2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
413 int type; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
458 static EVP_PKEY *load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
472 static EVP_PKEY *load_example_hmac_key(void)
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
488 static int test_EVP_set_default_properties(void)
494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
513 OSSL_LIB_CTX_free(ctx);
517 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518 static int test_fromdata(char *keytype, OSSL_PARAM *params)
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
537 EVP_PKEY_CTX_free(pctx);
541 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
544 * Test combinations of private, public, missing and private + public key
545 * params to ensure they are all accepted
547 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
548 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
559 if (!TEST_ptr(p = BN_new())
560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
575 if (!test_fromdata(keytype, params))
577 OSSL_PARAM_free(params);
578 OSSL_PARAM_BLD_free(bld);
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
591 if (!test_fromdata(keytype, params))
593 OSSL_PARAM_free(params);
594 OSSL_PARAM_BLD_free(bld);
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
607 if (!test_fromdata(keytype, params))
609 OSSL_PARAM_free(params);
610 OSSL_PARAM_BLD_free(bld);
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
625 if (!test_fromdata(keytype, params))
630 OSSL_PARAM_free(params);
631 OSSL_PARAM_BLD_free(bld);
640 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
646 #ifndef OPENSSL_NO_EC
647 static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
652 static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
661 static int test_EC_priv_pub(void)
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
684 if (!test_fromdata("EC", params))
686 OSSL_PARAM_free(params);
687 OSSL_PARAM_BLD_free(bld);
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
700 if (!test_fromdata("EC", params))
702 OSSL_PARAM_free(params);
703 OSSL_PARAM_BLD_free(bld);
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
717 if (!test_fromdata("EC", params))
719 OSSL_PARAM_free(params);
720 OSSL_PARAM_BLD_free(bld);
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
736 if (!test_fromdata("EC", params))
741 OSSL_PARAM_free(params);
742 OSSL_PARAM_BLD_free(bld);
748 /* Test that using a legacy EC key with only a private key in it works */
749 # ifndef OPENSSL_NO_DEPRECATED_3_0
750 static int test_EC_priv_only_legacy(void)
754 EC_KEY *eckey = NULL;
755 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
756 EVP_MD_CTX *ctx = NULL;
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
769 pkey = EVP_PKEY_new();
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
777 while (dup_pk == NULL) {
779 ctx = EVP_MD_CTX_new();
784 * The EVP_DigestSignInit function should create the key on the
785 * provider side which is sufficient for this test.
787 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
788 testpropq, pkey, NULL)))
790 EVP_MD_CTX_free(ctx);
793 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
795 /* EVP_PKEY_eq() returns -2 with missing public keys */
796 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
804 EVP_MD_CTX_free(ctx);
811 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
812 #endif /* OPENSSL_NO_EC */
814 static int test_EVP_Enveloped(void)
817 EVP_CIPHER_CTX *ctx = NULL;
818 EVP_PKEY *keypair = NULL;
819 unsigned char *kek = NULL;
820 unsigned char iv[EVP_MAX_IV_LENGTH];
821 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
822 int len, kek_len, ciphertext_len, plaintext_len;
823 unsigned char ciphertext[32], plaintext[16];
824 const EVP_CIPHER *type = NULL;
826 if (nullprov != NULL)
827 return TEST_skip("Test does not support a non-default library context");
829 type = EVP_aes_256_cbc();
831 if (!TEST_ptr(keypair = load_example_rsa_key())
832 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
834 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
836 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
838 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
842 ciphertext_len += len;
844 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
845 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
846 ciphertext, ciphertext_len))
847 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
850 plaintext_len += len;
851 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
857 EVP_PKEY_free(keypair);
858 EVP_CIPHER_CTX_free(ctx);
863 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
864 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
865 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
866 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
867 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
868 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
869 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
870 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
871 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
873 static int test_EVP_DigestSignInit(int tst)
876 EVP_PKEY *pkey = NULL;
877 unsigned char *sig = NULL;
879 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
880 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
881 BIO *mdbio = NULL, *membio = NULL;
884 EVP_MD *mdexp = NULL;
886 if (nullprov != NULL)
887 return TEST_skip("Test does not support a non-default library context");
890 membio = BIO_new(BIO_s_mem());
891 mdbio = BIO_new(BIO_f_md());
892 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
894 BIO_push(mdbio, membio);
895 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
898 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
899 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
903 if (tst == 0 || tst == 3 || tst == 6) {
904 if (!TEST_ptr(pkey = load_example_rsa_key()))
906 } else if (tst == 1 || tst == 4 || tst == 7) {
907 #ifndef OPENSSL_NO_DSA
908 if (!TEST_ptr(pkey = load_example_dsa_key()))
915 if (!TEST_ptr(pkey = load_example_hmac_key()))
919 if (tst >= 3 && tst <= 5)
920 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
924 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
928 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
931 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
935 /* Determine the size of the signature. */
936 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
937 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
938 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
942 if (!TEST_int_gt(BIO_reset(mdbio), 0)
943 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
948 * Ensure that the signature round-trips (Verification isn't supported for
949 * HMAC via EVP_DigestVerify*)
951 if (tst != 2 && tst != 5 && tst != 8) {
952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
957 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
964 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
973 EVP_MD_CTX_free(a_md_ctx);
974 EVP_MD_CTX_free(a_md_ctx_verify);
982 static int test_EVP_DigestVerifyInit(void)
985 EVP_PKEY *pkey = NULL;
986 EVP_MD_CTX *md_ctx = NULL;
988 if (nullprov != NULL)
989 return TEST_skip("Test does not support a non-default library context");
991 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
992 || !TEST_ptr(pkey = load_example_rsa_key()))
995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
996 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
997 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
998 sizeof(kSignature))))
1003 EVP_MD_CTX_free(md_ctx);
1004 EVP_PKEY_free(pkey);
1009 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1011 static int test_EVP_Digest(void)
1014 EVP_MD_CTX *md_ctx = NULL;
1015 unsigned char md[EVP_MAX_MD_SIZE];
1016 EVP_MD *sha256 = NULL;
1017 EVP_MD *shake256 = NULL;
1019 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1022 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1023 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1026 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1027 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1028 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1029 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1030 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1036 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1039 * EVP_DigestInit_ex with NULL type should work on
1040 * pre-initialized context.
