2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
42 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
43 * should never use this key anywhere but in an example.
45 static const unsigned char kExampleRSAKeyDER[] = {
46 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
47 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
48 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
49 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
50 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
51 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
52 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
53 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
54 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
55 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
56 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
57 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
58 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
59 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
60 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
61 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
62 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
63 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
64 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
65 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
66 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
67 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
68 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
69 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
70 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
71 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
72 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
73 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
74 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
75 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
76 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
77 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
78 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
79 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
80 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
81 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
82 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
83 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
84 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
85 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
86 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
87 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
88 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
89 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
90 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
91 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
92 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
93 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
94 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
95 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
96 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
100 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
101 * should never use this key anywhere but in an example.
103 #ifndef OPENSSL_NO_DSA
104 static const unsigned char kExampleDSAKeyDER[] = {
105 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
106 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
107 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
108 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
109 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
110 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
111 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
112 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
113 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
114 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
115 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
116 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
117 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
118 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
119 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
120 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
121 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
122 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
123 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
124 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
125 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
126 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
127 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
128 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
129 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
130 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
131 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
132 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
133 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
134 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
135 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
136 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
137 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
138 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
139 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
140 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
141 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
148 * components are not correct.
150 static const unsigned char kExampleBadRSAKeyDER[] = {
151 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
152 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
153 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
154 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
155 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
156 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
157 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
158 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
159 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
160 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
161 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
162 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
163 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
164 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
165 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
166 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
167 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
168 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
169 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
170 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
171 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
172 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
173 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
174 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
175 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
176 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
177 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
178 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
179 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
180 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
181 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
182 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
183 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
184 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
185 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
186 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
187 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
188 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
189 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
190 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
191 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
192 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
193 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
194 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
195 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
196 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
197 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
198 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
199 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
200 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
201 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
202 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
203 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
204 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
205 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
206 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
207 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
208 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
209 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
210 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
211 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
212 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
213 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
214 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
215 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
216 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
217 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
218 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
219 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
220 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
221 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
222 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
223 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
224 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
225 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
226 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
227 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
228 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
229 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
230 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
231 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
232 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
233 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
234 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
235 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
236 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
237 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
238 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
239 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
242 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
244 static const unsigned char kSignature[] = {
245 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
246 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
247 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
248 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
249 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
250 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
251 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
252 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
253 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
254 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
255 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
259 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
262 static const unsigned char kExampleRSAKeyPKCS8[] = {
263 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
264 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
265 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
266 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
267 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
268 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
269 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
270 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
271 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
272 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
273 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
274 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
275 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
276 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
277 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
278 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
279 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
280 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
281 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
282 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
283 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
284 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
285 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
286 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
287 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
288 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
289 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
290 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
291 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
292 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
293 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
294 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
295 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
296 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
297 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
298 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
299 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
300 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
301 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
302 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
303 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
304 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
305 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
306 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
307 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
308 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
309 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
310 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
311 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
312 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
313 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
314 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
315 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
318 #ifndef OPENSSL_NO_EC
320 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
323 static const unsigned char kExampleECKeyDER[] = {
324 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
325 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
326 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
327 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
328 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
329 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
330 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
331 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
332 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
333 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
338 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
339 * structure. The private key is equal to the order and will fail to import
341 static const unsigned char kExampleBadECKeyDER[] = {
342 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
343 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
344 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
345 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
346 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
347 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
348 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
349 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
350 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
354 static const unsigned char kExampleECPubKeyDER[] = {
355 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
356 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
357 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
358 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
359 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
360 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
361 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
362 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
366 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
367 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
369 static const unsigned char kExampleBadECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
380 static const unsigned char pExampleECParamDER[] = {
381 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
385 typedef struct APK_DATA_st {
386 const unsigned char *kder;
393 int type; /* 0 for private, 1 for public, 2 for params */
396 static APK_DATA keydata[] = {
397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
398 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
399 #ifndef OPENSSL_NO_EC
400 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
404 static APK_DATA keycheckdata[] = {
405 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
406 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
408 #ifndef OPENSSL_NO_EC
409 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
410 /* group is also associated in our pub key */
411 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
412 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
416 static EVP_PKEY *load_example_key(const char *keytype,
417 const unsigned char *data, size_t data_len)
419 const unsigned char **pdata = &data;
420 EVP_PKEY *pkey = NULL;
421 OSSL_DECODER_CTX *dctx =
422 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
425 /* |pkey| will be NULL on error */
426 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
427 OSSL_DECODER_CTX_free(dctx);
431 static EVP_PKEY *load_example_rsa_key(void)
433 return load_example_key("RSA", kExampleRSAKeyDER,
434 sizeof(kExampleRSAKeyDER));
437 #ifndef OPENSSL_NO_DSA
438 static EVP_PKEY *load_example_dsa_key(void)
440 return load_example_key("DSA", kExampleDSAKeyDER,
441 sizeof(kExampleDSAKeyDER));
445 static EVP_PKEY *load_example_hmac_key(void)
447 EVP_PKEY *pkey = NULL;
448 unsigned char key[] = {
449 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
450 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
451 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
454 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
461 static int test_EVP_set_default_properties(void)
467 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
468 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
473 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
474 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
475 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
480 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
481 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
486 OSSL_LIB_CTX_free(ctx);
490 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
491 static int test_fromdata(char *keytype, OSSL_PARAM *params)
493 EVP_PKEY_CTX *pctx = NULL;
494 EVP_PKEY *pkey = NULL;
497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
499 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
500 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
510 EVP_PKEY_CTX_free(pctx);
514 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
517 * Test combinations of private, public, missing and private + public key
518 * params to ensure they are all accepted
520 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
521 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
523 OSSL_PARAM_BLD *bld = NULL;
524 OSSL_PARAM *params = NULL;
525 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
529 * Setup the parameters for our pkey object. For our purposes they don't
530 * have to actually be *valid* parameters. We just need to set something.
