigned char kGCMResetKey[] = {
465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
470 static const unsigned char iCFBIV[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
472 0x0C, 0x0D, 0x0E, 0x0F
475 static const unsigned char iGCMDefaultIV[12] = { 0 };
477 static const unsigned char iGCMResetIV1[] = {
478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
481 static const unsigned char iGCMResetIV2[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
485 static const unsigned char cfbPlaintext[] = {
486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
487 0x73, 0x93, 0x17, 0x2A
490 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
492 static const unsigned char gcmResetPlaintext[] = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
500 static const unsigned char cfbCiphertext[] = {
501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
502 0xE8, 0x3C, 0xFB, 0x4A
505 static const unsigned char gcmDefaultCiphertext[] = {
506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
507 0xba, 0xf3, 0x9d, 0x18
510 static const unsigned char gcmResetCiphertext1[] = {
511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
518 static const unsigned char gcmResetCiphertext2[] = {
519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
526 static const unsigned char gcmAAD[] = {
527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
531 static const unsigned char gcmDefaultTag[] = {
532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
533 0xd4, 0x8a, 0xb9, 0x19
536 static const unsigned char gcmResetTag1[] = {
537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
538 0xfe, 0x2e, 0xa8, 0xf2
541 static const unsigned char gcmResetTag2[] = {
542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
543 0xbb, 0x2d, 0x55, 0x1b
546 typedef struct APK_DATA_st {
547 const unsigned char *kder;
554 int type; /* 0 for private, 1 for public, 2 for params */
557 static APK_DATA keydata[] = {
558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
565 static APK_DATA keycheckdata[] = {
566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
572 #ifndef OPENSSL_NO_EC
573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
574 /* group is also associated in our pub key */
575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
580 EVP_PKEY_ED25519, 1, 1, 1, 0},
581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
582 EVP_PKEY_ED25519, 0, 1, 1, 1},
586 static EVP_PKEY *load_example_key(const char *keytype,
587 const unsigned char *data, size_t data_len)
589 const unsigned char **pdata = &data;
590 EVP_PKEY *pkey = NULL;
591 OSSL_DECODER_CTX *dctx =
592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
595 /* |pkey| will be NULL on error */
596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
597 OSSL_DECODER_CTX_free(dctx);
601 static EVP_PKEY *load_example_rsa_key(void)
603 return load_example_key("RSA", kExampleRSAKeyDER,
604 sizeof(kExampleRSAKeyDER));
607 #ifndef OPENSSL_NO_DSA
608 static EVP_PKEY *load_example_dsa_key(void)
610 return load_example_key("DSA", kExampleDSAKeyDER,
611 sizeof(kExampleDSAKeyDER));
615 #ifndef OPENSSL_NO_EC
616 static EVP_PKEY *load_example_ec_key(void)
618 return load_example_key("EC", kExampleECKeyDER,
619 sizeof(kExampleECKeyDER));
623 #ifndef OPENSSL_NO_DEPRECATED_3_0
624 # ifndef OPENSSL_NO_DH
625 static EVP_PKEY *load_example_dh_key(void)
627 return load_example_key("DH", kExampleDHKeyDER,
628 sizeof(kExampleDHKeyDER));
632 # ifndef OPENSSL_NO_EC
633 static EVP_PKEY *load_example_ed25519_key(void)
635 return load_example_key("ED25519", kExampleED25519KeyDER,
636 sizeof(kExampleED25519KeyDER));
639 static EVP_PKEY *load_example_x25519_key(void)
641 return load_example_key("X25519", kExampleX25519KeyDER,
642 sizeof(kExampleX25519KeyDER));
645 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
647 static EVP_PKEY *load_example_hmac_key(void)
649 EVP_PKEY *pkey = NULL;
650 unsigned char key[] = {
651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
657 NULL, key, sizeof(key));
664 static int test_EVP_set_default_properties(void)
670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
683 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
689 OSSL_LIB_CTX_free(ctx);
693 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
694 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
696 EVP_PKEY_CTX *pctx = NULL;
697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
706 if (!TEST_ptr(tmp_pkey))
712 EVP_PKEY_free(tmp_pkey);
713 EVP_PKEY_CTX_free(pctx);
717 static int test_selection(EVP_PKEY *pkey, int selection)
721 BIO *bio = BIO_new(BIO_s_mem());
723 ret = PEM_write_bio_PUBKEY(bio, pkey);
724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
728 if (!TEST_false(ret))
731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
737 if (!TEST_false(ret))
747 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
750 * Test combinations of private, public, missing and private + public key
751 * params to ensure they are all accepted
753 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
754 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
758 EVP_PKEY *just_params = NULL;
759 EVP_PKEY *params_and_priv = NULL;
760 EVP_PKEY *params_and_pub = NULL;
761 EVP_PKEY *params_and_keypair = NULL;
762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
766 * Setup the parameters for our pkey object. For our purposes they don't
767 * have to actually be *valid* parameters. We just need to set something.
769 if (!TEST_ptr(p = BN_new())
770 || !TEST_ptr(q = BN_new())
771 || !TEST_ptr(g = BN_new())
772 || !TEST_ptr(pub = BN_new())
773 || !TEST_ptr(priv = BN_new()))
776 /* Test !priv and !pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
786 OSSL_PARAM_free(params);
787 OSSL_PARAM_BLD_free(bld);
791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
795 /* Test priv and !pub */
796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
807 OSSL_PARAM_free(params);
808 OSSL_PARAM_BLD_free(bld);
812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
816 /* Test !priv and pub */
817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
828 OSSL_PARAM_free(params);
829 OSSL_PARAM_BLD_free(bld);
833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
837 /* Test priv and pub */
838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
856 OSSL_PARAM_free(params);
857 OSSL_PARAM_BLD_free(bld);
858 EVP_PKEY_free(just_params);
859 EVP_PKEY_free(params_and_priv);
860 EVP_PKEY_free(params_and_pub);
861 EVP_PKEY_free(params_and_keypair);
870 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
873 * Test combinations of private, public, missing and private + public key
874 * params to ensure they are all accepted for EC keys
876 #ifndef OPENSSL_NO_EC
877 static unsigned char ec_priv[] = {
878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
882 static unsigned char ec_pub[] = {
883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
888 0x08, 0x09, 0xb8, 0xdb, 0x03
891 static int test_EC_priv_pub(void)
893 OSSL_PARAM_BLD *bld = NULL;
894 OSSL_PARAM *params = NULL;
895 EVP_PKEY *just_params = NULL;
896 EVP_PKEY *params_and_priv = NULL;
897 EVP_PKEY *params_and_pub = NULL;
898 EVP_PKEY *params_and_keypair = NULL;
901 unsigned char *encoded = NULL;
904 * Setup the parameters for our pkey object. For our purposes they don't
905 * have to actually be *valid* parameters. We just need to set something.
907 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
910 /* Test !priv and !pub */
911 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
912 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
913 OSSL_PKEY_PARAM_GROUP_NAME,
916 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
917 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
920 OSSL_PARAM_free(params);
921 OSSL_PARAM_BLD_free(bld);
925 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
926 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
929 /* Test priv and !pub */
930 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
931 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
932 OSSL_PKEY_PARAM_GROUP_NAME,
934 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
937 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
938 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
941 OSSL_PARAM_free(params);
942 OSSL_PARAM_BLD_free(bld);
947 * We indicate only parameters here, in spite of having built a key that
948 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
949 * expected to fail because it does not support exporting a private EC
950 * key without a corresponding public key
952 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
953 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
956 /* Test !priv and pub */
957 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
958 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
959 OSSL_PKEY_PARAM_GROUP_NAME,
961 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
962 OSSL_PKEY_PARAM_PUB_KEY,
963 ec_pub, sizeof(ec_pub))))
965 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
966 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
969 OSSL_PARAM_free(params);
970 OSSL_PARAM_BLD_free(bld);
974 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
975 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
978 /* Test priv and pub */
979 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
980 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
981 OSSL_PKEY_PARAM_GROUP_NAME,
983 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
984 OSSL_PKEY_PARAM_PUB_KEY,
985 ec_pub, sizeof(ec_pub)))
986 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
989 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
990 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
993 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
996 /* Try key equality */
997 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
998 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1010 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1011 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1013 OPENSSL_free(encoded);
1015 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1016 OPENSSL_free(encoded);
1023 OSSL_PARAM_free(params);
1024 OSSL_PARAM_BLD_free(bld);
1025 EVP_PKEY_free(just_params);
1026 EVP_PKEY_free(params_and_priv);
1027 EVP_PKEY_free(params_and_pub);
1028 EVP_PKEY_free(params_and_keypair);
1034 /* Test that using a legacy EC key with only a private key in it works */
1035 # ifndef OPENSSL_NO_DEPRECATED_3_0
1036 static int test_EC_priv_only_legacy(void)
1038 BIGNUM *priv = NULL;
1040 EC_KEY *eckey = NULL;
1041 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1042 EVP_MD_CTX *ctx = NULL;
1044 /* Create the low level EC_KEY */
1045 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1048 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1049 if (!TEST_ptr(eckey))
1052 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1055 pkey = EVP_PKEY_new();
1056 if (!TEST_ptr(pkey))
1059 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1063 while (dup_pk == NULL) {
1065 ctx = EVP_MD_CTX_new();
1070 * The EVP_DigestSignInit function should create the key on the
1071 * provider side which is sufficient for this test.
