2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
42 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
43 * should never use this key anywhere but in an example.
45 static const unsigned char kExampleRSAKeyDER[] = {
46 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
47 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
48 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
49 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
50 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
51 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
52 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
53 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
54 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
55 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
56 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
57 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
58 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
59 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
60 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
61 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
62 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
63 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
64 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
65 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
66 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
67 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
68 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
69 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
70 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
71 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
72 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
73 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
74 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
75 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
76 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
77 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
78 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
79 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
80 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
81 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
82 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
83 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
84 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
85 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
86 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
87 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
88 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
89 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
90 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
91 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
92 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
93 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
94 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
95 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
96 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
100 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
101 * should never use this key anywhere but in an example.
103 #ifndef OPENSSL_NO_DSA
104 static const unsigned char kExampleDSAKeyDER[] = {
105 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
106 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
107 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
108 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
109 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
110 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
111 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
112 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
113 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
114 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
115 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
116 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
117 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
118 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
119 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
120 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
121 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
122 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
123 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
124 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
125 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
126 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
127 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
128 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
129 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
130 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
131 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
132 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
133 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
134 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
135 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
136 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
137 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
138 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
139 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
140 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
141 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
148 * components are not correct.
150 static const unsigned char kExampleBadRSAKeyDER[] = {
151 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
152 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
153 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
154 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
155 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
156 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
157 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
158 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
159 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
160 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
161 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
162 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
163 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
164 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
165 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
166 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
167 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
168 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
169 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
170 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
171 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
172 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
173 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
174 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
175 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
176 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
177 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
178 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
179 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
180 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
181 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
182 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
183 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
184 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
185 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
186 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
187 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
188 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
189 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
190 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
191 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
192 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
193 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
194 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
195 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
196 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
197 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
198 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
199 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
200 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
201 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
202 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
203 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
204 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
205 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
206 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
207 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
208 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
209 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
210 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
211 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
212 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
213 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
214 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
215 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
216 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
217 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
218 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
219 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
220 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
221 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
222 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
223 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
224 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
225 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
226 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
227 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
228 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
229 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
230 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
231 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
232 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
233 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
234 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
235 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
236 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
237 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
238 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
239 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
242 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
244 static const unsigned char kSignature[] = {
245 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
246 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
247 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
248 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
249 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
250 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
251 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
252 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
253 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
254 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
255 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
259 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
262 static const unsigned char kExampleRSAKeyPKCS8[] = {
263 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
264 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
265 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
266 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
267 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
268 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
269 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
270 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
271 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
272 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
273 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
274 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
275 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
276 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
277 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
278 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
279 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
280 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
281 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
282 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
283 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
284 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
285 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
286 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
287 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
288 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
289 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
290 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
291 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
292 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
293 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
294 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
295 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
296 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
297 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
298 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
299 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
300 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
301 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
302 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
303 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
304 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
305 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
306 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
307 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
308 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
309 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
310 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
311 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
312 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
313 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
314 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
315 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
318 #ifndef OPENSSL_NO_EC
320 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
323 static const unsigned char kExampleECKeyDER[] = {
324 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
325 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
326 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
327 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
328 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
329 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
330 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
331 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
332 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
333 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
338 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
339 * structure. The private key is equal to the order and will fail to import
341 static const unsigned char kExampleBadECKeyDER[] = {
342 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
343 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
344 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
345 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
346 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
347 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
348 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
349 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
350 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
354 static const unsigned char kExampleECPubKeyDER[] = {
355 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
356 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
357 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
358 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
359 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
360 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
361 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
362 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
366 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
367 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
369 static const unsigned char kExampleBadECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
380 static const unsigned char pExampleECParamDER[] = {
381 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 static const unsigned char kExampleED25519KeyDER[] = {
385 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
386 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
387 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
388 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
391 static const unsigned char kExampleED25519PubKeyDER[] = {
392 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
393 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
394 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
395 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
400 typedef struct APK_DATA_st {
401 const unsigned char *kder;
408 int type; /* 0 for private, 1 for public, 2 for params */
411 static APK_DATA keydata[] = {
412 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
413 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
414 #ifndef OPENSSL_NO_EC
415 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
419 static APK_DATA keycheckdata[] = {
420 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
422 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
424 #ifndef OPENSSL_NO_EC
425 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
426 /* group is also associated in our pub key */
427 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
429 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
431 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
432 EVP_PKEY_ED25519, 1, 1, 1, 0},
433 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
434 EVP_PKEY_ED25519, 0, 1, 1, 1},
438 static EVP_PKEY *load_example_key(const char *keytype,
439 const unsigned char *data, size_t data_len)
441 const unsigned char **pdata = &data;
442 EVP_PKEY *pkey = NULL;
443 OSSL_DECODER_CTX *dctx =
444 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
447 /* |pkey| will be NULL on error */
448 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
449 OSSL_DECODER_CTX_free(dctx);
453 static EVP_PKEY *load_example_rsa_key(void)
455 return load_example_key("RSA", kExampleRSAKeyDER,
456 sizeof(kExampleRSAKeyDER));
459 #ifndef OPENSSL_NO_DSA
460 static EVP_PKEY *load_example_dsa_key(void)
462 return load_example_key("DSA", kExampleDSAKeyDER,
463 sizeof(kExampleDSAKeyDER));
467 static EVP_PKEY *load_example_hmac_key(void)
469 EVP_PKEY *pkey = NULL;
470 unsigned char key[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
472 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
473 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
476 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
483 static int test_EVP_set_default_properties(void)
489 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
490 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
495 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
496 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
497 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
502 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
508 OSSL_LIB_CTX_free(ctx);
512 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
513 static int test_fromdata(char *keytype, OSSL_PARAM *params)
515 EVP_PKEY_CTX *pctx = NULL;
516 EVP_PKEY *pkey = NULL;
519 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
521 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
522 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
532 EVP_PKEY_CTX_free(pctx);
536 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
539 * Test combinations of private, public, missing and private + public key
540 * params to ensure they are all accepted
542 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
543 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
545 OSSL_PARAM_BLD *bld = NULL;
546 OSSL_PARAM *params = NULL;
547 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
551 * Setup the parameters for our pkey object. For our purposes they don't
552 * have to actually be *valid* parameters. We just need to set something.