532 if (!TEST_ptr(p = BN_new())
533 || !TEST_ptr(q = BN_new())
534 || !TEST_ptr(g = BN_new())
535 || !TEST_ptr(pub = BN_new())
536 || !TEST_ptr(priv = BN_new()))
539 /* Test !priv and !pub */
540 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
541 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
542 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
543 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
545 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
548 if (!test_fromdata(keytype, params))
550 OSSL_PARAM_BLD_free_params(params);
551 OSSL_PARAM_BLD_free(bld);
553 /* Test priv and !pub */
554 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
555 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
556 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
561 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
564 if (!test_fromdata(keytype, params))
566 OSSL_PARAM_BLD_free_params(params);
567 OSSL_PARAM_BLD_free(bld);
569 /* Test !priv and pub */
570 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
572 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
573 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
574 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
577 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
580 if (!test_fromdata(keytype, params))
582 OSSL_PARAM_BLD_free_params(params);
583 OSSL_PARAM_BLD_free(bld);
585 /* Test priv and pub */
586 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
588 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
589 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
590 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
592 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
595 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
598 if (!test_fromdata(keytype, params))
603 OSSL_PARAM_BLD_free_params(params);
604 OSSL_PARAM_BLD_free(bld);
613 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
616 * Test combinations of private, public, missing and private + public key
617 * params to ensure they are all accepted for EC keys
619 #ifndef OPENSSL_NO_EC
620 static unsigned char ec_priv[] = {
621 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
622 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
623 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
625 static unsigned char ec_pub[] = {
626 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
627 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
628 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
629 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
630 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
631 0x08, 0x09, 0xb8, 0xdb, 0x03
634 static int test_EC_priv_pub(void)
636 OSSL_PARAM_BLD *bld = NULL;
637 OSSL_PARAM *params = NULL;
642 * Setup the parameters for our pkey object. For our purposes they don't
643 * have to actually be *valid* parameters. We just need to set something.
645 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
648 /* Test !priv and !pub */
649 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
650 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
651 OSSL_PKEY_PARAM_GROUP_NAME,
654 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
657 if (!test_fromdata("EC", params))
659 OSSL_PARAM_BLD_free_params(params);
660 OSSL_PARAM_BLD_free(bld);
662 /* Test priv and !pub */
663 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
664 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
665 OSSL_PKEY_PARAM_GROUP_NAME,
667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
673 if (!test_fromdata("EC", params))
675 OSSL_PARAM_BLD_free_params(params);
676 OSSL_PARAM_BLD_free(bld);
678 /* Test !priv and pub */
679 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
680 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
681 OSSL_PKEY_PARAM_GROUP_NAME,
683 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
684 OSSL_PKEY_PARAM_PUB_KEY,
685 ec_pub, sizeof(ec_pub))))
687 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
690 if (!test_fromdata("EC", params))
692 OSSL_PARAM_BLD_free_params(params);
693 OSSL_PARAM_BLD_free(bld);
695 /* Test priv and pub */
696 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
697 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
698 OSSL_PKEY_PARAM_GROUP_NAME,
700 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
701 OSSL_PKEY_PARAM_PUB_KEY,
702 ec_pub, sizeof(ec_pub)))
703 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
706 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
709 if (!test_fromdata("EC", params))
714 OSSL_PARAM_BLD_free_params(params);
715 OSSL_PARAM_BLD_free(bld);
721 /* Test that using a legacy EC key with only a private key in it works */
722 # ifndef OPENSSL_NO_DEPRECATED_3_0
723 static int test_EC_priv_only_legacy(void)
727 EC_KEY *eckey = NULL;
728 EVP_PKEY *pkey = NULL;
729 EVP_MD_CTX *ctx = NULL;
731 /* Create the low level EC_KEY */
732 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
735 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
736 if (!TEST_ptr(eckey))
739 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
742 pkey = EVP_PKEY_new();
746 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
750 ctx = EVP_MD_CTX_new();
755 * The EVP_DigestSignInit function should create the key on the provider
756 * side which is sufficient for this test.
758 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)))
764 EVP_MD_CTX_free(ctx);
771 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
772 #endif /* OPENSSL_NO_EC */
774 static int test_EVP_Enveloped(void)
777 EVP_CIPHER_CTX *ctx = NULL;
778 EVP_PKEY *keypair = NULL;
779 unsigned char *kek = NULL;
780 unsigned char iv[EVP_MAX_IV_LENGTH];
781 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
782 int len, kek_len, ciphertext_len, plaintext_len;
783 unsigned char ciphertext[32], plaintext[16];
784 const EVP_CIPHER *type = EVP_aes_256_cbc();
786 if (!TEST_ptr(keypair = load_example_rsa_key())
787 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
788 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
789 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
791 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
793 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
797 ciphertext_len += len;
799 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
800 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
801 ciphertext, ciphertext_len))
802 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
805 plaintext_len += len;
806 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
812 EVP_PKEY_free(keypair);
813 EVP_CIPHER_CTX_free(ctx);
818 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
819 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
820 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
821 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
822 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
823 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
824 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
825 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
826 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
828 static int test_EVP_DigestSignInit(int tst)
831 EVP_PKEY *pkey = NULL;
832 unsigned char *sig = NULL;
834 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
835 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
836 BIO *mdbio = NULL, *membio = NULL;
839 EVP_MD *mdexp = NULL;
842 membio = BIO_new(BIO_s_mem());
843 mdbio = BIO_new(BIO_f_md());
844 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
846 BIO_push(mdbio, membio);
847 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
850 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
851 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
855 if (tst == 0 || tst == 3 || tst == 6) {
856 if (!TEST_ptr(pkey = load_example_rsa_key()))
858 } else if (tst == 1 || tst == 4 || tst == 7) {
859 #ifndef OPENSSL_NO_DSA
860 if (!TEST_ptr(pkey = load_example_dsa_key()))
867 if (!TEST_ptr(pkey = load_example_hmac_key()))
871 if (tst >= 3 && tst <= 5)
872 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
876 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
880 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
883 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
887 /* Determine the size of the signature. */
888 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
889 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
890 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
894 if (!TEST_int_gt(BIO_reset(mdbio), 0)
895 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
900 * Ensure that the signature round-trips (Verification isn't supported for
901 * HMAC via EVP_DigestVerify*)
903 if (tst != 2 && tst != 5 && tst != 8) {
904 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
909 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
912 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
916 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
925 EVP_MD_CTX_free(a_md_ctx);
926 EVP_MD_CTX_free(a_md_ctx_verify);
934 static int test_EVP_DigestVerifyInit(void)
937 EVP_PKEY *pkey = NULL;
938 EVP_MD_CTX *md_ctx = NULL;
940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
941 || !TEST_ptr(pkey = load_example_rsa_key()))
944 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
945 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
946 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
947 sizeof(kSignature))))
952 EVP_MD_CTX_free(md_ctx);
958 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
960 static int test_EVP_Digest(void)
963 EVP_MD_CTX *md_ctx = NULL;
964 unsigned char md[EVP_MAX_MD_SIZE];
966 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
969 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
970 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
971 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
972 /* EVP_DigestFinal resets the EVP_MD_CTX. */
973 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
976 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
977 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
978 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
979 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
980 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
982 * EVP_DigestInit_ex with NULL type should work on
983 * pre-initialized context.
985 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
988 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
989 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
990 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
991 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
992 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
993 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
998 EVP_MD_CTX_free(md_ctx);
1002 static int test_d2i_AutoPrivateKey(int i)
1005 const unsigned char *p;
1006 EVP_PKEY *pkey = NULL;
1007 const APK_DATA *ak = &keydata[i];
1008 const unsigned char *input = ak->kder;
1009 size_t input_len = ak->size;
1010 int expected_id = ak->evptype;
1013 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1014 || !TEST_ptr_eq(p, input + input_len)
1015 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1021 EVP_PKEY_free(pkey);
1025 #ifndef OPENSSL_NO_EC
1027 static const unsigned char ec_public_sect163k1_validxy[] = {
1028 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1029 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1030 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1031 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1032 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1033 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1036 static const unsigned char ec_public_sect163k1_badx[] = {
1037 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1038 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1039 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1040 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1041 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1042 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1045 static const unsigned char ec_public_sect163k1_bady[] = {
1046 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1047 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1048 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1049 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1050 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1051 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1054 static struct ec_der_pub_keys_st {
1055 const unsigned char *der;
1058 } ec_der_pub_keys[] = {
1059 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1060 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1061 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1065 * Tests the range of the decoded EC char2 public point.
1066 * See ec_GF2m_simple_oct2point().
1068 static int test_invalide_ec_char2_pub_range_decode(int id)
1073 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1074 ec_der_pub_keys[id].len);
1076 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1077 || TEST_ptr_null(pkey);
1078 EVP_PKEY_free(pkey);
1082 /* Tests loading a bad key in PKCS8 format */
1083 static int test_EVP_PKCS82PKEY(void)
1086 const unsigned char *derp = kExampleBadECKeyDER;
1087 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1088 EVP_PKEY *pkey = NULL;
1090 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1091 sizeof(kExampleBadECKeyDER))))
1094 if (!TEST_ptr_eq(derp,
1095 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1098 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1104 PKCS8_PRIV_KEY_INFO_free(p8inf);
1105 EVP_PKEY_free(pkey);
1111 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1112 static int test_privatekey_to_pkcs8(void)
1114 EVP_PKEY *pkey = NULL;
1116 char *membuf = NULL;
1117 long membuf_len = 0;
1120 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1121 || !TEST_ptr(pkey = load_example_rsa_key())
1122 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1123 NULL, 0, NULL, NULL),
1125 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1126 || !TEST_ptr(membuf)
1127 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1128 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1130 * We try to write PEM as well, just to see that it doesn't err, but
1131 * assume that the result is correct.
1133 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1134 NULL, 0, NULL, NULL),
1140 EVP_PKEY_free(pkey);
1141 BIO_free_all(membio);
1145 #ifndef OPENSSL_NO_EC
1146 static const struct {
1148 const char *encoding_name;
1149 } ec_encodings[] = {
1150 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1151 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1154 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1156 const OSSL_PARAM *p;
1157 const char *enc_name = NULL;
1163 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1164 OSSL_PKEY_PARAM_EC_ENCODING))
1165 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1168 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1169 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1170 *enc = ec_encodings[i].encoding;
1175 return (*enc != -1);
1178 static int test_EC_keygen_with_enc(int idx)
1180 EVP_PKEY *params = NULL, *key = NULL;
1181 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1185 enc = ec_encodings[idx].encoding;
1187 /* Create key parameters */
1188 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1189 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1190 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1191 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1192 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1193 || !TEST_ptr(params))
1197 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1198 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1199 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1203 /* Check that the encoding got all the way into the key */
1204 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1205 ec_export_get_encoding_cb, &enc))
1206 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1212 EVP_PKEY_free(params);
1213 EVP_PKEY_CTX_free(kctx);
1214 EVP_PKEY_CTX_free(pctx);
1219 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1221 static int test_EVP_SM2_verify(void)
1223 const char *pubkey =
1224 "-----BEGIN PUBLIC KEY-----\n"
1225 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1226 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1227 "-----END PUBLIC KEY-----\n";
1229 const char *msg = "message digest";
1230 const char *id = "ALICE123@YAHOO.COM";
1232 const uint8_t signature[] = {
1233 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1234 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1235 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1236 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1237 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1238 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1239 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1244 EVP_PKEY *pkey = NULL;
1245 EVP_MD_CTX *mctx = NULL;
1246 EVP_PKEY_CTX *pctx = NULL;
1248 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1249 if (!TEST_true(bio != NULL))
1252 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1253 if (!TEST_true(pkey != NULL))
1256 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1259 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1262 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1265 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1267 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1270 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1273 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1276 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1282 EVP_PKEY_free(pkey);
1283 EVP_PKEY_CTX_free(pctx);
1284 EVP_MD_CTX_free(mctx);
1288 static int test_EVP_SM2(void)
1291 EVP_PKEY *pkey = NULL;
1292 EVP_PKEY *pkeyparams = NULL;
1293 EVP_PKEY_CTX *pctx = NULL;
1294 EVP_PKEY_CTX *kctx = NULL;
1295 EVP_PKEY_CTX *sctx = NULL;
1297 unsigned char *sig = NULL;
1298 EVP_MD_CTX *md_ctx = NULL;
1299 EVP_MD_CTX *md_ctx_verify = NULL;
1300 EVP_PKEY_CTX *cctx = NULL;
1302 uint8_t ciphertext[128];
1303 size_t ctext_len = sizeof(ciphertext);
1305 uint8_t plaintext[8];
1306 size_t ptext_len = sizeof(plaintext);
1308 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1310 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1311 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1315 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1316 if (!TEST_ptr(pctx))
1319 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1322 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1325 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1328 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1329 if (!TEST_ptr(kctx))
1332 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1335 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1338 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1341 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1344 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1347 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1348 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1350 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1353 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1356 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1359 /* Determine the size of the signature. */
1360 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1363 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1366 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1369 /* Ensure that the signature round-trips. */
1371 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1374 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1377 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1380 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1383 /* now check encryption/decryption */
1385 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1386 mdname, sizeof(mdname));
1387 for (i = 0; i < 2; i++) {
1388 EVP_PKEY_CTX_free(cctx);
1390 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1391 i == 0 ? "SM3" : "SHA2-256",
1394 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1397 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1400 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1403 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1407 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1410 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1413 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1417 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1420 /* Test we're still using the digest we think we are */
1421 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1423 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1426 if (!TEST_true(ptext_len == sizeof(kMsg)))
1429 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1435 EVP_PKEY_CTX_free(pctx);
1436 EVP_PKEY_CTX_free(kctx);
1437 EVP_PKEY_CTX_free(sctx);
1438 EVP_PKEY_CTX_free(cctx);
1439 EVP_PKEY_free(pkey);
1440 EVP_PKEY_free(pkeyparams);
1441 EVP_MD_CTX_free(md_ctx);
1442 EVP_MD_CTX_free(md_ctx_verify);
1449 static struct keys_st {
1455 EVP_PKEY_HMAC, "0123456789", NULL
1457 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1459 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1461 #ifndef OPENSSL_NO_EC
1463 EVP_PKEY_X25519, "01234567890123456789012345678901",
1464 "abcdefghijklmnopqrstuvwxyzabcdef"
1466 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1467 "abcdefghijklmnopqrstuvwxyzabcdef"
1470 "01234567890123456789012345678901234567890123456789012345",
1471 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1474 "012345678901234567890123456789012345678901234567890123456",
1475 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1480 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1483 unsigned char buf[80];
1485 size_t inlen, len = 0;
1488 /* Check if this algorithm supports public keys */
1489 if (keys[tst].pub == NULL)
1492 memset(buf, 0, sizeof(buf));