1042 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1045 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1046 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1047 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1048 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1049 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1050 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1055 EVP_MD_CTX_free(md_ctx);
1056 EVP_MD_free(sha256);
1057 EVP_MD_free(shake256);
1061 static int test_d2i_AutoPrivateKey(int i)
1064 const unsigned char *p;
1065 EVP_PKEY *pkey = NULL;
1066 const APK_DATA *ak = &keydata[i];
1067 const unsigned char *input = ak->kder;
1068 size_t input_len = ak->size;
1069 int expected_id = ak->evptype;
1072 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1073 || !TEST_ptr_eq(p, input + input_len)
1074 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1080 EVP_PKEY_free(pkey);
1084 #ifndef OPENSSL_NO_EC
1086 static const unsigned char ec_public_sect163k1_validxy[] = {
1087 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1088 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1089 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1090 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1091 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1092 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1095 static const unsigned char ec_public_sect163k1_badx[] = {
1096 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1097 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1098 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1099 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1100 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1101 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1104 static const unsigned char ec_public_sect163k1_bady[] = {
1105 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1106 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1107 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1108 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1109 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1110 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1113 static struct ec_der_pub_keys_st {
1114 const unsigned char *der;
1117 } ec_der_pub_keys[] = {
1118 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1119 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1120 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1124 * Tests the range of the decoded EC char2 public point.
1125 * See ec_GF2m_simple_oct2point().
1127 static int test_invalide_ec_char2_pub_range_decode(int id)
1132 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1133 ec_der_pub_keys[id].len);
1135 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1136 || TEST_ptr_null(pkey);
1137 EVP_PKEY_free(pkey);
1141 /* Tests loading a bad key in PKCS8 format */
1142 static int test_EVP_PKCS82PKEY(void)
1145 const unsigned char *derp = kExampleBadECKeyDER;
1146 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1147 EVP_PKEY *pkey = NULL;
1149 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1150 sizeof(kExampleBadECKeyDER))))
1153 if (!TEST_ptr_eq(derp,
1154 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1157 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1163 PKCS8_PRIV_KEY_INFO_free(p8inf);
1164 EVP_PKEY_free(pkey);
1170 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1171 static int test_privatekey_to_pkcs8(void)
1173 EVP_PKEY *pkey = NULL;
1175 char *membuf = NULL;
1176 long membuf_len = 0;
1179 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1180 || !TEST_ptr(pkey = load_example_rsa_key())
1181 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1182 NULL, 0, NULL, NULL),
1184 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1185 || !TEST_ptr(membuf)
1186 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1187 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1189 * We try to write PEM as well, just to see that it doesn't err, but
1190 * assume that the result is correct.
1192 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1193 NULL, 0, NULL, NULL),
1199 EVP_PKEY_free(pkey);
1200 BIO_free_all(membio);
1204 #ifndef OPENSSL_NO_EC
1205 static const struct {
1207 const char *encoding_name;
1208 } ec_encodings[] = {
1209 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1210 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1213 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1215 const OSSL_PARAM *p;
1216 const char *enc_name = NULL;
1222 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1223 OSSL_PKEY_PARAM_EC_ENCODING))
1224 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1227 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1228 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1229 *enc = ec_encodings[i].encoding;
1234 return (*enc != -1);
1237 static int test_EC_keygen_with_enc(int idx)
1239 EVP_PKEY *params = NULL, *key = NULL;
1240 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1244 enc = ec_encodings[idx].encoding;
1246 /* Create key parameters */
1247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1248 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1249 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1250 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1251 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1252 || !TEST_ptr(params))
1256 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1257 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1258 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1262 /* Check that the encoding got all the way into the key */
1263 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1264 ec_export_get_encoding_cb, &enc))
1265 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1271 EVP_PKEY_free(params);
1272 EVP_PKEY_CTX_free(kctx);
1273 EVP_PKEY_CTX_free(pctx);
1278 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1280 static int test_EVP_SM2_verify(void)
1282 const char *pubkey =
1283 "-----BEGIN PUBLIC KEY-----\n"
1284 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1285 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1286 "-----END PUBLIC KEY-----\n";
1288 const char *msg = "message digest";
1289 const char *id = "ALICE123@YAHOO.COM";
1291 const uint8_t signature[] = {
1292 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1293 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1294 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1295 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1296 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1297 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1298 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1303 EVP_PKEY *pkey = NULL;
1304 EVP_MD_CTX *mctx = NULL;
1305 EVP_PKEY_CTX *pctx = NULL;
1308 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1309 if (!TEST_true(bio != NULL))
1312 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1313 if (!TEST_true(pkey != NULL))
1316 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1319 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1322 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1325 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1327 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1330 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1333 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1336 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1339 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1345 EVP_PKEY_free(pkey);
1346 EVP_PKEY_CTX_free(pctx);
1347 EVP_MD_CTX_free(mctx);
1352 static int test_EVP_SM2(void)
1355 EVP_PKEY *pkey = NULL;
1356 EVP_PKEY *pkeyparams = NULL;
1357 EVP_PKEY_CTX *pctx = NULL;
1358 EVP_PKEY_CTX *kctx = NULL;
1359 EVP_PKEY_CTX *sctx = NULL;
1361 unsigned char *sig = NULL;
1362 EVP_MD_CTX *md_ctx = NULL;
1363 EVP_MD_CTX *md_ctx_verify = NULL;
1364 EVP_PKEY_CTX *cctx = NULL;
1367 uint8_t ciphertext[128];
1368 size_t ctext_len = sizeof(ciphertext);
1370 uint8_t plaintext[8];
1371 size_t ptext_len = sizeof(plaintext);
1373 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1375 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1376 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1380 pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
1381 if (!TEST_ptr(pctx))
1384 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1387 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1390 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1393 kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
1394 if (!TEST_ptr(kctx))
1397 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1400 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1403 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1406 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1409 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1412 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1413 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1415 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
1421 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1424 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1427 /* Determine the size of the signature. */
1428 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1431 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1434 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1437 /* Ensure that the signature round-trips. */
1439 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
1442 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1445 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1448 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1451 /* now check encryption/decryption */
1453 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1454 mdname, sizeof(mdname));
1455 for (i = 0; i < 2; i++) {
1456 EVP_PKEY_CTX_free(cctx);
1458 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1459 i == 0 ? "SM3" : "SHA2-256",
1462 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1465 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1468 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1471 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1475 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1478 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1481 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1485 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1488 /* Test we're still using the digest we think we are */
1489 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1491 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1494 if (!TEST_true(ptext_len == sizeof(kMsg)))
1497 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1503 EVP_PKEY_CTX_free(pctx);
1504 EVP_PKEY_CTX_free(kctx);
1505 EVP_PKEY_CTX_free(sctx);
1506 EVP_PKEY_CTX_free(cctx);
1507 EVP_PKEY_free(pkey);
1508 EVP_PKEY_free(pkeyparams);
1509 EVP_MD_CTX_free(md_ctx);
1510 EVP_MD_CTX_free(md_ctx_verify);
1518 static struct keys_st {
1524 EVP_PKEY_HMAC, "0123456789", NULL
1526 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1528 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1530 #ifndef OPENSSL_NO_EC
1532 EVP_PKEY_X25519, "01234567890123456789012345678901",
1533 "abcdefghijklmnopqrstuvwxyzabcdef"
1535 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1536 "abcdefghijklmnopqrstuvwxyzabcdef"
1539 "01234567890123456789012345678901234567890123456789012345",
1540 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1543 "012345678901234567890123456789012345678901234567890123456",
1544 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1549 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1552 unsigned char buf[80];
1554 size_t inlen, len = 0;
1557 if (nullprov != NULL)
1558 return TEST_skip("Test does not support a non-default library context");
1560 /* Check if this algorithm supports public keys */
1561 if (keys[tst].pub == NULL)
1564 memset(buf, 0, sizeof(buf));
1567 inlen = strlen(keys[tst].pub);
1568 in = (unsigned char *)keys[tst].pub;
1570 pkey = EVP_PKEY_new_raw_public_key_ex(
1572 OBJ_nid2sn(keys[tst].type),
1577 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1583 inlen = strlen(keys[tst].priv);
1584 in = (unsigned char *)keys[tst].priv;
1586 pkey = EVP_PKEY_new_raw_private_key_ex(
1587 testctx, OBJ_nid2sn(keys[tst].type),
1592 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1600 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1601 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1602 || !TEST_true(len == inlen)
1603 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1604 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1605 || !TEST_mem_eq(in, inlen, buf, len))
1610 EVP_PKEY_free(pkey);
1614 static int test_set_get_raw_keys(int tst)
1616 return test_set_get_raw_keys_int(tst, 0, 0)
1617 && test_set_get_raw_keys_int(tst, 0, 1)
1618 && test_set_get_raw_keys_int(tst, 1, 0)
1619 && test_set_get_raw_keys_int(tst, 1, 1);
1622 #ifndef OPENSSL_NO_DEPRECATED_3_0
1623 static int pkey_custom_check(EVP_PKEY *pkey)
1628 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1633 static int pkey_custom_param_check(EVP_PKEY *pkey)
1638 static EVP_PKEY_METHOD *custom_pmeth;
1641 static int test_EVP_PKEY_check(int i)
1644 EVP_PKEY *pkey = NULL;
1645 EVP_PKEY_CTX *ctx = NULL;
1646 #ifndef OPENSSL_NO_DEPRECATED_3_0
1647 EVP_PKEY_CTX *ctx2 = NULL;
1649 const APK_DATA *ak = &keycheckdata[i];
1650 const unsigned char *input = ak->kder;
1651 size_t input_len = ak->size;
1652 int expected_id = ak->evptype;
1653 int expected_check = ak->check;
1654 int expected_pub_check = ak->pub_check;
1655 int expected_param_check = ak->param_check;
1656 int type = ak->type;
1658 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1661 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1664 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1667 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1670 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1673 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1676 #ifndef OPENSSL_NO_DEPRECATED_3_0
1677 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1678 /* assign the pkey directly, as an internal test */
1679 EVP_PKEY_up_ref(pkey);
1682 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1685 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1688 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1695 EVP_PKEY_CTX_free(ctx);
1696 #ifndef OPENSSL_NO_DEPRECATED_3_0
1697 EVP_PKEY_CTX_free(ctx2);
1699 EVP_PKEY_free(pkey);
1703 #ifndef OPENSSL_NO_CMAC
1704 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1706 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1707 const char msg[] = "Hello World";
1711 if (!TEST_ptr(mdctx)
1712 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1713 testpropq, pkey, NULL))
1714 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1715 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1716 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1719 EVP_MD_CTX_free(mdctx);
1723 static int test_CMAC_keygen(void)
1725 static unsigned char key[] = {
1726 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1727 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1728 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1730 EVP_PKEY_CTX *kctx = NULL;
1732 EVP_PKEY *pkey = NULL;
1733 unsigned char mac[AES_BLOCK_SIZE];
1734 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1735 unsigned char mac2[AES_BLOCK_SIZE];
1738 if (nullprov != NULL)
1739 return TEST_skip("Test does not support a non-default library context");
1742 * This is a legacy method for CMACs, but should still work.
1743 * This verifies that it works without an ENGINE.
1745 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1747 /* Test a CMAC key created using the "generated" method */
1748 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1749 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1750 EVP_PKEY_CTRL_CIPHER,
1751 0, (void *)EVP_aes_256_ecb()), 0)
1752 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1753 EVP_PKEY_CTRL_SET_MAC_KEY,
1754 sizeof(key), (void *)key), 0)
1755 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1757 || !TEST_true(get_cmac_val(pkey, mac)))
1760 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1761 EVP_PKEY_free(pkey);
1764 * Test a CMAC key using the direct method, and compare with the mac
1767 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1769 || !TEST_true(get_cmac_val(pkey, mac2))
1770 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1777 EVP_PKEY_free(pkey);
1778 EVP_PKEY_CTX_free(kctx);
1783 static int test_HKDF(void)
1786 unsigned char out[20];
1789 unsigned char salt[] = "0123456789";
1790 unsigned char key[] = "012345678901234567890123456789";
1791 unsigned char info[] = "infostring";
1792 const unsigned char expected[] = {
1793 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1794 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1796 size_t expectedlen = sizeof(expected);
1798 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1801 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1802 for (i = 0; i < 2; i++) {
1803 outlen = sizeof(out);
1804 memset(out, 0, outlen);
1806 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1807 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1808 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1809 sizeof(salt) - 1), 0)
1810 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1811 sizeof(key) - 1), 0)
1812 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1813 sizeof(info) - 1), 0)
1814 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1815 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1822 EVP_PKEY_CTX_free(pctx);
1827 static int test_emptyikm_HKDF(void)
1830 unsigned char out[20];
1833 unsigned char salt[] = "9876543210";
1834 unsigned char key[] = "";
1835 unsigned char info[] = "stringinfo";
1836 const unsigned char expected[] = {
1837 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1838 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1840 size_t expectedlen = sizeof(expected);
1842 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1845 outlen = sizeof(out);
1846 memset(out, 0, outlen);
1848 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1849 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1850 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1851 sizeof(salt) - 1), 0)
1852 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1853 sizeof(key) - 1), 0)
1854 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1855 sizeof(info) - 1), 0)
1856 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1857 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1863 EVP_PKEY_CTX_free(pctx);
1868 #ifndef OPENSSL_NO_EC
1869 static int test_X509_PUBKEY_inplace(void)
1872 X509_PUBKEY *xp = NULL;
1873 const unsigned char *p = kExampleECPubKeyDER;
1874 size_t input_len = sizeof(kExampleECPubKeyDER);
1876 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1879 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1882 p = kExampleBadECPubKeyDER;
1883 input_len = sizeof(kExampleBadECPubKeyDER);
1885 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1888 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1894 X509_PUBKEY_free(xp);
1898 static int test_X509_PUBKEY_dup(void)
1901 X509_PUBKEY *xp = NULL, *xq = NULL;
1902 const unsigned char *p = kExampleECPubKeyDER;
1903 size_t input_len = sizeof(kExampleECPubKeyDER);
1905 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1906 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1907 || !TEST_ptr_ne(xp, xq))
1910 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1911 || !TEST_ptr(X509_PUBKEY_get0(xp))
1912 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1915 X509_PUBKEY_free(xq);
1917 p = kExampleBadECPubKeyDER;
1918 input_len = sizeof(kExampleBadECPubKeyDER);
1920 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1921 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1924 X509_PUBKEY_free(xp);
1926 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1932 X509_PUBKEY_free(xp);
1933 X509_PUBKEY_free(xq);
1936 #endif /* OPENSSL_NO_EC */
1938 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1939 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1941 EVP_MD_CTX *mdctx = NULL;
1942 EVP_PKEY_CTX *ctx = NULL;
1943 const OSSL_PARAM *params;
1944 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1947 char mdname[OSSL_MAX_NAME_SIZE];
1950 /* Initialise a sign operation */
1951 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1953 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1957 * We should be able to query the parameters now.
1959 params = EVP_PKEY_CTX_settable_params(ctx);
1960 if (!TEST_ptr(params)
1961 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1962 OSSL_SIGNATURE_PARAM_DIGEST)))
1965 params = EVP_PKEY_CTX_gettable_params(ctx);
1966 if (!TEST_ptr(params)
1967 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1968 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1969 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1970 OSSL_SIGNATURE_PARAM_DIGEST)))
1974 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1975 * EVP_PKEY_CTX_get_params()
1977 strcpy(mdname, "SHA512");
1979 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1981 *param++ = OSSL_PARAM_construct_end();
1983 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1987 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1988 mdname, sizeof(mdname));
1989 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1990 || !TEST_str_eq(mdname, "SHA512"))
1994 * Test the TEST_PKEY_CTX_set_signature_md() and
1995 * TEST_PKEY_CTX_get_signature_md() functions
1997 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1998 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1999 || !TEST_ptr_eq(md, EVP_sha256()))
2003 * Test getting MD parameters via an associated EVP_PKEY_CTX
2005 mdctx = EVP_MD_CTX_new();
2006 if (!TEST_ptr(mdctx)
2007 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2012 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2013 * able to obtain the digest's settable parameters from the provider.
2015 params = EVP_MD_CTX_settable_params(mdctx);
2016 if (!TEST_ptr(params)
2017 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2018 /* The final key should be NULL */
2019 || !TEST_ptr_null(params[1].key))
2023 memset(ssl3ms, 0, sizeof(ssl3ms));
2024 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2025 ssl3ms, sizeof(ssl3ms));
2026 *param++ = OSSL_PARAM_construct_end();
2028 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2034 EVP_MD_CTX_free(mdctx);
2035 EVP_PKEY_CTX_free(ctx);
2040 #ifndef OPENSSL_NO_DSA
2041 static int test_DSA_get_set_params(void)
2043 OSSL_PARAM_BLD *bld = NULL;
2044 OSSL_PARAM *params = NULL;
2045 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2046 EVP_PKEY_CTX *pctx = NULL;
2047 EVP_PKEY *pkey = NULL;
2051 * Setup the parameters for our DSA object. For our purposes they don't
2052 * have to actually be *valid* parameters. We just need to set something.
2054 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2055 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2056 || !TEST_ptr(p = BN_new())
2057 || !TEST_ptr(q = BN_new())
2058 || !TEST_ptr(g = BN_new())
2059 || !TEST_ptr(pub = BN_new())
2060 || !TEST_ptr(priv = BN_new()))
2062 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2063 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2064 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2065 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2067 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2070 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2073 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2074 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2078 if (!TEST_ptr(pkey))
2081 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2084 EVP_PKEY_free(pkey);
2085 EVP_PKEY_CTX_free(pctx);
2086 OSSL_PARAM_free(params);
2087 OSSL_PARAM_BLD_free(bld);
2098 * Test combinations of private, public, missing and private + public key
2099 * params to ensure they are all accepted
2101 static int test_DSA_priv_pub(void)
2103 return test_EVP_PKEY_ffc_priv_pub("DSA");
2106 #endif /* !OPENSSL_NO_DSA */
2108 static int test_RSA_get_set_params(void)
2110 OSSL_PARAM_BLD *bld = NULL;
2111 OSSL_PARAM *params = NULL;
2112 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2113 EVP_PKEY_CTX *pctx = NULL;
2114 EVP_PKEY *pkey = NULL;
2118 * Setup the parameters for our RSA object. For our purposes they don't
2119 * have to actually be *valid* parameters. We just need to set something.
2121 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2122 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2123 || !TEST_ptr(n = BN_new())
2124 || !TEST_ptr(e = BN_new())
2125 || !TEST_ptr(d = BN_new()))
2127 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2128 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2131 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2134 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2135 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2139 if (!TEST_ptr(pkey))
2142 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2145 EVP_PKEY_free(pkey);
2146 EVP_PKEY_CTX_free(pctx);
2147 OSSL_PARAM_free(params);
2148 OSSL_PARAM_BLD_free(bld);
2156 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2157 static int test_decrypt_null_chunks(void)
2159 EVP_CIPHER_CTX* ctx = NULL;
2160 EVP_CIPHER *cipher = NULL;
2161 const unsigned char key[32] = {
2162 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2163 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2164 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2166 unsigned char iv[12] = {
2167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2169 unsigned char msg[] = "It was the best of times, it was the worst of times";
2170 unsigned char ciphertext[80];
2171 unsigned char plaintext[80];
2172 /* We initialise tmp to a non zero value on purpose */
2173 int ctlen, ptlen, tmp = 99;
2175 const int enc_offset = 10, dec_offset = 20;
2177 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2178 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2179 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2181 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2183 /* Deliberate add a zero length update */
2184 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2186 || !TEST_int_eq(tmp, 0)
2187 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2189 sizeof(msg) - enc_offset))
2190 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2191 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2192 || !TEST_int_eq(tmp, 0))
2195 /* Deliberately initialise tmp to a non zero value */
2197 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2198 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2201 * Deliberately add a zero length update. We also deliberately do
2202 * this at a different offset than for encryption.
2204 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2206 || !TEST_int_eq(tmp, 0)
2207 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2208 ciphertext + dec_offset,
2209 ctlen - dec_offset))
2210 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2211 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2212 || !TEST_int_eq(tmp, 0)
2213 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2218 EVP_CIPHER_CTX_free(ctx);
2219 EVP_CIPHER_free(cipher);
2222 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2224 #ifndef OPENSSL_NO_DH
2226 * Test combinations of private, public, missing and private + public key
2227 * params to ensure they are all accepted
2229 static int test_DH_priv_pub(void)
2231 return test_EVP_PKEY_ffc_priv_pub("DH");
2234 # ifndef OPENSSL_NO_DEPRECATED_3_0
2235 static int test_EVP_PKEY_set1_DH(void)
2237 DH *x942dh = NULL, *noqdh = NULL;
2238 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2240 BIGNUM *p, *g = NULL;
2242 if (!TEST_ptr(p = BN_new())
2243 || !TEST_ptr(g = BN_new())
2244 || !BN_set_word(p, 9999)
2245 || !BN_set_word(g, 2)
2246 || !TEST_ptr(noqdh = DH_new())
2247 || !DH_set0_pqg(noqdh, p, NULL, g))
2251 x942dh = DH_get_2048_256();
2252 pkey1 = EVP_PKEY_new();
2253 pkey2 = EVP_PKEY_new();
2254 if (!TEST_ptr(x942dh)
2257 || !TEST_ptr(pkey2))
2260 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2261 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2264 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2265 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2272 EVP_PKEY_free(pkey1);
2273 EVP_PKEY_free(pkey2);
2279 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2280 #endif /* !OPENSSL_NO_DH */
2283 * We test what happens with an empty template. For the sake of this test,
2284 * the template must be ignored, and we know that's the case for RSA keys
2285 * (this might arguably be a misfeature, but that's what we currently do,
2286 * even in provider code, since that's how the legacy RSA implementation
2289 static int test_keygen_with_empty_template(int n)
2291 EVP_PKEY_CTX *ctx = NULL;
2292 EVP_PKEY *pkey = NULL;
2293 EVP_PKEY *tkey = NULL;
2296 if (nullprov != NULL)
2297 return TEST_skip("Test does not support a non-default library context");
2301 /* We do test with no template at all as well */
2302 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2306 /* Here we create an empty RSA key that serves as our template */
2307 if (!TEST_ptr(tkey = EVP_PKEY_new())
2308 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2309 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2314 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2315 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2320 EVP_PKEY_CTX_free(ctx);
2321 EVP_PKEY_free(pkey);
2322 EVP_PKEY_free(tkey);
2327 * Test that we fail if we attempt to use an algorithm that is not available
2328 * in the current library context (unless we are using an algorithm that
2329 * should be made available via legacy codepaths).
2334 static int test_pkey_ctx_fail_without_provider(int tst)
2336 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2337 OSSL_PROVIDER *tmpnullprov = NULL;
2338 EVP_PKEY_CTX *pctx = NULL;
2339 const char *keytype = NULL;
2340 int expect_null = 0;
2343 if (!TEST_ptr(tmpctx))
2346 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2347 if (!TEST_ptr(tmpnullprov))
2351 * We check for certain algos in the null provider.
2352 * If an algo is expected to have a provider keymgmt, contructing an
2353 * EVP_PKEY_CTX is expected to fail (return NULL).
2354 * Otherwise, if it's expected to have legacy support, contructing an
2355 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2365 #ifdef OPENSSL_NO_EC
2366 TEST_info("EC disable, skipping SM2 check...");
2369 #ifdef OPENSSL_NO_SM2
2370 TEST_info("SM2 disable, skipping SM2 check...");
2375 TEST_error("No test for case %d", tst);
2379 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2380 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2383 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2389 EVP_PKEY_CTX_free(pctx);
2390 OSSL_PROVIDER_unload(tmpnullprov);
2391 OSSL_LIB_CTX_free(tmpctx);
2395 static int test_rand_agglomeration(void)
2399 OSSL_PARAM params[3], *p = params;
2401 unsigned int step = 7;
2402 static unsigned char seed[] = "It does not matter how slowly you go "
2403 "as long as you do not stop.";
2404 unsigned char out[sizeof(seed)];
2406 if (!TEST_int_ne(sizeof(seed) % step, 0)
2407 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2409 ctx = EVP_RAND_CTX_new(rand, NULL);
2410 EVP_RAND_free(rand);
2414 memset(out, 0, sizeof(out));
2415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2416 seed, sizeof(seed));
2417 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2418 *p = OSSL_PARAM_construct_end();
2419 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2420 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2421 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2422 EVP_RAND_CTX_free(ctx);
2427 * Test that we correctly return the original or "running" IV after
2428 * an encryption operation.
2429 * Run multiple times for some different relevant algorithms/modes.
2431 static int test_evp_iv(int idx)
2434 EVP_CIPHER_CTX *ctx = NULL;
2435 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2436 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2437 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2438 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2439 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2440 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2441 9, 10, 11, 12, 13, 14, 15, 16 };
2442 unsigned char ciphertext[32], oiv[16], iv[16];
2443 unsigned char *ref_iv;
2444 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2445 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2447 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2448 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2449 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2450 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2451 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2452 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2453 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2454 #ifndef OPENSSL_NO_OCB
2455 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2456 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2458 int len = sizeof(ciphertext);
2459 size_t ivlen, ref_len;
2460 const EVP_CIPHER *type = NULL;
2463 if (nullprov != NULL && idx < 6)
2464 return TEST_skip("Test does not support a non-default library context");
2468 type = EVP_aes_128_cbc();
2471 type = (type != NULL) ? type :
2472 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2474 ref_len = sizeof(cbc_state);
2478 type = EVP_aes_128_ofb();
2481 type = (type != NULL) ? type :
2482 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2484 ref_len = sizeof(ofb_state);
2488 type = EVP_aes_128_cfb();
2491 type = (type != NULL) ? type :
2492 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2494 ref_len = sizeof(cfb_state);
2498 type = EVP_aes_128_gcm();
2501 type = (type != NULL) ? type :
2502 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2504 ref_len = sizeof(gcm_state);
2507 type = EVP_aes_128_ccm();
2510 type = (type != NULL) ? type :
2511 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2513 ref_len = sizeof(ccm_state);
2515 #ifdef OPENSSL_NO_OCB
2521 type = EVP_aes_128_ocb();
2524 type = (type != NULL) ? type :
2525 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2527 ref_len = sizeof(ocb_state);
2535 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2536 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2537 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2539 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2540 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2541 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2543 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2544 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2545 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2548 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2549 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2550 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2553 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2556 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2562 EVP_CIPHER_CTX_free(ctx);
2564 EVP_CIPHER_free((EVP_CIPHER *)type);
2568 #ifndef OPENSSL_NO_EC
2569 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2570 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2571 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2572 NID_brainpoolP384r1, NID_brainpoolP512r1};
2574 static int test_ecpub(int idx)
2576 int ret = 0, len, savelen;
2578 unsigned char buf[1024];
2580 EVP_PKEY *pkey = NULL;
2581 EVP_PKEY_CTX *ctx = NULL;
2582 # ifndef OPENSSL_NO_DEPRECATED_3_0
2583 const unsigned char *q;
2584 EVP_PKEY *pkey2 = NULL;
2588 if (nullprov != NULL)
2589 return TEST_skip("Test does not support a non-default library context");
2591 nid = ecpub_nids[idx];
2593 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2595 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2596 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2597 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2599 len = i2d_PublicKey(pkey, NULL);
2601 if (!TEST_int_ge(len, 1)
2602 || !TEST_int_lt(len, 1024))
2605 len = i2d_PublicKey(pkey, &p);
2606 if (!TEST_int_ge(len, 1)
2607 || !TEST_int_eq(len, savelen))
2610 # ifndef OPENSSL_NO_DEPRECATED_3_0
2611 /* Now try to decode the just-created DER. */
2613 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2614 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2615 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2617 /* EC_KEY ownership transferred */
2619 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2621 /* The keys should match. */
2622 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2629 EVP_PKEY_CTX_free(ctx);
2630 EVP_PKEY_free(pkey);
2631 # ifndef OPENSSL_NO_DEPRECATED_3_0
2632 EVP_PKEY_free(pkey2);
2639 static int test_EVP_rsa_pss_with_keygen_bits(void)
2642 EVP_PKEY_CTX *ctx = NULL;
2643 EVP_PKEY *pkey = NULL;
2646 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2648 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2649 && TEST_true(EVP_PKEY_keygen_init(ctx))
2650 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2651 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2652 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2655 EVP_PKEY_free(pkey);
2656 EVP_PKEY_CTX_free(ctx);
2660 static int success = 1;
2661 static void md_names(const char *name, void *vctx)
2663 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2664 /* Force a namemap update */
2665 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2667 if (!TEST_ptr(aes128))
2670 EVP_CIPHER_free(aes128);
2674 * Test that changing the namemap in a user callback works in a names_do_all
2677 static int test_names_do_all(void)
2679 /* We use a custom libctx so that we know the state of the namemap */
2680 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2681 EVP_MD *sha256 = NULL;
2687 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2688 if (!TEST_ptr(sha256))
2692 * We loop through all the names for a given digest. This should still work
2693 * even if the namemap changes part way through.
2695 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2698 if (!TEST_true(success))
2703 EVP_MD_free(sha256);
2704 OSSL_LIB_CTX_free(ctx);
2708 typedef enum OPTION_choice {
2715 const OPTIONS *test_get_options(void)
2717 static const OPTIONS options[] = {
2718 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2719 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2725 int setup_tests(void)
2729 while ((o = opt_next()) != OPT_EOF) {
2732 /* Set up an alternate library context */
2733 testctx = OSSL_LIB_CTX_new();
2734 if (!TEST_ptr(testctx))
2736 /* Swap the libctx to test non-default context only */
2737 nullprov = OSSL_PROVIDER_load(NULL, "null");
2738 deflprov = OSSL_PROVIDER_load(testctx, "default");
2739 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2741 case OPT_TEST_CASES:
2748 ADD_TEST(test_EVP_set_default_properties);
2749 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2750 ADD_TEST(test_EVP_DigestVerifyInit);
2751 ADD_TEST(test_EVP_Digest);
2752 ADD_TEST(test_EVP_Enveloped);
2753 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2754 ADD_TEST(test_privatekey_to_pkcs8);
2755 #ifndef OPENSSL_NO_EC
2756 ADD_TEST(test_EVP_PKCS82PKEY);
2758 #ifndef OPENSSL_NO_EC
2759 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2761 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2762 ADD_TEST(test_EVP_SM2);
2763 ADD_TEST(test_EVP_SM2_verify);
2765 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2766 #ifndef OPENSSL_NO_DEPRECATED_3_0
2767 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2768 if (!TEST_ptr(custom_pmeth))
2770 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2771 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2772 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2773 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2776 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2777 #ifndef OPENSSL_NO_CMAC
2778 ADD_TEST(test_CMAC_keygen);
2780 ADD_TEST(test_HKDF);
2781 ADD_TEST(test_emptyikm_HKDF);
2782 #ifndef OPENSSL_NO_EC
2783 ADD_TEST(test_X509_PUBKEY_inplace);
2784 ADD_TEST(test_X509_PUBKEY_dup);
2785 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2786 OSSL_NELEM(ec_der_pub_keys));
2788 #ifndef OPENSSL_NO_DSA
2789 ADD_TEST(test_DSA_get_set_params);
2790 ADD_TEST(test_DSA_priv_pub);
2792 ADD_TEST(test_RSA_get_set_params);
2793 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2794 ADD_TEST(test_decrypt_null_chunks);
2796 #ifndef OPENSSL_NO_DH
2797 ADD_TEST(test_DH_priv_pub);
2798 # ifndef OPENSSL_NO_DEPRECATED_3_0
2799 ADD_TEST(test_EVP_PKEY_set1_DH);
2802 #ifndef OPENSSL_NO_EC
2803 ADD_TEST(test_EC_priv_pub);
2804 # ifndef OPENSSL_NO_DEPRECATED_3_0
2805 ADD_TEST(test_EC_priv_only_legacy);
2808 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2809 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2811 ADD_TEST(test_rand_agglomeration);
2812 ADD_ALL_TESTS(test_evp_iv, 12);
2813 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2814 #ifndef OPENSSL_NO_EC
2815 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2818 ADD_TEST(test_names_do_all);
2823 void cleanup_tests(void)
2825 OSSL_PROVIDER_unload(nullprov);
2826 OSSL_PROVIDER_unload(deflprov);
2827 OSSL_PROVIDER_unload(lgcyprov);
2828 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob