2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
413 int type; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
458 static EVP_PKEY *load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
472 static EVP_PKEY *load_example_hmac_key(void)
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
488 static int test_EVP_set_default_properties(void)
494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
513 OSSL_LIB_CTX_free(ctx);
517 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518 static int test_fromdata(char *keytype, OSSL_PARAM *params)
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
537 EVP_PKEY_CTX_free(pctx);
541 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
544 * Test combinations of private, public, missing and private + public key
545 * params to ensure they are all accepted
547 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
548 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
559 if (!TEST_ptr(p = BN_new())
560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
575 if (!test_fromdata(keytype, params))
577 OSSL_PARAM_free(params);
578 OSSL_PARAM_BLD_free(bld);
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
591 if (!test_fromdata(keytype, params))
593 OSSL_PARAM_free(params);
594 OSSL_PARAM_BLD_free(bld);
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
607 if (!test_fromdata(keytype, params))
609 OSSL_PARAM_free(params);
610 OSSL_PARAM_BLD_free(bld);
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
625 if (!test_fromdata(keytype, params))
630 OSSL_PARAM_free(params);
631 OSSL_PARAM_BLD_free(bld);
640 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
646 #ifndef OPENSSL_NO_EC
647 static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
652 static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
661 static int test_EC_priv_pub(void)
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
684 if (!test_fromdata("EC", params))
686 OSSL_PARAM_free(params);
687 OSSL_PARAM_BLD_free(bld);
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
700 if (!test_fromdata("EC", params))
702 OSSL_PARAM_free(params);
703 OSSL_PARAM_BLD_free(bld);
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
717 if (!test_fromdata("EC", params))
719 OSSL_PARAM_free(params);
720 OSSL_PARAM_BLD_free(bld);
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
736 if (!test_fromdata("EC", params))
741 OSSL_PARAM_free(params);
742 OSSL_PARAM_BLD_free(bld);
748 /* Test that using a legacy EC key with only a private key in it works */
749 # ifndef OPENSSL_NO_DEPRECATED_3_0
750 static int test_EC_priv_only_legacy(void)
754 EC_KEY *eckey = NULL;
755 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
756 EVP_MD_CTX *ctx = NULL;
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
769 pkey = EVP_PKEY_new();
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
777 while (dup_pk == NULL) {
779 ctx = EVP_MD_CTX_new();
784 * The EVP_DigestSignInit function should create the key on the
785 * provider side which is sufficient for this test.
787 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
788 testpropq, pkey, NULL)))
790 EVP_MD_CTX_free(ctx);
793 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
795 /* EVP_PKEY_eq() returns -2 with missing public keys */
796 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
804 EVP_MD_CTX_free(ctx);
811 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
812 #endif /* OPENSSL_NO_EC */
814 static int test_EVP_Enveloped(void)
817 EVP_CIPHER_CTX *ctx = NULL;
818 EVP_PKEY *keypair = NULL;
819 unsigned char *kek = NULL;
820 unsigned char iv[EVP_MAX_IV_LENGTH];
821 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
822 int len, kek_len, ciphertext_len, plaintext_len;
823 unsigned char ciphertext[32], plaintext[16];
824 const EVP_CIPHER *type = NULL;
826 if (nullprov != NULL)
827 return TEST_skip("Test does not support a non-default library context");
829 type = EVP_aes_256_cbc();
831 if (!TEST_ptr(keypair = load_example_rsa_key())
832 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
834 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
836 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
838 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
842 ciphertext_len += len;
844 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
845 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
846 ciphertext, ciphertext_len))
847 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
850 plaintext_len += len;
851 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
857 EVP_PKEY_free(keypair);
858 EVP_CIPHER_CTX_free(ctx);
863 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
864 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
865 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
866 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
867 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
868 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
869 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
870 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
871 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
873 static int test_EVP_DigestSignInit(int tst)
876 EVP_PKEY *pkey = NULL;
877 unsigned char *sig = NULL;
879 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
880 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
881 BIO *mdbio = NULL, *membio = NULL;
884 EVP_MD *mdexp = NULL;
886 if (nullprov != NULL)
887 return TEST_skip("Test does not support a non-default library context");
890 membio = BIO_new(BIO_s_mem());
891 mdbio = BIO_new(BIO_f_md());
892 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
894 BIO_push(mdbio, membio);
895 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
898 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
899 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
903 if (tst == 0 || tst == 3 || tst == 6) {
904 if (!TEST_ptr(pkey = load_example_rsa_key()))
906 } else if (tst == 1 || tst == 4 || tst == 7) {
907 #ifndef OPENSSL_NO_DSA
908 if (!TEST_ptr(pkey = load_example_dsa_key()))
915 if (!TEST_ptr(pkey = load_example_hmac_key()))
919 if (tst >= 3 && tst <= 5)
920 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
924 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
928 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
931 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
935 /* Determine the size of the signature. */
936 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
937 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
938 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
942 if (!TEST_int_gt(BIO_reset(mdbio), 0)
943 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
948 * Ensure that the signature round-trips (Verification isn't supported for
949 * HMAC via EVP_DigestVerify*)
951 if (tst != 2 && tst != 5 && tst != 8) {
952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
957 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
964 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
973 EVP_MD_CTX_free(a_md_ctx);
974 EVP_MD_CTX_free(a_md_ctx_verify);
982 static int test_EVP_DigestVerifyInit(void)
985 EVP_PKEY *pkey = NULL;
986 EVP_MD_CTX *md_ctx = NULL;
988 if (nullprov != NULL)
989 return TEST_skip("Test does not support a non-default library context");
991 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
992 || !TEST_ptr(pkey = load_example_rsa_key()))
995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
996 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
997 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
998 sizeof(kSignature))))
1003 EVP_MD_CTX_free(md_ctx);
1004 EVP_PKEY_free(pkey);
1009 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1011 static int test_EVP_Digest(void)
1014 EVP_MD_CTX *md_ctx = NULL;
1015 unsigned char md[EVP_MAX_MD_SIZE];
1016 EVP_MD *sha256 = NULL;
1017 EVP_MD *shake256 = NULL;
1019 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1022 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1023 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1026 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1027 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1028 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1029 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1030 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1036 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1039 * EVP_DigestInit_ex with NULL type should work on
1040 * pre-initialized context.