1495 inlen = strlen(keys[tst].pub);
1496 in = (unsigned char *)keys[tst].pub;
1498 pkey = EVP_PKEY_new_raw_public_key_ex(
1500 OBJ_nid2sn(keys[tst].type),
1505 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1511 inlen = strlen(keys[tst].priv);
1512 in = (unsigned char *)keys[tst].priv;
1514 pkey = EVP_PKEY_new_raw_private_key_ex(
1515 testctx, OBJ_nid2sn(keys[tst].type),
1520 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1528 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1529 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1530 || !TEST_true(len == inlen)
1531 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1532 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1533 || !TEST_mem_eq(in, inlen, buf, len))
1538 EVP_PKEY_free(pkey);
1542 static int test_set_get_raw_keys(int tst)
1544 return test_set_get_raw_keys_int(tst, 0, 0)
1545 && test_set_get_raw_keys_int(tst, 0, 1)
1546 && test_set_get_raw_keys_int(tst, 1, 0)
1547 && test_set_get_raw_keys_int(tst, 1, 1);
1550 #ifndef OPENSSL_NO_DEPRECATED_3_0
1551 static int pkey_custom_check(EVP_PKEY *pkey)
1556 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1561 static int pkey_custom_param_check(EVP_PKEY *pkey)
1566 static EVP_PKEY_METHOD *custom_pmeth;
1569 static int test_EVP_PKEY_check(int i)
1572 EVP_PKEY *pkey = NULL;
1573 EVP_PKEY_CTX *ctx = NULL;
1574 #ifndef OPENSSL_NO_DEPRECATED_3_0
1575 EVP_PKEY_CTX *ctx2 = NULL;
1577 const APK_DATA *ak = &keycheckdata[i];
1578 const unsigned char *input = ak->kder;
1579 size_t input_len = ak->size;
1580 int expected_id = ak->evptype;
1581 int expected_check = ak->check;
1582 int expected_pub_check = ak->pub_check;
1583 int expected_param_check = ak->param_check;
1584 int type = ak->type;
1586 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1589 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1592 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1595 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1598 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1601 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1604 #ifndef OPENSSL_NO_DEPRECATED_3_0
1605 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1606 /* assign the pkey directly, as an internal test */
1607 EVP_PKEY_up_ref(pkey);
1610 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1613 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1616 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1623 EVP_PKEY_CTX_free(ctx);
1624 #ifndef OPENSSL_NO_DEPRECATED_3_0
1625 EVP_PKEY_CTX_free(ctx2);
1627 EVP_PKEY_free(pkey);
1631 #ifndef OPENSSL_NO_CMAC
1632 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1634 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1635 const char msg[] = "Hello World";
1639 if (!TEST_ptr(mdctx)
1640 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1641 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1642 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1643 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1646 EVP_MD_CTX_free(mdctx);
1650 static int test_CMAC_keygen(void)
1652 static unsigned char key[] = {
1653 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1654 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1655 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1658 * This is a legacy method for CMACs, but should still work.
1659 * This verifies that it works without an ENGINE.
1661 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1663 EVP_PKEY *pkey = NULL;
1664 unsigned char mac[AES_BLOCK_SIZE];
1665 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1666 unsigned char mac2[AES_BLOCK_SIZE];
1669 /* Test a CMAC key created using the "generated" method */
1670 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1671 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1672 EVP_PKEY_CTRL_CIPHER,
1673 0, (void *)EVP_aes_256_ecb()), 0)
1674 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1675 EVP_PKEY_CTRL_SET_MAC_KEY,
1676 sizeof(key), (void *)key), 0)
1677 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1679 || !TEST_true(get_cmac_val(pkey, mac)))
1682 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1683 EVP_PKEY_free(pkey);
1686 * Test a CMAC key using the direct method, and compare with the mac
1689 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1691 || !TEST_true(get_cmac_val(pkey, mac2))
1692 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1699 EVP_PKEY_free(pkey);
1700 EVP_PKEY_CTX_free(kctx);
1705 static int test_HKDF(void)
1708 unsigned char out[20];
1711 unsigned char salt[] = "0123456789";
1712 unsigned char key[] = "012345678901234567890123456789";
1713 unsigned char info[] = "infostring";
1714 const unsigned char expected[] = {
1715 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1716 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1718 size_t expectedlen = sizeof(expected);
1720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1723 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1724 for (i = 0; i < 2; i++) {
1725 outlen = sizeof(out);
1726 memset(out, 0, outlen);
1728 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1729 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1730 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1731 sizeof(salt) - 1), 0)
1732 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1733 sizeof(key) - 1), 0)
1734 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1735 sizeof(info) - 1), 0)
1736 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1737 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1744 EVP_PKEY_CTX_free(pctx);
1749 static int test_emptyikm_HKDF(void)
1752 unsigned char out[20];
1755 unsigned char salt[] = "9876543210";
1756 unsigned char key[] = "";
1757 unsigned char info[] = "stringinfo";
1758 const unsigned char expected[] = {
1759 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1760 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1762 size_t expectedlen = sizeof(expected);
1764 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1767 outlen = sizeof(out);
1768 memset(out, 0, outlen);
1770 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1771 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1772 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1773 sizeof(salt) - 1), 0)
1774 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1775 sizeof(key) - 1), 0)
1776 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1777 sizeof(info) - 1), 0)
1778 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1779 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1785 EVP_PKEY_CTX_free(pctx);
1790 #ifndef OPENSSL_NO_EC
1791 static int test_X509_PUBKEY_inplace(void)
1794 X509_PUBKEY *xp = NULL;
1795 const unsigned char *p = kExampleECPubKeyDER;
1796 size_t input_len = sizeof(kExampleECPubKeyDER);
1798 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1801 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1804 p = kExampleBadECPubKeyDER;
1805 input_len = sizeof(kExampleBadECPubKeyDER);
1807 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1810 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1816 X509_PUBKEY_free(xp);
1819 #endif /* OPENSSL_NO_EC */
1821 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1822 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1824 EVP_MD_CTX *mdctx = NULL;
1825 EVP_PKEY_CTX *ctx = NULL;
1826 const OSSL_PARAM *params;
1827 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1830 char mdname[OSSL_MAX_NAME_SIZE];
1833 /* Initialise a sign operation */
1834 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1836 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1840 * We should be able to query the parameters now.
1842 params = EVP_PKEY_CTX_settable_params(ctx);
1843 if (!TEST_ptr(params)
1844 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1845 OSSL_SIGNATURE_PARAM_DIGEST)))
1848 params = EVP_PKEY_CTX_gettable_params(ctx);
1849 if (!TEST_ptr(params)
1850 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1851 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1852 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1853 OSSL_SIGNATURE_PARAM_DIGEST)))
1857 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1858 * EVP_PKEY_CTX_get_params()
1860 strcpy(mdname, "SHA512");
1862 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1864 *param++ = OSSL_PARAM_construct_end();
1866 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1870 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1871 mdname, sizeof(mdname));
1872 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1873 || !TEST_str_eq(mdname, "SHA512"))
1877 * Test the TEST_PKEY_CTX_set_signature_md() and
1878 * TEST_PKEY_CTX_get_signature_md() functions
1880 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1881 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1882 || !TEST_ptr_eq(md, EVP_sha256()))
1886 * Test getting MD parameters via an associated EVP_PKEY_CTX
1888 mdctx = EVP_MD_CTX_new();
1889 if (!TEST_ptr(mdctx)
1890 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1895 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1896 * able to obtain the digest's settable parameters from the provider.
1898 params = EVP_MD_CTX_settable_params(mdctx);
1899 if (!TEST_ptr(params)
1900 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1901 /* The final key should be NULL */
1902 || !TEST_ptr_null(params[1].key))
1906 memset(ssl3ms, 0, sizeof(ssl3ms));
1907 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1908 ssl3ms, sizeof(ssl3ms));
1909 *param++ = OSSL_PARAM_construct_end();
1911 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1917 EVP_MD_CTX_free(mdctx);
1918 EVP_PKEY_CTX_free(ctx);
1923 #ifndef OPENSSL_NO_DSA
1924 static int test_DSA_get_set_params(void)
1926 OSSL_PARAM_BLD *bld = NULL;
1927 OSSL_PARAM *params = NULL;
1928 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1929 EVP_PKEY_CTX *pctx = NULL;
1930 EVP_PKEY *pkey = NULL;
1934 * Setup the parameters for our DSA object. For our purposes they don't
1935 * have to actually be *valid* parameters. We just need to set something.
1937 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1938 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1939 || !TEST_ptr(p = BN_new())
1940 || !TEST_ptr(q = BN_new())
1941 || !TEST_ptr(g = BN_new())
1942 || !TEST_ptr(pub = BN_new())
1943 || !TEST_ptr(priv = BN_new()))
1945 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1946 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1947 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1948 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1950 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1953 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1956 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1957 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
1961 if (!TEST_ptr(pkey))
1964 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1967 EVP_PKEY_free(pkey);
1968 EVP_PKEY_CTX_free(pctx);
1969 OSSL_PARAM_BLD_free_params(params);
1970 OSSL_PARAM_BLD_free(bld);
1981 * Test combinations of private, public, missing and private + public key
1982 * params to ensure they are all accepted
1984 static int test_DSA_priv_pub(void)
1986 return test_EVP_PKEY_ffc_priv_pub("DSA");
1989 #endif /* !OPENSSL_NO_DSA */
1991 static int test_RSA_get_set_params(void)
1993 OSSL_PARAM_BLD *bld = NULL;
1994 OSSL_PARAM *params = NULL;
1995 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1996 EVP_PKEY_CTX *pctx = NULL;
1997 EVP_PKEY *pkey = NULL;
2001 * Setup the parameters for our RSA object. For our purposes they don't
2002 * have to actually be *valid* parameters. We just need to set something.
2004 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2005 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2006 || !TEST_ptr(n = BN_new())
2007 || !TEST_ptr(e = BN_new())
2008 || !TEST_ptr(d = BN_new()))
2010 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2012 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2017 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2018 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2022 if (!TEST_ptr(pkey))
2025 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2028 EVP_PKEY_free(pkey);
2029 EVP_PKEY_CTX_free(pctx);
2030 OSSL_PARAM_BLD_free_params(params);
2031 OSSL_PARAM_BLD_free(bld);
2039 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2040 static int test_decrypt_null_chunks(void)
2042 EVP_CIPHER_CTX* ctx = NULL;
2043 const unsigned char key[32] = {
2044 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2045 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2046 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2048 unsigned char iv[12] = {
2049 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2051 unsigned char msg[] = "It was the best of times, it was the worst of times";
2052 unsigned char ciphertext[80];
2053 unsigned char plaintext[80];
2054 /* We initialise tmp to a non zero value on purpose */
2055 int ctlen, ptlen, tmp = 99;
2057 const int enc_offset = 10, dec_offset = 20;
2059 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2060 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
2062 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2064 /* Deliberate add a zero length update */
2065 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2067 || !TEST_int_eq(tmp, 0)
2068 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2070 sizeof(msg) - enc_offset))
2071 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2072 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2073 || !TEST_int_eq(tmp, 0))
2076 /* Deliberately initialise tmp to a non zero value */
2078 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
2080 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2083 * Deliberately add a zero length update. We also deliberately do
2084 * this at a different offset than for encryption.
2086 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2088 || !TEST_int_eq(tmp, 0)
2089 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2090 ciphertext + dec_offset,
2091 ctlen - dec_offset))
2092 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2093 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2094 || !TEST_int_eq(tmp, 0)
2095 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2100 EVP_CIPHER_CTX_free(ctx);
2103 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2105 #ifndef OPENSSL_NO_DH
2107 * Test combinations of private, public, missing and private + public key
2108 * params to ensure they are all accepted
2110 static int test_DH_priv_pub(void)
2112 return test_EVP_PKEY_ffc_priv_pub("DH");
2115 # ifndef OPENSSL_NO_DEPRECATED_3_0
2116 static int test_EVP_PKEY_set1_DH(void)
2118 DH *x942dh = NULL, *noqdh = NULL;
2119 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2121 BIGNUM *p, *g = NULL;
2123 if (!TEST_ptr(p = BN_new())
2124 || !TEST_ptr(g = BN_new())
2125 || !BN_set_word(p, 9999)
2126 || !BN_set_word(g, 2)
2127 || !TEST_ptr(noqdh = DH_new())
2128 || !DH_set0_pqg(noqdh, p, NULL, g))
2132 x942dh = DH_get_2048_256();
2133 pkey1 = EVP_PKEY_new();
2134 pkey2 = EVP_PKEY_new();
2135 if (!TEST_ptr(x942dh)
2138 || !TEST_ptr(pkey2))
2141 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2142 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2145 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2146 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2153 EVP_PKEY_free(pkey1);
2154 EVP_PKEY_free(pkey2);
2160 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2161 #endif /* !OPENSSL_NO_DH */
2164 * We test what happens with an empty template. For the sake of this test,
2165 * the template must be ignored, and we know that's the case for RSA keys
2166 * (this might arguably be a misfeature, but that's what we currently do,
2167 * even in provider code, since that's how the legacy RSA implementation
2170 static int test_keygen_with_empty_template(int n)
2172 EVP_PKEY_CTX *ctx = NULL;
2173 EVP_PKEY *pkey = NULL;
2174 EVP_PKEY *tkey = NULL;
2179 /* We do test with no template at all as well */
2180 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2184 /* Here we create an empty RSA key that serves as our template */
2185 if (!TEST_ptr(tkey = EVP_PKEY_new())
2186 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2187 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2192 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2193 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2198 EVP_PKEY_CTX_free(ctx);
2199 EVP_PKEY_free(pkey);
2200 EVP_PKEY_free(tkey);
2205 * Test that we fail if we attempt to use an algorithm that is not available
2206 * in the current library context (unless we are using an algorithm that
2207 * should be made available via legacy codepaths).
2212 static int test_pkey_ctx_fail_without_provider(int tst)
2214 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2215 OSSL_PROVIDER *nullprov = NULL;
2216 EVP_PKEY_CTX *pctx = NULL;
2217 const char *keytype = NULL;
2218 int expect_null = 0;
2221 if (!TEST_ptr(tmpctx))
2224 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2225 if (!TEST_ptr(nullprov))
2229 * We check for certain algos in the null provider.
2230 * If an algo is expected to have a provider keymgmt, contructing an
2231 * EVP_PKEY_CTX is expected to fail (return NULL).
2232 * Otherwise, if it's expected to have legacy support, contructing an
2233 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2243 #ifdef OPENSSL_NO_EC
2244 TEST_info("EC disable, skipping SM2 check...");
2247 #ifdef OPENSSL_NO_SM2
2248 TEST_info("SM2 disable, skipping SM2 check...");
2253 TEST_error("No test for case %d", tst);
2257 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2258 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2261 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2267 EVP_PKEY_CTX_free(pctx);
2268 OSSL_PROVIDER_unload(nullprov);
2269 OSSL_LIB_CTX_free(tmpctx);
2273 static int test_rand_agglomeration(void)
2277 OSSL_PARAM params[3], *p = params;
2279 unsigned int step = 7;
2280 static unsigned char seed[] = "It does not matter how slowly you go "
2281 "as long as you do not stop.";
2282 unsigned char out[sizeof(seed)];
2284 if (!TEST_int_ne(sizeof(seed) % step, 0)
2285 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2287 ctx = EVP_RAND_CTX_new(rand, NULL);
2288 EVP_RAND_free(rand);
2292 memset(out, 0, sizeof(out));
2293 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2294 seed, sizeof(seed));
2295 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2296 *p = OSSL_PARAM_construct_end();
2297 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2298 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2299 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2300 EVP_RAND_CTX_free(ctx);
2305 * Test that we correctly return the original or "running" IV after
2306 * an encryption operation.
2307 * Run multiple times for some different relevant algorithms/modes.
2309 static int test_evp_iv(int idx)
2312 EVP_CIPHER_CTX *ctx = NULL;
2313 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2314 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2315 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2316 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2317 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2318 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2319 9, 10, 11, 12, 13, 14, 15, 16 };
2320 unsigned char ciphertext[32], oiv[16], iv[16];
2321 unsigned char *ref_iv;
2322 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2323 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2325 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2326 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2327 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2328 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2329 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2330 #ifndef OPENSSL_NO_OCB
2331 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2332 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2334 int len = sizeof(ciphertext);
2335 size_t ivlen, ref_len;
2336 const EVP_CIPHER *type = NULL;
2340 type = EVP_aes_128_cbc();
2343 type = (type != NULL) ? type :
2344 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2346 ref_len = sizeof(cbc_state);
2349 type = EVP_aes_128_ofb();
2352 type = (type != NULL) ? type :
2353 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2355 ref_len = sizeof(ofb_state);
2358 type = EVP_aes_128_gcm();
2361 type = (type != NULL) ? type :
2362 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2364 ref_len = sizeof(gcm_state);
2367 type = EVP_aes_128_ccm();
2370 type = (type != NULL) ? type :
2371 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2373 ref_len = sizeof(ccm_state);
2375 #ifdef OPENSSL_NO_OCB
2381 type = EVP_aes_128_ocb();
2384 type = (type != NULL) ? type :
2385 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2387 ref_len = sizeof(ocb_state);
2395 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2396 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2397 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2399 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2400 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2401 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2403 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2404 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2405 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2410 EVP_CIPHER_CTX_free(ctx);
2412 EVP_CIPHER_free((EVP_CIPHER *)type);
2416 #ifndef OPENSSL_NO_EC
2417 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2418 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2419 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2420 NID_brainpoolP384r1, NID_brainpoolP512r1};
2422 static int test_ecpub(int idx)
2424 int ret = 0, len, savelen;
2426 unsigned char buf[1024];
2428 EVP_PKEY *pkey = NULL;
2429 EVP_PKEY_CTX *ctx = NULL;
2430 # ifndef OPENSSL_NO_DEPRECATED_3_0
2431 const unsigned char *q;
2432 EVP_PKEY *pkey2 = NULL;
2436 nid = ecpub_nids[idx];
2438 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2440 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2441 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2442 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2444 len = i2d_PublicKey(pkey, NULL);
2446 if (!TEST_int_ge(len, 1)
2447 || !TEST_int_lt(len, 1024))
2450 len = i2d_PublicKey(pkey, &p);
2451 if (!TEST_int_ge(len, 1)
2452 || !TEST_int_eq(len, savelen))
2455 # ifndef OPENSSL_NO_DEPRECATED_3_0
2456 /* Now try to decode the just-created DER. */
2458 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2459 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2460 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2462 /* EC_KEY ownership transferred */
2464 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2466 /* The keys should match. */
2467 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2474 EVP_PKEY_CTX_free(ctx);
2475 EVP_PKEY_free(pkey);
2476 # ifndef OPENSSL_NO_DEPRECATED_3_0
2477 EVP_PKEY_free(pkey2);
2484 static int test_EVP_rsa_pss_with_keygen_bits(void)
2493 md = EVP_get_digestbyname("sha256");
2494 ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
2495 && TEST_true(EVP_PKEY_keygen_init(ctx))
2496 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2497 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2498 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2500 EVP_PKEY_free(pkey);
2501 EVP_PKEY_CTX_free(ctx);
2505 static int success = 1;
2506 static void md_names(const char *name, void *vctx)
2508 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2509 /* Force a namemap update */
2510 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2512 if (!TEST_ptr(aes128))
2515 EVP_CIPHER_free(aes128);
2519 * Test that changing the namemap in a user callback works in a names_do_all
2522 static int test_names_do_all(void)
2524 /* We use a custom libctx so that we know the state of the namemap */
2525 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2526 EVP_MD *sha256 = NULL;
2532 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2533 if (!TEST_ptr(sha256))
2537 * We loop through all the names for a given digest. This should still work
2538 * even if the namemap changes part way through.
2540 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2543 if (!TEST_true(success))
2548 EVP_MD_free(sha256);
2549 OSSL_LIB_CTX_free(ctx);
2553 int setup_tests(void)
2555 testctx = OSSL_LIB_CTX_new();
2557 if (!TEST_ptr(testctx))
2560 ADD_TEST(test_EVP_set_default_properties);
2561 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2562 ADD_TEST(test_EVP_DigestVerifyInit);
2563 ADD_TEST(test_EVP_Digest);
2564 ADD_TEST(test_EVP_Enveloped);
2565 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2566 ADD_TEST(test_privatekey_to_pkcs8);
2567 #ifndef OPENSSL_NO_EC
2568 ADD_TEST(test_EVP_PKCS82PKEY);
2570 #ifndef OPENSSL_NO_EC
2571 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2573 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2574 ADD_TEST(test_EVP_SM2);
2575 ADD_TEST(test_EVP_SM2_verify);
2577 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2578 #ifndef OPENSSL_NO_DEPRECATED_3_0
2579 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2580 if (!TEST_ptr(custom_pmeth))
2582 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2583 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2584 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2585 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2588 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2589 #ifndef OPENSSL_NO_CMAC
2590 ADD_TEST(test_CMAC_keygen);
2592 ADD_TEST(test_HKDF);
2593 ADD_TEST(test_emptyikm_HKDF);
2594 #ifndef OPENSSL_NO_EC
2595 ADD_TEST(test_X509_PUBKEY_inplace);
2596 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2597 OSSL_NELEM(ec_der_pub_keys));
2599 #ifndef OPENSSL_NO_DSA
2600 ADD_TEST(test_DSA_get_set_params);
2601 ADD_TEST(test_DSA_priv_pub);
2603 ADD_TEST(test_RSA_get_set_params);
2604 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2605 ADD_TEST(test_decrypt_null_chunks);
2607 #ifndef OPENSSL_NO_DH
2608 ADD_TEST(test_DH_priv_pub);
2609 # ifndef OPENSSL_NO_DEPRECATED_3_0
2610 ADD_TEST(test_EVP_PKEY_set1_DH);
2613 #ifndef OPENSSL_NO_EC
2614 ADD_TEST(test_EC_priv_pub);
2615 # ifndef OPENSSL_NO_DEPRECATED_3_0
2616 ADD_TEST(test_EC_priv_only_legacy);
2619 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2620 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2622 ADD_TEST(test_rand_agglomeration);
2623 ADD_ALL_TESTS(test_evp_iv, 10);
2624 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2625 #ifndef OPENSSL_NO_EC
2626 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2629 ADD_TEST(test_names_do_all);
2634 void cleanup_tests(void)
2636 OSSL_LIB_CTX_free(testctx);