2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
42 OSSL_provider_init_fn ossl_legacy_provider_init;
45 static OSSL_LIB_CTX *testctx = NULL;
46 static char *testpropq = NULL;
48 static OSSL_PROVIDER *nullprov = NULL;
49 static OSSL_PROVIDER *deflprov = NULL;
50 static OSSL_PROVIDER *lgcyprov = NULL;
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
56 static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
111 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
112 * should never use this key anywhere but in an example.
114 #ifndef OPENSSL_NO_DSA
115 static const unsigned char kExampleDSAKeyDER[] = {
116 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
117 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
118 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
119 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
120 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
121 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
122 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
123 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
124 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
125 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
126 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
127 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
128 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
129 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
130 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
131 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
132 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
133 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
134 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
135 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
136 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
137 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
138 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
139 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
140 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
141 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
142 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
143 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
144 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
145 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
146 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
147 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
148 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
149 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
150 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
151 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
152 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
158 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
159 * components are not correct.
161 static const unsigned char kExampleBadRSAKeyDER[] = {
162 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
163 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
164 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
165 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
166 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
167 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
168 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
169 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
170 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
171 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
172 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
173 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
174 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
175 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
176 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
177 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
178 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
179 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
180 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
181 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
182 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
183 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
184 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
185 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
186 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
187 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
188 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
189 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
190 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
191 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
192 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
193 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
194 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
195 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
196 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
197 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
198 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
199 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
200 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
201 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
202 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
203 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
204 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
205 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
206 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
207 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
208 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
209 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
210 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
211 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
212 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
213 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
214 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
215 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
216 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
217 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
218 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
219 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
220 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
221 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
222 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
223 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
224 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
225 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
226 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
227 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
228 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
229 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
230 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
231 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
232 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
233 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
234 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
235 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
236 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
237 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
238 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
239 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
240 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
241 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
242 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
243 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
244 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
245 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
246 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
247 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
248 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
249 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
250 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
254 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
257 static const unsigned char kExampleBad2RSAKeyDER[] = {
258 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
260 0x01, 0x00, 0x02, 0x01, 0x00
263 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
265 static const unsigned char kSignature[] = {
266 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
267 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
268 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
269 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
270 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
271 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
272 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
273 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
274 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
275 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
276 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
280 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
283 static const unsigned char kExampleRSAKeyPKCS8[] = {
284 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
285 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
286 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
287 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
288 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
289 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
290 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
291 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
292 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
293 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
294 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
295 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
296 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
297 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
298 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
299 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
300 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
301 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
302 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
303 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
304 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
305 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
306 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
307 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
308 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
309 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
310 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
311 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
312 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
313 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
314 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
315 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
316 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
317 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
318 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
319 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
320 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
321 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
322 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
323 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
324 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
325 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
326 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
327 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
328 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
329 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
330 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
331 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
332 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
333 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
334 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
335 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
336 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
339 #ifndef OPENSSL_NO_EC
341 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 static const unsigned char kExampleECKeyDER[] = {
345 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
346 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
347 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
348 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
349 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
350 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
351 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
352 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
353 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
354 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
359 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
360 * structure. The private key is equal to the order and will fail to import
362 static const unsigned char kExampleBadECKeyDER[] = {
363 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
364 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
365 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
366 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
367 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
368 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
369 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
370 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
371 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
375 static const unsigned char kExampleECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
387 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
388 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
390 static const unsigned char kExampleBadECPubKeyDER[] = {
391 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
392 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
393 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
394 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
395 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
396 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
397 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
398 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
401 static const unsigned char pExampleECParamDER[] = {
402 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
405 # ifndef OPENSSL_NO_ECX
406 static const unsigned char kExampleED25519KeyDER[] = {
407 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
408 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
409 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
410 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
413 static const unsigned char kExampleED25519PubKeyDER[] = {
414 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
415 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
416 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
417 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
420 # ifndef OPENSSL_NO_DEPRECATED_3_0
421 static const unsigned char kExampleX25519KeyDER[] = {
422 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
423 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
424 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
425 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
431 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
432 #ifndef OPENSSL_NO_DEPRECATED_3_0
433 # ifndef OPENSSL_NO_DH
434 static const unsigned char kExampleDHKeyDER[] = {
435 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
436 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
437 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
438 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
439 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
440 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
441 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
442 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
443 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
444 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
445 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
446 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
447 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
448 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
449 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
450 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
451 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
452 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
453 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
454 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
455 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
456 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
457 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
458 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
459 0x2e, 0x87, 0x2a, 0x0b, 0x7a
464 static const unsigned char kCFBDefaultKey[] = {
465 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
466 0x09, 0xCF, 0x4F, 0x3C
469 static const unsigned char kGCMDefaultKey[32] = { 0 };
471 static const unsigned char kGCMResetKey[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
473 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
474 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
477 static const unsigned char iCFBIV[] = {
478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
479 0x0C, 0x0D, 0x0E, 0x0F
482 static const unsigned char iGCMDefaultIV[12] = { 0 };
484 static const unsigned char iGCMResetIV1[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
488 static const unsigned char iGCMResetIV2[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
492 static const unsigned char cfbPlaintext[] = {
493 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
494 0x73, 0x93, 0x17, 0x2A
496 static const unsigned char cfbPlaintext_partial[] = {
497 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
498 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
501 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
503 static const unsigned char gcmResetPlaintext[] = {
504 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
505 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
506 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
507 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
508 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
511 static const unsigned char cfbCiphertext[] = {
512 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
513 0xE8, 0x3C, 0xFB, 0x4A
516 static const unsigned char cfbCiphertext_partial[] = {
517 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
518 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
521 static const unsigned char ofbCiphertext_partial[] = {
522 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
523 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
526 static const unsigned char gcmDefaultCiphertext[] = {
527 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
528 0xba, 0xf3, 0x9d, 0x18
531 static const unsigned char gcmResetCiphertext1[] = {
532 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
533 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
534 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
535 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
536 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
539 static const unsigned char gcmResetCiphertext2[] = {
540 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
541 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
542 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
543 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
544 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
547 static const unsigned char gcmAAD[] = {
548 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
549 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
552 static const unsigned char gcmDefaultTag[] = {
553 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
554 0xd4, 0x8a, 0xb9, 0x19
557 static const unsigned char gcmResetTag1[] = {
558 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
559 0xfe, 0x2e, 0xa8, 0xf2
562 static const unsigned char gcmResetTag2[] = {
563 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
564 0xbb, 0x2d, 0x55, 0x1b
567 typedef struct APK_DATA_st {
568 const unsigned char *kder;
575 int type; /* 0 for private, 1 for public, 2 for params */
578 static APK_DATA keydata[] = {
579 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
580 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
581 #ifndef OPENSSL_NO_EC
582 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
586 static APK_DATA keycheckdata[] = {
587 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
589 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
591 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
592 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
593 #ifndef OPENSSL_NO_EC
594 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
595 /* group is also associated in our pub key */
596 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
598 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
600 # ifndef OPENSSL_NO_ECX
601 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
602 EVP_PKEY_ED25519, 1, 1, 1, 0},
603 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
604 EVP_PKEY_ED25519, 0, 1, 1, 1},
609 static EVP_PKEY *load_example_key(const char *keytype,
610 const unsigned char *data, size_t data_len)
612 const unsigned char **pdata = &data;
613 EVP_PKEY *pkey = NULL;
614 OSSL_DECODER_CTX *dctx =
615 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
618 /* |pkey| will be NULL on error */
619 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
620 OSSL_DECODER_CTX_free(dctx);
624 static EVP_PKEY *load_example_rsa_key(void)
626 return load_example_key("RSA", kExampleRSAKeyDER,
627 sizeof(kExampleRSAKeyDER));
630 #ifndef OPENSSL_NO_DSA
631 static EVP_PKEY *load_example_dsa_key(void)
633 return load_example_key("DSA", kExampleDSAKeyDER,
634 sizeof(kExampleDSAKeyDER));
638 #ifndef OPENSSL_NO_EC
639 static EVP_PKEY *load_example_ec_key(void)
641 return load_example_key("EC", kExampleECKeyDER,
642 sizeof(kExampleECKeyDER));
646 #ifndef OPENSSL_NO_DEPRECATED_3_0
647 # ifndef OPENSSL_NO_DH
648 static EVP_PKEY *load_example_dh_key(void)
650 return load_example_key("DH", kExampleDHKeyDER,
651 sizeof(kExampleDHKeyDER));
655 # ifndef OPENSSL_NO_ECX
656 static EVP_PKEY *load_example_ed25519_key(void)
658 return load_example_key("ED25519", kExampleED25519KeyDER,
659 sizeof(kExampleED25519KeyDER));
662 static EVP_PKEY *load_example_x25519_key(void)
664 return load_example_key("X25519", kExampleX25519KeyDER,
665 sizeof(kExampleX25519KeyDER));
668 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
670 static EVP_PKEY *load_example_hmac_key(void)
672 EVP_PKEY *pkey = NULL;
673 unsigned char key[] = {
674 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
675 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
676 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
679 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
680 NULL, key, sizeof(key));
687 static int test_EVP_set_default_properties(void)
693 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
694 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
699 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
700 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
701 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
706 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
707 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
712 OSSL_LIB_CTX_free(ctx);
716 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
717 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
719 EVP_PKEY_CTX *pctx = NULL;
720 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
722 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
724 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
725 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
729 if (!TEST_ptr(tmp_pkey))
735 EVP_PKEY_free(tmp_pkey);
736 EVP_PKEY_CTX_free(pctx);
740 static int test_selection(EVP_PKEY *pkey, int selection)
744 BIO *bio = BIO_new(BIO_s_mem());
746 ret = PEM_write_bio_PUBKEY(bio, pkey);
747 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
751 if (!TEST_false(ret))
754 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
756 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
760 if (!TEST_false(ret))
770 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
773 * Test combinations of private, public, missing and private + public key
774 * params to ensure they are all accepted
776 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
777 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
779 OSSL_PARAM_BLD *bld = NULL;
780 OSSL_PARAM *params = NULL;
781 EVP_PKEY *just_params = NULL;
782 EVP_PKEY *params_and_priv = NULL;
783 EVP_PKEY *params_and_pub = NULL;
784 EVP_PKEY *params_and_keypair = NULL;
785 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
789 * Setup the parameters for our pkey object. For our purposes they don't
790 * have to actually be *valid* parameters. We just need to set something.
792 if (!TEST_ptr(p = BN_new())
793 || !TEST_ptr(q = BN_new())
794 || !TEST_ptr(g = BN_new())
795 || !TEST_ptr(pub = BN_new())
796 || !TEST_ptr(priv = BN_new()))
799 /* Test !priv and !pub */
800 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
805 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
806 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
809 OSSL_PARAM_free(params);
810 OSSL_PARAM_BLD_free(bld);
814 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
815 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
818 /* Test priv and !pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
826 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
827 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
830 OSSL_PARAM_free(params);
831 OSSL_PARAM_BLD_free(bld);
835 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
836 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
839 /* Test !priv and pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
851 OSSL_PARAM_free(params);
852 OSSL_PARAM_BLD_free(bld);
856 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
857 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
860 /* Test priv and pub */
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
863 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
864 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
871 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
874 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
879 OSSL_PARAM_free(params);
880 OSSL_PARAM_BLD_free(bld);
881 EVP_PKEY_free(just_params);
882 EVP_PKEY_free(params_and_priv);
883 EVP_PKEY_free(params_and_pub);
884 EVP_PKEY_free(params_and_keypair);
893 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
896 * Test combinations of private, public, missing and private + public key
897 * params to ensure they are all accepted for EC keys
899 #ifndef OPENSSL_NO_EC
900 static unsigned char ec_priv[] = {
901 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
902 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
903 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
905 static unsigned char ec_pub[] = {
906 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
907 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
908 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
909 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
910 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
911 0x08, 0x09, 0xb8, 0xdb, 0x03
914 static int test_EC_priv_pub(void)
916 OSSL_PARAM_BLD *bld = NULL;
917 OSSL_PARAM *params = NULL;
918 EVP_PKEY *just_params = NULL;
919 EVP_PKEY *params_and_priv = NULL;
920 EVP_PKEY *params_and_pub = NULL;
921 EVP_PKEY *params_and_keypair = NULL;
924 unsigned char *encoded = NULL;
926 unsigned char buffer[128];
929 * Setup the parameters for our pkey object. For our purposes they don't
930 * have to actually be *valid* parameters. We just need to set something.