554 if (!TEST_ptr(p = BN_new())
555 || !TEST_ptr(q = BN_new())
556 || !TEST_ptr(g = BN_new())
557 || !TEST_ptr(pub = BN_new())
558 || !TEST_ptr(priv = BN_new()))
561 /* Test !priv and !pub */
562 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
563 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
564 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
565 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
567 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
570 if (!test_fromdata(keytype, params))
572 OSSL_PARAM_BLD_free_params(params);
573 OSSL_PARAM_BLD_free(bld);
575 /* Test priv and !pub */
576 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
577 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
578 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
579 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
580 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
583 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
586 if (!test_fromdata(keytype, params))
588 OSSL_PARAM_BLD_free_params(params);
589 OSSL_PARAM_BLD_free(bld);
591 /* Test !priv and pub */
592 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
593 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
594 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
595 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
596 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
599 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
602 if (!test_fromdata(keytype, params))
604 OSSL_PARAM_BLD_free_params(params);
605 OSSL_PARAM_BLD_free(bld);
607 /* Test priv and pub */
608 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
609 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
610 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
611 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
612 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
617 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
620 if (!test_fromdata(keytype, params))
625 OSSL_PARAM_BLD_free_params(params);
626 OSSL_PARAM_BLD_free(bld);
635 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
638 * Test combinations of private, public, missing and private + public key
639 * params to ensure they are all accepted for EC keys
641 #ifndef OPENSSL_NO_EC
642 static unsigned char ec_priv[] = {
643 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
644 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
645 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
647 static unsigned char ec_pub[] = {
648 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
649 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
650 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
651 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
652 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
653 0x08, 0x09, 0xb8, 0xdb, 0x03
656 static int test_EC_priv_pub(void)
658 OSSL_PARAM_BLD *bld = NULL;
659 OSSL_PARAM *params = NULL;
664 * Setup the parameters for our pkey object. For our purposes they don't
665 * have to actually be *valid* parameters. We just need to set something.
667 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
670 /* Test !priv and !pub */
671 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
672 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
673 OSSL_PKEY_PARAM_GROUP_NAME,
676 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
679 if (!test_fromdata("EC", params))
681 OSSL_PARAM_BLD_free_params(params);
682 OSSL_PARAM_BLD_free(bld);
684 /* Test priv and !pub */
685 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
686 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
687 OSSL_PKEY_PARAM_GROUP_NAME,
689 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
692 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
695 if (!test_fromdata("EC", params))
697 OSSL_PARAM_BLD_free_params(params);
698 OSSL_PARAM_BLD_free(bld);
700 /* Test !priv and pub */
701 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
702 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
703 OSSL_PKEY_PARAM_GROUP_NAME,
705 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
706 OSSL_PKEY_PARAM_PUB_KEY,
707 ec_pub, sizeof(ec_pub))))
709 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
712 if (!test_fromdata("EC", params))
714 OSSL_PARAM_BLD_free_params(params);
715 OSSL_PARAM_BLD_free(bld);
717 /* Test priv and pub */
718 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
719 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
720 OSSL_PKEY_PARAM_GROUP_NAME,
722 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
723 OSSL_PKEY_PARAM_PUB_KEY,
724 ec_pub, sizeof(ec_pub)))
725 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
728 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
731 if (!test_fromdata("EC", params))
736 OSSL_PARAM_BLD_free_params(params);
737 OSSL_PARAM_BLD_free(bld);
743 /* Test that using a legacy EC key with only a private key in it works */
744 # ifndef OPENSSL_NO_DEPRECATED_3_0
745 static int test_EC_priv_only_legacy(void)
749 EC_KEY *eckey = NULL;
750 EVP_PKEY *pkey = NULL;
751 EVP_MD_CTX *ctx = NULL;
753 /* Create the low level EC_KEY */
754 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
757 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
758 if (!TEST_ptr(eckey))
761 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
764 pkey = EVP_PKEY_new();
768 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
772 ctx = EVP_MD_CTX_new();
777 * The EVP_DigestSignInit function should create the key on the provider
778 * side which is sufficient for this test.
780 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)))
786 EVP_MD_CTX_free(ctx);
793 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
794 #endif /* OPENSSL_NO_EC */
796 static int test_EVP_Enveloped(void)
799 EVP_CIPHER_CTX *ctx = NULL;
800 EVP_PKEY *keypair = NULL;
801 unsigned char *kek = NULL;
802 unsigned char iv[EVP_MAX_IV_LENGTH];
803 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
804 int len, kek_len, ciphertext_len, plaintext_len;
805 unsigned char ciphertext[32], plaintext[16];
806 const EVP_CIPHER *type = EVP_aes_256_cbc();
808 if (!TEST_ptr(keypair = load_example_rsa_key())
809 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
810 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
811 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
813 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
815 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
819 ciphertext_len += len;
821 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
822 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
823 ciphertext, ciphertext_len))
824 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
827 plaintext_len += len;
828 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
834 EVP_PKEY_free(keypair);
835 EVP_CIPHER_CTX_free(ctx);
840 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
841 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
842 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
843 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
844 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
845 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
846 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
847 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
848 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
850 static int test_EVP_DigestSignInit(int tst)
853 EVP_PKEY *pkey = NULL;
854 unsigned char *sig = NULL;
856 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
857 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
858 BIO *mdbio = NULL, *membio = NULL;
861 EVP_MD *mdexp = NULL;
864 membio = BIO_new(BIO_s_mem());
865 mdbio = BIO_new(BIO_f_md());
866 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
868 BIO_push(mdbio, membio);
869 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
872 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
873 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
877 if (tst == 0 || tst == 3 || tst == 6) {
878 if (!TEST_ptr(pkey = load_example_rsa_key()))
880 } else if (tst == 1 || tst == 4 || tst == 7) {
881 #ifndef OPENSSL_NO_DSA
882 if (!TEST_ptr(pkey = load_example_dsa_key()))
889 if (!TEST_ptr(pkey = load_example_hmac_key()))
893 if (tst >= 3 && tst <= 5)
894 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
898 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
902 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
905 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
909 /* Determine the size of the signature. */
910 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
911 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
912 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
916 if (!TEST_int_gt(BIO_reset(mdbio), 0)
917 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
922 * Ensure that the signature round-trips (Verification isn't supported for
923 * HMAC via EVP_DigestVerify*)
925 if (tst != 2 && tst != 5 && tst != 8) {
926 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
931 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
934 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
938 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
947 EVP_MD_CTX_free(a_md_ctx);
948 EVP_MD_CTX_free(a_md_ctx_verify);
956 static int test_EVP_DigestVerifyInit(void)
959 EVP_PKEY *pkey = NULL;
960 EVP_MD_CTX *md_ctx = NULL;
962 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
963 || !TEST_ptr(pkey = load_example_rsa_key()))
966 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
967 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
968 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
969 sizeof(kSignature))))
974 EVP_MD_CTX_free(md_ctx);
980 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
982 static int test_EVP_Digest(void)
985 EVP_MD_CTX *md_ctx = NULL;
986 unsigned char md[EVP_MAX_MD_SIZE];
988 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
991 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
992 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
993 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
994 /* EVP_DigestFinal resets the EVP_MD_CTX. */
995 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
998 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
999 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1000 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1001 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1002 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1004 * EVP_DigestInit_ex with NULL type should work on
1005 * pre-initialized context.
1007 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1010 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
1011 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1012 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1013 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1014 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1015 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1020 EVP_MD_CTX_free(md_ctx);
1024 static int test_d2i_AutoPrivateKey(int i)
1027 const unsigned char *p;
1028 EVP_PKEY *pkey = NULL;
1029 const APK_DATA *ak = &keydata[i];
1030 const unsigned char *input = ak->kder;
1031 size_t input_len = ak->size;
1032 int expected_id = ak->evptype;
1035 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1036 || !TEST_ptr_eq(p, input + input_len)
1037 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1043 EVP_PKEY_free(pkey);
1047 #ifndef OPENSSL_NO_EC
1049 static const unsigned char ec_public_sect163k1_validxy[] = {
1050 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1051 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1052 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1053 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1054 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1055 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1058 static const unsigned char ec_public_sect163k1_badx[] = {
1059 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1060 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1061 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1062 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1063 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1064 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1067 static const unsigned char ec_public_sect163k1_bady[] = {
1068 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1069 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1070 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1071 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1072 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1073 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1076 static struct ec_der_pub_keys_st {
1077 const unsigned char *der;
1080 } ec_der_pub_keys[] = {
1081 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1082 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1083 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1087 * Tests the range of the decoded EC char2 public point.
1088 * See ec_GF2m_simple_oct2point().
1090 static int test_invalide_ec_char2_pub_range_decode(int id)
1095 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1096 ec_der_pub_keys[id].len);
1098 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1099 || TEST_ptr_null(pkey);
1100 EVP_PKEY_free(pkey);
1104 /* Tests loading a bad key in PKCS8 format */
1105 static int test_EVP_PKCS82PKEY(void)
1108 const unsigned char *derp = kExampleBadECKeyDER;
1109 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1110 EVP_PKEY *pkey = NULL;
1112 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1113 sizeof(kExampleBadECKeyDER))))
1116 if (!TEST_ptr_eq(derp,
1117 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1120 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1126 PKCS8_PRIV_KEY_INFO_free(p8inf);
1127 EVP_PKEY_free(pkey);
1133 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1134 static int test_privatekey_to_pkcs8(void)
1136 EVP_PKEY *pkey = NULL;
1138 char *membuf = NULL;
1139 long membuf_len = 0;
1142 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1143 || !TEST_ptr(pkey = load_example_rsa_key())
1144 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1145 NULL, 0, NULL, NULL),
1147 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1148 || !TEST_ptr(membuf)
1149 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1150 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1152 * We try to write PEM as well, just to see that it doesn't err, but
1153 * assume that the result is correct.
1155 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1156 NULL, 0, NULL, NULL),
1162 EVP_PKEY_free(pkey);
1163 BIO_free_all(membio);
1167 #ifndef OPENSSL_NO_EC
1168 static const struct {
1170 const char *encoding_name;
1171 } ec_encodings[] = {
1172 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1173 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1176 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1178 const OSSL_PARAM *p;
1179 const char *enc_name = NULL;
1185 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1186 OSSL_PKEY_PARAM_EC_ENCODING))
1187 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1190 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1191 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1192 *enc = ec_encodings[i].encoding;
1197 return (*enc != -1);
1200 static int test_EC_keygen_with_enc(int idx)
1202 EVP_PKEY *params = NULL, *key = NULL;
1203 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1207 enc = ec_encodings[idx].encoding;
1209 /* Create key parameters */
1210 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1211 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1212 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1213 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1214 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1215 || !TEST_ptr(params))
1219 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1220 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1221 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1225 /* Check that the encoding got all the way into the key */
1226 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1227 ec_export_get_encoding_cb, &enc))
1228 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1234 EVP_PKEY_free(params);
1235 EVP_PKEY_CTX_free(kctx);
1236 EVP_PKEY_CTX_free(pctx);
1241 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1243 static int test_EVP_SM2_verify(void)
1245 const char *pubkey =
1246 "-----BEGIN PUBLIC KEY-----\n"
1247 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1248 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1249 "-----END PUBLIC KEY-----\n";
1251 const char *msg = "message digest";
1252 const char *id = "ALICE123@YAHOO.COM";
1254 const uint8_t signature[] = {
1255 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1256 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1257 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1258 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1259 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1260 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1261 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1266 EVP_PKEY *pkey = NULL;
1267 EVP_MD_CTX *mctx = NULL;
1268 EVP_PKEY_CTX *pctx = NULL;
1270 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1271 if (!TEST_true(bio != NULL))
1274 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1275 if (!TEST_true(pkey != NULL))
1278 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1281 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1284 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1287 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1289 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1292 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1295 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1298 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1304 EVP_PKEY_free(pkey);
1305 EVP_PKEY_CTX_free(pctx);
1306 EVP_MD_CTX_free(mctx);
1310 static int test_EVP_SM2(void)
1313 EVP_PKEY *pkey = NULL;
1314 EVP_PKEY *pkeyparams = NULL;
1315 EVP_PKEY_CTX *pctx = NULL;
1316 EVP_PKEY_CTX *kctx = NULL;
1317 EVP_PKEY_CTX *sctx = NULL;
1319 unsigned char *sig = NULL;
1320 EVP_MD_CTX *md_ctx = NULL;
1321 EVP_MD_CTX *md_ctx_verify = NULL;
1322 EVP_PKEY_CTX *cctx = NULL;
1324 uint8_t ciphertext[128];
1325 size_t ctext_len = sizeof(ciphertext);
1327 uint8_t plaintext[8];
1328 size_t ptext_len = sizeof(plaintext);
1330 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1332 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1333 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1337 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1338 if (!TEST_ptr(pctx))
1341 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1344 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1347 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1350 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1351 if (!TEST_ptr(kctx))
1354 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1357 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1360 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1363 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1366 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1369 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1370 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1372 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1375 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1378 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1381 /* Determine the size of the signature. */
1382 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1385 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1388 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1391 /* Ensure that the signature round-trips. */
1393 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1396 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1399 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1402 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1405 /* now check encryption/decryption */
1407 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1408 mdname, sizeof(mdname));
1409 for (i = 0; i < 2; i++) {
1410 EVP_PKEY_CTX_free(cctx);
1412 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1413 i == 0 ? "SM3" : "SHA2-256",
1416 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1419 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1422 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1425 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1429 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1432 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1435 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1439 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1442 /* Test we're still using the digest we think we are */
1443 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1445 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1448 if (!TEST_true(ptext_len == sizeof(kMsg)))
1451 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1457 EVP_PKEY_CTX_free(pctx);
1458 EVP_PKEY_CTX_free(kctx);
1459 EVP_PKEY_CTX_free(sctx);
1460 EVP_PKEY_CTX_free(cctx);
1461 EVP_PKEY_free(pkey);
1462 EVP_PKEY_free(pkeyparams);
1463 EVP_MD_CTX_free(md_ctx);
1464 EVP_MD_CTX_free(md_ctx_verify);
1471 static struct keys_st {
1477 EVP_PKEY_HMAC, "0123456789", NULL
1479 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1481 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1483 #ifndef OPENSSL_NO_EC
1485 EVP_PKEY_X25519, "01234567890123456789012345678901",
1486 "abcdefghijklmnopqrstuvwxyzabcdef"
1488 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1489 "abcdefghijklmnopqrstuvwxyzabcdef"
1492 "01234567890123456789012345678901234567890123456789012345",
1493 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1496 "012345678901234567890123456789012345678901234567890123456",
1497 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1502 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1505 unsigned char buf[80];
1507 size_t inlen, len = 0;
1510 /* Check if this algorithm supports public keys */
1511 if (keys[tst].pub == NULL)
1514 memset(buf, 0, sizeof(buf));
1517 inlen = strlen(keys[tst].pub);
1518 in = (unsigned char *)keys[tst].pub;
1520 pkey = EVP_PKEY_new_raw_public_key_ex(
1522 OBJ_nid2sn(keys[tst].type),
1527 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1533 inlen = strlen(keys[tst].priv);
1534 in = (unsigned char *)keys[tst].priv;
1536 pkey = EVP_PKEY_new_raw_private_key_ex(
1537 testctx, OBJ_nid2sn(keys[tst].type),
1542 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1550 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1551 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1552 || !TEST_true(len == inlen)
1553 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1554 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1555 || !TEST_mem_eq(in, inlen, buf, len))
1560 EVP_PKEY_free(pkey);
1564 static int test_set_get_raw_keys(int tst)
1566 return test_set_get_raw_keys_int(tst, 0, 0)
1567 && test_set_get_raw_keys_int(tst, 0, 1)
1568 && test_set_get_raw_keys_int(tst, 1, 0)
1569 && test_set_get_raw_keys_int(tst, 1, 1);
1572 #ifndef OPENSSL_NO_DEPRECATED_3_0
1573 static int pkey_custom_check(EVP_PKEY *pkey)
1578 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1583 static int pkey_custom_param_check(EVP_PKEY *pkey)
1588 static EVP_PKEY_METHOD *custom_pmeth;
1591 static int test_EVP_PKEY_check(int i)
1594 EVP_PKEY *pkey = NULL;
1595 EVP_PKEY_CTX *ctx = NULL;
1596 #ifndef OPENSSL_NO_DEPRECATED_3_0
1597 EVP_PKEY_CTX *ctx2 = NULL;
1599 const APK_DATA *ak = &keycheckdata[i];
1600 const unsigned char *input = ak->kder;
1601 size_t input_len = ak->size;
1602 int expected_id = ak->evptype;
1603 int expected_check = ak->check;
1604 int expected_pub_check = ak->pub_check;
1605 int expected_param_check = ak->param_check;
1606 int type = ak->type;
1608 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1611 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1614 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1617 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1620 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1623 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1626 #ifndef OPENSSL_NO_DEPRECATED_3_0
1627 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1628 /* assign the pkey directly, as an internal test */
1629 EVP_PKEY_up_ref(pkey);
1632 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1635 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1638 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1645 EVP_PKEY_CTX_free(ctx);
1646 #ifndef OPENSSL_NO_DEPRECATED_3_0
1647 EVP_PKEY_CTX_free(ctx2);
1649 EVP_PKEY_free(pkey);
1653 #ifndef OPENSSL_NO_CMAC
1654 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1656 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1657 const char msg[] = "Hello World";
1661 if (!TEST_ptr(mdctx)
1662 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1663 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1664 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1665 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1668 EVP_MD_CTX_free(mdctx);
1672 static int test_CMAC_keygen(void)
1674 static unsigned char key[] = {
1675 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1676 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1677 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1680 * This is a legacy method for CMACs, but should still work.
1681 * This verifies that it works without an ENGINE.
1683 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1685 EVP_PKEY *pkey = NULL;
1686 unsigned char mac[AES_BLOCK_SIZE];
1687 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1688 unsigned char mac2[AES_BLOCK_SIZE];
1691 /* Test a CMAC key created using the "generated" method */
1692 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1693 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1694 EVP_PKEY_CTRL_CIPHER,
1695 0, (void *)EVP_aes_256_ecb()), 0)
1696 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1697 EVP_PKEY_CTRL_SET_MAC_KEY,
1698 sizeof(key), (void *)key), 0)
1699 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1701 || !TEST_true(get_cmac_val(pkey, mac)))
1704 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1705 EVP_PKEY_free(pkey);
1708 * Test a CMAC key using the direct method, and compare with the mac
1711 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1713 || !TEST_true(get_cmac_val(pkey, mac2))
1714 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1721 EVP_PKEY_free(pkey);
1722 EVP_PKEY_CTX_free(kctx);
1727 static int test_HKDF(void)
1730 unsigned char out[20];
1733 unsigned char salt[] = "0123456789";
1734 unsigned char key[] = "012345678901234567890123456789";
1735 unsigned char info[] = "infostring";
1736 const unsigned char expected[] = {
1737 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1738 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1740 size_t expectedlen = sizeof(expected);
1742 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1745 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1746 for (i = 0; i < 2; i++) {
1747 outlen = sizeof(out);
1748 memset(out, 0, outlen);
1750 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1751 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1752 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1753 sizeof(salt) - 1), 0)
1754 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1755 sizeof(key) - 1), 0)
1756 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1757 sizeof(info) - 1), 0)
1758 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1759 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1766 EVP_PKEY_CTX_free(pctx);
1771 static int test_emptyikm_HKDF(void)
1774 unsigned char out[20];
1777 unsigned char salt[] = "9876543210";
1778 unsigned char key[] = "";
1779 unsigned char info[] = "stringinfo";
1780 const unsigned char expected[] = {
1781 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1782 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1784 size_t expectedlen = sizeof(expected);
1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1789 outlen = sizeof(out);
1790 memset(out, 0, outlen);
1792 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1793 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1794 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1795 sizeof(salt) - 1), 0)
1796 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1797 sizeof(key) - 1), 0)
1798 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1799 sizeof(info) - 1), 0)
1800 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1801 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1807 EVP_PKEY_CTX_free(pctx);
1812 #ifndef OPENSSL_NO_EC
1813 static int test_X509_PUBKEY_inplace(void)
1816 X509_PUBKEY *xp = NULL;
1817 const unsigned char *p = kExampleECPubKeyDER;
1818 size_t input_len = sizeof(kExampleECPubKeyDER);
1820 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1823 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1826 p = kExampleBadECPubKeyDER;
1827 input_len = sizeof(kExampleBadECPubKeyDER);
1829 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1832 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1838 X509_PUBKEY_free(xp);
1841 #endif /* OPENSSL_NO_EC */
1843 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1844 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1846 EVP_MD_CTX *mdctx = NULL;
1847 EVP_PKEY_CTX *ctx = NULL;
1848 const OSSL_PARAM *params;
1849 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1852 char mdname[OSSL_MAX_NAME_SIZE];
1855 /* Initialise a sign operation */
1856 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1858 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1862 * We should be able to query the parameters now.
1864 params = EVP_PKEY_CTX_settable_params(ctx);
1865 if (!TEST_ptr(params)
1866 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1867 OSSL_SIGNATURE_PARAM_DIGEST)))
1870 params = EVP_PKEY_CTX_gettable_params(ctx);
1871 if (!TEST_ptr(params)
1872 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1873 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1874 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1875 OSSL_SIGNATURE_PARAM_DIGEST)))
1879 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1880 * EVP_PKEY_CTX_get_params()
1882 strcpy(mdname, "SHA512");
1884 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1886 *param++ = OSSL_PARAM_construct_end();
1888 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1892 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1893 mdname, sizeof(mdname));
1894 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1895 || !TEST_str_eq(mdname, "SHA512"))
1899 * Test the TEST_PKEY_CTX_set_signature_md() and
1900 * TEST_PKEY_CTX_get_signature_md() functions
1902 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1903 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1904 || !TEST_ptr_eq(md, EVP_sha256()))
1908 * Test getting MD parameters via an associated EVP_PKEY_CTX
1910 mdctx = EVP_MD_CTX_new();
1911 if (!TEST_ptr(mdctx)
1912 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1917 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1918 * able to obtain the digest's settable parameters from the provider.
1920 params = EVP_MD_CTX_settable_params(mdctx);
1921 if (!TEST_ptr(params)
1922 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1923 /* The final key should be NULL */
1924 || !TEST_ptr_null(params[1].key))
1928 memset(ssl3ms, 0, sizeof(ssl3ms));
1929 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1930 ssl3ms, sizeof(ssl3ms));
1931 *param++ = OSSL_PARAM_construct_end();
1933 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1939 EVP_MD_CTX_free(mdctx);
1940 EVP_PKEY_CTX_free(ctx);
1945 #ifndef OPENSSL_NO_DSA
1946 static int test_DSA_get_set_params(void)
1948 OSSL_PARAM_BLD *bld = NULL;
1949 OSSL_PARAM *params = NULL;
1950 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1951 EVP_PKEY_CTX *pctx = NULL;
1952 EVP_PKEY *pkey = NULL;
1956 * Setup the parameters for our DSA object. For our purposes they don't
1957 * have to actually be *valid* parameters. We just need to set something.
1959 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1960 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1961 || !TEST_ptr(p = BN_new())
1962 || !TEST_ptr(q = BN_new())
1963 || !TEST_ptr(g = BN_new())
1964 || !TEST_ptr(pub = BN_new())
1965 || !TEST_ptr(priv = BN_new()))
1967 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1968 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1969 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1970 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1972 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1975 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1978 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1979 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
1983 if (!TEST_ptr(pkey))
1986 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1989 EVP_PKEY_free(pkey);
1990 EVP_PKEY_CTX_free(pctx);
1991 OSSL_PARAM_BLD_free_params(params);
1992 OSSL_PARAM_BLD_free(bld);
2003 * Test combinations of private, public, missing and private + public key
2004 * params to ensure they are all accepted
2006 static int test_DSA_priv_pub(void)
2008 return test_EVP_PKEY_ffc_priv_pub("DSA");
2011 #endif /* !OPENSSL_NO_DSA */
2013 static int test_RSA_get_set_params(void)
2015 OSSL_PARAM_BLD *bld = NULL;
2016 OSSL_PARAM *params = NULL;
2017 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2018 EVP_PKEY_CTX *pctx = NULL;
2019 EVP_PKEY *pkey = NULL;
2023 * Setup the parameters for our RSA object. For our purposes they don't
2024 * have to actually be *valid* parameters. We just need to set something.
2026 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2027 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2028 || !TEST_ptr(n = BN_new())
2029 || !TEST_ptr(e = BN_new())
2030 || !TEST_ptr(d = BN_new()))
2032 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2033 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2034 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2036 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2039 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2040 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2044 if (!TEST_ptr(pkey))
2047 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2050 EVP_PKEY_free(pkey);
2051 EVP_PKEY_CTX_free(pctx);
2052 OSSL_PARAM_BLD_free_params(params);
2053 OSSL_PARAM_BLD_free(bld);
2061 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2062 static int test_decrypt_null_chunks(void)
2064 EVP_CIPHER_CTX* ctx = NULL;
2065 const unsigned char key[32] = {
2066 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2067 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2068 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2070 unsigned char iv[12] = {
2071 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2073 unsigned char msg[] = "It was the best of times, it was the worst of times";
2074 unsigned char ciphertext[80];
2075 unsigned char plaintext[80];
2076 /* We initialise tmp to a non zero value on purpose */
2077 int ctlen, ptlen, tmp = 99;
2079 const int enc_offset = 10, dec_offset = 20;
2081 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2082 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
2084 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2086 /* Deliberate add a zero length update */
2087 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2089 || !TEST_int_eq(tmp, 0)
2090 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2092 sizeof(msg) - enc_offset))
2093 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2094 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2095 || !TEST_int_eq(tmp, 0))
2098 /* Deliberately initialise tmp to a non zero value */
2100 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
2102 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2105 * Deliberately add a zero length update. We also deliberately do
2106 * this at a different offset than for encryption.
2108 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2110 || !TEST_int_eq(tmp, 0)
2111 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2112 ciphertext + dec_offset,
2113 ctlen - dec_offset))
2114 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2115 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2116 || !TEST_int_eq(tmp, 0)
2117 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2122 EVP_CIPHER_CTX_free(ctx);
2125 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2127 #ifndef OPENSSL_NO_DH
2129 * Test combinations of private, public, missing and private + public key
2130 * params to ensure they are all accepted
2132 static int test_DH_priv_pub(void)
2134 return test_EVP_PKEY_ffc_priv_pub("DH");
2137 # ifndef OPENSSL_NO_DEPRECATED_3_0
2138 static int test_EVP_PKEY_set1_DH(void)
2140 DH *x942dh = NULL, *noqdh = NULL;
2141 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2143 BIGNUM *p, *g = NULL;
2145 if (!TEST_ptr(p = BN_new())
2146 || !TEST_ptr(g = BN_new())
2147 || !BN_set_word(p, 9999)
2148 || !BN_set_word(g, 2)
2149 || !TEST_ptr(noqdh = DH_new())
2150 || !DH_set0_pqg(noqdh, p, NULL, g))
2154 x942dh = DH_get_2048_256();
2155 pkey1 = EVP_PKEY_new();
2156 pkey2 = EVP_PKEY_new();
2157 if (!TEST_ptr(x942dh)
2160 || !TEST_ptr(pkey2))
2163 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2164 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2167 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2168 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2175 EVP_PKEY_free(pkey1);
2176 EVP_PKEY_free(pkey2);
2182 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2183 #endif /* !OPENSSL_NO_DH */
2186 * We test what happens with an empty template. For the sake of this test,
2187 * the template must be ignored, and we know that's the case for RSA keys
2188 * (this might arguably be a misfeature, but that's what we currently do,
2189 * even in provider code, since that's how the legacy RSA implementation
2192 static int test_keygen_with_empty_template(int n)
2194 EVP_PKEY_CTX *ctx = NULL;
2195 EVP_PKEY *pkey = NULL;
2196 EVP_PKEY *tkey = NULL;
2201 /* We do test with no template at all as well */
2202 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2206 /* Here we create an empty RSA key that serves as our template */
2207 if (!TEST_ptr(tkey = EVP_PKEY_new())
2208 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2209 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2214 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2215 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2220 EVP_PKEY_CTX_free(ctx);
2221 EVP_PKEY_free(pkey);
2222 EVP_PKEY_free(tkey);
2227 * Test that we fail if we attempt to use an algorithm that is not available
2228 * in the current library context (unless we are using an algorithm that
2229 * should be made available via legacy codepaths).
2234 static int test_pkey_ctx_fail_without_provider(int tst)
2236 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2237 OSSL_PROVIDER *nullprov = NULL;
2238 EVP_PKEY_CTX *pctx = NULL;
2239 const char *keytype = NULL;
2240 int expect_null = 0;
2243 if (!TEST_ptr(tmpctx))
2246 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2247 if (!TEST_ptr(nullprov))
2251 * We check for certain algos in the null provider.
2252 * If an algo is expected to have a provider keymgmt, contructing an
2253 * EVP_PKEY_CTX is expected to fail (return NULL).
2254 * Otherwise, if it's expected to have legacy support, contructing an
2255 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2265 #ifdef OPENSSL_NO_EC
2266 TEST_info("EC disable, skipping SM2 check...");
2269 #ifdef OPENSSL_NO_SM2
2270 TEST_info("SM2 disable, skipping SM2 check...");
2275 TEST_error("No test for case %d", tst);
2279 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2280 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2283 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2289 EVP_PKEY_CTX_free(pctx);
2290 OSSL_PROVIDER_unload(nullprov);
2291 OSSL_LIB_CTX_free(tmpctx);
2295 static int test_rand_agglomeration(void)
2299 OSSL_PARAM params[3], *p = params;
2301 unsigned int step = 7;
2302 static unsigned char seed[] = "It does not matter how slowly you go "
2303 "as long as you do not stop.";
2304 unsigned char out[sizeof(seed)];
2306 if (!TEST_int_ne(sizeof(seed) % step, 0)
2307 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2309 ctx = EVP_RAND_CTX_new(rand, NULL);
2310 EVP_RAND_free(rand);
2314 memset(out, 0, sizeof(out));
2315 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2316 seed, sizeof(seed));
2317 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2318 *p = OSSL_PARAM_construct_end();
2319 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2320 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2321 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2322 EVP_RAND_CTX_free(ctx);
2327 * Test that we correctly return the original or "running" IV after
2328 * an encryption operation.
2329 * Run multiple times for some different relevant algorithms/modes.
2331 static int test_evp_iv(int idx)
2334 EVP_CIPHER_CTX *ctx = NULL;
2335 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2336 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2337 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2338 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2339 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2340 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2341 9, 10, 11, 12, 13, 14, 15, 16 };
2342 unsigned char ciphertext[32], oiv[16], iv[16];
2343 unsigned char *ref_iv;
2344 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2345 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2347 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2348 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2349 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2350 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2351 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2352 #ifndef OPENSSL_NO_OCB
2353 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2354 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2356 int len = sizeof(ciphertext);
2357 size_t ivlen, ref_len;
2358 const EVP_CIPHER *type = NULL;
2362 type = EVP_aes_128_cbc();
2365 type = (type != NULL) ? type :
2366 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2368 ref_len = sizeof(cbc_state);
2371 type = EVP_aes_128_ofb();
2374 type = (type != NULL) ? type :
2375 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2377 ref_len = sizeof(ofb_state);
2380 type = EVP_aes_128_gcm();
2383 type = (type != NULL) ? type :
2384 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2386 ref_len = sizeof(gcm_state);
2389 type = EVP_aes_128_ccm();
2392 type = (type != NULL) ? type :
2393 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2395 ref_len = sizeof(ccm_state);
2397 #ifdef OPENSSL_NO_OCB
2403 type = EVP_aes_128_ocb();
2406 type = (type != NULL) ? type :
2407 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2409 ref_len = sizeof(ocb_state);
2417 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2418 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2419 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2421 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2422 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2423 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2425 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2426 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2427 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2432 EVP_CIPHER_CTX_free(ctx);
2434 EVP_CIPHER_free((EVP_CIPHER *)type);
2438 #ifndef OPENSSL_NO_EC
2439 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2440 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2441 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2442 NID_brainpoolP384r1, NID_brainpoolP512r1};
2444 static int test_ecpub(int idx)
2446 int ret = 0, len, savelen;
2448 unsigned char buf[1024];
2450 EVP_PKEY *pkey = NULL;
2451 EVP_PKEY_CTX *ctx = NULL;
2452 # ifndef OPENSSL_NO_DEPRECATED_3_0
2453 const unsigned char *q;
2454 EVP_PKEY *pkey2 = NULL;
2458 nid = ecpub_nids[idx];
2460 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2462 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2463 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2464 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2466 len = i2d_PublicKey(pkey, NULL);
2468 if (!TEST_int_ge(len, 1)
2469 || !TEST_int_lt(len, 1024))
2472 len = i2d_PublicKey(pkey, &p);
2473 if (!TEST_int_ge(len, 1)
2474 || !TEST_int_eq(len, savelen))
2477 # ifndef OPENSSL_NO_DEPRECATED_3_0
2478 /* Now try to decode the just-created DER. */
2480 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2481 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2482 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2484 /* EC_KEY ownership transferred */
2486 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2488 /* The keys should match. */
2489 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2496 EVP_PKEY_CTX_free(ctx);
2497 EVP_PKEY_free(pkey);
2498 # ifndef OPENSSL_NO_DEPRECATED_3_0
2499 EVP_PKEY_free(pkey2);
2506 static int test_EVP_rsa_pss_with_keygen_bits(void)
2515 md = EVP_get_digestbyname("sha256");
2516 ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
2517 && TEST_true(EVP_PKEY_keygen_init(ctx))
2518 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2519 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2520 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2522 EVP_PKEY_free(pkey);
2523 EVP_PKEY_CTX_free(ctx);
2527 static int success = 1;
2528 static void md_names(const char *name, void *vctx)
2530 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2531 /* Force a namemap update */
2532 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2534 if (!TEST_ptr(aes128))
2537 EVP_CIPHER_free(aes128);
2541 * Test that changing the namemap in a user callback works in a names_do_all
2544 static int test_names_do_all(void)
2546 /* We use a custom libctx so that we know the state of the namemap */
2547 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2548 EVP_MD *sha256 = NULL;
2554 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2555 if (!TEST_ptr(sha256))
2559 * We loop through all the names for a given digest. This should still work
2560 * even if the namemap changes part way through.
2562 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2565 if (!TEST_true(success))
2570 EVP_MD_free(sha256);
2571 OSSL_LIB_CTX_free(ctx);
2575 int setup_tests(void)
2577 testctx = OSSL_LIB_CTX_new();
2579 if (!TEST_ptr(testctx))
2582 ADD_TEST(test_EVP_set_default_properties);
2583 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2584 ADD_TEST(test_EVP_DigestVerifyInit);
2585 ADD_TEST(test_EVP_Digest);
2586 ADD_TEST(test_EVP_Enveloped);
2587 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2588 ADD_TEST(test_privatekey_to_pkcs8);
2589 #ifndef OPENSSL_NO_EC
2590 ADD_TEST(test_EVP_PKCS82PKEY);
2592 #ifndef OPENSSL_NO_EC
2593 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2595 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2596 ADD_TEST(test_EVP_SM2);
2597 ADD_TEST(test_EVP_SM2_verify);
2599 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2600 #ifndef OPENSSL_NO_DEPRECATED_3_0
2601 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2602 if (!TEST_ptr(custom_pmeth))
2604 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2605 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2606 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2607 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2610 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2611 #ifndef OPENSSL_NO_CMAC
2612 ADD_TEST(test_CMAC_keygen);
2614 ADD_TEST(test_HKDF);
2615 ADD_TEST(test_emptyikm_HKDF);
2616 #ifndef OPENSSL_NO_EC
2617 ADD_TEST(test_X509_PUBKEY_inplace);
2618 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2619 OSSL_NELEM(ec_der_pub_keys));
2621 #ifndef OPENSSL_NO_DSA
2622 ADD_TEST(test_DSA_get_set_params);
2623 ADD_TEST(test_DSA_priv_pub);
2625 ADD_TEST(test_RSA_get_set_params);
2626 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2627 ADD_TEST(test_decrypt_null_chunks);
2629 #ifndef OPENSSL_NO_DH
2630 ADD_TEST(test_DH_priv_pub);
2631 # ifndef OPENSSL_NO_DEPRECATED_3_0
2632 ADD_TEST(test_EVP_PKEY_set1_DH);
2635 #ifndef OPENSSL_NO_EC
2636 ADD_TEST(test_EC_priv_pub);
2637 # ifndef OPENSSL_NO_DEPRECATED_3_0
2638 ADD_TEST(test_EC_priv_only_legacy);
2641 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2642 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2644 ADD_TEST(test_rand_agglomeration);
2645 ADD_ALL_TESTS(test_evp_iv, 10);
2646 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2647 #ifndef OPENSSL_NO_EC
2648 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2651 ADD_TEST(test_names_do_all);
2656 void cleanup_tests(void)
2658 OSSL_LIB_CTX_free(testctx);