1042 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1045 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1046 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1047 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1048 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1049 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1050 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1055 EVP_MD_CTX_free(md_ctx);
1056 EVP_MD_free(sha256);
1057 EVP_MD_free(shake256);
1061 static int test_d2i_AutoPrivateKey(int i)
1064 const unsigned char *p;
1065 EVP_PKEY *pkey = NULL;
1066 const APK_DATA *ak = &keydata[i];
1067 const unsigned char *input = ak->kder;
1068 size_t input_len = ak->size;
1069 int expected_id = ak->evptype;
1072 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1073 || !TEST_ptr_eq(p, input + input_len)
1074 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1080 EVP_PKEY_free(pkey);
1084 #ifndef OPENSSL_NO_EC
1086 static const unsigned char ec_public_sect163k1_validxy[] = {
1087 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1088 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1089 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1090 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1091 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1092 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1095 static const unsigned char ec_public_sect163k1_badx[] = {
1096 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1097 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1098 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1099 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1100 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1101 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1104 static const unsigned char ec_public_sect163k1_bady[] = {
1105 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1106 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1107 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1108 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1109 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1110 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1113 static struct ec_der_pub_keys_st {
1114 const unsigned char *der;
1117 } ec_der_pub_keys[] = {
1118 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1119 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1120 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1124 * Tests the range of the decoded EC char2 public point.
1125 * See ec_GF2m_simple_oct2point().
1127 static int test_invalide_ec_char2_pub_range_decode(int id)
1132 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1133 ec_der_pub_keys[id].len);
1135 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1136 || TEST_ptr_null(pkey);
1137 EVP_PKEY_free(pkey);
1141 /* Tests loading a bad key in PKCS8 format */
1142 static int test_EVP_PKCS82PKEY(void)
1145 const unsigned char *derp = kExampleBadECKeyDER;
1146 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1147 EVP_PKEY *pkey = NULL;
1149 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1150 sizeof(kExampleBadECKeyDER))))
1153 if (!TEST_ptr_eq(derp,
1154 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1157 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1163 PKCS8_PRIV_KEY_INFO_free(p8inf);
1164 EVP_PKEY_free(pkey);
1170 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1171 static int test_privatekey_to_pkcs8(void)
1173 EVP_PKEY *pkey = NULL;
1175 char *membuf = NULL;
1176 long membuf_len = 0;
1179 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1180 || !TEST_ptr(pkey = load_example_rsa_key())
1181 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1182 NULL, 0, NULL, NULL),
1184 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1185 || !TEST_ptr(membuf)
1186 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1187 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1189 * We try to write PEM as well, just to see that it doesn't err, but
1190 * assume that the result is correct.
1192 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1193 NULL, 0, NULL, NULL),
1199 EVP_PKEY_free(pkey);
1200 BIO_free_all(membio);
1204 #ifndef OPENSSL_NO_EC
1205 static const struct {
1207 const char *encoding_name;
1208 } ec_encodings[] = {
1209 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1210 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1213 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1215 const OSSL_PARAM *p;
1216 const char *enc_name = NULL;
1222 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1223 OSSL_PKEY_PARAM_EC_ENCODING))
1224 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1227 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1228 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1229 *enc = ec_encodings[i].encoding;
1234 return (*enc != -1);
1237 static int test_EC_keygen_with_enc(int idx)
1239 EVP_PKEY *params = NULL, *key = NULL;
1240 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1244 enc = ec_encodings[idx].encoding;
1246 /* Create key parameters */
1247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1248 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1249 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1250 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1251 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1252 || !TEST_ptr(params))
1256 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1257 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1258 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1262 /* Check that the encoding got all the way into the key */
1263 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1264 ec_export_get_encoding_cb, &enc))
1265 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1271 EVP_PKEY_free(params);
1272 EVP_PKEY_CTX_free(kctx);
1273 EVP_PKEY_CTX_free(pctx);
1278 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1280 static int test_EVP_SM2_verify(void)
1282 const char *pubkey =
1283 "-----BEGIN PUBLIC KEY-----\n"
1284 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1285 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1286 "-----END PUBLIC KEY-----\n";
1288 const char *msg = "message digest";
1289 const char *id = "ALICE123@YAHOO.COM";
1291 const uint8_t signature[] = {
1292 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1293 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1294 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1295 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1296 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1297 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1298 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1303 EVP_PKEY *pkey = NULL;
1304 EVP_MD_CTX *mctx = NULL;
1305 EVP_PKEY_CTX *pctx = NULL;
1308 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1309 if (!TEST_true(bio != NULL))
1312 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1313 if (!TEST_true(pkey != NULL))
1316 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1319 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1322 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1325 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1327 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1330 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1333 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1336 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1339 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1345 EVP_PKEY_free(pkey);
1346 EVP_PKEY_CTX_free(pctx);
1347 EVP_MD_CTX_free(mctx);
1352 static int test_EVP_SM2(void)
1355 EVP_PKEY *pkey = NULL;
1356 EVP_PKEY *pkeyparams = NULL;
1357 EVP_PKEY_CTX *pctx = NULL;
1358 EVP_PKEY_CTX *kctx = NULL;
1359 EVP_PKEY_CTX *sctx = NULL;
1361 unsigned char *sig = NULL;
1362 EVP_MD_CTX *md_ctx = NULL;
1363 EVP_MD_CTX *md_ctx_verify = NULL;
1364 EVP_PKEY_CTX *cctx = NULL;
1365 EVP_MD *check_md = NULL;
1367 uint8_t ciphertext[128];
1368 size_t ctext_len = sizeof(ciphertext);
1370 uint8_t plaintext[8];
1371 size_t ptext_len = sizeof(plaintext);
1373 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1375 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1376 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1378 char mdname[OSSL_MAX_NAME_SIZE];
1380 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1384 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1387 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1390 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1393 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1394 pkeyparams, testpropq)))
1397 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1400 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1403 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1406 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1409 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1412 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1413 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1415 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1421 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1424 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1427 /* Determine the size of the signature. */
1428 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1431 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1434 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1437 /* Ensure that the signature round-trips. */
1439 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1443 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1446 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1449 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1452 /* now check encryption/decryption */
1454 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1455 mdname, sizeof(mdname));
1456 for (i = 0; i < 2; i++) {
1457 const char *mdnames[] = {
1458 #ifndef OPENSSL_NO_SM3
1464 EVP_PKEY_CTX_free(cctx);
1466 if (mdnames[i] == NULL)
1470 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1471 (char *)mdnames[i], 0);
1473 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1477 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1480 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1483 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1487 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1490 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1493 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1497 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1501 * Test we're still using the digest we think we are.
1502 * Because of aliases, the easiest is to fetch the digest and
1503 * check the name with EVP_MD_is_a().
1505 EVP_MD_free(check_md);
1506 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1508 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1509 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1513 if (!TEST_true(ptext_len == sizeof(kMsg)))
1516 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1522 EVP_PKEY_CTX_free(pctx);
1523 EVP_PKEY_CTX_free(kctx);
1524 EVP_PKEY_CTX_free(sctx);
1525 EVP_PKEY_CTX_free(cctx);
1526 EVP_PKEY_free(pkey);
1527 EVP_PKEY_free(pkeyparams);
1528 EVP_MD_CTX_free(md_ctx);
1529 EVP_MD_CTX_free(md_ctx_verify);
1530 EVP_MD_free(check_md);
1537 static struct keys_st {
1543 EVP_PKEY_HMAC, "0123456789", NULL
1545 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1547 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1549 #ifndef OPENSSL_NO_EC
1551 EVP_PKEY_X25519, "01234567890123456789012345678901",
1552 "abcdefghijklmnopqrstuvwxyzabcdef"
1554 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1555 "abcdefghijklmnopqrstuvwxyzabcdef"
1558 "01234567890123456789012345678901234567890123456789012345",
1559 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1562 "012345678901234567890123456789012345678901234567890123456",
1563 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1568 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1571 unsigned char buf[80];
1573 size_t inlen, len = 0;
1576 if (nullprov != NULL)
1577 return TEST_skip("Test does not support a non-default library context");
1579 /* Check if this algorithm supports public keys */
1580 if (keys[tst].pub == NULL)
1583 memset(buf, 0, sizeof(buf));
1586 inlen = strlen(keys[tst].pub);
1587 in = (unsigned char *)keys[tst].pub;
1589 pkey = EVP_PKEY_new_raw_public_key_ex(
1591 OBJ_nid2sn(keys[tst].type),
1596 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1602 inlen = strlen(keys[tst].priv);
1603 in = (unsigned char *)keys[tst].priv;
1605 pkey = EVP_PKEY_new_raw_private_key_ex(
1606 testctx, OBJ_nid2sn(keys[tst].type),
1611 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1619 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1620 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1621 || !TEST_true(len == inlen)
1622 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1623 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1624 || !TEST_mem_eq(in, inlen, buf, len))
1629 EVP_PKEY_free(pkey);
1633 static int test_set_get_raw_keys(int tst)
1635 return test_set_get_raw_keys_int(tst, 0, 0)
1636 && test_set_get_raw_keys_int(tst, 0, 1)
1637 && test_set_get_raw_keys_int(tst, 1, 0)
1638 && test_set_get_raw_keys_int(tst, 1, 1);
1641 #ifndef OPENSSL_NO_DEPRECATED_3_0
1642 static int pkey_custom_check(EVP_PKEY *pkey)
1647 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1652 static int pkey_custom_param_check(EVP_PKEY *pkey)
1657 static EVP_PKEY_METHOD *custom_pmeth;
1660 static int test_EVP_PKEY_check(int i)
1663 EVP_PKEY *pkey = NULL;
1664 EVP_PKEY_CTX *ctx = NULL;
1665 #ifndef OPENSSL_NO_DEPRECATED_3_0
1666 EVP_PKEY_CTX *ctx2 = NULL;
1668 const APK_DATA *ak = &keycheckdata[i];
1669 const unsigned char *input = ak->kder;
1670 size_t input_len = ak->size;
1671 int expected_id = ak->evptype;
1672 int expected_check = ak->check;
1673 int expected_pub_check = ak->pub_check;
1674 int expected_param_check = ak->param_check;
1675 int type = ak->type;
1677 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1680 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1683 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1686 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1689 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1692 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1695 #ifndef OPENSSL_NO_DEPRECATED_3_0
1696 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1697 /* assign the pkey directly, as an internal test */
1698 EVP_PKEY_up_ref(pkey);
1701 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1704 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1707 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1714 EVP_PKEY_CTX_free(ctx);
1715 #ifndef OPENSSL_NO_DEPRECATED_3_0
1716 EVP_PKEY_CTX_free(ctx2);
1718 EVP_PKEY_free(pkey);
1722 #ifndef OPENSSL_NO_CMAC
1723 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1725 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1726 const char msg[] = "Hello World";
1730 if (!TEST_ptr(mdctx)
1731 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1732 testpropq, pkey, NULL))
1733 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1734 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1735 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1738 EVP_MD_CTX_free(mdctx);
1742 static int test_CMAC_keygen(void)
1744 static unsigned char key[] = {
1745 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1746 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1747 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1749 EVP_PKEY_CTX *kctx = NULL;
1751 EVP_PKEY *pkey = NULL;
1752 unsigned char mac[AES_BLOCK_SIZE];
1753 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1754 unsigned char mac2[AES_BLOCK_SIZE];
1757 if (nullprov != NULL)
1758 return TEST_skip("Test does not support a non-default library context");
1761 * This is a legacy method for CMACs, but should still work.
1762 * This verifies that it works without an ENGINE.
1764 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1766 /* Test a CMAC key created using the "generated" method */
1767 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1768 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1769 EVP_PKEY_CTRL_CIPHER,
1770 0, (void *)EVP_aes_256_ecb()), 0)
1771 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1772 EVP_PKEY_CTRL_SET_MAC_KEY,
1773 sizeof(key), (void *)key), 0)
1774 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1776 || !TEST_true(get_cmac_val(pkey, mac)))
1779 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1780 EVP_PKEY_free(pkey);
1783 * Test a CMAC key using the direct method, and compare with the mac
1786 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1788 || !TEST_true(get_cmac_val(pkey, mac2))
1789 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1796 EVP_PKEY_free(pkey);
1797 EVP_PKEY_CTX_free(kctx);
1802 static int test_HKDF(void)
1805 unsigned char out[20];
1808 unsigned char salt[] = "0123456789";
1809 unsigned char key[] = "012345678901234567890123456789";
1810 unsigned char info[] = "infostring";
1811 const unsigned char expected[] = {
1812 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1813 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1815 size_t expectedlen = sizeof(expected);
1817 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1820 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1821 for (i = 0; i < 2; i++) {
1822 outlen = sizeof(out);
1823 memset(out, 0, outlen);
1825 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1826 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1827 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1828 sizeof(salt) - 1), 0)
1829 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1830 sizeof(key) - 1), 0)
1831 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1832 sizeof(info) - 1), 0)
1833 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1834 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1841 EVP_PKEY_CTX_free(pctx);
1846 static int test_emptyikm_HKDF(void)
1849 unsigned char out[20];
1852 unsigned char salt[] = "9876543210";
1853 unsigned char key[] = "";
1854 unsigned char info[] = "stringinfo";
1855 const unsigned char expected[] = {
1856 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1857 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1859 size_t expectedlen = sizeof(expected);
1861 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1864 outlen = sizeof(out);
1865 memset(out, 0, outlen);
1867 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1868 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1869 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1870 sizeof(salt) - 1), 0)
1871 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1872 sizeof(key) - 1), 0)
1873 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1874 sizeof(info) - 1), 0)
1875 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1876 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1882 EVP_PKEY_CTX_free(pctx);
1887 #ifndef OPENSSL_NO_EC
1888 static int test_X509_PUBKEY_inplace(void)
1891 X509_PUBKEY *xp = NULL;
1892 const unsigned char *p = kExampleECPubKeyDER;
1893 size_t input_len = sizeof(kExampleECPubKeyDER);
1895 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1898 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1901 p = kExampleBadECPubKeyDER;
1902 input_len = sizeof(kExampleBadECPubKeyDER);
1904 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1907 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1913 X509_PUBKEY_free(xp);
1917 static int test_X509_PUBKEY_dup(void)
1920 X509_PUBKEY *xp = NULL, *xq = NULL;
1921 const unsigned char *p = kExampleECPubKeyDER;
1922 size_t input_len = sizeof(kExampleECPubKeyDER);
1924 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1925 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1926 || !TEST_ptr_ne(xp, xq))
1929 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1930 || !TEST_ptr(X509_PUBKEY_get0(xp))
1931 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1934 X509_PUBKEY_free(xq);
1936 p = kExampleBadECPubKeyDER;
1937 input_len = sizeof(kExampleBadECPubKeyDER);
1939 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1940 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1943 X509_PUBKEY_free(xp);
1945 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1951 X509_PUBKEY_free(xp);
1952 X509_PUBKEY_free(xq);
1955 #endif /* OPENSSL_NO_EC */
1957 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1958 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1960 EVP_MD_CTX *mdctx = NULL;
1961 EVP_PKEY_CTX *ctx = NULL;
1962 const OSSL_PARAM *params;
1963 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1966 char mdname[OSSL_MAX_NAME_SIZE];
1969 /* Initialise a sign operation */
1970 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1972 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1976 * We should be able to query the parameters now.
1978 params = EVP_PKEY_CTX_settable_params(ctx);
1979 if (!TEST_ptr(params)
1980 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1981 OSSL_SIGNATURE_PARAM_DIGEST)))
1984 params = EVP_PKEY_CTX_gettable_params(ctx);
1985 if (!TEST_ptr(params)
1986 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1987 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1988 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1989 OSSL_SIGNATURE_PARAM_DIGEST)))
1993 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1994 * EVP_PKEY_CTX_get_params()
1996 strcpy(mdname, "SHA512");
1998 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2000 *param++ = OSSL_PARAM_construct_end();
2002 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2006 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2007 mdname, sizeof(mdname));
2008 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2009 || !TEST_str_eq(mdname, "SHA512"))
2013 * Test the TEST_PKEY_CTX_set_signature_md() and
2014 * TEST_PKEY_CTX_get_signature_md() functions
2016 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2017 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2018 || !TEST_ptr_eq(md, EVP_sha256()))
2022 * Test getting MD parameters via an associated EVP_PKEY_CTX
2024 mdctx = EVP_MD_CTX_new();
2025 if (!TEST_ptr(mdctx)
2026 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2031 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2032 * able to obtain the digest's settable parameters from the provider.
2034 params = EVP_MD_CTX_settable_params(mdctx);
2035 if (!TEST_ptr(params)
2036 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2037 /* The final key should be NULL */
2038 || !TEST_ptr_null(params[1].key))
2042 memset(ssl3ms, 0, sizeof(ssl3ms));
2043 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2044 ssl3ms, sizeof(ssl3ms));
2045 *param++ = OSSL_PARAM_construct_end();
2047 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2053 EVP_MD_CTX_free(mdctx);
2054 EVP_PKEY_CTX_free(ctx);
2059 #ifndef OPENSSL_NO_DSA
2060 static int test_DSA_get_set_params(void)
2062 OSSL_PARAM_BLD *bld = NULL;
2063 OSSL_PARAM *params = NULL;
2064 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2065 EVP_PKEY_CTX *pctx = NULL;
2066 EVP_PKEY *pkey = NULL;
2070 * Setup the parameters for our DSA object. For our purposes they don't
2071 * have to actually be *valid* parameters. We just need to set something.
2073 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2074 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2075 || !TEST_ptr(p = BN_new())
2076 || !TEST_ptr(q = BN_new())
2077 || !TEST_ptr(g = BN_new())
2078 || !TEST_ptr(pub = BN_new())
2079 || !TEST_ptr(priv = BN_new()))
2081 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2082 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2089 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2092 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2093 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2097 if (!TEST_ptr(pkey))
2100 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2103 EVP_PKEY_free(pkey);
2104 EVP_PKEY_CTX_free(pctx);
2105 OSSL_PARAM_free(params);
2106 OSSL_PARAM_BLD_free(bld);
2117 * Test combinations of private, public, missing and private + public key
2118 * params to ensure they are all accepted
2120 static int test_DSA_priv_pub(void)
2122 return test_EVP_PKEY_ffc_priv_pub("DSA");
2125 #endif /* !OPENSSL_NO_DSA */
2127 static int test_RSA_get_set_params(void)
2129 OSSL_PARAM_BLD *bld = NULL;
2130 OSSL_PARAM *params = NULL;
2131 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2132 EVP_PKEY_CTX *pctx = NULL;
2133 EVP_PKEY *pkey = NULL;
2137 * Setup the parameters for our RSA object. For our purposes they don't
2138 * have to actually be *valid* parameters. We just need to set something.
2140 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2141 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2142 || !TEST_ptr(n = BN_new())
2143 || !TEST_ptr(e = BN_new())
2144 || !TEST_ptr(d = BN_new()))
2146 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2147 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2148 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2150 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2153 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2154 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2158 if (!TEST_ptr(pkey))
2161 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2164 EVP_PKEY_free(pkey);
2165 EVP_PKEY_CTX_free(pctx);
2166 OSSL_PARAM_free(params);
2167 OSSL_PARAM_BLD_free(bld);
2175 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2176 static int test_decrypt_null_chunks(void)
2178 EVP_CIPHER_CTX* ctx = NULL;
2179 EVP_CIPHER *cipher = NULL;
2180 const unsigned char key[32] = {
2181 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2182 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2183 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2185 unsigned char iv[12] = {
2186 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2188 unsigned char msg[] = "It was the best of times, it was the worst of times";
2189 unsigned char ciphertext[80];
2190 unsigned char plaintext[80];
2191 /* We initialise tmp to a non zero value on purpose */
2192 int ctlen, ptlen, tmp = 99;
2194 const int enc_offset = 10, dec_offset = 20;
2196 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2197 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2198 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2200 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2202 /* Deliberate add a zero length update */
2203 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2205 || !TEST_int_eq(tmp, 0)
2206 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2208 sizeof(msg) - enc_offset))
2209 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2210 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2211 || !TEST_int_eq(tmp, 0))
2214 /* Deliberately initialise tmp to a non zero value */
2216 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2217 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2220 * Deliberately add a zero length update. We also deliberately do
2221 * this at a different offset than for encryption.
2223 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2225 || !TEST_int_eq(tmp, 0)
2226 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2227 ciphertext + dec_offset,
2228 ctlen - dec_offset))
2229 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2230 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2231 || !TEST_int_eq(tmp, 0)
2232 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2237 EVP_CIPHER_CTX_free(ctx);
2238 EVP_CIPHER_free(cipher);
2241 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2243 #ifndef OPENSSL_NO_DH
2245 * Test combinations of private, public, missing and private + public key
2246 * params to ensure they are all accepted
2248 static int test_DH_priv_pub(void)
2250 return test_EVP_PKEY_ffc_priv_pub("DH");
2253 # ifndef OPENSSL_NO_DEPRECATED_3_0
2254 static int test_EVP_PKEY_set1_DH(void)
2256 DH *x942dh = NULL, *noqdh = NULL;
2257 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2259 BIGNUM *p, *g = NULL;
2261 if (!TEST_ptr(p = BN_new())
2262 || !TEST_ptr(g = BN_new())
2263 || !BN_set_word(p, 9999)
2264 || !BN_set_word(g, 2)
2265 || !TEST_ptr(noqdh = DH_new())
2266 || !DH_set0_pqg(noqdh, p, NULL, g))
2270 x942dh = DH_get_2048_256();
2271 pkey1 = EVP_PKEY_new();
2272 pkey2 = EVP_PKEY_new();
2273 if (!TEST_ptr(x942dh)
2276 || !TEST_ptr(pkey2))
2279 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2280 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2283 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2284 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2291 EVP_PKEY_free(pkey1);
2292 EVP_PKEY_free(pkey2);
2298 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2299 #endif /* !OPENSSL_NO_DH */
2302 * We test what happens with an empty template. For the sake of this test,
2303 * the template must be ignored, and we know that's the case for RSA keys
2304 * (this might arguably be a misfeature, but that's what we currently do,
2305 * even in provider code, since that's how the legacy RSA implementation
2308 static int test_keygen_with_empty_template(int n)
2310 EVP_PKEY_CTX *ctx = NULL;
2311 EVP_PKEY *pkey = NULL;
2312 EVP_PKEY *tkey = NULL;
2315 if (nullprov != NULL)
2316 return TEST_skip("Test does not support a non-default library context");
2320 /* We do test with no template at all as well */
2321 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2325 /* Here we create an empty RSA key that serves as our template */
2326 if (!TEST_ptr(tkey = EVP_PKEY_new())
2327 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2328 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2333 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2334 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2339 EVP_PKEY_CTX_free(ctx);
2340 EVP_PKEY_free(pkey);
2341 EVP_PKEY_free(tkey);
2346 * Test that we fail if we attempt to use an algorithm that is not available
2347 * in the current library context (unless we are using an algorithm that
2348 * should be made available via legacy codepaths).
2353 static int test_pkey_ctx_fail_without_provider(int tst)
2355 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2356 OSSL_PROVIDER *tmpnullprov = NULL;
2357 EVP_PKEY_CTX *pctx = NULL;
2358 const char *keytype = NULL;
2359 int expect_null = 0;
2362 if (!TEST_ptr(tmpctx))
2365 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2366 if (!TEST_ptr(tmpnullprov))
2370 * We check for certain algos in the null provider.
2371 * If an algo is expected to have a provider keymgmt, contructing an
2372 * EVP_PKEY_CTX is expected to fail (return NULL).
2373 * Otherwise, if it's expected to have legacy support, contructing an
2374 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2384 #ifdef OPENSSL_NO_EC
2385 TEST_info("EC disable, skipping SM2 check...");
2388 #ifdef OPENSSL_NO_SM2
2389 TEST_info("SM2 disable, skipping SM2 check...");
2394 TEST_error("No test for case %d", tst);
2398 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2399 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2402 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2408 EVP_PKEY_CTX_free(pctx);
2409 OSSL_PROVIDER_unload(tmpnullprov);
2410 OSSL_LIB_CTX_free(tmpctx);
2414 static int test_rand_agglomeration(void)
2418 OSSL_PARAM params[3], *p = params;
2420 unsigned int step = 7;
2421 static unsigned char seed[] = "It does not matter how slowly you go "
2422 "as long as you do not stop.";
2423 unsigned char out[sizeof(seed)];
2425 if (!TEST_int_ne(sizeof(seed) % step, 0)
2426 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2428 ctx = EVP_RAND_CTX_new(rand, NULL);
2429 EVP_RAND_free(rand);
2433 memset(out, 0, sizeof(out));
2434 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2435 seed, sizeof(seed));
2436 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2437 *p = OSSL_PARAM_construct_end();
2438 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2439 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2440 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2441 EVP_RAND_CTX_free(ctx);
2446 * Test that we correctly return the original or "running" IV after
2447 * an encryption operation.
2448 * Run multiple times for some different relevant algorithms/modes.
2450 static int test_evp_iv_aes(int idx)
2453 EVP_CIPHER_CTX *ctx = NULL;
2454 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2455 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2456 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2457 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2458 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2459 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2460 9, 10, 11, 12, 13, 14, 15, 16 };
2461 unsigned char ciphertext[32], oiv[16], iv[16];
2462 unsigned char *ref_iv;
2463 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2464 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2466 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2467 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2468 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2469 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2470 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2471 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2472 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2473 #ifndef OPENSSL_NO_OCB
2474 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2475 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2477 int len = sizeof(ciphertext);
2478 size_t ivlen, ref_len;
2479 const EVP_CIPHER *type = NULL;
2482 if (nullprov != NULL && idx < 6)
2483 return TEST_skip("Test does not support a non-default library context");
2487 type = EVP_aes_128_cbc();
2490 type = (type != NULL) ? type :
2491 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2493 ref_len = sizeof(cbc_state);
2497 type = EVP_aes_128_ofb();
2500 type = (type != NULL) ? type :
2501 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2503 ref_len = sizeof(ofb_state);
2507 type = EVP_aes_128_cfb();
2510 type = (type != NULL) ? type :
2511 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2513 ref_len = sizeof(cfb_state);
2517 type = EVP_aes_128_gcm();
2520 type = (type != NULL) ? type :
2521 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2523 ref_len = sizeof(gcm_state);
2526 type = EVP_aes_128_ccm();
2529 type = (type != NULL) ? type :
2530 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2532 ref_len = sizeof(ccm_state);
2534 #ifdef OPENSSL_NO_OCB
2540 type = EVP_aes_128_ocb();
2543 type = (type != NULL) ? type :
2544 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2546 ref_len = sizeof(ocb_state);
2554 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2555 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2556 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2558 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2559 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2560 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2562 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2563 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2564 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2567 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2568 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2569 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2572 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2575 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2581 EVP_CIPHER_CTX_free(ctx);
2583 EVP_CIPHER_free((EVP_CIPHER *)type);
2587 #ifndef OPENSSL_NO_DES
2588 static int test_evp_iv_des(int idx)
2591 EVP_CIPHER_CTX *ctx = NULL;
2592 static const unsigned char key[24] = {
2593 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2594 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2595 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2597 static const unsigned char init_iv[8] = {
2598 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2600 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2601 9, 10, 11, 12, 13, 14, 15, 16 };
2602 unsigned char ciphertext[32], oiv[8], iv[8];
2603 unsigned const char *ref_iv;
2604 static const unsigned char cbc_state_des[8] = {
2605 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2607 static const unsigned char cbc_state_3des[8] = {
2608 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2610 static const unsigned char ofb_state_des[8] = {
2611 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2613 static const unsigned char ofb_state_3des[8] = {
2614 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2616 static const unsigned char cfb_state_des[8] = {
2617 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2619 static const unsigned char cfb_state_3des[8] = {
2620 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2622 int len = sizeof(ciphertext);
2623 size_t ivlen, ref_len;
2624 EVP_CIPHER *type = NULL;
2626 if (lgcyprov == NULL && idx < 3)
2627 return TEST_skip("Test requires legacy provider to be loaded");
2631 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2632 ref_iv = cbc_state_des;
2633 ref_len = sizeof(cbc_state_des);
2636 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2637 ref_iv = ofb_state_des;
2638 ref_len = sizeof(ofb_state_des);
2641 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2642 ref_iv = cfb_state_des;
2643 ref_len = sizeof(cfb_state_des);
2646 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2647 ref_iv = cbc_state_3des;
2648 ref_len = sizeof(cbc_state_3des);
2651 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2652 ref_iv = ofb_state_3des;
2653 ref_len = sizeof(ofb_state_3des);
2656 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2657 ref_iv = cfb_state_3des;
2658 ref_len = sizeof(cfb_state_3des);
2665 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2666 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2667 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2669 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2670 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2671 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2673 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2674 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2675 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2678 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2679 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2681 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2686 EVP_CIPHER_CTX_free(ctx);
2687 EVP_CIPHER_free(type);
2692 #ifndef OPENSSL_NO_EC
2693 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2694 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2695 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2696 NID_brainpoolP384r1, NID_brainpoolP512r1};
2698 static int test_ecpub(int idx)
2700 int ret = 0, len, savelen;
2702 unsigned char buf[1024];
2704 EVP_PKEY *pkey = NULL;
2705 EVP_PKEY_CTX *ctx = NULL;
2706 # ifndef OPENSSL_NO_DEPRECATED_3_0
2707 const unsigned char *q;
2708 EVP_PKEY *pkey2 = NULL;
2712 if (nullprov != NULL)
2713 return TEST_skip("Test does not support a non-default library context");
2715 nid = ecpub_nids[idx];
2717 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2719 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2720 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2721 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2723 len = i2d_PublicKey(pkey, NULL);
2725 if (!TEST_int_ge(len, 1)
2726 || !TEST_int_lt(len, 1024))
2729 len = i2d_PublicKey(pkey, &p);
2730 if (!TEST_int_ge(len, 1)
2731 || !TEST_int_eq(len, savelen))
2734 # ifndef OPENSSL_NO_DEPRECATED_3_0
2735 /* Now try to decode the just-created DER. */
2737 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2738 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2739 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2741 /* EC_KEY ownership transferred */
2743 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2745 /* The keys should match. */
2746 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2753 EVP_PKEY_CTX_free(ctx);
2754 EVP_PKEY_free(pkey);
2755 # ifndef OPENSSL_NO_DEPRECATED_3_0
2756 EVP_PKEY_free(pkey2);
2763 static int test_EVP_rsa_pss_with_keygen_bits(void)
2766 EVP_PKEY_CTX *ctx = NULL;
2767 EVP_PKEY *pkey = NULL;
2770 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2772 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2773 && TEST_true(EVP_PKEY_keygen_init(ctx))
2774 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2775 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2776 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2779 EVP_PKEY_free(pkey);
2780 EVP_PKEY_CTX_free(ctx);
2784 static int success = 1;
2785 static void md_names(const char *name, void *vctx)
2787 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2788 /* Force a namemap update */
2789 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2791 if (!TEST_ptr(aes128))
2794 EVP_CIPHER_free(aes128);
2798 * Test that changing the namemap in a user callback works in a names_do_all
2801 static int test_names_do_all(void)
2803 /* We use a custom libctx so that we know the state of the namemap */
2804 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2805 EVP_MD *sha256 = NULL;
2811 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2812 if (!TEST_ptr(sha256))
2816 * We loop through all the names for a given digest. This should still work
2817 * even if the namemap changes part way through.
2819 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2822 if (!TEST_true(success))
2827 EVP_MD_free(sha256);
2828 OSSL_LIB_CTX_free(ctx);
2832 typedef enum OPTION_choice {
2839 const OPTIONS *test_get_options(void)
2841 static const OPTIONS options[] = {
2842 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2843 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2849 int setup_tests(void)
2853 while ((o = opt_next()) != OPT_EOF) {
2856 /* Set up an alternate library context */
2857 testctx = OSSL_LIB_CTX_new();
2858 if (!TEST_ptr(testctx))
2860 /* Swap the libctx to test non-default context only */
2861 nullprov = OSSL_PROVIDER_load(NULL, "null");
2862 deflprov = OSSL_PROVIDER_load(testctx, "default");
2863 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2865 case OPT_TEST_CASES:
2872 ADD_TEST(test_EVP_set_default_properties);
2873 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2874 ADD_TEST(test_EVP_DigestVerifyInit);
2875 ADD_TEST(test_EVP_Digest);
2876 ADD_TEST(test_EVP_Enveloped);
2877 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2878 ADD_TEST(test_privatekey_to_pkcs8);
2879 #ifndef OPENSSL_NO_EC
2880 ADD_TEST(test_EVP_PKCS82PKEY);
2882 #ifndef OPENSSL_NO_EC
2883 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2885 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2886 ADD_TEST(test_EVP_SM2);
2887 ADD_TEST(test_EVP_SM2_verify);
2889 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2890 #ifndef OPENSSL_NO_DEPRECATED_3_0
2891 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2892 if (!TEST_ptr(custom_pmeth))
2894 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2895 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2896 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2897 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2900 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2901 #ifndef OPENSSL_NO_CMAC
2902 ADD_TEST(test_CMAC_keygen);
2904 ADD_TEST(test_HKDF);
2905 ADD_TEST(test_emptyikm_HKDF);
2906 #ifndef OPENSSL_NO_EC
2907 ADD_TEST(test_X509_PUBKEY_inplace);
2908 ADD_TEST(test_X509_PUBKEY_dup);
2909 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2910 OSSL_NELEM(ec_der_pub_keys));
2912 #ifndef OPENSSL_NO_DSA
2913 ADD_TEST(test_DSA_get_set_params);
2914 ADD_TEST(test_DSA_priv_pub);
2916 ADD_TEST(test_RSA_get_set_params);
2917 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2918 ADD_TEST(test_decrypt_null_chunks);
2920 #ifndef OPENSSL_NO_DH
2921 ADD_TEST(test_DH_priv_pub);
2922 # ifndef OPENSSL_NO_DEPRECATED_3_0
2923 ADD_TEST(test_EVP_PKEY_set1_DH);
2926 #ifndef OPENSSL_NO_EC
2927 ADD_TEST(test_EC_priv_pub);
2928 # ifndef OPENSSL_NO_DEPRECATED_3_0
2929 ADD_TEST(test_EC_priv_only_legacy);
2932 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2933 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2935 ADD_TEST(test_rand_agglomeration);
2936 ADD_ALL_TESTS(test_evp_iv_aes, 12);
2937 #ifndef OPENSSL_NO_DES
2938 ADD_ALL_TESTS(test_evp_iv_des, 6);
2940 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2941 #ifndef OPENSSL_NO_EC
2942 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2945 ADD_TEST(test_names_do_all);
2950 void cleanup_tests(void)
2952 OSSL_PROVIDER_unload(nullprov);
2953 OSSL_PROVIDER_unload(deflprov);
2954 OSSL_PROVIDER_unload(lgcyprov);
2955 OSSL_LIB_CTX_free(testctx);