932 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
935 /* Test !priv and !pub */
936 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
937 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
938 OSSL_PKEY_PARAM_GROUP_NAME,
941 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
942 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
945 OSSL_PARAM_free(params);
946 OSSL_PARAM_BLD_free(bld);
950 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
954 /* Test priv and !pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
962 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
963 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
966 OSSL_PARAM_free(params);
967 OSSL_PARAM_BLD_free(bld);
972 * We indicate only parameters here, in spite of having built a key that
973 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
974 * expected to fail because it does not support exporting a private EC
975 * key without a corresponding public key
977 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
978 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
981 /* Test !priv and pub */
982 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
983 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
984 OSSL_PKEY_PARAM_GROUP_NAME,
986 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
987 OSSL_PKEY_PARAM_PUB_KEY,
988 ec_pub, sizeof(ec_pub))))
990 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
991 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
994 OSSL_PARAM_free(params);
995 OSSL_PARAM_BLD_free(bld);
999 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1000 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1003 /* Test priv and pub */
1004 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1005 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1008 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1009 OSSL_PKEY_PARAM_PUB_KEY,
1010 ec_pub, sizeof(ec_pub)))
1011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1015 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1018 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1021 /* Try key equality */
1022 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1023 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1025 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1027 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1029 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1030 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1031 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1032 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1035 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1036 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1038 OPENSSL_free(encoded);
1040 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1041 OPENSSL_free(encoded);
1046 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1047 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1048 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1049 buffer, sizeof(buffer), &len), 1)
1050 || !TEST_int_eq(len, 65))
1054 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1055 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1057 || !TEST_int_eq(len, 65))
1060 /* too-short buffer len*/
1061 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1062 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1063 buffer, 10, &len), 0))
1068 OSSL_PARAM_free(params);
1069 OSSL_PARAM_BLD_free(bld);
1070 EVP_PKEY_free(just_params);
1071 EVP_PKEY_free(params_and_priv);
1072 EVP_PKEY_free(params_and_pub);
1073 EVP_PKEY_free(params_and_keypair);
1079 /* Also test that we can read the EC PUB affine coordinates */
1080 static int test_evp_get_ec_pub(void)
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 unsigned char *pad = NULL;
1085 EVP_PKEY *keypair = NULL;
1086 BIGNUM *priv = NULL;
1091 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1094 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1095 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1096 OSSL_PKEY_PARAM_GROUP_NAME,
1098 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1099 OSSL_PKEY_PARAM_PUB_KEY,
1100 ec_pub, sizeof(ec_pub)))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1105 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1106 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1109 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1112 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1113 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1116 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1120 BN_bn2bin(x, &pad[1]);
1121 BN_bn2bin(y, &pad[33]);
1122 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1128 OSSL_PARAM_free(params);
1129 OSSL_PARAM_BLD_free(bld);
1130 EVP_PKEY_free(keypair);
1138 /* Test that using a legacy EC key with only a private key in it works */
1139 # ifndef OPENSSL_NO_DEPRECATED_3_0
1140 static int test_EC_priv_only_legacy(void)
1142 BIGNUM *priv = NULL;
1144 EC_KEY *eckey = NULL;
1145 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1146 EVP_MD_CTX *ctx = NULL;
1148 /* Create the low level EC_KEY */
1149 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1152 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1153 if (!TEST_ptr(eckey))
1156 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1159 pkey = EVP_PKEY_new();
1160 if (!TEST_ptr(pkey))
1163 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1169 ctx = EVP_MD_CTX_new();
1174 * The EVP_DigestSignInit function should create the key on the
1175 * provider side which is sufficient for this test.
1177 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1178 testpropq, pkey, NULL)))
1180 EVP_MD_CTX_free(ctx);
1186 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1188 /* EVP_PKEY_eq() returns -2 with missing public keys */
1189 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1190 EVP_PKEY_free(pkey);
1198 EVP_MD_CTX_free(ctx);
1199 EVP_PKEY_free(pkey);
1206 static int test_evp_get_ec_pub_legacy(void)
1208 OSSL_LIB_CTX *libctx = NULL;
1209 unsigned char *pad = NULL;
1210 EVP_PKEY *pkey = NULL;
1211 EC_KEY *eckey = NULL;
1212 BIGNUM *priv = NULL;
1217 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1220 /* Create the legacy key */
1221 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1222 NID_X9_62_prime256v1)))
1225 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1228 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1231 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1234 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1237 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1240 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1243 /* Transfer the legacy key */
1244 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1248 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1249 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1252 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1256 BN_bn2bin(x, &pad[1]);
1257 BN_bn2bin(y, &pad[33]);
1259 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1265 OSSL_LIB_CTX_free(libctx);
1266 EVP_PKEY_free(pkey);
1275 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1276 #endif /* OPENSSL_NO_EC */
1278 static int test_EVP_PKEY_sign(int tst)
1281 EVP_PKEY *pkey = NULL;
1282 unsigned char *sig = NULL;
1283 size_t sig_len = 0, shortsig_len = 1;
1284 EVP_PKEY_CTX *ctx = NULL;
1285 unsigned char tbs[] = {
1286 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1287 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1291 if (!TEST_ptr(pkey = load_example_rsa_key()))
1293 } else if (tst == 1) {
1294 #ifndef OPENSSL_NO_DSA
1295 if (!TEST_ptr(pkey = load_example_dsa_key()))
1302 #ifndef OPENSSL_NO_EC
1303 if (!TEST_ptr(pkey = load_example_ec_key()))
1311 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1313 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1314 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1317 sig = OPENSSL_malloc(sig_len);
1319 /* Test sending a signature buffer that is too short is rejected */
1320 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1322 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1324 /* Test the signature round-trips */
1325 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1326 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1332 EVP_PKEY_CTX_free(ctx);
1334 EVP_PKEY_free(pkey);
1338 #ifndef OPENSSL_NO_DEPRECATED_3_0
1339 static int test_EVP_PKEY_sign_with_app_method(int tst)
1342 EVP_PKEY *pkey = NULL;
1344 RSA_METHOD *rsa_meth = NULL;
1345 #ifndef OPENSSL_NO_DSA
1347 DSA_METHOD *dsa_meth = NULL;
1349 unsigned char *sig = NULL;
1350 size_t sig_len = 0, shortsig_len = 1;
1351 EVP_PKEY_CTX *ctx = NULL;
1352 unsigned char tbs[] = {
1353 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1354 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1358 if (!TEST_ptr(pkey = load_example_rsa_key()))
1360 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1363 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1364 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1365 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1367 rsa = NULL; /* now owned by the pkey */
1369 #ifndef OPENSSL_NO_DSA
1370 if (!TEST_ptr(pkey = load_example_dsa_key()))
1372 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1375 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1376 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1377 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1379 dsa = NULL; /* now owned by the pkey */
1386 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1388 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1389 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1392 sig = OPENSSL_malloc(sig_len);
1394 /* Test sending a signature buffer that is too short is rejected */
1395 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1397 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1399 /* Test the signature round-trips */
1400 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1401 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1407 EVP_PKEY_CTX_free(ctx);
1409 EVP_PKEY_free(pkey);
1411 RSA_meth_free(rsa_meth);
1412 #ifndef OPENSSL_NO_DSA
1414 DSA_meth_free(dsa_meth);
1418 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1421 * n = 0 => test using legacy cipher
1422 * n = 1 => test using fetched cipher
1424 static int test_EVP_Enveloped(int n)
1427 EVP_CIPHER_CTX *ctx = NULL;
1428 EVP_PKEY *keypair = NULL;
1429 unsigned char *kek = NULL;
1430 unsigned char iv[EVP_MAX_IV_LENGTH];
1431 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1432 int len, kek_len, ciphertext_len, plaintext_len;
1433 unsigned char ciphertext[32], plaintext[16];
1434 EVP_CIPHER *type = NULL;
1436 if (nullprov != NULL)
1437 return TEST_skip("Test does not support a non-default library context");
1440 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1441 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1445 if (!TEST_ptr(keypair = load_example_rsa_key())
1446 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1447 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1448 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1450 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1452 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1456 ciphertext_len += len;
1458 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1459 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1460 ciphertext, ciphertext_len))
1461 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1464 plaintext_len += len;
1465 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1471 EVP_CIPHER_free(type);
1473 EVP_PKEY_free(keypair);
1474 EVP_CIPHER_CTX_free(ctx);
1479 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1480 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1481 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1482 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1483 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1484 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1485 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1486 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1487 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1488 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1489 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1490 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1491 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1492 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1493 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1494 * Test 15-29: Same as above with reinitialization
1496 static int test_EVP_DigestSignInit(int tst)
1499 EVP_PKEY *pkey = NULL;
1500 unsigned char *sig = NULL, *sig2 = NULL;
1501 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1502 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1503 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1504 BIO *mdbio = NULL, *membio = NULL;
1507 EVP_MD *mdexp = NULL;
1510 if (nullprov != NULL)
1511 return TEST_skip("Test does not support a non-default library context");
1518 if (tst >= 6 && tst <= 8) {
1519 membio = BIO_new(BIO_s_mem());
1520 mdbio = BIO_new(BIO_f_md());
1521 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1523 BIO_push(mdbio, membio);
1524 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1527 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1528 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1533 if (!TEST_ptr(pkey = load_example_rsa_key()))
1535 } else if (tst % 3 == 1) {
1536 #ifndef OPENSSL_NO_DSA
1537 if (!TEST_ptr(pkey = load_example_dsa_key()))
1544 if (!TEST_ptr(pkey = load_example_hmac_key()))
1548 if (tst >= 3 && tst <= 5)
1549 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1553 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1556 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1559 if (tst >= 6 && tst <= 8) {
1560 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1562 } else if (tst < 6) {
1563 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1568 /* Determine the size of the signature. */
1569 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1571 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1574 /* Test that supply a short sig buffer fails */
1575 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1579 * We end here because once EVP_DigestSign() has failed you should
1580 * not call it again without re-initing the ctx
1585 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1589 /* Determine the size of the signature. */
1590 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1591 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1593 * Trying to create a signature with a deliberately short
1594 * buffer should fail.
1596 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1597 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1602 * Ensure that the signature round-trips (Verification isn't supported for
1603 * HMAC via EVP_DigestVerify*)
1606 if (tst >= 6 && tst <= 8) {
1607 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1608 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1612 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1616 if (tst >= 6 && tst <= 8) {
1617 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1620 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1624 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1627 /* Multiple calls to EVP_DigestVerifyFinal should work */
1628 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1632 * For HMAC a doubled call to DigestSignFinal should produce the same
1633 * value as finalization should not happen.