1073 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1074 testpropq, pkey, NULL)))
1076 EVP_MD_CTX_free(ctx);
1079 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1081 /* EVP_PKEY_eq() returns -2 with missing public keys */
1082 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1083 EVP_PKEY_free(pkey);
1090 EVP_MD_CTX_free(ctx);
1091 EVP_PKEY_free(pkey);
1097 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1098 #endif /* OPENSSL_NO_EC */
1100 static int test_EVP_PKEY_sign(int tst)
1103 EVP_PKEY *pkey = NULL;
1104 unsigned char *sig = NULL;
1105 size_t sig_len = 0, shortsig_len = 1;
1106 EVP_PKEY_CTX *ctx = NULL;
1107 unsigned char tbs[] = {
1108 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1109 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1113 if (!TEST_ptr(pkey = load_example_rsa_key()))
1115 } else if (tst == 1) {
1116 #ifndef OPENSSL_NO_DSA
1117 if (!TEST_ptr(pkey = load_example_dsa_key()))
1124 #ifndef OPENSSL_NO_EC
1125 if (!TEST_ptr(pkey = load_example_ec_key()))
1133 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1135 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1136 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1139 sig = OPENSSL_malloc(sig_len);
1141 /* Test sending a signature buffer that is too short is rejected */
1142 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1144 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1146 /* Test the signature round-trips */
1147 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1148 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1154 EVP_PKEY_CTX_free(ctx);
1156 EVP_PKEY_free(pkey);
1161 * n = 0 => test using legacy cipher
1162 * n = 1 => test using fetched cipher
1164 static int test_EVP_Enveloped(int n)
1167 EVP_CIPHER_CTX *ctx = NULL;
1168 EVP_PKEY *keypair = NULL;
1169 unsigned char *kek = NULL;
1170 unsigned char iv[EVP_MAX_IV_LENGTH];
1171 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1172 int len, kek_len, ciphertext_len, plaintext_len;
1173 unsigned char ciphertext[32], plaintext[16];
1174 EVP_CIPHER *type = NULL;
1176 if (nullprov != NULL)
1177 return TEST_skip("Test does not support a non-default library context");
1180 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1181 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1185 if (!TEST_ptr(keypair = load_example_rsa_key())
1186 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1187 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1188 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1190 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1192 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1196 ciphertext_len += len;
1198 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1199 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1200 ciphertext, ciphertext_len))
1201 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1204 plaintext_len += len;
1205 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1211 EVP_CIPHER_free(type);
1213 EVP_PKEY_free(keypair);
1214 EVP_CIPHER_CTX_free(ctx);
1219 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1220 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1221 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1222 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1223 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1224 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1225 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1226 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1227 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1228 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1229 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1230 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1231 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1232 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1233 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1234 * Test 15-29: Same as above with reinitialization
1236 static int test_EVP_DigestSignInit(int tst)
1239 EVP_PKEY *pkey = NULL;
1240 unsigned char *sig = NULL, *sig2 = NULL;
1241 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1242 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1243 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1244 BIO *mdbio = NULL, *membio = NULL;
1247 EVP_MD *mdexp = NULL;
1250 if (nullprov != NULL)
1251 return TEST_skip("Test does not support a non-default library context");
1258 if (tst >= 6 && tst <= 8) {
1259 membio = BIO_new(BIO_s_mem());
1260 mdbio = BIO_new(BIO_f_md());
1261 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1263 BIO_push(mdbio, membio);
1264 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1267 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1268 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1273 if (!TEST_ptr(pkey = load_example_rsa_key()))
1275 } else if (tst % 3 == 1) {
1276 #ifndef OPENSSL_NO_DSA
1277 if (!TEST_ptr(pkey = load_example_dsa_key()))
1284 if (!TEST_ptr(pkey = load_example_hmac_key()))
1288 if (tst >= 3 && tst <= 5)
1289 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1293 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1296 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1299 if (tst >= 6 && tst <= 8) {
1300 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1302 } else if (tst < 6) {
1303 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1308 /* Determine the size of the signature. */
1309 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1311 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1314 /* Test that supply a short sig buffer fails */
1315 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1319 * We end here because once EVP_DigestSign() has failed you should
1320 * not call it again without re-initing the ctx
1325 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1329 /* Determine the size of the signature. */
1330 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1331 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1333 * Trying to create a signature with a deliberately short
1334 * buffer should fail.
1336 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1337 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1342 * Ensure that the signature round-trips (Verification isn't supported for
1343 * HMAC via EVP_DigestVerify*)
1346 if (tst >= 6 && tst <= 8) {
1347 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1348 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1352 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1356 if (tst >= 6 && tst <= 8) {
1357 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1360 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1364 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1367 /* Multiple calls to EVP_DigestVerifyFinal should work */
1368 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1372 * For HMAC a doubled call to DigestSignFinal should produce the same
1373 * value as finalization should not happen.
1375 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1376 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1377 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1380 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1389 EVP_MD_CTX_free(a_md_ctx);
1390 EVP_MD_CTX_free(a_md_ctx_verify);
1391 EVP_PKEY_free(pkey);
1399 static int test_EVP_DigestVerifyInit(void)
1402 EVP_PKEY *pkey = NULL;
1403 EVP_MD_CTX *md_ctx = NULL;
1405 if (nullprov != NULL)
1406 return TEST_skip("Test does not support a non-default library context");
1408 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1409 || !TEST_ptr(pkey = load_example_rsa_key()))
1412 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1413 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1414 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1415 sizeof(kSignature)), 0))
1418 /* test with reinitialization */
1419 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1420 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1421 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1422 sizeof(kSignature)), 0))
1427 EVP_MD_CTX_free(md_ctx);
1428 EVP_PKEY_free(pkey);
1432 #ifndef OPENSSL_NO_SIPHASH
1433 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1434 static int test_siphash_digestsign(void)
1436 unsigned char key[16];
1437 unsigned char buf[8], digest[8];
1438 unsigned char expected[8] = {
1439 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1441 EVP_PKEY *pkey = NULL;
1442 EVP_MD_CTX *mdctx = NULL;
1443 EVP_PKEY_CTX *ctx = NULL;
1447 if (nullprov != NULL)
1448 return TEST_skip("Test does not support a non-default library context");
1452 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1456 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1459 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1461 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1462 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1466 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1468 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1470 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1472 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1477 EVP_PKEY_free(pkey);
1478 EVP_MD_CTX_free(mdctx);
1484 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1486 static int test_EVP_Digest(void)
1489 EVP_MD_CTX *md_ctx = NULL;
1490 unsigned char md[EVP_MAX_MD_SIZE];
1491 EVP_MD *sha256 = NULL;
1492 EVP_MD *shake256 = NULL;
1494 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1497 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1498 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1501 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1502 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1503 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1504 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1505 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1508 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1509 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1510 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1511 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1512 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1514 * EVP_DigestInit_ex with NULL type should work on
1515 * pre-initialized context.
1517 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1520 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1521 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1522 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1523 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1524 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1525 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1530 EVP_MD_CTX_free(md_ctx);
1531 EVP_MD_free(sha256);
1532 EVP_MD_free(shake256);
1536 static int test_EVP_md_null(void)
1539 EVP_MD_CTX *md_ctx = NULL;
1540 const EVP_MD *md_null = EVP_md_null();
1541 unsigned char md_value[EVP_MAX_MD_SIZE];
1542 unsigned int md_len = sizeof(md_value);
1544 if (nullprov != NULL)
1545 return TEST_skip("Test does not support a non-default library context");
1547 if (!TEST_ptr(md_null)
1548 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1551 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1552 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1553 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1556 if (!TEST_uint_eq(md_len, 0))
1561 EVP_MD_CTX_free(md_ctx);
1565 static int test_d2i_AutoPrivateKey(int i)
1568 const unsigned char *p;
1569 EVP_PKEY *pkey = NULL;
1570 const APK_DATA *ak = &keydata[i];
1571 const unsigned char *input = ak->kder;
1572 size_t input_len = ak->size;
1573 int expected_id = ak->evptype;
1576 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1577 || !TEST_ptr_eq(p, input + input_len)
1578 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1584 EVP_PKEY_free(pkey);
1588 #ifndef OPENSSL_NO_EC
1590 static const unsigned char ec_public_sect163k1_validxy[] = {
1591 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1592 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1593 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1594 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1595 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1596 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1599 static const unsigned char ec_public_sect163k1_badx[] = {
1600 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1601 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1602 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1603 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1604 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1605 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1608 static const unsigned char ec_public_sect163k1_bady[] = {
1609 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1610 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1611 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1612 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1613 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1614 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1617 static struct ec_der_pub_keys_st {
1618 const unsigned char *der;
1621 } ec_der_pub_keys[] = {
1622 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1623 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1624 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1628 * Tests the range of the decoded EC char2 public point.
1629 * See ec_GF2m_simple_oct2point().
1631 static int test_invalide_ec_char2_pub_range_decode(int id)
1636 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1637 ec_der_pub_keys[id].len);
1639 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1640 || TEST_ptr_null(pkey);
1641 EVP_PKEY_free(pkey);
1645 /* Tests loading a bad key in PKCS8 format */
1646 static int test_EVP_PKCS82PKEY(void)
1649 const unsigned char *derp = kExampleBadECKeyDER;
1650 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1651 EVP_PKEY *pkey = NULL;
1653 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1654 sizeof(kExampleBadECKeyDER))))
1657 if (!TEST_ptr_eq(derp,
1658 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1661 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1667 PKCS8_PRIV_KEY_INFO_free(p8inf);
1668 EVP_PKEY_free(pkey);
1674 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1676 EVP_PKEY *pkey = NULL;
1677 EVP_PKEY *pkey2 = NULL;
1679 char *membuf = NULL;
1680 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1683 if (testctx != NULL)
1684 /* test not supported with non-default context */
1687 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1688 || !TEST_ptr(pkey = load_example_rsa_key())
1689 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1690 NULL, 0, NULL, NULL),
1692 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1693 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1694 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1695 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1701 EVP_PKEY_free(pkey);
1702 EVP_PKEY_free(pkey2);
1703 PKCS8_PRIV_KEY_INFO_free(p8inf);
1704 BIO_free_all(membio);
1708 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1709 static int test_privatekey_to_pkcs8(void)
1711 EVP_PKEY *pkey = NULL;
1713 char *membuf = NULL;
1714 long membuf_len = 0;
1717 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1718 || !TEST_ptr(pkey = load_example_rsa_key())
1719 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1720 NULL, 0, NULL, NULL),
1722 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1723 || !TEST_ptr(membuf)
1724 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1725 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1727 * We try to write PEM as well, just to see that it doesn't err, but
1728 * assume that the result is correct.
1730 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1731 NULL, 0, NULL, NULL),
1737 EVP_PKEY_free(pkey);
1738 BIO_free_all(membio);
1742 #ifndef OPENSSL_NO_EC
1743 static const struct {
1745 const char *encoding_name;
1746 } ec_encodings[] = {
1747 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1748 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1751 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1753 const OSSL_PARAM *p;
1754 const char *enc_name = NULL;
1760 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1761 OSSL_PKEY_PARAM_EC_ENCODING))
1762 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1765 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1766 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1767 *enc = ec_encodings[i].encoding;
1772 return (*enc != -1);
1775 static int test_EC_keygen_with_enc(int idx)
1777 EVP_PKEY *params = NULL, *key = NULL;
1778 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1782 enc = ec_encodings[idx].encoding;
1784 /* Create key parameters */
1785 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1786 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1787 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1789 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1790 || !TEST_ptr(params))
1794 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1795 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1796 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1800 /* Check that the encoding got all the way into the key */
1801 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1802 ec_export_get_encoding_cb, &enc))
1803 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1809 EVP_PKEY_free(params);
1810 EVP_PKEY_CTX_free(kctx);
1811 EVP_PKEY_CTX_free(pctx);
1816 #if !defined(OPENSSL_NO_SM2)
1818 static int test_EVP_SM2_verify(void)
1820 const char *pubkey =
1821 "-----BEGIN PUBLIC KEY-----\n"
1822 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1823 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1824 "-----END PUBLIC KEY-----\n";
1826 const char *msg = "message digest";
1827 const char *id = "ALICE123@YAHOO.COM";
1829 const uint8_t signature[] = {
1830 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1831 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1832 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1833 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1834 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1835 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1836 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1841 EVP_PKEY *pkey = NULL;
1842 EVP_MD_CTX *mctx = NULL;
1843 EVP_PKEY_CTX *pctx = NULL;
1846 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1847 if (!TEST_true(bio != NULL))
1850 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1851 if (!TEST_true(pkey != NULL))
1854 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1857 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1860 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1863 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1865 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1868 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1874 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1877 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1883 EVP_PKEY_free(pkey);
1884 EVP_PKEY_CTX_free(pctx);
1885 EVP_MD_CTX_free(mctx);
1890 static int test_EVP_SM2(void)
1893 EVP_PKEY *pkey = NULL;
1894 EVP_PKEY *pkeyparams = NULL;
1895 EVP_PKEY_CTX *pctx = NULL;
1896 EVP_PKEY_CTX *kctx = NULL;
1897 EVP_PKEY_CTX *sctx = NULL;
1899 unsigned char *sig = NULL;
1900 EVP_MD_CTX *md_ctx = NULL;
1901 EVP_MD_CTX *md_ctx_verify = NULL;
1902 EVP_PKEY_CTX *cctx = NULL;
1903 EVP_MD *check_md = NULL;
1905 uint8_t ciphertext[128];
1906 size_t ctext_len = sizeof(ciphertext);
1908 uint8_t plaintext[8];
1909 size_t ptext_len = sizeof(plaintext);
1911 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1913 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1916 char mdname[OSSL_MAX_NAME_SIZE];
1918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1922 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1925 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1928 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1931 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1932 pkeyparams, testpropq)))
1935 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1938 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1941 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1944 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1947 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1951 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1953 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1956 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1959 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1962 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1965 /* Determine the size of the signature. */
1966 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1969 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1972 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1975 /* Ensure that the signature round-trips. */
1977 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1984 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1991 * Try verify again with non-matching 0 length id but ensure that it can
1992 * be set on the context and overrides the previous value.
1995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1999 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2002 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2005 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2008 /* now check encryption/decryption */
2010 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2011 mdname, sizeof(mdname));
2012 for (i = 0; i < 2; i++) {
2013 const char *mdnames[] = {
2014 #ifndef OPENSSL_NO_SM3
2020 EVP_PKEY_CTX_free(cctx);
2022 if (mdnames[i] == NULL)
2026 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2027 (char *)mdnames[i], 0);
2029 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2033 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2036 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2039 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2043 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2046 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2049 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2053 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2057 * Test we're still using the digest we think we are.
2058 * Because of aliases, the easiest is to fetch the digest and
2059 * check the name with EVP_MD_is_a().
2061 EVP_MD_free(check_md);
2062 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2064 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2065 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2069 if (!TEST_true(ptext_len == sizeof(kMsg)))
2072 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2078 EVP_PKEY_CTX_free(pctx);
2079 EVP_PKEY_CTX_free(kctx);
2080 EVP_PKEY_CTX_free(sctx);
2081 EVP_PKEY_CTX_free(cctx);
2082 EVP_PKEY_free(pkey);
2083 EVP_PKEY_free(pkeyparams);
2084 EVP_MD_CTX_free(md_ctx);
2085 EVP_MD_CTX_free(md_ctx_verify);
2086 EVP_MD_free(check_md);
2093 static struct keys_st {
2099 EVP_PKEY_HMAC, "0123456789", NULL
2102 EVP_PKEY_HMAC, "", NULL
2103 #ifndef OPENSSL_NO_POLY1305
2105 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2107 #ifndef OPENSSL_NO_SIPHASH
2109 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2112 #ifndef OPENSSL_NO_EC
2114 EVP_PKEY_X25519, "01234567890123456789012345678901",
2115 "abcdefghijklmnopqrstuvwxyzabcdef"
2117 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2118 "abcdefghijklmnopqrstuvwxyzabcdef"
2121 "01234567890123456789012345678901234567890123456789012345",
2122 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2125 "012345678901234567890123456789012345678901234567890123456",
2126 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2131 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2134 unsigned char buf[80];
2136 size_t inlen, len = 0, shortlen = 1;
2139 /* Check if this algorithm supports public keys */
2140 if (pub && keys[tst].pub == NULL)
2143 memset(buf, 0, sizeof(buf));
2146 #ifndef OPENSSL_NO_EC
2147 inlen = strlen(keys[tst].pub);
2148 in = (unsigned char *)keys[tst].pub;
2150 pkey = EVP_PKEY_new_raw_public_key_ex(
2152 OBJ_nid2sn(keys[tst].type),
2157 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2166 inlen = strlen(keys[tst].priv);
2167 in = (unsigned char *)keys[tst].priv;
2169 pkey = EVP_PKEY_new_raw_private_key_ex(
2170 testctx, OBJ_nid2sn(keys[tst].type),
2175 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2183 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2184 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2185 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2186 || !TEST_true(len == inlen))
2190 * Test that supplying a buffer that is too small fails. Doesn't apply
2191 * to HMAC with a zero length key
2193 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2195 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2199 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2200 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2201 || !TEST_mem_eq(in, inlen, buf, len))
2206 EVP_PKEY_free(pkey);
2210 static int test_set_get_raw_keys(int tst)
2212 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2213 && test_set_get_raw_keys_int(tst, 0, 1)
2214 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2215 && test_set_get_raw_keys_int(tst, 1, 1);
2218 #ifndef OPENSSL_NO_DEPRECATED_3_0
2219 static int pkey_custom_check(EVP_PKEY *pkey)
2224 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2229 static int pkey_custom_param_check(EVP_PKEY *pkey)
2234 static EVP_PKEY_METHOD *custom_pmeth;
2237 static int test_EVP_PKEY_check(int i)
2240 EVP_PKEY *pkey = NULL;
2241 EVP_PKEY_CTX *ctx = NULL;
2242 #ifndef OPENSSL_NO_DEPRECATED_3_0
2243 EVP_PKEY_CTX *ctx2 = NULL;
2245 const APK_DATA *ak = &keycheckdata[i];
2246 const unsigned char *input = ak->kder;
2247 size_t input_len = ak->size;
2248 int expected_id = ak->evptype;
2249 int expected_check = ak->check;
2250 int expected_pub_check = ak->pub_check;
2251 int expected_param_check = ak->param_check;
2252 int type = ak->type;
2254 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2257 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2260 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2263 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2266 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2269 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2272 #ifndef OPENSSL_NO_DEPRECATED_3_0
2273 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2274 /* assign the pkey directly, as an internal test */
2275 EVP_PKEY_up_ref(pkey);
2278 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2281 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2284 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2291 EVP_PKEY_CTX_free(ctx);
2292 #ifndef OPENSSL_NO_DEPRECATED_3_0
2293 EVP_PKEY_CTX_free(ctx2);
2295 EVP_PKEY_free(pkey);
2299 #ifndef OPENSSL_NO_CMAC
2300 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2302 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2303 const char msg[] = "Hello World";
2304 size_t maclen = AES_BLOCK_SIZE;
2307 if (!TEST_ptr(mdctx)
2308 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2309 testpropq, pkey, NULL))
2310 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2311 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2312 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2315 EVP_MD_CTX_free(mdctx);
2319 static int test_CMAC_keygen(void)
2321 static unsigned char key[] = {
2322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2323 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2324 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2326 EVP_PKEY_CTX *kctx = NULL;
2328 EVP_PKEY *pkey = NULL;
2329 unsigned char mac[AES_BLOCK_SIZE];
2330 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2331 unsigned char mac2[AES_BLOCK_SIZE];
2334 if (nullprov != NULL)
2335 return TEST_skip("Test does not support a non-default library context");
2338 * This is a legacy method for CMACs, but should still work.
2339 * This verifies that it works without an ENGINE.
2341 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2343 /* Test a CMAC key created using the "generated" method */
2344 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2345 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2346 EVP_PKEY_CTRL_CIPHER,
2347 0, (void *)EVP_aes_256_cbc()), 0)
2348 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2349 EVP_PKEY_CTRL_SET_MAC_KEY,
2350 sizeof(key), (void *)key), 0)
2351 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2353 || !TEST_true(get_cmac_val(pkey, mac)))
2356 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2357 EVP_PKEY_free(pkey);
2360 * Test a CMAC key using the direct method, and compare with the mac
2363 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2365 || !TEST_true(get_cmac_val(pkey, mac2))
2366 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2373 EVP_PKEY_free(pkey);
2374 EVP_PKEY_CTX_free(kctx);
2379 static int test_HKDF(void)
2382 unsigned char out[20];
2385 unsigned char salt[] = "0123456789";
2386 unsigned char key[] = "012345678901234567890123456789";
2387 unsigned char info[] = "infostring";
2388 const unsigned char expected[] = {
2389 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2390 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2392 size_t expectedlen = sizeof(expected);
2394 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2397 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2398 for (i = 0; i < 2; i++) {
2399 outlen = sizeof(out);
2400 memset(out, 0, outlen);
2402 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2404 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2405 sizeof(salt) - 1), 0)
2406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2407 sizeof(key) - 1), 0)
2408 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2409 sizeof(info) - 1), 0)
2410 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2411 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2418 EVP_PKEY_CTX_free(pctx);
2423 static int test_emptyikm_HKDF(void)
2426 unsigned char out[20];
2429 unsigned char salt[] = "9876543210";
2430 unsigned char key[] = "";
2431 unsigned char info[] = "stringinfo";
2432 const unsigned char expected[] = {
2433 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2434 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2436 size_t expectedlen = sizeof(expected);
2438 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2441 outlen = sizeof(out);
2442 memset(out, 0, outlen);
2444 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2446 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2447 sizeof(salt) - 1), 0)
2448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2449 sizeof(key) - 1), 0)
2450 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2451 sizeof(info) - 1), 0)
2452 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2453 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2459 EVP_PKEY_CTX_free(pctx);
2464 #ifndef OPENSSL_NO_EC
2465 static int test_X509_PUBKEY_inplace(void)
2468 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2469 const unsigned char *p = kExampleECPubKeyDER;
2470 size_t input_len = sizeof(kExampleECPubKeyDER);
2474 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2477 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2480 p = kExampleBadECPubKeyDER;
2481 input_len = sizeof(kExampleBadECPubKeyDER);
2483 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2486 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2492 X509_PUBKEY_free(xp);
2496 static int test_X509_PUBKEY_dup(void)
2499 X509_PUBKEY *xp = NULL, *xq = NULL;
2500 const unsigned char *p = kExampleECPubKeyDER;
2501 size_t input_len = sizeof(kExampleECPubKeyDER);
2503 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2505 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2506 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2507 || !TEST_ptr_ne(xp, xq))
2510 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2511 || !TEST_ptr(X509_PUBKEY_get0(xp))
2512 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2515 X509_PUBKEY_free(xq);
2517 p = kExampleBadECPubKeyDER;
2518 input_len = sizeof(kExampleBadECPubKeyDER);
2520 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2521 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2524 X509_PUBKEY_free(xp);
2526 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2532 X509_PUBKEY_free(xp);
2533 X509_PUBKEY_free(xq);
2536 #endif /* OPENSSL_NO_EC */
2538 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2539 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2541 EVP_MD_CTX *mdctx = NULL;
2542 EVP_PKEY_CTX *ctx = NULL;
2543 const OSSL_PARAM *params;
2544 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2547 char mdname[OSSL_MAX_NAME_SIZE];
2550 /* Initialise a sign operation */
2551 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2553 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2557 * We should be able to query the parameters now.
2559 params = EVP_PKEY_CTX_settable_params(ctx);
2560 if (!TEST_ptr(params)
2561 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2562 OSSL_SIGNATURE_PARAM_DIGEST)))
2565 params = EVP_PKEY_CTX_gettable_params(ctx);
2566 if (!TEST_ptr(params)
2567 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2568 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2569 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2570 OSSL_SIGNATURE_PARAM_DIGEST)))
2574 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2575 * EVP_PKEY_CTX_get_params()
2577 strcpy(mdname, "SHA512");
2579 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2581 *param++ = OSSL_PARAM_construct_end();
2583 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2587 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2588 mdname, sizeof(mdname));
2589 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2590 || !TEST_str_eq(mdname, "SHA512"))
2594 * Test the TEST_PKEY_CTX_set_signature_md() and
2595 * TEST_PKEY_CTX_get_signature_md() functions
2597 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2598 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2599 || !TEST_ptr_eq(md, EVP_sha256()))
2603 * Test getting MD parameters via an associated EVP_PKEY_CTX
2605 mdctx = EVP_MD_CTX_new();
2606 if (!TEST_ptr(mdctx)
2607 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2612 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2613 * able to obtain the digest's settable parameters from the provider.
2615 params = EVP_MD_CTX_settable_params(mdctx);
2616 if (!TEST_ptr(params)
2617 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2618 /* The final key should be NULL */
2619 || !TEST_ptr_null(params[1].key))
2623 memset(ssl3ms, 0, sizeof(ssl3ms));
2624 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2625 ssl3ms, sizeof(ssl3ms));
2626 *param++ = OSSL_PARAM_construct_end();
2628 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2634 EVP_MD_CTX_free(mdctx);
2635 EVP_PKEY_CTX_free(ctx);
2640 #ifndef OPENSSL_NO_DSA
2641 static int test_DSA_get_set_params(void)
2643 OSSL_PARAM_BLD *bld = NULL;
2644 OSSL_PARAM *params = NULL;
2645 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2646 EVP_PKEY_CTX *pctx = NULL;
2647 EVP_PKEY *pkey = NULL;
2651 * Setup the parameters for our DSA object. For our purposes they don't
2652 * have to actually be *valid* parameters. We just need to set something.
2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2655 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2656 || !TEST_ptr(p = BN_new())
2657 || !TEST_ptr(q = BN_new())
2658 || !TEST_ptr(g = BN_new())
2659 || !TEST_ptr(pub = BN_new())
2660 || !TEST_ptr(priv = BN_new()))
2662 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2665 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2673 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2674 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2678 if (!TEST_ptr(pkey))
2681 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2684 EVP_PKEY_free(pkey);
2685 EVP_PKEY_CTX_free(pctx);
2686 OSSL_PARAM_free(params);
2687 OSSL_PARAM_BLD_free(bld);
2698 * Test combinations of private, public, missing and private + public key
2699 * params to ensure they are all accepted
2701 static int test_DSA_priv_pub(void)
2703 return test_EVP_PKEY_ffc_priv_pub("DSA");
2706 #endif /* !OPENSSL_NO_DSA */
2708 static int test_RSA_get_set_params(void)
2710 OSSL_PARAM_BLD *bld = NULL;
2711 OSSL_PARAM *params = NULL;
2712 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2713 EVP_PKEY_CTX *pctx = NULL;
2714 EVP_PKEY *pkey = NULL;
2718 * Setup the parameters for our RSA object. For our purposes they don't
2719 * have to actually be *valid* parameters. We just need to set something.
2721 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2722 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2723 || !TEST_ptr(n = BN_new())
2724 || !TEST_ptr(e = BN_new())
2725 || !TEST_ptr(d = BN_new()))
2727 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2731 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2734 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2735 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2739 if (!TEST_ptr(pkey))
2742 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2745 EVP_PKEY_free(pkey);
2746 EVP_PKEY_CTX_free(pctx);
2747 OSSL_PARAM_free(params);
2748 OSSL_PARAM_BLD_free(bld);
2756 static int test_RSA_OAEP_set_get_params(void)
2759 EVP_PKEY *key = NULL;
2760 EVP_PKEY_CTX *key_ctx = NULL;
2762 if (nullprov != NULL)
2763 return TEST_skip("Test does not support a non-default library context");
2765 if (!TEST_ptr(key = load_example_rsa_key())
2766 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2770 int padding = RSA_PKCS1_OAEP_PADDING;
2771 OSSL_PARAM params[4];
2773 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2774 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2775 OSSL_DIGEST_NAME_SHA2_256, 0);
2776 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2777 OSSL_DIGEST_NAME_SHA1, 0);
2778 params[3] = OSSL_PARAM_construct_end();
2780 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2784 OSSL_PARAM params[3];
2785 char oaepmd[30] = { '\0' };
2786 char mgf1md[30] = { '\0' };
2788 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2789 oaepmd, sizeof(oaepmd));
2790 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2791 mgf1md, sizeof(mgf1md));
2792 params[2] = OSSL_PARAM_construct_end();
2794 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2797 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2798 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2806 EVP_PKEY_CTX_free(key_ctx);
2811 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2812 static int test_decrypt_null_chunks(void)
2814 EVP_CIPHER_CTX* ctx = NULL;
2815 EVP_CIPHER *cipher = NULL;
2816 const unsigned char key[32] = {
2817 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2818 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2819 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2821 unsigned char iv[12] = {
2822 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2824 unsigned char msg[] = "It was the best of times, it was the worst of times";
2825 unsigned char ciphertext[80];
2826 unsigned char plaintext[80];
2827 /* We initialise tmp to a non zero value on purpose */
2828 int ctlen, ptlen, tmp = 99;
2830 const int enc_offset = 10, dec_offset = 20;
2832 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2834 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2836 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2838 /* Deliberate add a zero length update */
2839 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2841 || !TEST_int_eq(tmp, 0)
2842 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2844 sizeof(msg) - enc_offset))
2845 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2846 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2847 || !TEST_int_eq(tmp, 0))
2850 /* Deliberately initialise tmp to a non zero value */
2852 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2853 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2856 * Deliberately add a zero length update. We also deliberately do
2857 * this at a different offset than for encryption.
2859 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2861 || !TEST_int_eq(tmp, 0)
2862 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2863 ciphertext + dec_offset,
2864 ctlen - dec_offset))
2865 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2866 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2867 || !TEST_int_eq(tmp, 0)
2868 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2873 EVP_CIPHER_CTX_free(ctx);
2874 EVP_CIPHER_free(cipher);
2877 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2879 #ifndef OPENSSL_NO_DH
2881 * Test combinations of private, public, missing and private + public key
2882 * params to ensure they are all accepted
2884 static int test_DH_priv_pub(void)
2886 return test_EVP_PKEY_ffc_priv_pub("DH");
2889 # ifndef OPENSSL_NO_DEPRECATED_3_0
2890 static int test_EVP_PKEY_set1_DH(void)
2892 DH *x942dh = NULL, *noqdh = NULL;
2893 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2895 BIGNUM *p, *g = NULL;
2896 BIGNUM *pubkey = NULL;
2897 unsigned char pub[2048 / 8];
2900 if (!TEST_ptr(p = BN_new())
2901 || !TEST_ptr(g = BN_new())
2902 || !TEST_ptr(pubkey = BN_new())
2903 || !TEST_true(BN_set_word(p, 9999))
2904 || !TEST_true(BN_set_word(g, 2))
2905 || !TEST_true(BN_set_word(pubkey, 4321))
2906 || !TEST_ptr(noqdh = DH_new())
2907 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2908 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2909 || !TEST_ptr(pubkey = BN_new())
2910 || !TEST_true(BN_set_word(pubkey, 4321)))
2914 x942dh = DH_get_2048_256();
2915 pkey1 = EVP_PKEY_new();
2916 pkey2 = EVP_PKEY_new();
2917 if (!TEST_ptr(x942dh)
2921 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2925 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2926 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2929 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2931 || !TEST_ptr(pubkey))
2934 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2935 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2938 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2939 OSSL_PKEY_PARAM_PUB_KEY,
2940 pub, sizeof(pub), &len))
2941 || !TEST_size_t_ne(len, 0))
2949 EVP_PKEY_free(pkey1);
2950 EVP_PKEY_free(pkey2);
2956 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2957 #endif /* !OPENSSL_NO_DH */
2960 * We test what happens with an empty template. For the sake of this test,
2961 * the template must be ignored, and we know that's the case for RSA keys
2962 * (this might arguably be a misfeature, but that's what we currently do,
2963 * even in provider code, since that's how the legacy RSA implementation
2966 static int test_keygen_with_empty_template(int n)
2968 EVP_PKEY_CTX *ctx = NULL;
2969 EVP_PKEY *pkey = NULL;
2970 EVP_PKEY *tkey = NULL;
2973 if (nullprov != NULL)
2974 return TEST_skip("Test does not support a non-default library context");
2978 /* We do test with no template at all as well */
2979 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2983 /* Here we create an empty RSA key that serves as our template */
2984 if (!TEST_ptr(tkey = EVP_PKEY_new())
2985 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2986 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2991 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2992 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2997 EVP_PKEY_CTX_free(ctx);
2998 EVP_PKEY_free(pkey);
2999 EVP_PKEY_free(tkey);
3004 * Test that we fail if we attempt to use an algorithm that is not available
3005 * in the current library context (unless we are using an algorithm that
3006 * should be made available via legacy codepaths).
3011 static int test_pkey_ctx_fail_without_provider(int tst)
3013 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3014 OSSL_PROVIDER *tmpnullprov = NULL;
3015 EVP_PKEY_CTX *pctx = NULL;
3016 const char *keytype = NULL;
3017 int expect_null = 0;
3020 if (!TEST_ptr(tmpctx))
3023 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3024 if (!TEST_ptr(tmpnullprov))
3028 * We check for certain algos in the null provider.
3029 * If an algo is expected to have a provider keymgmt, constructing an
3030 * EVP_PKEY_CTX is expected to fail (return NULL).
3031 * Otherwise, if it's expected to have legacy support, constructing an
3032 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3042 #ifdef OPENSSL_NO_EC
3043 TEST_info("EC disable, skipping SM2 check...");
3046 #ifdef OPENSSL_NO_SM2
3047 TEST_info("SM2 disable, skipping SM2 check...");
3052 TEST_error("No test for case %d", tst);
3056 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3057 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3060 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3066 EVP_PKEY_CTX_free(pctx);
3067 OSSL_PROVIDER_unload(tmpnullprov);
3068 OSSL_LIB_CTX_free(tmpctx);
3072 static int test_rand_agglomeration(void)
3076 OSSL_PARAM params[3], *p = params;
3078 unsigned int step = 7;
3079 static unsigned char seed[] = "It does not matter how slowly you go "
3080 "as long as you do not stop.";
3081 unsigned char out[sizeof(seed)];
3083 if (!TEST_int_ne(sizeof(seed) % step, 0)
3084 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3086 ctx = EVP_RAND_CTX_new(rand, NULL);
3087 EVP_RAND_free(rand);
3091 memset(out, 0, sizeof(out));
3092 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3093 seed, sizeof(seed));
3094 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3095 *p = OSSL_PARAM_construct_end();
3096 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3097 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3098 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3099 EVP_RAND_CTX_free(ctx);
3104 * Test that we correctly return the original or "running" IV after
3105 * an encryption operation.
3106 * Run multiple times for some different relevant algorithms/modes.
3108 static int test_evp_iv_aes(int idx)
3111 EVP_CIPHER_CTX *ctx = NULL;
3112 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3113 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3114 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3115 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3116 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3117 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3118 9, 10, 11, 12, 13, 14, 15, 16 };
3119 unsigned char ciphertext[32], oiv[16], iv[16];
3120 unsigned char *ref_iv;
3121 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3122 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3124 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3125 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3126 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3127 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3128 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3129 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3130 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3131 #ifndef OPENSSL_NO_OCB
3132 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3133 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3135 int len = sizeof(ciphertext);
3136 size_t ivlen, ref_len;
3137 const EVP_CIPHER *type = NULL;
3140 if (nullprov != NULL && idx < 6)
3141 return TEST_skip("Test does not support a non-default library context");
3145 type = EVP_aes_128_cbc();
3148 type = (type != NULL) ? type :
3149 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3151 ref_len = sizeof(cbc_state);
3155 type = EVP_aes_128_ofb();
3158 type = (type != NULL) ? type :
3159 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3161 ref_len = sizeof(ofb_state);
3165 type = EVP_aes_128_cfb();
3168 type = (type != NULL) ? type :
3169 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3171 ref_len = sizeof(cfb_state);
3175 type = EVP_aes_128_gcm();
3178 type = (type != NULL) ? type :
3179 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3181 ref_len = sizeof(gcm_state);
3184 type = EVP_aes_128_ccm();
3187 type = (type != NULL) ? type :
3188 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3190 ref_len = sizeof(ccm_state);
3192 #ifdef OPENSSL_NO_OCB
3198 type = EVP_aes_128_ocb();
3201 type = (type != NULL) ? type :
3202 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3204 ref_len = sizeof(ocb_state);
3212 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3213 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3214 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3216 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3217 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3218 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3220 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3221 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3222 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3225 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3226 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3227 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3230 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3233 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3239 EVP_CIPHER_CTX_free(ctx);
3241 EVP_CIPHER_free((EVP_CIPHER *)type);
3245 #ifndef OPENSSL_NO_DES
3246 static int test_evp_iv_des(int idx)
3249 EVP_CIPHER_CTX *ctx = NULL;
3250 static const unsigned char key[24] = {
3251 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3252 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3253 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3255 static const unsigned char init_iv[8] = {
3256 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3258 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3259 9, 10, 11, 12, 13, 14, 15, 16 };
3260 unsigned char ciphertext[32], oiv[8], iv[8];
3261 unsigned const char *ref_iv;
3262 static const unsigned char cbc_state_des[8] = {
3263 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3265 static const unsigned char cbc_state_3des[8] = {
3266 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3268 static const unsigned char ofb_state_des[8] = {
3269 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3271 static const unsigned char ofb_state_3des[8] = {
3272 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3274 static const unsigned char cfb_state_des[8] = {
3275 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3277 static const unsigned char cfb_state_3des[8] = {
3278 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3280 int len = sizeof(ciphertext);
3281 size_t ivlen, ref_len;
3282 EVP_CIPHER *type = NULL;
3284 if (lgcyprov == NULL && idx < 3)
3285 return TEST_skip("Test requires legacy provider to be loaded");
3289 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3290 ref_iv = cbc_state_des;
3291 ref_len = sizeof(cbc_state_des);
3294 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3295 ref_iv = ofb_state_des;
3296 ref_len = sizeof(ofb_state_des);
3299 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3300 ref_iv = cfb_state_des;
3301 ref_len = sizeof(cfb_state_des);
3304 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3305 ref_iv = cbc_state_3des;
3306 ref_len = sizeof(cbc_state_3des);
3309 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3310 ref_iv = ofb_state_3des;
3311 ref_len = sizeof(ofb_state_3des);
3314 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3315 ref_iv = cfb_state_3des;
3316 ref_len = sizeof(cfb_state_3des);
3323 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3324 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3325 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3327 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3328 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3329 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3331 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3332 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3333 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3336 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3337 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3339 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3344 EVP_CIPHER_CTX_free(ctx);
3345 EVP_CIPHER_free(type);
3350 #ifndef OPENSSL_NO_BF
3351 static int test_evp_bf_default_keylen(int idx)
3354 static const char *algos[4] = {
3355 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3357 int ivlen[4] = { 0, 8, 8, 8 };
3358 EVP_CIPHER *cipher = NULL;
3360 if (lgcyprov == NULL)
3361 return TEST_skip("Test requires legacy provider to be loaded");
3363 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3364 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3365 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3370 EVP_CIPHER_free(cipher);
3375 #ifndef OPENSSL_NO_EC
3376 static int ecpub_nids[] = {
3377 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3378 NID_secp384r1, NID_secp521r1,
3379 # ifndef OPENSSL_NO_EC2M
3380 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3381 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3383 NID_brainpoolP384r1, NID_brainpoolP512r1
3386 static int test_ecpub(int idx)
3388 int ret = 0, len, savelen;
3390 unsigned char buf[1024];
3392 EVP_PKEY *pkey = NULL;
3393 EVP_PKEY_CTX *ctx = NULL;
3394 # ifndef OPENSSL_NO_DEPRECATED_3_0
3395 const unsigned char *q;
3396 EVP_PKEY *pkey2 = NULL;
3400 if (nullprov != NULL)
3401 return TEST_skip("Test does not support a non-default library context");
3403 nid = ecpub_nids[idx];
3405 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3407 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3408 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3409 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3411 len = i2d_PublicKey(pkey, NULL);
3413 if (!TEST_int_ge(len, 1)
3414 || !TEST_int_lt(len, 1024))
3417 len = i2d_PublicKey(pkey, &p);
3418 if (!TEST_int_ge(len, 1)
3419 || !TEST_int_eq(len, savelen))
3422 # ifndef OPENSSL_NO_DEPRECATED_3_0
3423 /* Now try to decode the just-created DER. */
3425 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3426 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3427 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3429 /* EC_KEY ownership transferred */
3431 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3433 /* The keys should match. */
3434 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3441 EVP_PKEY_CTX_free(ctx);
3442 EVP_PKEY_free(pkey);
3443 # ifndef OPENSSL_NO_DEPRECATED_3_0
3444 EVP_PKEY_free(pkey2);
3451 static int test_EVP_rsa_pss_with_keygen_bits(void)
3454 EVP_PKEY_CTX *ctx = NULL;
3455 EVP_PKEY *pkey = NULL;
3458 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3460 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3461 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3462 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3463 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3464 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3467 EVP_PKEY_free(pkey);
3468 EVP_PKEY_CTX_free(ctx);
3472 static int test_EVP_rsa_pss_set_saltlen(void)
3475 EVP_PKEY *pkey = NULL;
3476 EVP_PKEY_CTX *pkey_ctx = NULL;
3477 EVP_MD *sha256 = NULL;
3478 EVP_MD_CTX *sha256_ctx = NULL;
3479 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3480 const int test_value = 32;
3482 ret = TEST_ptr(pkey = load_example_rsa_key())
3483 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3484 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3485 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3486 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3487 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3488 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3489 && TEST_int_eq(saltlen, test_value);
3491 EVP_MD_CTX_free(sha256_ctx);
3492 EVP_PKEY_free(pkey);
3493 EVP_MD_free(sha256);
3498 static int success = 1;
3499 static void md_names(const char *name, void *vctx)
3501 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3502 /* Force a namemap update */
3503 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3505 if (!TEST_ptr(aes128))
3508 EVP_CIPHER_free(aes128);
3512 * Test that changing the namemap in a user callback works in a names_do_all
3515 static int test_names_do_all(void)
3517 /* We use a custom libctx so that we know the state of the namemap */
3518 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3519 EVP_MD *sha256 = NULL;
3525 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3526 if (!TEST_ptr(sha256))
3530 * We loop through all the names for a given digest. This should still work
3531 * even if the namemap changes part way through.
3533 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3536 if (!TEST_true(success))
3541 EVP_MD_free(sha256);
3542 OSSL_LIB_CTX_free(ctx);
3548 const unsigned char *key;
3549 const unsigned char *iv;
3550 const unsigned char *input;
3551 const unsigned char *expected;
3552 const unsigned char *tag;
3553 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3562 static const EVP_INIT_TEST_st evp_init_tests[] = {
3564 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3565 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3569 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3570 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3571 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3572 sizeof(gcmDefaultTag), 1, 0, 1
3575 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3576 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3580 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3581 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3582 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3583 sizeof(gcmDefaultTag), 0, 0, 1
3586 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3587 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3591 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3592 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3593 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3594 sizeof(gcmDefaultTag), 1, 1, 0
3597 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3598 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3602 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3603 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3604 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3605 sizeof(gcmDefaultTag), 0, 1, 0
3609 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3613 if (t->ivlen != 0) {
3614 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3617 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3625 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3626 * arguments are given one at a time and a final adjustment to the enc
3627 * parameter sets the correct operation.
3629 static int test_evp_init_seq(int idx)
3631 int outlen1, outlen2;
3633 unsigned char outbuf[1024];
3634 unsigned char tag[16];
3635 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3636 EVP_CIPHER_CTX *ctx = NULL;
3637 EVP_CIPHER *type = NULL;
3638 size_t taglen = sizeof(tag);
3639 char *errmsg = NULL;
3641 ctx = EVP_CIPHER_CTX_new();
3643 errmsg = "CTX_ALLOC";
3646 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3647 errmsg = "CIPHER_FETCH";
3650 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3651 errmsg = "EMPTY_ENC_INIT";
3654 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3658 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3659 errmsg = "KEY_INIT (before iv)";
3662 if (!evp_init_seq_set_iv(ctx, t)) {
3666 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3667 errmsg = "KEY_INIT (after iv)";
3670 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3671 errmsg = "FINAL_ENC_INIT";
3674 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3675 errmsg = "CIPHER_UPDATE";
3678 if (t->finalenc == 0 && t->tag != NULL) {
3679 /* Set expected tag */
3680 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3681 t->taglen, (void *)t->tag), 0)) {
3686 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3687 errmsg = "CIPHER_FINAL";
3690 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3691 errmsg = "WRONG_RESULT";
3694 if (t->finalenc != 0 && t->tag != NULL) {
3695 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3699 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3700 errmsg = "TAG_ERROR";
3707 TEST_info("evp_init_test %d: %s", idx, errmsg);
3708 EVP_CIPHER_CTX_free(ctx);
3709 EVP_CIPHER_free(type);
3714 const unsigned char *input;
3715 const unsigned char *expected;
3719 } EVP_RESET_TEST_st;
3721 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3723 cfbPlaintext, cfbCiphertext,
3724 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3727 cfbCiphertext, cfbPlaintext,
3728 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3733 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3736 static int test_evp_reset(int idx)
3738 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3739 int outlen1, outlen2;
3741 unsigned char outbuf[1024];
3742 EVP_CIPHER_CTX *ctx = NULL;
3743 EVP_CIPHER *type = NULL;
3744 char *errmsg = NULL;
3746 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3747 errmsg = "CTX_ALLOC";
3750 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3751 errmsg = "CIPHER_FETCH";
3754 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3755 errmsg = "CIPHER_INIT";
3758 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3762 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3763 errmsg = "CIPHER_UPDATE";
3766 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3767 errmsg = "CIPHER_FINAL";
3770 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3771 errmsg = "WRONG_RESULT";
3774 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3775 errmsg = "CIPHER_REINIT";
3778 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3779 errmsg = "CIPHER_UPDATE (reinit)";
3782 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3783 errmsg = "CIPHER_FINAL (reinit)";
3786 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3787 errmsg = "WRONG_RESULT (reinit)";
3793 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3794 EVP_CIPHER_CTX_free(ctx);
3795 EVP_CIPHER_free(type);
3802 } EVP_UPDATED_IV_TEST_st;
3804 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3844 * Test that the IV in the context is updated during a crypto operation for CFB
3847 static int test_evp_updated_iv(int idx)
3849 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3850 int outlen1, outlen2;
3852 unsigned char outbuf[1024];
3853 EVP_CIPHER_CTX *ctx = NULL;
3854 EVP_CIPHER *type = NULL;
3855 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3857 char *errmsg = NULL;
3859 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3860 errmsg = "CTX_ALLOC";
3863 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3864 TEST_info("cipher %s not supported, skipping", t->cipher);
3868 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3869 errmsg = "CIPHER_INIT";
3872 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3876 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3877 errmsg = "CIPHER_UPDATE";
3880 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3881 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3884 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3885 errmsg = "CIPHER_CTX_GET_IV_LEN";
3888 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3889 errmsg = "IV_NOT_UPDATED";
3892 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3893 errmsg = "CIPHER_FINAL";
3900 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3901 EVP_CIPHER_CTX_free(ctx);
3902 EVP_CIPHER_free(type);
3907 const unsigned char *iv1;
3908 const unsigned char *iv2;
3909 const unsigned char *expected1;
3910 const unsigned char *expected2;
3911 const unsigned char *tag1;
3912 const unsigned char *tag2;
3915 size_t expectedlen1;
3916 size_t expectedlen2;
3917 } TEST_GCM_IV_REINIT_st;
3919 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3921 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3922 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3923 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3926 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3927 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3928 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3932 static int test_gcm_reinit(int idx)
3934 int outlen1, outlen2, outlen3;
3936 unsigned char outbuf[1024];
3937 unsigned char tag[16];
3938 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3939 EVP_CIPHER_CTX *ctx = NULL;
3940 EVP_CIPHER *type = NULL;
3941 size_t taglen = sizeof(tag);
3942 char *errmsg = NULL;
3944 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3945 errmsg = "CTX_ALLOC";
3948 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3949 errmsg = "CIPHER_FETCH";
3952 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3953 errmsg = "ENC_INIT";
3956 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3957 errmsg = "SET_IVLEN1";
3960 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3964 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3968 EVP_CIPHER_CTX_set_padding(ctx, 0);
3969 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3970 sizeof(gcmResetPlaintext)))) {
3971 errmsg = "CIPHER_UPDATE1";
3974 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3975 errmsg = "CIPHER_FINAL1";
3978 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3979 errmsg = "WRONG_RESULT1";
3982 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3983 errmsg = "GET_TAG1";
3986 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3987 errmsg = "TAG_ERROR1";
3991 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3992 errmsg = "SET_IVLEN2";
3995 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3999 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4003 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4004 sizeof(gcmResetPlaintext)))) {
4005 errmsg = "CIPHER_UPDATE2";
4008 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4009 errmsg = "CIPHER_FINAL2";
4012 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4013 errmsg = "WRONG_RESULT2";
4016 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4017 errmsg = "GET_TAG2";
4020 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4021 errmsg = "TAG_ERROR2";
4027 TEST_info("evp_init_test %d: %s", idx, errmsg);
4028 EVP_CIPHER_CTX_free(ctx);
4029 EVP_CIPHER_free(type);
4033 #ifndef OPENSSL_NO_DEPRECATED_3_0
4034 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4035 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4037 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4039 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4041 int (*pinit)(EVP_PKEY_CTX *ctx);
4043 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4047 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4049 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4051 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4055 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4056 size_t *outlen, const unsigned char *in,
4059 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4060 const unsigned char *tbs, size_t tbslen);
4062 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4063 return psign(ctx, out, outlen, in, inlen);
4066 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4067 size_t *siglen, const unsigned char *tbs,
4070 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4071 const unsigned char *tbs, size_t tbslen);
4073 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4074 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4077 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4080 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4082 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4083 return pderive(ctx, key, keylen);
4086 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4088 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4090 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4091 return pcopy(dst, src);
4094 static int ctrl_called;
4096 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4098 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4100 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4102 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4107 return pctrl(ctx, type, p1, p2);
4110 static int test_custom_pmeth(int idx)
4112 EVP_PKEY_CTX *pctx = NULL;
4113 EVP_MD_CTX *ctx = NULL;
4114 EVP_PKEY *pkey = NULL;
4115 int id, orig_id, orig_flags;
4118 unsigned char *res = NULL;
4119 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4120 const EVP_MD *md = EVP_sha256();
4125 /* We call deprecated APIs so this test doesn't support a custom libctx */
4126 if (testctx != NULL)
4133 pkey = load_example_rsa_key();
4137 # ifndef OPENSSL_NO_DSA
4139 pkey = load_example_dsa_key();
4146 # ifndef OPENSSL_NO_EC
4148 pkey = load_example_ec_key();
4155 # ifndef OPENSSL_NO_EC
4156 id = EVP_PKEY_ED25519;
4158 pkey = load_example_ed25519_key();
4165 # ifndef OPENSSL_NO_DH
4168 pkey = load_example_dh_key();
4175 # ifndef OPENSSL_NO_EC
4176 id = EVP_PKEY_X25519;
4178 pkey = load_example_x25519_key();
4184 TEST_error("Should not happen");
4188 if (!TEST_ptr(pkey))
4192 if (!TEST_true(evp_pkey_is_provided(pkey)))
4195 EVP_PKEY *tmp = pkey;
4197 /* Convert to a legacy key */
4198 pkey = EVP_PKEY_new();
4199 if (!TEST_ptr(pkey)) {
4203 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4208 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4212 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4216 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4217 if (!TEST_int_eq(orig_id, id)
4218 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4221 if (id == EVP_PKEY_ED25519) {
4222 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4223 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4224 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4226 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4228 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4229 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4230 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4231 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4233 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4234 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4238 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4240 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4241 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4242 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4244 || !TEST_int_eq(ctrl_called, 1)
4245 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4246 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4247 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4248 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4251 ctx = EVP_MD_CTX_new();
4252 reslen = EVP_PKEY_size(pkey);
4253 res = OPENSSL_malloc(reslen);
4256 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4257 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4258 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4260 || !TEST_int_eq(ctrl_called, 1))
4263 if (id == EVP_PKEY_ED25519) {
4264 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4267 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4268 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4276 EVP_MD_CTX_free(ctx);
4278 EVP_PKEY_CTX_free(pctx);
4279 EVP_PKEY_free(pkey);
4280 EVP_PKEY_meth_remove(custom_pmeth);
4281 EVP_PKEY_meth_free(custom_pmeth);
4282 custom_pmeth = NULL;
4286 static int test_evp_md_cipher_meth(void)
4288 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4289 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4292 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4298 EVP_MD_meth_free(md);
4299 EVP_CIPHER_meth_free(ciph);
4308 static int custom_md_init_called = 0;
4309 static int custom_md_cleanup_called = 0;
4311 static int custom_md_init(EVP_MD_CTX *ctx)
4313 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4318 custom_md_init_called++;
4322 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4324 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4330 custom_md_cleanup_called++;
4334 static int test_custom_md_meth(void)
4336 EVP_MD_CTX *mdctx = NULL;
4338 char mess[] = "Test Message\n";
4339 unsigned char md_value[EVP_MAX_MD_SIZE];
4340 unsigned int md_len;
4345 * We are testing deprecated functions. We don't support a non-default
4346 * library context in this test.
4348 if (testctx != NULL)
4349 return TEST_skip("Non-default libctx");
4351 custom_md_init_called = custom_md_cleanup_called = 0;
4353 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4354 if (!TEST_int_ne(nid, NID_undef))
4356 tmp = EVP_MD_meth_new(nid, NID_undef);
4360 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4361 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4362 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4363 sizeof(custom_dgst_ctx))))
4366 mdctx = EVP_MD_CTX_new();
4367 if (!TEST_ptr(mdctx)
4369 * Initing our custom md and then initing another md should
4370 * result in the init and cleanup functions of the custom md
4373 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4374 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4375 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4376 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4377 || !TEST_int_eq(custom_md_init_called, 1)
4378 || !TEST_int_eq(custom_md_cleanup_called, 1))
4383 EVP_MD_CTX_free(mdctx);
4384 EVP_MD_meth_free(tmp);
4392 static int custom_ciph_init_called = 0;
4393 static int custom_ciph_cleanup_called = 0;
4395 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4396 const unsigned char *iv, int enc)
4398 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4403 custom_ciph_init_called++;
4407 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4409 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4415 custom_ciph_cleanup_called++;
4419 static int test_custom_ciph_meth(void)
4421 EVP_CIPHER_CTX *ciphctx = NULL;
4422 EVP_CIPHER *tmp = NULL;
4427 * We are testing deprecated functions. We don't support a non-default
4428 * library context in this test.
4430 if (testctx != NULL)
4431 return TEST_skip("Non-default libctx");
4433 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4435 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4436 if (!TEST_int_ne(nid, NID_undef))
4438 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4442 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4443 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4444 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4445 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4446 sizeof(custom_ciph_ctx))))
4449 ciphctx = EVP_CIPHER_CTX_new();
4450 if (!TEST_ptr(ciphctx)
4452 * Initing our custom cipher and then initing another cipher
4453 * should result in the init and cleanup functions of the custom
4454 * cipher being called.
4456 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4457 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4459 || !TEST_int_eq(custom_ciph_init_called, 1)
4460 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4465 EVP_CIPHER_CTX_free(ciphctx);
4466 EVP_CIPHER_meth_free(tmp);
4470 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4471 /* Test we can create a signature keys with an associated ENGINE */
4472 static int test_signatures_with_engine(int tst)
4475 const char *engine_id = "dasync";
4476 EVP_PKEY *pkey = NULL;
4477 const unsigned char badcmackey[] = { 0x00, 0x01 };
4478 const unsigned char cmackey[] = {
4479 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4480 0x0c, 0x0d, 0x0e, 0x0f
4482 const unsigned char ed25519key[] = {
4483 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4484 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4485 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4487 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4489 EVP_MD_CTX *ctx = NULL;
4490 unsigned char *mac = NULL;
4494 # ifdef OPENSSL_NO_CMAC
4495 /* Skip CMAC tests in a no-cmac build */
4500 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4503 if (!TEST_true(ENGINE_init(e))) {
4510 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4514 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4518 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4519 sizeof(ed25519key));
4522 TEST_error("Invalid test case");
4525 if (!TEST_ptr(pkey))
4528 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4531 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4534 if (!TEST_true(ret))
4537 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4538 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4541 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4544 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4547 /* We used a bad key. We expect a failure here */
4548 if (!TEST_false(ret))
4554 EVP_MD_CTX_free(ctx);
4556 EVP_PKEY_free(pkey);
4563 static int test_cipher_with_engine(void)
4566 const char *engine_id = "dasync";
4567 const unsigned char keyiv[] = {
4568 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4569 0x0c, 0x0d, 0x0e, 0x0f
4571 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4573 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4574 unsigned char buf[AES_BLOCK_SIZE];
4577 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4580 if (!TEST_true(ENGINE_init(e))) {
4585 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4586 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4589 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4592 /* Copy the ctx, and complete the operation with the new ctx */
4593 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4596 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4597 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4602 EVP_CIPHER_CTX_free(ctx);
4603 EVP_CIPHER_CTX_free(ctx2);
4609 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4610 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4612 static int ecxnids[] = {
4619 /* Test that creating ECX keys with a short private key fails as expected */
4620 static int test_ecx_short_keys(int tst)
4622 unsigned char ecxkeydata = 1;
4626 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4627 NULL, &ecxkeydata, 1);
4628 if (!TEST_ptr_null(pkey)) {
4629 EVP_PKEY_free(pkey);
4636 typedef enum OPTION_choice {
4643 const OPTIONS *test_get_options(void)
4645 static const OPTIONS options[] = {
4646 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4647 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4653 #ifndef OPENSSL_NO_EC
4654 /* Test that trying to sign with a public key errors out gracefully */
4655 static int test_ecx_not_private_key(int tst)
4657 EVP_PKEY *pkey = NULL;
4659 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4661 EVP_MD_CTX *ctx = NULL;
4662 unsigned char *mac = NULL;
4664 unsigned char *pubkey;
4667 switch (keys[tst].type) {
4670 return TEST_skip("signing not supported for X25519/X448");
4673 /* Check if this algorithm supports public keys */
4674 if (keys[tst].pub == NULL)
4675 return TEST_skip("no public key present");
4677 pubkey = (unsigned char *)keys[tst].pub;
4678 pubkeylen = strlen(keys[tst].pub);
4680 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4681 NULL, pubkey, pubkeylen);
4682 if (!TEST_ptr(pkey))
4685 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4688 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4691 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4694 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4697 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4702 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4703 * but we relax the check to allow error also thrown by
4704 * EVP_DigestSignInit and EVP_DigestSign.
4706 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4712 EVP_MD_CTX_free(ctx);
4714 EVP_PKEY_free(pkey);
4718 #endif /* OPENSSL_NO_EC */
4720 int setup_tests(void)
4724 while ((o = opt_next()) != OPT_EOF) {
4727 /* Set up an alternate library context */
4728 testctx = OSSL_LIB_CTX_new();
4729 if (!TEST_ptr(testctx))
4731 /* Swap the libctx to test non-default context only */
4732 nullprov = OSSL_PROVIDER_load(NULL, "null");
4733 deflprov = OSSL_PROVIDER_load(testctx, "default");
4734 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4736 case OPT_TEST_CASES:
4743 ADD_TEST(test_EVP_set_default_properties);
4744 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4745 ADD_TEST(test_EVP_DigestVerifyInit);
4746 #ifndef OPENSSL_NO_SIPHASH
4747 ADD_TEST(test_siphash_digestsign);
4749 ADD_TEST(test_EVP_Digest);
4750 ADD_TEST(test_EVP_md_null);
4751 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4752 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4753 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4754 ADD_TEST(test_privatekey_to_pkcs8);
4755 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4756 #ifndef OPENSSL_NO_EC
4757 ADD_TEST(test_EVP_PKCS82PKEY);
4759 #ifndef OPENSSL_NO_EC
4760 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4762 #if !defined(OPENSSL_NO_SM2)
4763 ADD_TEST(test_EVP_SM2);
4764 ADD_TEST(test_EVP_SM2_verify);
4766 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4767 #ifndef OPENSSL_NO_DEPRECATED_3_0
4768 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4769 if (!TEST_ptr(custom_pmeth))
4771 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4772 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4773 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4774 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4777 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4778 #ifndef OPENSSL_NO_CMAC
4779 ADD_TEST(test_CMAC_keygen);
4781 ADD_TEST(test_HKDF);
4782 ADD_TEST(test_emptyikm_HKDF);
4783 #ifndef OPENSSL_NO_EC
4784 ADD_TEST(test_X509_PUBKEY_inplace);
4785 ADD_TEST(test_X509_PUBKEY_dup);
4786 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4787 OSSL_NELEM(ec_der_pub_keys));
4789 #ifndef OPENSSL_NO_DSA
4790 ADD_TEST(test_DSA_get_set_params);
4791 ADD_TEST(test_DSA_priv_pub);
4793 ADD_TEST(test_RSA_get_set_params);
4794 ADD_TEST(test_RSA_OAEP_set_get_params);
4795 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4796 ADD_TEST(test_decrypt_null_chunks);
4798 #ifndef OPENSSL_NO_DH
4799 ADD_TEST(test_DH_priv_pub);
4800 # ifndef OPENSSL_NO_DEPRECATED_3_0
4801 ADD_TEST(test_EVP_PKEY_set1_DH);
4804 #ifndef OPENSSL_NO_EC
4805 ADD_TEST(test_EC_priv_pub);
4806 # ifndef OPENSSL_NO_DEPRECATED_3_0
4807 ADD_TEST(test_EC_priv_only_legacy);
4810 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4811 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4813 ADD_TEST(test_rand_agglomeration);
4814 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4815 #ifndef OPENSSL_NO_DES
4816 ADD_ALL_TESTS(test_evp_iv_des, 6);
4818 #ifndef OPENSSL_NO_BF
4819 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4821 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4822 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4823 #ifndef OPENSSL_NO_EC
4824 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4827 ADD_TEST(test_names_do_all);
4829 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4830 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4831 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4832 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4834 #ifndef OPENSSL_NO_DEPRECATED_3_0
4835 ADD_ALL_TESTS(test_custom_pmeth, 12);
4836 ADD_TEST(test_evp_md_cipher_meth);
4837 ADD_TEST(test_custom_md_meth);
4838 ADD_TEST(test_custom_ciph_meth);
4840 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4841 /* Tests only support the default libctx */
4842 if (testctx == NULL) {
4843 # ifndef OPENSSL_NO_EC
4844 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4846 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4848 ADD_TEST(test_cipher_with_engine);
4853 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4855 #ifndef OPENSSL_NO_EC
4856 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
4862 void cleanup_tests(void)
4864 OSSL_PROVIDER_unload(nullprov);
4865 OSSL_PROVIDER_unload(deflprov);
4866 OSSL_PROVIDER_unload(lgcyprov);
4867 OSSL_LIB_CTX_free(testctx);