1635 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1636 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1637 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1640 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1649 EVP_MD_CTX_free(a_md_ctx);
1650 EVP_MD_CTX_free(a_md_ctx_verify);
1651 EVP_PKEY_free(pkey);
1659 static int test_EVP_DigestVerifyInit(void)
1662 EVP_PKEY *pkey = NULL;
1663 EVP_MD_CTX *md_ctx = NULL;
1665 if (nullprov != NULL)
1666 return TEST_skip("Test does not support a non-default library context");
1668 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1669 || !TEST_ptr(pkey = load_example_rsa_key()))
1672 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1673 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1674 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1675 sizeof(kSignature)), 0))
1678 /* test with reinitialization */
1679 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1680 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1681 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1682 sizeof(kSignature)), 0))
1687 EVP_MD_CTX_free(md_ctx);
1688 EVP_PKEY_free(pkey);
1692 #ifndef OPENSSL_NO_SIPHASH
1693 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1694 static int test_siphash_digestsign(void)
1696 unsigned char key[16];
1697 unsigned char buf[8], digest[8];
1698 unsigned char expected[8] = {
1699 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1701 EVP_PKEY *pkey = NULL;
1702 EVP_MD_CTX *mdctx = NULL;
1703 EVP_PKEY_CTX *ctx = NULL;
1707 if (nullprov != NULL)
1708 return TEST_skip("Test does not support a non-default library context");
1712 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1716 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1719 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1721 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1722 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1726 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1728 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1730 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1732 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1737 EVP_PKEY_free(pkey);
1738 EVP_MD_CTX_free(mdctx);
1744 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1746 static int test_EVP_Digest(void)
1749 EVP_MD_CTX *md_ctx = NULL;
1750 unsigned char md[EVP_MAX_MD_SIZE];
1751 EVP_MD *sha256 = NULL;
1752 EVP_MD *shake256 = NULL;
1754 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1757 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1758 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1761 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1762 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1763 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1764 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1765 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1768 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1769 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1770 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1771 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1772 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1774 * EVP_DigestInit_ex with NULL type should work on
1775 * pre-initialized context.
1777 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1780 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1781 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1782 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1783 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1784 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1785 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1790 EVP_MD_CTX_free(md_ctx);
1791 EVP_MD_free(sha256);
1792 EVP_MD_free(shake256);
1796 static int test_EVP_md_null(void)
1799 EVP_MD_CTX *md_ctx = NULL;
1800 const EVP_MD *md_null = EVP_md_null();
1801 unsigned char md_value[EVP_MAX_MD_SIZE];
1802 unsigned int md_len = sizeof(md_value);
1804 if (nullprov != NULL)
1805 return TEST_skip("Test does not support a non-default library context");
1807 if (!TEST_ptr(md_null)
1808 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1811 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1812 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1813 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1816 if (!TEST_uint_eq(md_len, 0))
1821 EVP_MD_CTX_free(md_ctx);
1825 static int test_d2i_AutoPrivateKey(int i)
1828 const unsigned char *p;
1829 EVP_PKEY *pkey = NULL;
1830 const APK_DATA *ak = &keydata[i];
1831 const unsigned char *input = ak->kder;
1832 size_t input_len = ak->size;
1833 int expected_id = ak->evptype;
1836 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1837 || !TEST_ptr_eq(p, input + input_len)
1838 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1844 EVP_PKEY_free(pkey);
1848 #ifndef OPENSSL_NO_EC
1850 static const unsigned char ec_public_sect163k1_validxy[] = {
1851 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1852 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1853 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1854 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1855 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1856 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1859 static const unsigned char ec_public_sect163k1_badx[] = {
1860 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1861 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1862 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1863 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1864 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1865 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1868 static const unsigned char ec_public_sect163k1_bady[] = {
1869 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1870 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1871 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1872 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1873 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1874 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1877 static struct ec_der_pub_keys_st {
1878 const unsigned char *der;
1881 } ec_der_pub_keys[] = {
1882 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1883 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1884 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1888 * Tests the range of the decoded EC char2 public point.
1889 * See ec_GF2m_simple_oct2point().
1891 static int test_invalide_ec_char2_pub_range_decode(int id)
1896 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1897 ec_der_pub_keys[id].len);
1899 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1900 || TEST_ptr_null(pkey);
1901 EVP_PKEY_free(pkey);
1905 /* Tests loading a bad key in PKCS8 format */
1906 static int test_EVP_PKCS82PKEY(void)
1909 const unsigned char *derp = kExampleBadECKeyDER;
1910 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1911 EVP_PKEY *pkey = NULL;
1913 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1914 sizeof(kExampleBadECKeyDER))))
1917 if (!TEST_ptr_eq(derp,
1918 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1921 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1927 PKCS8_PRIV_KEY_INFO_free(p8inf);
1928 EVP_PKEY_free(pkey);
1934 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1936 EVP_PKEY *pkey = NULL;
1937 EVP_PKEY *pkey2 = NULL;
1939 char *membuf = NULL;
1940 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1943 if (testctx != NULL)
1944 /* test not supported with non-default context */
1947 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1948 || !TEST_ptr(pkey = load_example_rsa_key())
1949 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1950 NULL, 0, NULL, NULL),
1952 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1953 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1954 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1955 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1961 EVP_PKEY_free(pkey);
1962 EVP_PKEY_free(pkey2);
1963 PKCS8_PRIV_KEY_INFO_free(p8inf);
1964 BIO_free_all(membio);
1968 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1969 static int test_privatekey_to_pkcs8(void)
1971 EVP_PKEY *pkey = NULL;
1973 char *membuf = NULL;
1974 long membuf_len = 0;
1977 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1978 || !TEST_ptr(pkey = load_example_rsa_key())
1979 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1980 NULL, 0, NULL, NULL),
1982 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1983 || !TEST_ptr(membuf)
1984 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1985 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1987 * We try to write PEM as well, just to see that it doesn't err, but
1988 * assume that the result is correct.
1990 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1991 NULL, 0, NULL, NULL),
1997 EVP_PKEY_free(pkey);
1998 BIO_free_all(membio);
2002 #ifndef OPENSSL_NO_EC
2003 static const struct {
2005 const char *encoding_name;
2006 } ec_encodings[] = {
2007 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2008 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2011 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2013 const OSSL_PARAM *p;
2014 const char *enc_name = NULL;
2020 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2021 OSSL_PKEY_PARAM_EC_ENCODING))
2022 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2025 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2026 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2027 *enc = ec_encodings[i].encoding;
2032 return (*enc != -1);
2035 static int test_EC_keygen_with_enc(int idx)
2037 EVP_PKEY *params = NULL, *key = NULL;
2038 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2042 enc = ec_encodings[idx].encoding;
2044 /* Create key parameters */
2045 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2046 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2048 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2049 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2050 || !TEST_ptr(params))
2054 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2055 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2056 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2060 /* Check that the encoding got all the way into the key */
2061 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2062 ec_export_get_encoding_cb, &enc))
2063 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2069 EVP_PKEY_free(params);
2070 EVP_PKEY_CTX_free(kctx);
2071 EVP_PKEY_CTX_free(pctx);
2076 #if !defined(OPENSSL_NO_SM2)
2078 static int test_EVP_SM2_verify(void)
2080 const char *pubkey =
2081 "-----BEGIN PUBLIC KEY-----\n"
2082 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2083 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2084 "-----END PUBLIC KEY-----\n";
2086 const char *msg = "message digest";
2087 const char *id = "ALICE123@YAHOO.COM";
2089 const uint8_t signature[] = {
2090 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2091 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2092 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2093 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2094 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2095 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2096 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2101 EVP_PKEY *pkey = NULL;
2102 EVP_MD_CTX *mctx = NULL;
2103 EVP_PKEY_CTX *pctx = NULL;
2106 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2107 if (!TEST_true(bio != NULL))
2110 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2111 if (!TEST_true(pkey != NULL))
2114 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2117 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2120 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2123 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2125 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2128 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2131 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2134 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2137 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2143 EVP_PKEY_free(pkey);
2144 EVP_PKEY_CTX_free(pctx);
2145 EVP_MD_CTX_free(mctx);
2150 static int test_EVP_SM2(void)
2153 EVP_PKEY *pkey = NULL;
2154 EVP_PKEY *pkeyparams = NULL;
2155 EVP_PKEY_CTX *pctx = NULL;
2156 EVP_PKEY_CTX *kctx = NULL;
2157 EVP_PKEY_CTX *sctx = NULL;
2159 unsigned char *sig = NULL;
2160 EVP_MD_CTX *md_ctx = NULL;
2161 EVP_MD_CTX *md_ctx_verify = NULL;
2162 EVP_PKEY_CTX *cctx = NULL;
2163 EVP_MD *check_md = NULL;
2165 uint8_t ciphertext[128];
2166 size_t ctext_len = sizeof(ciphertext);
2168 uint8_t plaintext[8];
2169 size_t ptext_len = sizeof(plaintext);
2171 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2173 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2174 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2176 char mdname[OSSL_MAX_NAME_SIZE];
2178 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2182 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2185 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2188 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2191 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2192 pkeyparams, testpropq)))
2195 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2198 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2201 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2204 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2207 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2210 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2211 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2213 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2216 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2222 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2225 /* Determine the size of the signature. */
2226 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2229 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2232 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2235 /* Ensure that the signature round-trips. */
2237 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2241 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2244 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2247 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2251 * Try verify again with non-matching 0 length id but ensure that it can
2252 * be set on the context and overrides the previous value.
2255 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2259 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2265 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2268 /* now check encryption/decryption */
2270 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2271 mdname, sizeof(mdname));
2272 for (i = 0; i < 2; i++) {
2273 const char *mdnames[] = {
2274 #ifndef OPENSSL_NO_SM3
2280 EVP_PKEY_CTX_free(cctx);
2282 if (mdnames[i] == NULL)
2286 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2287 (char *)mdnames[i], 0);
2289 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2293 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2296 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2299 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2303 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2306 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2309 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2313 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2317 * Test we're still using the digest we think we are.
2318 * Because of aliases, the easiest is to fetch the digest and
2319 * check the name with EVP_MD_is_a().
2321 EVP_MD_free(check_md);
2322 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2324 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2325 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2329 if (!TEST_true(ptext_len == sizeof(kMsg)))
2332 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2338 EVP_PKEY_CTX_free(pctx);
2339 EVP_PKEY_CTX_free(kctx);
2340 EVP_PKEY_CTX_free(sctx);
2341 EVP_PKEY_CTX_free(cctx);
2342 EVP_PKEY_free(pkey);
2343 EVP_PKEY_free(pkeyparams);
2344 EVP_MD_CTX_free(md_ctx);
2345 EVP_MD_CTX_free(md_ctx_verify);
2346 EVP_MD_free(check_md);
2353 static struct keys_st {
2359 EVP_PKEY_HMAC, "0123456789", NULL
2362 EVP_PKEY_HMAC, "", NULL
2363 #ifndef OPENSSL_NO_POLY1305
2365 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2367 #ifndef OPENSSL_NO_SIPHASH
2369 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2372 #ifndef OPENSSL_NO_ECX
2374 EVP_PKEY_X25519, "01234567890123456789012345678901",
2375 "abcdefghijklmnopqrstuvwxyzabcdef"
2377 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2378 "abcdefghijklmnopqrstuvwxyzabcdef"
2381 "01234567890123456789012345678901234567890123456789012345",
2382 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2385 "012345678901234567890123456789012345678901234567890123456",
2386 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2391 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2394 unsigned char buf[80];
2396 size_t inlen, len = 0, shortlen = 1;
2399 /* Check if this algorithm supports public keys */
2400 if (pub && keys[tst].pub == NULL)
2403 memset(buf, 0, sizeof(buf));
2406 #ifndef OPENSSL_NO_EC
2407 inlen = strlen(keys[tst].pub);
2408 in = (unsigned char *)keys[tst].pub;
2410 pkey = EVP_PKEY_new_raw_public_key_ex(
2412 OBJ_nid2sn(keys[tst].type),
2417 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2426 inlen = strlen(keys[tst].priv);
2427 in = (unsigned char *)keys[tst].priv;
2429 pkey = EVP_PKEY_new_raw_private_key_ex(
2430 testctx, OBJ_nid2sn(keys[tst].type),
2435 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2443 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2444 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2445 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2446 || !TEST_true(len == inlen))
2450 * Test that supplying a buffer that is too small fails. Doesn't apply
2451 * to HMAC with a zero length key
2453 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2455 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2459 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2460 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2461 || !TEST_mem_eq(in, inlen, buf, len))
2466 EVP_PKEY_free(pkey);
2470 static int test_set_get_raw_keys(int tst)
2472 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2473 && test_set_get_raw_keys_int(tst, 0, 1)
2474 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2475 && test_set_get_raw_keys_int(tst, 1, 1);
2478 #ifndef OPENSSL_NO_DEPRECATED_3_0
2479 static int pkey_custom_check(EVP_PKEY *pkey)
2484 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2489 static int pkey_custom_param_check(EVP_PKEY *pkey)
2494 static EVP_PKEY_METHOD *custom_pmeth;
2497 static int test_EVP_PKEY_check(int i)
2500 EVP_PKEY *pkey = NULL;
2501 EVP_PKEY_CTX *ctx = NULL;
2502 #ifndef OPENSSL_NO_DEPRECATED_3_0
2503 EVP_PKEY_CTX *ctx2 = NULL;
2505 const APK_DATA *ak = &keycheckdata[i];
2506 const unsigned char *input = ak->kder;
2507 size_t input_len = ak->size;
2508 int expected_id = ak->evptype;
2509 int expected_check = ak->check;
2510 int expected_pub_check = ak->pub_check;
2511 int expected_param_check = ak->param_check;
2512 int type = ak->type;
2514 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2517 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2520 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2523 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2526 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2529 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2532 #ifndef OPENSSL_NO_DEPRECATED_3_0
2533 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2534 /* assign the pkey directly, as an internal test */
2535 EVP_PKEY_up_ref(pkey);
2538 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2541 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2544 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2551 EVP_PKEY_CTX_free(ctx);
2552 #ifndef OPENSSL_NO_DEPRECATED_3_0
2553 EVP_PKEY_CTX_free(ctx2);
2555 EVP_PKEY_free(pkey);
2559 #ifndef OPENSSL_NO_CMAC
2560 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2562 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2563 const char msg[] = "Hello World";
2564 size_t maclen = AES_BLOCK_SIZE;
2567 if (!TEST_ptr(mdctx)
2568 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2569 testpropq, pkey, NULL))
2570 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2571 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2572 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2575 EVP_MD_CTX_free(mdctx);
2579 static int test_CMAC_keygen(void)
2581 static unsigned char key[] = {
2582 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2583 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2584 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2586 EVP_PKEY_CTX *kctx = NULL;
2588 EVP_PKEY *pkey = NULL;
2589 unsigned char mac[AES_BLOCK_SIZE];
2590 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2591 unsigned char mac2[AES_BLOCK_SIZE];
2594 if (nullprov != NULL)
2595 return TEST_skip("Test does not support a non-default library context");
2598 * This is a legacy method for CMACs, but should still work.
2599 * This verifies that it works without an ENGINE.
2601 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2603 /* Test a CMAC key created using the "generated" method */
2604 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2605 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2606 EVP_PKEY_CTRL_CIPHER,
2607 0, (void *)EVP_aes_256_cbc()), 0)
2608 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2609 EVP_PKEY_CTRL_SET_MAC_KEY,
2610 sizeof(key), (void *)key), 0)
2611 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2613 || !TEST_true(get_cmac_val(pkey, mac)))
2616 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2617 EVP_PKEY_free(pkey);
2620 * Test a CMAC key using the direct method, and compare with the mac
2623 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2625 || !TEST_true(get_cmac_val(pkey, mac2))
2626 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2633 EVP_PKEY_free(pkey);
2634 EVP_PKEY_CTX_free(kctx);
2639 static int test_HKDF(void)
2642 unsigned char out[20];
2645 unsigned char salt[] = "0123456789";
2646 unsigned char key[] = "012345678901234567890123456789";
2647 unsigned char info[] = "infostring";
2648 const unsigned char expected[] = {
2649 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2650 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2652 size_t expectedlen = sizeof(expected);
2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2657 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2658 for (i = 0; i < 2; i++) {
2659 outlen = sizeof(out);
2660 memset(out, 0, outlen);
2662 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2663 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2664 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2665 sizeof(salt) - 1), 0)
2666 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2667 sizeof(key) - 1), 0)
2668 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2669 sizeof(info) - 1), 0)
2670 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2671 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2678 EVP_PKEY_CTX_free(pctx);
2683 static int test_emptyikm_HKDF(void)
2686 unsigned char out[20];
2689 unsigned char salt[] = "9876543210";
2690 unsigned char key[] = "";
2691 unsigned char info[] = "stringinfo";
2692 const unsigned char expected[] = {
2693 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2694 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2696 size_t expectedlen = sizeof(expected);
2698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2701 outlen = sizeof(out);
2702 memset(out, 0, outlen);
2704 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2705 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2706 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2707 sizeof(salt) - 1), 0)
2708 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2709 sizeof(key) - 1), 0)
2710 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2711 sizeof(info) - 1), 0)
2712 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2713 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2719 EVP_PKEY_CTX_free(pctx);
2724 static int test_empty_salt_info_HKDF(void)
2727 unsigned char out[20];
2730 unsigned char salt[] = "";
2731 unsigned char key[] = "012345678901234567890123456789";
2732 unsigned char info[] = "";
2733 const unsigned char expected[] = {
2734 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2735 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2737 size_t expectedlen = sizeof(expected);
2739 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2742 outlen = sizeof(out);
2743 memset(out, 0, outlen);
2745 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2746 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2747 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2748 sizeof(salt) - 1), 0)
2749 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2750 sizeof(key) - 1), 0)
2751 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2752 sizeof(info) - 1), 0)
2753 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2754 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2760 EVP_PKEY_CTX_free(pctx);
2765 #ifndef OPENSSL_NO_EC
2766 static int test_X509_PUBKEY_inplace(void)
2769 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2770 const unsigned char *p = kExampleECPubKeyDER;
2771 size_t input_len = sizeof(kExampleECPubKeyDER);
2775 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2778 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2781 p = kExampleBadECPubKeyDER;
2782 input_len = sizeof(kExampleBadECPubKeyDER);
2784 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2787 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2793 X509_PUBKEY_free(xp);
2797 static int test_X509_PUBKEY_dup(void)
2800 X509_PUBKEY *xp = NULL, *xq = NULL;
2801 const unsigned char *p = kExampleECPubKeyDER;
2802 size_t input_len = sizeof(kExampleECPubKeyDER);
2804 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2806 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2807 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2808 || !TEST_ptr_ne(xp, xq))
2811 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2812 || !TEST_ptr(X509_PUBKEY_get0(xp))
2813 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2816 X509_PUBKEY_free(xq);
2818 p = kExampleBadECPubKeyDER;
2819 input_len = sizeof(kExampleBadECPubKeyDER);
2821 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2822 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2825 X509_PUBKEY_free(xp);
2827 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2833 X509_PUBKEY_free(xp);
2834 X509_PUBKEY_free(xq);
2837 #endif /* OPENSSL_NO_EC */
2839 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2840 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2842 EVP_MD_CTX *mdctx = NULL;
2843 EVP_PKEY_CTX *ctx = NULL;
2844 const OSSL_PARAM *params;
2845 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2848 char mdname[OSSL_MAX_NAME_SIZE];
2851 /* Initialise a sign operation */
2852 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2854 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2858 * We should be able to query the parameters now.
2860 params = EVP_PKEY_CTX_settable_params(ctx);
2861 if (!TEST_ptr(params)
2862 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2863 OSSL_SIGNATURE_PARAM_DIGEST)))
2866 params = EVP_PKEY_CTX_gettable_params(ctx);
2867 if (!TEST_ptr(params)
2868 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2869 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2870 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2871 OSSL_SIGNATURE_PARAM_DIGEST)))
2875 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2876 * EVP_PKEY_CTX_get_params()
2878 strcpy(mdname, "SHA512");
2880 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2882 *param++ = OSSL_PARAM_construct_end();
2884 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2888 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2889 mdname, sizeof(mdname));
2890 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2891 || !TEST_str_eq(mdname, "SHA512"))
2895 * Test the TEST_PKEY_CTX_set_signature_md() and
2896 * TEST_PKEY_CTX_get_signature_md() functions
2898 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2899 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2900 || !TEST_ptr_eq(md, EVP_sha256()))
2904 * Test getting MD parameters via an associated EVP_PKEY_CTX
2906 mdctx = EVP_MD_CTX_new();
2907 if (!TEST_ptr(mdctx)
2908 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2913 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2914 * able to obtain the digest's settable parameters from the provider.
2916 params = EVP_MD_CTX_settable_params(mdctx);
2917 if (!TEST_ptr(params)
2918 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2919 /* The final key should be NULL */
2920 || !TEST_ptr_null(params[1].key))
2924 memset(ssl3ms, 0, sizeof(ssl3ms));
2925 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2926 ssl3ms, sizeof(ssl3ms));
2927 *param++ = OSSL_PARAM_construct_end();
2929 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2935 EVP_MD_CTX_free(mdctx);
2936 EVP_PKEY_CTX_free(ctx);
2941 #ifndef OPENSSL_NO_DSA
2942 static int test_DSA_get_set_params(void)
2944 OSSL_PARAM_BLD *bld = NULL;
2945 OSSL_PARAM *params = NULL;
2946 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2947 EVP_PKEY_CTX *pctx = NULL;
2948 EVP_PKEY *pkey = NULL;
2952 * Setup the parameters for our DSA object. For our purposes they don't
2953 * have to actually be *valid* parameters. We just need to set something.
2955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2956 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2957 || !TEST_ptr(p = BN_new())
2958 || !TEST_ptr(q = BN_new())
2959 || !TEST_ptr(g = BN_new())
2960 || !TEST_ptr(pub = BN_new())
2961 || !TEST_ptr(priv = BN_new()))
2963 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2964 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2965 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2966 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2968 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2971 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2974 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2975 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2979 if (!TEST_ptr(pkey))
2982 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2985 EVP_PKEY_free(pkey);
2986 EVP_PKEY_CTX_free(pctx);
2987 OSSL_PARAM_free(params);
2988 OSSL_PARAM_BLD_free(bld);
2999 * Test combinations of private, public, missing and private + public key
3000 * params to ensure they are all accepted
3002 static int test_DSA_priv_pub(void)
3004 return test_EVP_PKEY_ffc_priv_pub("DSA");
3007 #endif /* !OPENSSL_NO_DSA */
3009 static int test_RSA_get_set_params(void)
3011 OSSL_PARAM_BLD *bld = NULL;
3012 OSSL_PARAM *params = NULL;
3013 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3014 EVP_PKEY_CTX *pctx = NULL;
3015 EVP_PKEY *pkey = NULL;
3019 * Setup the parameters for our RSA object. For our purposes they don't
3020 * have to actually be *valid* parameters. We just need to set something.
3022 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3023 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3024 || !TEST_ptr(n = BN_new())
3025 || !TEST_ptr(e = BN_new())
3026 || !TEST_ptr(d = BN_new()))
3028 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3029 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3030 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3032 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3035 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3036 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3040 if (!TEST_ptr(pkey))
3043 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3046 EVP_PKEY_free(pkey);
3047 EVP_PKEY_CTX_free(pctx);
3048 OSSL_PARAM_free(params);
3049 OSSL_PARAM_BLD_free(bld);
3057 static int test_RSA_OAEP_set_get_params(void)
3060 EVP_PKEY *key = NULL;
3061 EVP_PKEY_CTX *key_ctx = NULL;
3063 if (nullprov != NULL)
3064 return TEST_skip("Test does not support a non-default library context");
3066 if (!TEST_ptr(key = load_example_rsa_key())
3067 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3071 int padding = RSA_PKCS1_OAEP_PADDING;
3072 OSSL_PARAM params[4];
3074 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3075 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3076 OSSL_DIGEST_NAME_SHA2_256, 0);
3077 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3078 OSSL_DIGEST_NAME_SHA1, 0);
3079 params[3] = OSSL_PARAM_construct_end();
3081 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3085 OSSL_PARAM params[3];
3086 char oaepmd[30] = { '\0' };
3087 char mgf1md[30] = { '\0' };
3089 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3090 oaepmd, sizeof(oaepmd));
3091 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3092 mgf1md, sizeof(mgf1md));
3093 params[2] = OSSL_PARAM_construct_end();
3095 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3098 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3099 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3107 EVP_PKEY_CTX_free(key_ctx);
3112 /* https://github.com/openssl/openssl/issues/21288 */
3113 static int test_RSA_OAEP_set_null_label(void)
3116 EVP_PKEY *key = NULL;
3117 EVP_PKEY_CTX *key_ctx = NULL;
3119 if (!TEST_ptr(key = load_example_rsa_key())
3120 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3121 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3124 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3127 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3130 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3137 EVP_PKEY_CTX_free(key_ctx);
3142 #ifndef OPENSSL_NO_DEPRECATED_3_0
3143 static int test_RSA_legacy(void)
3151 const EVP_MD *md = EVP_sha256();
3152 EVP_MD_CTX *ctx = NULL;
3153 EVP_PKEY *pkey = NULL;
3156 if (nullprov != NULL)
3157 return TEST_skip("Test does not support a non-default library context");
3159 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3160 || !TEST_ptr(q = BN_dup(BN_value_one()))
3161 || !TEST_ptr(n = BN_dup(BN_value_one()))
3162 || !TEST_ptr(e = BN_dup(BN_value_one()))
3163 || !TEST_ptr(d = BN_dup(BN_value_one())))
3166 if (!TEST_ptr(rsa = RSA_new())
3167 || !TEST_ptr(pkey = EVP_PKEY_new())
3168 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3171 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3176 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3182 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3187 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3194 EVP_MD_CTX_free(ctx);
3195 EVP_PKEY_free(pkey);
3206 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3207 static int test_decrypt_null_chunks(void)
3209 EVP_CIPHER_CTX* ctx = NULL;
3210 EVP_CIPHER *cipher = NULL;
3211 const unsigned char key[32] = {
3212 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3213 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3214 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3216 unsigned char iv[12] = {
3217 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3219 unsigned char msg[] = "It was the best of times, it was the worst of times";
3220 unsigned char ciphertext[80];
3221 unsigned char plaintext[80];
3222 /* We initialise tmp to a non zero value on purpose */
3223 int ctlen, ptlen, tmp = 99;
3225 const int enc_offset = 10, dec_offset = 20;
3227 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3228 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3229 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3231 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3233 /* Deliberate add a zero length update */
3234 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3236 || !TEST_int_eq(tmp, 0)
3237 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3239 sizeof(msg) - enc_offset))
3240 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3241 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3242 || !TEST_int_eq(tmp, 0))
3245 /* Deliberately initialise tmp to a non zero value */
3247 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3248 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3251 * Deliberately add a zero length update. We also deliberately do
3252 * this at a different offset than for encryption.
3254 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3256 || !TEST_int_eq(tmp, 0)
3257 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3258 ciphertext + dec_offset,
3259 ctlen - dec_offset))
3260 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3261 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3262 || !TEST_int_eq(tmp, 0)
3263 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3268 EVP_CIPHER_CTX_free(ctx);
3269 EVP_CIPHER_free(cipher);
3272 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3274 #ifndef OPENSSL_NO_DH
3276 * Test combinations of private, public, missing and private + public key
3277 * params to ensure they are all accepted
3279 static int test_DH_priv_pub(void)
3281 return test_EVP_PKEY_ffc_priv_pub("DH");
3284 # ifndef OPENSSL_NO_DEPRECATED_3_0
3285 static int test_EVP_PKEY_set1_DH(void)
3287 DH *x942dh = NULL, *noqdh = NULL;
3288 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3290 BIGNUM *p, *g = NULL;
3291 BIGNUM *pubkey = NULL;
3292 unsigned char pub[2048 / 8];
3295 if (!TEST_ptr(p = BN_new())
3296 || !TEST_ptr(g = BN_new())
3297 || !TEST_ptr(pubkey = BN_new())
3298 || !TEST_true(BN_set_word(p, 9999))
3299 || !TEST_true(BN_set_word(g, 2))
3300 || !TEST_true(BN_set_word(pubkey, 4321))
3301 || !TEST_ptr(noqdh = DH_new())
3302 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3303 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3304 || !TEST_ptr(pubkey = BN_new())
3305 || !TEST_true(BN_set_word(pubkey, 4321)))
3309 x942dh = DH_get_2048_256();
3310 pkey1 = EVP_PKEY_new();
3311 pkey2 = EVP_PKEY_new();
3312 if (!TEST_ptr(x942dh)
3316 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3320 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3321 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3324 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3326 || !TEST_ptr(pubkey))
3329 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3330 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3333 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3334 OSSL_PKEY_PARAM_PUB_KEY,
3335 pub, sizeof(pub), &len))
3336 || !TEST_size_t_ne(len, 0))
3344 EVP_PKEY_free(pkey1);
3345 EVP_PKEY_free(pkey2);
3351 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3352 #endif /* !OPENSSL_NO_DH */
3355 * We test what happens with an empty template. For the sake of this test,
3356 * the template must be ignored, and we know that's the case for RSA keys
3357 * (this might arguably be a misfeature, but that's what we currently do,
3358 * even in provider code, since that's how the legacy RSA implementation
3361 static int test_keygen_with_empty_template(int n)
3363 EVP_PKEY_CTX *ctx = NULL;
3364 EVP_PKEY *pkey = NULL;
3365 EVP_PKEY *tkey = NULL;
3368 if (nullprov != NULL)
3369 return TEST_skip("Test does not support a non-default library context");
3373 /* We do test with no template at all as well */
3374 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3378 /* Here we create an empty RSA key that serves as our template */
3379 if (!TEST_ptr(tkey = EVP_PKEY_new())
3380 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3381 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3386 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3387 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3392 EVP_PKEY_CTX_free(ctx);
3393 EVP_PKEY_free(pkey);
3394 EVP_PKEY_free(tkey);
3399 * Test that we fail if we attempt to use an algorithm that is not available
3400 * in the current library context (unless we are using an algorithm that
3401 * should be made available via legacy codepaths).
3406 static int test_pkey_ctx_fail_without_provider(int tst)
3408 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3409 OSSL_PROVIDER *tmpnullprov = NULL;
3410 EVP_PKEY_CTX *pctx = NULL;
3411 const char *keytype = NULL;
3412 int expect_null = 0;
3415 if (!TEST_ptr(tmpctx))
3418 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3419 if (!TEST_ptr(tmpnullprov))
3423 * We check for certain algos in the null provider.
3424 * If an algo is expected to have a provider keymgmt, constructing an
3425 * EVP_PKEY_CTX is expected to fail (return NULL).
3426 * Otherwise, if it's expected to have legacy support, constructing an
3427 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3437 #ifdef OPENSSL_NO_EC
3438 TEST_info("EC disable, skipping SM2 check...");
3441 #ifdef OPENSSL_NO_SM2
3442 TEST_info("SM2 disable, skipping SM2 check...");
3447 TEST_error("No test for case %d", tst);
3451 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3452 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3455 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3461 EVP_PKEY_CTX_free(pctx);
3462 OSSL_PROVIDER_unload(tmpnullprov);
3463 OSSL_LIB_CTX_free(tmpctx);
3467 static int test_rand_agglomeration(void)
3471 OSSL_PARAM params[3], *p = params;
3473 unsigned int step = 7;
3474 static unsigned char seed[] = "It does not matter how slowly you go "
3475 "as long as you do not stop.";
3476 unsigned char out[sizeof(seed)];
3478 if (!TEST_int_ne(sizeof(seed) % step, 0)
3479 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3481 ctx = EVP_RAND_CTX_new(rand, NULL);
3482 EVP_RAND_free(rand);
3486 memset(out, 0, sizeof(out));
3487 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3488 seed, sizeof(seed));
3489 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3490 *p = OSSL_PARAM_construct_end();
3491 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3492 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3493 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3494 EVP_RAND_CTX_free(ctx);
3499 * Test that we correctly return the original or "running" IV after
3500 * an encryption operation.
3501 * Run multiple times for some different relevant algorithms/modes.
3503 static int test_evp_iv_aes(int idx)
3506 EVP_CIPHER_CTX *ctx = NULL;
3507 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3508 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3509 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3510 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3511 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3512 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3513 9, 10, 11, 12, 13, 14, 15, 16 };
3514 unsigned char ciphertext[32], oiv[16], iv[16];
3515 unsigned char *ref_iv;
3516 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3517 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3519 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3520 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3521 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3522 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3523 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3524 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3525 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3526 #ifndef OPENSSL_NO_OCB
3527 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3528 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3530 int len = sizeof(ciphertext);
3531 size_t ivlen, ref_len;
3532 const EVP_CIPHER *type = NULL;
3535 if (nullprov != NULL && idx < 6)
3536 return TEST_skip("Test does not support a non-default library context");
3540 type = EVP_aes_128_cbc();
3543 type = (type != NULL) ? type :
3544 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3546 ref_len = sizeof(cbc_state);
3550 type = EVP_aes_128_ofb();
3553 type = (type != NULL) ? type :
3554 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3556 ref_len = sizeof(ofb_state);
3560 type = EVP_aes_128_cfb();
3563 type = (type != NULL) ? type :
3564 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3566 ref_len = sizeof(cfb_state);
3570 type = EVP_aes_128_gcm();
3573 type = (type != NULL) ? type :
3574 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3576 ref_len = sizeof(gcm_state);
3579 type = EVP_aes_128_ccm();
3582 type = (type != NULL) ? type :
3583 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3585 ref_len = sizeof(ccm_state);
3587 #ifdef OPENSSL_NO_OCB
3593 type = EVP_aes_128_ocb();
3596 type = (type != NULL) ? type :
3597 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3599 ref_len = sizeof(ocb_state);
3607 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3608 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3609 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3611 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3612 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3613 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3615 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3617 if (!TEST_int_gt(ivlen, 0))
3620 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3621 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3624 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3625 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3626 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3629 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3632 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3638 EVP_CIPHER_CTX_free(ctx);
3640 EVP_CIPHER_free((EVP_CIPHER *)type);
3644 #ifndef OPENSSL_NO_DES
3645 static int test_evp_iv_des(int idx)
3648 EVP_CIPHER_CTX *ctx = NULL;
3649 static const unsigned char key[24] = {
3650 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3651 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3652 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3654 static const unsigned char init_iv[8] = {
3655 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3657 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3658 9, 10, 11, 12, 13, 14, 15, 16 };
3659 unsigned char ciphertext[32], oiv[8], iv[8];
3660 unsigned const char *ref_iv;
3661 static const unsigned char cbc_state_des[8] = {
3662 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3664 static const unsigned char cbc_state_3des[8] = {
3665 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3667 static const unsigned char ofb_state_des[8] = {
3668 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3670 static const unsigned char ofb_state_3des[8] = {
3671 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3673 static const unsigned char cfb_state_des[8] = {
3674 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3676 static const unsigned char cfb_state_3des[8] = {
3677 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3679 int len = sizeof(ciphertext);
3680 size_t ivlen, ref_len;
3681 EVP_CIPHER *type = NULL;
3683 if (lgcyprov == NULL && idx < 3)
3684 return TEST_skip("Test requires legacy provider to be loaded");
3688 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3689 ref_iv = cbc_state_des;
3690 ref_len = sizeof(cbc_state_des);
3693 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3694 ref_iv = ofb_state_des;
3695 ref_len = sizeof(ofb_state_des);
3698 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3699 ref_iv = cfb_state_des;
3700 ref_len = sizeof(cfb_state_des);
3703 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3704 ref_iv = cbc_state_3des;
3705 ref_len = sizeof(cbc_state_3des);
3708 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3709 ref_iv = ofb_state_3des;
3710 ref_len = sizeof(ofb_state_3des);
3713 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3714 ref_iv = cfb_state_3des;
3715 ref_len = sizeof(cfb_state_3des);
3722 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3723 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3724 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3726 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3727 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3728 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3730 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3732 if (!TEST_int_gt(ivlen, 0))
3735 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3736 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3739 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3740 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3742 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3747 EVP_CIPHER_CTX_free(ctx);
3748 EVP_CIPHER_free(type);
3753 #ifndef OPENSSL_NO_BF
3754 static int test_evp_bf_default_keylen(int idx)
3757 static const char *algos[4] = {
3758 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3760 int ivlen[4] = { 0, 8, 8, 8 };
3761 EVP_CIPHER *cipher = NULL;
3763 if (lgcyprov == NULL)
3764 return TEST_skip("Test requires legacy provider to be loaded");
3766 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3767 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3768 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3773 EVP_CIPHER_free(cipher);
3778 #ifndef OPENSSL_NO_EC
3779 static int ecpub_nids[] = {
3780 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3781 NID_secp384r1, NID_secp521r1,
3782 # ifndef OPENSSL_NO_EC2M
3783 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3784 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3786 NID_brainpoolP384r1, NID_brainpoolP512r1
3789 static int test_ecpub(int idx)
3791 int ret = 0, len, savelen;
3793 unsigned char buf[1024];
3795 EVP_PKEY *pkey = NULL;
3796 EVP_PKEY_CTX *ctx = NULL;
3797 # ifndef OPENSSL_NO_DEPRECATED_3_0
3798 const unsigned char *q;
3799 EVP_PKEY *pkey2 = NULL;
3803 if (nullprov != NULL)
3804 return TEST_skip("Test does not support a non-default library context");
3806 nid = ecpub_nids[idx];
3808 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3810 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3811 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3812 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3814 len = i2d_PublicKey(pkey, NULL);
3816 if (!TEST_int_ge(len, 1)
3817 || !TEST_int_lt(len, 1024))
3820 len = i2d_PublicKey(pkey, &p);
3821 if (!TEST_int_ge(len, 1)
3822 || !TEST_int_eq(len, savelen))
3825 # ifndef OPENSSL_NO_DEPRECATED_3_0
3826 /* Now try to decode the just-created DER. */
3828 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3829 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3830 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3832 /* EC_KEY ownership transferred */
3834 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3836 /* The keys should match. */
3837 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3844 EVP_PKEY_CTX_free(ctx);
3845 EVP_PKEY_free(pkey);
3846 # ifndef OPENSSL_NO_DEPRECATED_3_0
3847 EVP_PKEY_free(pkey2);
3854 static int test_EVP_rsa_pss_with_keygen_bits(void)
3857 EVP_PKEY_CTX *ctx = NULL;
3858 EVP_PKEY *pkey = NULL;
3861 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3863 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3864 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3865 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3866 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3867 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3870 EVP_PKEY_free(pkey);
3871 EVP_PKEY_CTX_free(ctx);
3875 static int test_EVP_rsa_pss_set_saltlen(void)
3878 EVP_PKEY *pkey = NULL;
3879 EVP_PKEY_CTX *pkey_ctx = NULL;
3880 EVP_MD *sha256 = NULL;
3881 EVP_MD_CTX *sha256_ctx = NULL;
3882 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3883 const int test_value = 32;
3885 ret = TEST_ptr(pkey = load_example_rsa_key())
3886 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3887 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3888 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3889 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3890 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3891 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3892 && TEST_int_eq(saltlen, test_value);
3894 EVP_MD_CTX_free(sha256_ctx);
3895 EVP_PKEY_free(pkey);
3896 EVP_MD_free(sha256);
3901 static int success = 1;
3902 static void md_names(const char *name, void *vctx)
3904 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3905 /* Force a namemap update */
3906 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3908 if (!TEST_ptr(aes128))
3911 EVP_CIPHER_free(aes128);
3915 * Test that changing the namemap in a user callback works in a names_do_all
3918 static int test_names_do_all(void)
3920 /* We use a custom libctx so that we know the state of the namemap */
3921 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3922 EVP_MD *sha256 = NULL;
3928 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3929 if (!TEST_ptr(sha256))
3933 * We loop through all the names for a given digest. This should still work
3934 * even if the namemap changes part way through.
3936 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3939 if (!TEST_true(success))
3944 EVP_MD_free(sha256);
3945 OSSL_LIB_CTX_free(ctx);
3951 const unsigned char *key;
3952 const unsigned char *iv;
3953 const unsigned char *input;
3954 const unsigned char *expected;
3955 const unsigned char *tag;
3956 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3965 static const EVP_INIT_TEST_st evp_init_tests[] = {
3967 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3968 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3972 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3973 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3974 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3975 sizeof(gcmDefaultTag), 1, 0, 1
3978 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3979 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3983 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3984 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3985 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3986 sizeof(gcmDefaultTag), 0, 0, 1
3989 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3990 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3994 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3995 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3996 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3997 sizeof(gcmDefaultTag), 1, 1, 0
4000 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4001 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4005 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4006 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4007 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4008 sizeof(gcmDefaultTag), 0, 1, 0
4012 /* use same key, iv and plaintext for cfb and ofb */
4013 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4015 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4016 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4017 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4020 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4021 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4022 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4025 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4026 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4027 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4030 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4031 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4032 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4036 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4040 if (t->ivlen != 0) {
4041 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4044 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4052 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4053 * arguments are given one at a time and a final adjustment to the enc
4054 * parameter sets the correct operation.
4056 static int test_evp_init_seq(int idx)
4058 int outlen1, outlen2;
4060 unsigned char outbuf[1024];
4061 unsigned char tag[16];
4062 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4063 EVP_CIPHER_CTX *ctx = NULL;
4064 EVP_CIPHER *type = NULL;
4065 size_t taglen = sizeof(tag);
4066 char *errmsg = NULL;
4068 ctx = EVP_CIPHER_CTX_new();
4070 errmsg = "CTX_ALLOC";
4073 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4074 errmsg = "CIPHER_FETCH";
4077 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4078 errmsg = "EMPTY_ENC_INIT";
4081 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4085 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4086 errmsg = "KEY_INIT (before iv)";
4089 if (!evp_init_seq_set_iv(ctx, t)) {
4093 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4094 errmsg = "KEY_INIT (after iv)";
4097 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4098 errmsg = "FINAL_ENC_INIT";
4101 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4102 errmsg = "CIPHER_UPDATE";
4105 if (t->finalenc == 0 && t->tag != NULL) {
4106 /* Set expected tag */
4107 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4108 t->taglen, (void *)t->tag), 0)) {
4113 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4114 errmsg = "CIPHER_FINAL";
4117 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4118 errmsg = "WRONG_RESULT";
4121 if (t->finalenc != 0 && t->tag != NULL) {
4122 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4126 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4127 errmsg = "TAG_ERROR";
4134 TEST_info("evp_init_test %d: %s", idx, errmsg);
4135 EVP_CIPHER_CTX_free(ctx);
4136 EVP_CIPHER_free(type);
4141 * Test re-initialization of cipher context without changing key or iv.
4142 * The result of both iteration should be the same.
4144 static int test_evp_reinit_seq(int idx)
4146 int outlen1, outlen2, outlen_final;
4148 unsigned char outbuf1[1024];
4149 unsigned char outbuf2[1024];
4150 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4151 EVP_CIPHER_CTX *ctx = NULL;
4152 EVP_CIPHER *type = NULL;
4154 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4155 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4156 /* setup cipher context */
4157 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4158 /* first iteration */
4159 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4160 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4161 /* check test results iteration 1 */
4162 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4163 /* now re-init the context (same cipher, key and iv) */
4164 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4165 /* second iteration */
4166 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4167 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4168 /* check test results iteration 2 */
4169 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4173 EVP_CIPHER_CTX_free(ctx);
4174 EVP_CIPHER_free(type);
4179 const unsigned char *input;
4180 const unsigned char *expected;
4184 } EVP_RESET_TEST_st;
4186 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4188 cfbPlaintext, cfbCiphertext,
4189 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4192 cfbCiphertext, cfbPlaintext,
4193 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4198 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4201 static int test_evp_reset(int idx)
4203 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4204 int outlen1, outlen2;
4206 unsigned char outbuf[1024];
4207 EVP_CIPHER_CTX *ctx = NULL;
4208 EVP_CIPHER *type = NULL;
4209 char *errmsg = NULL;
4211 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4212 errmsg = "CTX_ALLOC";
4215 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4216 errmsg = "CIPHER_FETCH";
4219 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4220 errmsg = "CIPHER_INIT";
4223 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4227 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4228 errmsg = "CIPHER_UPDATE";
4231 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4232 errmsg = "CIPHER_FINAL";
4235 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4236 errmsg = "WRONG_RESULT";
4239 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4240 errmsg = "CIPHER_REINIT";
4243 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4244 errmsg = "CIPHER_UPDATE (reinit)";
4247 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4248 errmsg = "CIPHER_FINAL (reinit)";
4251 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4252 errmsg = "WRONG_RESULT (reinit)";
4258 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4259 EVP_CIPHER_CTX_free(ctx);
4260 EVP_CIPHER_free(type);
4267 } EVP_UPDATED_IV_TEST_st;
4269 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4309 * Test that the IV in the context is updated during a crypto operation for CFB
4312 static int test_evp_updated_iv(int idx)
4314 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4315 int outlen1, outlen2;
4317 unsigned char outbuf[1024];
4318 EVP_CIPHER_CTX *ctx = NULL;
4319 EVP_CIPHER *type = NULL;
4320 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4322 char *errmsg = NULL;
4324 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4325 errmsg = "CTX_ALLOC";
4328 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4329 TEST_info("cipher %s not supported, skipping", t->cipher);
4333 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4334 errmsg = "CIPHER_INIT";
4337 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4341 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4342 errmsg = "CIPHER_UPDATE";
4345 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4346 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4349 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4350 if (!TEST_int_ge(iv_len,0)) {
4351 errmsg = "CIPHER_CTX_GET_IV_LEN";
4354 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4355 errmsg = "IV_NOT_UPDATED";
4358 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4359 errmsg = "CIPHER_FINAL";
4366 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4367 EVP_CIPHER_CTX_free(ctx);
4368 EVP_CIPHER_free(type);
4373 const unsigned char *iv1;
4374 const unsigned char *iv2;
4375 const unsigned char *expected1;
4376 const unsigned char *expected2;
4377 const unsigned char *tag1;
4378 const unsigned char *tag2;
4381 size_t expectedlen1;
4382 size_t expectedlen2;
4383 } TEST_GCM_IV_REINIT_st;
4385 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4387 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4388 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4389 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4392 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4393 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4394 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4398 static int test_gcm_reinit(int idx)
4400 int outlen1, outlen2, outlen3;
4402 unsigned char outbuf[1024];
4403 unsigned char tag[16];
4404 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4405 EVP_CIPHER_CTX *ctx = NULL;
4406 EVP_CIPHER *type = NULL;
4407 size_t taglen = sizeof(tag);
4408 char *errmsg = NULL;
4410 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4411 errmsg = "CTX_ALLOC";
4414 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4415 errmsg = "CIPHER_FETCH";
4418 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4419 errmsg = "ENC_INIT";
4422 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4423 errmsg = "SET_IVLEN1";
4426 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4430 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4434 EVP_CIPHER_CTX_set_padding(ctx, 0);
4435 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4436 sizeof(gcmResetPlaintext)))) {
4437 errmsg = "CIPHER_UPDATE1";
4440 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4441 errmsg = "CIPHER_FINAL1";
4444 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4445 errmsg = "WRONG_RESULT1";
4448 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4449 errmsg = "GET_TAG1";
4452 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4453 errmsg = "TAG_ERROR1";
4457 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4458 errmsg = "SET_IVLEN2";
4461 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4465 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4469 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4470 sizeof(gcmResetPlaintext)))) {
4471 errmsg = "CIPHER_UPDATE2";
4474 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4475 errmsg = "CIPHER_FINAL2";
4478 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4479 errmsg = "WRONG_RESULT2";
4482 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4483 errmsg = "GET_TAG2";
4486 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4487 errmsg = "TAG_ERROR2";
4493 TEST_info("evp_init_test %d: %s", idx, errmsg);
4494 EVP_CIPHER_CTX_free(ctx);
4495 EVP_CIPHER_free(type);
4499 static const char *ivlen_change_ciphers[] = {
4501 #ifndef OPENSSL_NO_OCB
4507 /* Negative test for ivlen change after iv being set */
4508 static int test_ivlen_change(int idx)
4512 unsigned char outbuf[1024];
4513 static const unsigned char iv[] = {
4514 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4515 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4517 EVP_CIPHER_CTX *ctx = NULL;
4518 EVP_CIPHER *ciph = NULL;
4519 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4520 size_t ivlen = 13; /* non-default IV length */
4522 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4525 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4529 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4532 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4533 sizeof(gcmDefaultPlaintext))))
4536 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4538 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4542 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4543 sizeof(gcmDefaultPlaintext)))) {
4544 ERR_clear_last_mark();
4551 EVP_CIPHER_CTX_free(ctx);
4552 EVP_CIPHER_free(ciph);
4556 static const char *keylen_change_ciphers[] = {
4557 #ifndef OPENSSL_NO_BF
4560 #ifndef OPENSSL_NO_CAST
4563 #ifndef OPENSSL_NO_RC2
4566 #ifndef OPENSSL_NO_RC4
4569 #ifndef OPENSSL_NO_RC5
4575 /* Negative test for keylen change after key was set */
4576 static int test_keylen_change(int idx)
4580 unsigned char outbuf[1024];
4581 static const unsigned char key[] = {
4582 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4583 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4585 EVP_CIPHER_CTX *ctx = NULL;
4586 EVP_CIPHER *ciph = NULL;
4587 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4588 size_t keylen = 12; /* non-default key length */
4590 if (lgcyprov == NULL)
4591 return TEST_skip("Test requires legacy provider to be loaded");
4593 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4596 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4600 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4603 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4604 sizeof(gcmDefaultPlaintext))))
4607 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4609 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4613 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4614 sizeof(gcmDefaultPlaintext)))) {
4615 ERR_clear_last_mark();
4622 EVP_CIPHER_CTX_free(ctx);
4623 EVP_CIPHER_free(ciph);
4627 #ifndef OPENSSL_NO_DEPRECATED_3_0
4628 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4629 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4631 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4633 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4635 int (*pinit)(EVP_PKEY_CTX *ctx);
4637 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4641 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4643 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4645 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4649 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4650 size_t *outlen, const unsigned char *in,
4653 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4654 const unsigned char *tbs, size_t tbslen);
4656 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4657 return psign(ctx, out, outlen, in, inlen);
4660 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4661 size_t *siglen, const unsigned char *tbs,
4664 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4665 const unsigned char *tbs, size_t tbslen);
4667 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4668 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4671 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4674 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4676 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4677 return pderive(ctx, key, keylen);
4680 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4682 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4684 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4685 return pcopy(dst, src);
4688 static int ctrl_called;
4690 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4692 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4694 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4696 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4701 return pctrl(ctx, type, p1, p2);
4704 static int test_custom_pmeth(int idx)
4706 EVP_PKEY_CTX *pctx = NULL;
4707 EVP_MD_CTX *ctx = NULL;
4708 EVP_PKEY *pkey = NULL;
4709 int id, orig_id, orig_flags;
4712 unsigned char *res = NULL;
4713 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4714 const EVP_MD *md = EVP_sha256();
4719 /* We call deprecated APIs so this test doesn't support a custom libctx */
4720 if (testctx != NULL)
4727 pkey = load_example_rsa_key();
4731 # ifndef OPENSSL_NO_DSA
4733 pkey = load_example_dsa_key();
4740 # ifndef OPENSSL_NO_EC
4742 pkey = load_example_ec_key();
4749 # ifndef OPENSSL_NO_ECX
4750 id = EVP_PKEY_ED25519;
4752 pkey = load_example_ed25519_key();
4759 # ifndef OPENSSL_NO_DH
4762 pkey = load_example_dh_key();
4769 # ifndef OPENSSL_NO_ECX
4770 id = EVP_PKEY_X25519;
4772 pkey = load_example_x25519_key();
4778 TEST_error("Should not happen");
4782 if (!TEST_ptr(pkey))
4786 if (!TEST_true(evp_pkey_is_provided(pkey)))
4789 EVP_PKEY *tmp = pkey;
4791 /* Convert to a legacy key */
4792 pkey = EVP_PKEY_new();
4793 if (!TEST_ptr(pkey)) {
4797 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4802 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4806 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4810 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4811 if (!TEST_int_eq(orig_id, id)
4812 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4815 if (id == EVP_PKEY_ED25519) {
4816 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4817 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4818 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4820 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4822 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4823 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4824 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4825 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4827 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4828 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4832 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4834 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4835 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4836 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4838 || !TEST_int_eq(ctrl_called, 1)
4839 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4840 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4841 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4842 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4845 ctx = EVP_MD_CTX_new();
4846 reslen = EVP_PKEY_size(pkey);
4847 res = OPENSSL_malloc(reslen);
4850 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4851 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4852 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4854 || !TEST_int_eq(ctrl_called, 1))
4857 if (id == EVP_PKEY_ED25519) {
4858 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4861 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4862 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4870 EVP_MD_CTX_free(ctx);
4872 EVP_PKEY_CTX_free(pctx);
4873 EVP_PKEY_free(pkey);
4874 EVP_PKEY_meth_remove(custom_pmeth);
4875 EVP_PKEY_meth_free(custom_pmeth);
4876 custom_pmeth = NULL;
4880 static int test_evp_md_cipher_meth(void)
4882 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4883 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4886 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4892 EVP_MD_meth_free(md);
4893 EVP_CIPHER_meth_free(ciph);
4902 static int custom_md_init_called = 0;
4903 static int custom_md_cleanup_called = 0;
4905 static int custom_md_init(EVP_MD_CTX *ctx)
4907 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4912 custom_md_init_called++;
4916 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4918 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4924 custom_md_cleanup_called++;
4928 static int test_custom_md_meth(void)
4930 EVP_MD_CTX *mdctx = NULL;
4932 char mess[] = "Test Message\n";
4933 unsigned char md_value[EVP_MAX_MD_SIZE];
4934 unsigned int md_len;
4939 * We are testing deprecated functions. We don't support a non-default
4940 * library context in this test.
4942 if (testctx != NULL)
4943 return TEST_skip("Non-default libctx");
4945 custom_md_init_called = custom_md_cleanup_called = 0;
4947 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4948 if (!TEST_int_ne(nid, NID_undef))
4950 tmp = EVP_MD_meth_new(nid, NID_undef);
4954 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4955 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4956 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4957 sizeof(custom_dgst_ctx))))
4960 mdctx = EVP_MD_CTX_new();
4961 if (!TEST_ptr(mdctx)
4963 * Initing our custom md and then initing another md should
4964 * result in the init and cleanup functions of the custom md
4967 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4968 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4969 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4970 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4971 || !TEST_int_eq(custom_md_init_called, 1)
4972 || !TEST_int_eq(custom_md_cleanup_called, 1))
4977 EVP_MD_CTX_free(mdctx);
4978 EVP_MD_meth_free(tmp);
4986 static int custom_ciph_init_called = 0;
4987 static int custom_ciph_cleanup_called = 0;
4989 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4990 const unsigned char *iv, int enc)
4992 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4997 custom_ciph_init_called++;
5001 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5003 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5009 custom_ciph_cleanup_called++;
5013 static int test_custom_ciph_meth(void)
5015 EVP_CIPHER_CTX *ciphctx = NULL;
5016 EVP_CIPHER *tmp = NULL;
5021 * We are testing deprecated functions. We don't support a non-default
5022 * library context in this test.
5024 if (testctx != NULL)
5025 return TEST_skip("Non-default libctx");
5027 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5029 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5030 if (!TEST_int_ne(nid, NID_undef))
5032 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5036 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5037 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5038 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5039 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5040 sizeof(custom_ciph_ctx))))
5043 ciphctx = EVP_CIPHER_CTX_new();
5044 if (!TEST_ptr(ciphctx)
5046 * Initing our custom cipher and then initing another cipher
5047 * should result in the init and cleanup functions of the custom
5048 * cipher being called.
5050 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5051 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5053 || !TEST_int_eq(custom_ciph_init_called, 1)
5054 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5059 EVP_CIPHER_CTX_free(ciphctx);
5060 EVP_CIPHER_meth_free(tmp);
5064 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5065 /* Test we can create a signature keys with an associated ENGINE */
5066 static int test_signatures_with_engine(int tst)
5069 const char *engine_id = "dasync";
5070 EVP_PKEY *pkey = NULL;
5071 const unsigned char badcmackey[] = { 0x00, 0x01 };
5072 const unsigned char cmackey[] = {
5073 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5074 0x0c, 0x0d, 0x0e, 0x0f
5076 const unsigned char ed25519key[] = {
5077 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5078 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5079 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5081 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5083 EVP_MD_CTX *ctx = NULL;
5084 unsigned char *mac = NULL;
5088 # ifdef OPENSSL_NO_CMAC
5089 /* Skip CMAC tests in a no-cmac build */
5093 # ifdef OPENSSL_NO_ECX
5094 /* Skip ECX tests in a no-ecx build */
5099 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5102 if (!TEST_true(ENGINE_init(e))) {
5109 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5113 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5117 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5118 sizeof(ed25519key));
5121 TEST_error("Invalid test case");
5124 if (!TEST_ptr(pkey))
5127 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5130 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5133 if (!TEST_true(ret))
5136 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5137 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5140 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5143 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5146 /* We used a bad key. We expect a failure here */
5147 if (!TEST_false(ret))
5153 EVP_MD_CTX_free(ctx);
5155 EVP_PKEY_free(pkey);
5162 static int test_cipher_with_engine(void)
5165 const char *engine_id = "dasync";
5166 const unsigned char keyiv[] = {
5167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5168 0x0c, 0x0d, 0x0e, 0x0f
5170 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5172 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5173 unsigned char buf[AES_BLOCK_SIZE];
5176 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5179 if (!TEST_true(ENGINE_init(e))) {
5184 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5185 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5188 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5191 /* Copy the ctx, and complete the operation with the new ctx */
5192 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5195 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5196 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5201 EVP_CIPHER_CTX_free(ctx);
5202 EVP_CIPHER_CTX_free(ctx2);
5208 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5209 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5211 #ifndef OPENSSL_NO_ECX
5212 static int ecxnids[] = {
5219 /* Test that creating ECX keys with a short private key fails as expected */
5220 static int test_ecx_short_keys(int tst)
5222 unsigned char ecxkeydata = 1;
5226 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5227 NULL, &ecxkeydata, 1);
5228 if (!TEST_ptr_null(pkey)) {
5229 EVP_PKEY_free(pkey);
5237 typedef enum OPTION_choice {
5244 const OPTIONS *test_get_options(void)
5246 static const OPTIONS options[] = {
5247 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5248 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5254 #ifndef OPENSSL_NO_ECX
5255 /* Test that trying to sign with a public key errors out gracefully */
5256 static int test_ecx_not_private_key(int tst)
5258 EVP_PKEY *pkey = NULL;
5260 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5262 EVP_MD_CTX *ctx = NULL;
5263 unsigned char *mac = NULL;
5265 unsigned char *pubkey;
5268 switch (keys[tst].type) {
5271 return TEST_skip("signing not supported for X25519/X448");
5274 /* Check if this algorithm supports public keys */
5275 if (keys[tst].pub == NULL)
5276 return TEST_skip("no public key present");
5278 pubkey = (unsigned char *)keys[tst].pub;
5279 pubkeylen = strlen(keys[tst].pub);
5281 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5282 NULL, pubkey, pubkeylen);
5283 if (!TEST_ptr(pkey))
5286 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5289 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5292 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5295 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5298 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5303 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5304 * but we relax the check to allow error also thrown by
5305 * EVP_DigestSignInit and EVP_DigestSign.
5307 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5313 EVP_MD_CTX_free(ctx);
5315 EVP_PKEY_free(pkey);
5319 #endif /* OPENSSL_NO_ECX */
5321 static int test_sign_continuation(void)
5323 OSSL_PROVIDER *fake_rsa = NULL;
5325 EVP_PKEY *pkey = NULL;
5326 EVP_PKEY_CTX *pctx = NULL;
5327 EVP_MD_CTX *mctx = NULL;
5328 const char sigbuf[] = "To Be Signed";
5329 unsigned char signature[256];
5330 size_t siglen = 256;
5331 static int nodupnum = 1;
5332 static const OSSL_PARAM nodup_params[] = {
5333 OSSL_PARAM_int("NO_DUP", &nodupnum),
5337 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5340 /* Construct a pkey using precise propq to use our provider */
5341 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5342 "provider=fake-rsa"))
5343 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5344 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5348 /* First test it continues (classic behavior) */
5349 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5350 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5352 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5353 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5354 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5355 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5358 EVP_MD_CTX_free(mctx);
5360 /* try again but failing the continuation */
5361 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5362 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5363 NULL, pkey, nodup_params))
5364 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5365 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5366 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5367 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5373 EVP_MD_CTX_free(mctx);
5374 EVP_PKEY_free(pkey);
5375 EVP_PKEY_CTX_free(pctx);
5376 fake_rsa_finish(fake_rsa);
5380 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5381 const unsigned char *gcm_iv, size_t gcm_ivlen,
5382 const unsigned char *gcm_pt, size_t gcm_pt_s,
5383 const unsigned char *gcm_aad, size_t gcm_aad_s,
5384 const unsigned char *gcm_ct, size_t gcm_ct_s,
5385 const unsigned char *gcm_tag, size_t gcm_tag_s)
5388 EVP_CIPHER_CTX *ctx;
5389 EVP_CIPHER *cipher = NULL;
5391 unsigned char outbuf[1024];
5392 unsigned char outtag[16];
5393 OSSL_PARAM params[2] = {
5394 OSSL_PARAM_END, OSSL_PARAM_END
5397 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5398 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5401 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5404 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5406 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5407 gcm_aad, gcm_aad_s)))
5408 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5410 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5413 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5414 outtag, sizeof(outtag));
5416 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5417 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5418 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5423 EVP_CIPHER_free(cipher);
5424 EVP_CIPHER_CTX_free(ctx);
5429 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5430 const unsigned char *gcm_iv, size_t gcm_ivlen,
5431 const unsigned char *gcm_pt, size_t gcm_pt_s,
5432 const unsigned char *gcm_aad, size_t gcm_aad_s,
5433 const unsigned char *gcm_ct, size_t gcm_ct_s,
5434 const unsigned char *gcm_tag, size_t gcm_tag_s)
5437 EVP_CIPHER_CTX *ctx;
5438 EVP_CIPHER *cipher = NULL;
5440 unsigned char outbuf[1024];
5441 OSSL_PARAM params[2] = {
5442 OSSL_PARAM_END, OSSL_PARAM_END
5445 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5448 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5451 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5454 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5456 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5457 gcm_aad, gcm_aad_s)))
5458 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5460 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5463 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5464 (void*)gcm_tag, gcm_tag_s);
5466 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5467 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5472 EVP_CIPHER_free(cipher);
5473 EVP_CIPHER_CTX_free(ctx);
5478 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5480 /* AES-GCM test data obtained from NIST public test vectors */
5481 static const unsigned char gcm_key[] = {
5482 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5483 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5484 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5486 static const unsigned char gcm_iv[] = {
5487 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5488 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5489 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5490 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5491 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5492 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5493 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5494 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5495 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5496 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5497 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5499 static const unsigned char gcm_pt[] = {
5500 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5501 0x4f, 0xe3, 0x6f, 0x81,
5503 static const unsigned char gcm_ct[] = {
5504 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5505 0xe2, 0xd0, 0xec, 0xed,
5507 static const unsigned char gcm_tag[] = {
5508 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5509 0xdb, 0x99, 0x6c, 0x21,
5512 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5513 gcm_pt, sizeof(gcm_pt), NULL, 0,
5514 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5515 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5516 gcm_pt, sizeof(gcm_pt), NULL, 0,
5517 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5520 #ifndef OPENSSL_NO_RC4
5521 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5522 const unsigned char *rc4_pt, size_t rc4_pt_s,
5523 const unsigned char *rc4_ct, size_t rc4_ct_s)
5526 EVP_CIPHER_CTX *ctx;
5527 EVP_CIPHER *cipher = NULL;
5529 unsigned char outbuf[1024];
5530 OSSL_PARAM params[2] = {
5531 OSSL_PARAM_END, OSSL_PARAM_END
5534 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5535 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5538 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5541 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5542 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5544 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5547 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5552 EVP_CIPHER_free(cipher);
5553 EVP_CIPHER_CTX_free(ctx);
5558 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5559 const unsigned char *rc4_pt, size_t rc4_pt_s,
5560 const unsigned char *rc4_ct, size_t rc4_ct_s)
5563 EVP_CIPHER_CTX *ctx;
5564 EVP_CIPHER *cipher = NULL;
5566 unsigned char outbuf[1024];
5567 OSSL_PARAM params[2] = {
5568 OSSL_PARAM_END, OSSL_PARAM_END
5571 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5574 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5577 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5580 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5581 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5583 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5588 EVP_CIPHER_free(cipher);
5589 EVP_CIPHER_CTX_free(ctx);
5594 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5596 /* RC4 test data obtained from RFC 6229 */
5597 static const struct {
5598 unsigned char key[5];
5599 unsigned char padding[11];
5601 { /* Five bytes of key material */
5602 0x83, 0x32, 0x22, 0x77, 0x2a,
5604 { /* Random padding to 16 bytes */
5605 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5608 static const unsigned char rc4_pt[] = {
5609 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5610 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5612 static const unsigned char rc4_ct[] = {
5613 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5614 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5617 if (lgcyprov == NULL)
5618 return TEST_skip("Test requires legacy provider to be loaded");
5620 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5621 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5622 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5623 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5627 int setup_tests(void)
5631 while ((o = opt_next()) != OPT_EOF) {
5634 /* Set up an alternate library context */
5635 testctx = OSSL_LIB_CTX_new();
5636 if (!TEST_ptr(testctx))
5638 #ifdef STATIC_LEGACY
5640 * This test is always statically linked against libcrypto. We must not
5641 * attempt to load legacy.so that might be dynamically linked against
5642 * libcrypto. Instead we use a built-in version of the legacy provider.
5644 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5647 /* Swap the libctx to test non-default context only */
5648 nullprov = OSSL_PROVIDER_load(NULL, "null");
5649 deflprov = OSSL_PROVIDER_load(testctx, "default");
5650 #ifndef OPENSSL_SYS_TANDEM
5651 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5654 case OPT_TEST_CASES:
5661 ADD_TEST(test_EVP_set_default_properties);
5662 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5663 ADD_TEST(test_EVP_DigestVerifyInit);
5664 #ifndef OPENSSL_NO_SIPHASH
5665 ADD_TEST(test_siphash_digestsign);
5667 ADD_TEST(test_EVP_Digest);
5668 ADD_TEST(test_EVP_md_null);
5669 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5670 #ifndef OPENSSL_NO_DEPRECATED_3_0
5671 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5673 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5674 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5675 ADD_TEST(test_privatekey_to_pkcs8);
5676 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5677 #ifndef OPENSSL_NO_EC
5678 ADD_TEST(test_EVP_PKCS82PKEY);
5680 #ifndef OPENSSL_NO_EC
5681 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5683 #if !defined(OPENSSL_NO_SM2)
5684 ADD_TEST(test_EVP_SM2);
5685 ADD_TEST(test_EVP_SM2_verify);
5687 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5688 #ifndef OPENSSL_NO_DEPRECATED_3_0
5689 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5690 if (!TEST_ptr(custom_pmeth))
5692 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5693 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5694 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5695 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5698 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5699 #ifndef OPENSSL_NO_CMAC
5700 ADD_TEST(test_CMAC_keygen);
5702 ADD_TEST(test_HKDF);
5703 ADD_TEST(test_emptyikm_HKDF);
5704 ADD_TEST(test_empty_salt_info_HKDF);
5705 #ifndef OPENSSL_NO_EC
5706 ADD_TEST(test_X509_PUBKEY_inplace);
5707 ADD_TEST(test_X509_PUBKEY_dup);
5708 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5709 OSSL_NELEM(ec_der_pub_keys));
5711 #ifndef OPENSSL_NO_DSA
5712 ADD_TEST(test_DSA_get_set_params);
5713 ADD_TEST(test_DSA_priv_pub);
5715 ADD_TEST(test_RSA_get_set_params);
5716 ADD_TEST(test_RSA_OAEP_set_get_params);
5717 ADD_TEST(test_RSA_OAEP_set_null_label);
5718 #ifndef OPENSSL_NO_DEPRECATED_3_0
5719 ADD_TEST(test_RSA_legacy);
5721 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5722 ADD_TEST(test_decrypt_null_chunks);
5724 #ifndef OPENSSL_NO_DH
5725 ADD_TEST(test_DH_priv_pub);
5726 # ifndef OPENSSL_NO_DEPRECATED_3_0
5727 ADD_TEST(test_EVP_PKEY_set1_DH);
5730 #ifndef OPENSSL_NO_EC
5731 ADD_TEST(test_EC_priv_pub);
5732 ADD_TEST(test_evp_get_ec_pub);
5733 # ifndef OPENSSL_NO_DEPRECATED_3_0
5734 ADD_TEST(test_EC_priv_only_legacy);
5735 ADD_TEST(test_evp_get_ec_pub_legacy);
5738 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5739 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5741 ADD_TEST(test_rand_agglomeration);
5742 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5743 #ifndef OPENSSL_NO_DES
5744 ADD_ALL_TESTS(test_evp_iv_des, 6);
5746 #ifndef OPENSSL_NO_BF
5747 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5749 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5750 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5751 #ifndef OPENSSL_NO_EC
5752 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5755 ADD_TEST(test_names_do_all);
5757 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5758 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5759 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5760 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5761 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5762 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5763 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5764 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5766 #ifndef OPENSSL_NO_DEPRECATED_3_0
5767 ADD_ALL_TESTS(test_custom_pmeth, 12);
5768 ADD_TEST(test_evp_md_cipher_meth);
5769 ADD_TEST(test_custom_md_meth);
5770 ADD_TEST(test_custom_ciph_meth);
5772 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5773 /* Tests only support the default libctx */
5774 if (testctx == NULL) {
5775 # ifndef OPENSSL_NO_EC
5776 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5778 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5780 ADD_TEST(test_cipher_with_engine);
5785 #ifndef OPENSSL_NO_ECX
5786 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5787 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5790 ADD_TEST(test_sign_continuation);
5792 /* Test cases for CVE-2023-5363 */
5793 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5794 #ifndef OPENSSL_NO_RC4
5795 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5801 void cleanup_tests(void)
5803 OSSL_PROVIDER_unload(nullprov);
5804 OSSL_PROVIDER_unload(deflprov);
5805 #ifndef OPENSSL_SYS_TANDEM
5806 OSSL_PROVIDER_unload(lgcyprov);
5808 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob