2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
403 # ifndef OPENSSL_NO_DEPRECATED_3_0
404 static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
413 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414 #ifndef OPENSSL_NO_DEPRECATED_3_0
415 # ifndef OPENSSL_NO_DH
416 static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
446 static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
451 static const unsigned char kGCMDefaultKey[32] = { 0 };
453 static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
459 static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
464 static const unsigned char iGCMDefaultIV[12] = { 0 };
466 static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
470 static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
474 static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
479 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481 static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
489 static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
494 static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
499 static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
507 static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
515 static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
520 static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
525 static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
530 static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
535 typedef struct APK_DATA_st {
536 const unsigned char *kder;
543 int type; /* 0 for private, 1 for public, 2 for params */
546 static APK_DATA keydata[] = {
547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
549 #ifndef OPENSSL_NO_EC
550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
554 static APK_DATA keycheckdata[] = {
555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
561 /* group is also associated in our pub key */
562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
573 static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
576 const unsigned char **pdata = &data;
577 EVP_PKEY *pkey = NULL;
578 OSSL_DECODER_CTX *dctx =
579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
588 static EVP_PKEY *load_example_rsa_key(void)
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
594 #ifndef OPENSSL_NO_DSA
595 static EVP_PKEY *load_example_dsa_key(void)
597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
602 #ifndef OPENSSL_NO_DEPRECATED_3_0
603 # ifndef OPENSSL_NO_DH
604 static EVP_PKEY *load_example_dh_key(void)
606 return load_example_key("DH", kExampleDHKeyDER,
607 sizeof(kExampleDHKeyDER));
611 # ifndef OPENSSL_NO_EC
612 static EVP_PKEY *load_example_ec_key(void)
614 return load_example_key("EC", kExampleECKeyDER,
615 sizeof(kExampleECKeyDER));
618 static EVP_PKEY *load_example_ed25519_key(void)
620 return load_example_key("ED25519", kExampleED25519KeyDER,
621 sizeof(kExampleED25519KeyDER));
624 static EVP_PKEY *load_example_x25519_key(void)
626 return load_example_key("X25519", kExampleX25519KeyDER,
627 sizeof(kExampleX25519KeyDER));
630 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
632 static EVP_PKEY *load_example_hmac_key(void)
634 EVP_PKEY *pkey = NULL;
635 unsigned char key[] = {
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
637 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
638 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
641 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
642 NULL, key, sizeof(key));
649 static int test_EVP_set_default_properties(void)
655 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
656 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
661 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
662 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
663 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
668 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
669 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
674 OSSL_LIB_CTX_free(ctx);
678 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
679 static int test_fromdata(char *keytype, OSSL_PARAM *params)
681 EVP_PKEY_CTX *pctx = NULL;
682 EVP_PKEY *pkey = NULL;
685 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
687 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
688 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
698 EVP_PKEY_CTX_free(pctx);
702 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
705 * Test combinations of private, public, missing and private + public key
706 * params to ensure they are all accepted
708 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
709 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
711 OSSL_PARAM_BLD *bld = NULL;
712 OSSL_PARAM *params = NULL;
713 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
717 * Setup the parameters for our pkey object. For our purposes they don't
718 * have to actually be *valid* parameters. We just need to set something.
720 if (!TEST_ptr(p = BN_new())
721 || !TEST_ptr(q = BN_new())
722 || !TEST_ptr(g = BN_new())
723 || !TEST_ptr(pub = BN_new())
724 || !TEST_ptr(priv = BN_new()))
727 /* Test !priv and !pub */
728 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
731 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
736 if (!test_fromdata(keytype, params))
738 OSSL_PARAM_free(params);
740 OSSL_PARAM_BLD_free(bld);
742 /* Test priv and !pub */
743 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
744 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
745 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
746 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
750 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
753 if (!test_fromdata(keytype, params))
755 OSSL_PARAM_free(params);
757 OSSL_PARAM_BLD_free(bld);
759 /* Test !priv and pub */
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
762 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
767 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
770 if (!test_fromdata(keytype, params))
772 OSSL_PARAM_free(params);
774 OSSL_PARAM_BLD_free(bld);
776 /* Test priv and pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
786 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
789 if (!test_fromdata(keytype, params))
794 OSSL_PARAM_free(params);
795 OSSL_PARAM_BLD_free(bld);
804 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
807 * Test combinations of private, public, missing and private + public key
808 * params to ensure they are all accepted for EC keys
810 #ifndef OPENSSL_NO_EC
811 static unsigned char ec_priv[] = {
812 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
813 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
814 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
816 static unsigned char ec_pub[] = {
817 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
818 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
819 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
820 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
821 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
822 0x08, 0x09, 0xb8, 0xdb, 0x03
825 static int test_EC_priv_pub(void)
827 OSSL_PARAM_BLD *bld = NULL;
828 OSSL_PARAM *params = NULL;
833 * Setup the parameters for our pkey object. For our purposes they don't
834 * have to actually be *valid* parameters. We just need to set something.
836 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
839 /* Test !priv and !pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
842 OSSL_PKEY_PARAM_GROUP_NAME,
845 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
848 if (!test_fromdata("EC", params))
850 OSSL_PARAM_free(params);
852 OSSL_PARAM_BLD_free(bld);
854 /* Test priv and !pub */
855 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
856 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
857 OSSL_PKEY_PARAM_GROUP_NAME,
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
862 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
865 if (!test_fromdata("EC", params))
867 OSSL_PARAM_free(params);
869 OSSL_PARAM_BLD_free(bld);
871 /* Test !priv and pub */
872 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
873 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
874 OSSL_PKEY_PARAM_GROUP_NAME,
876 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
877 OSSL_PKEY_PARAM_PUB_KEY,
878 ec_pub, sizeof(ec_pub))))
880 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
883 if (!test_fromdata("EC", params))
885 OSSL_PARAM_free(params);
887 OSSL_PARAM_BLD_free(bld);
889 /* Test priv and pub */
890 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
891 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
892 OSSL_PKEY_PARAM_GROUP_NAME,
894 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
895 OSSL_PKEY_PARAM_PUB_KEY,
896 ec_pub, sizeof(ec_pub)))
897 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
900 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
903 if (!test_fromdata("EC", params))
908 OSSL_PARAM_free(params);
909 OSSL_PARAM_BLD_free(bld);
915 /* Test that using a legacy EC key with only a private key in it works */
916 # ifndef OPENSSL_NO_DEPRECATED_3_0
917 static int test_EC_priv_only_legacy(void)
921 EC_KEY *eckey = NULL;
922 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
923 EVP_MD_CTX *ctx = NULL;
925 /* Create the low level EC_KEY */
926 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
929 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
930 if (!TEST_ptr(eckey))
933 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
936 pkey = EVP_PKEY_new();
940 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
944 while (dup_pk == NULL) {
946 ctx = EVP_MD_CTX_new();
951 * The EVP_DigestSignInit function should create the key on the
952 * provider side which is sufficient for this test.
954 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
955 testpropq, pkey, NULL)))
957 EVP_MD_CTX_free(ctx);
960 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
962 /* EVP_PKEY_eq() returns -2 with missing public keys */
963 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
971 EVP_MD_CTX_free(ctx);
978 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
979 #endif /* OPENSSL_NO_EC */
982 * n = 0 => test using legacy cipher
983 * n = 1 => test using fetched cipher
985 static int test_EVP_Enveloped(int n)
988 EVP_CIPHER_CTX *ctx = NULL;
989 EVP_PKEY *keypair = NULL;
990 unsigned char *kek = NULL;
991 unsigned char iv[EVP_MAX_IV_LENGTH];
992 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
993 int len, kek_len, ciphertext_len, plaintext_len;
994 unsigned char ciphertext[32], plaintext[16];
995 EVP_CIPHER *type = NULL;
997 if (nullprov != NULL)
998 return TEST_skip("Test does not support a non-default library context");
1001 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1002 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1006 if (!TEST_ptr(keypair = load_example_rsa_key())
1007 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1008 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1009 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1011 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1013 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1017 ciphertext_len += len;
1019 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1020 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1021 ciphertext, ciphertext_len))
1022 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1025 plaintext_len += len;
1026 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1032 EVP_CIPHER_free(type);
1034 EVP_PKEY_free(keypair);
1035 EVP_CIPHER_CTX_free(ctx);
1040 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1041 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1042 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1043 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1044 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1045 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1046 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1047 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1048 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1050 static int test_EVP_DigestSignInit(int tst)
1053 EVP_PKEY *pkey = NULL;
1054 unsigned char *sig = NULL;
1056 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1057 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1058 BIO *mdbio = NULL, *membio = NULL;
1061 EVP_MD *mdexp = NULL;
1063 if (nullprov != NULL)
1064 return TEST_skip("Test does not support a non-default library context");
1067 membio = BIO_new(BIO_s_mem());
1068 mdbio = BIO_new(BIO_f_md());
1069 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1071 BIO_push(mdbio, membio);
1072 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1075 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1076 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1080 if (tst == 0 || tst == 3 || tst == 6) {
1081 if (!TEST_ptr(pkey = load_example_rsa_key()))
1083 } else if (tst == 1 || tst == 4 || tst == 7) {
1084 #ifndef OPENSSL_NO_DSA
1085 if (!TEST_ptr(pkey = load_example_dsa_key()))
1092 if (!TEST_ptr(pkey = load_example_hmac_key()))
1096 if (tst >= 3 && tst <= 5)
1097 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1101 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1105 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1108 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1112 /* Determine the size of the signature. */
1113 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1114 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1115 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1119 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1120 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1125 * Ensure that the signature round-trips (Verification isn't supported for
1126 * HMAC via EVP_DigestVerify*)
1128 if (tst != 2 && tst != 5 && tst != 8) {
1129 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1134 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1137 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1141 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1150 EVP_MD_CTX_free(a_md_ctx);
1151 EVP_MD_CTX_free(a_md_ctx_verify);
1152 EVP_PKEY_free(pkey);
1159 static int test_EVP_DigestVerifyInit(void)
1162 EVP_PKEY *pkey = NULL;
1163 EVP_MD_CTX *md_ctx = NULL;
1165 if (nullprov != NULL)
1166 return TEST_skip("Test does not support a non-default library context");
1168 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1169 || !TEST_ptr(pkey = load_example_rsa_key()))
1172 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1173 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1174 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1175 sizeof(kSignature))))
1180 EVP_MD_CTX_free(md_ctx);
1181 EVP_PKEY_free(pkey);
1186 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1188 static int test_EVP_Digest(void)
1191 EVP_MD_CTX *md_ctx = NULL;
1192 unsigned char md[EVP_MAX_MD_SIZE];
1193 EVP_MD *sha256 = NULL;
1194 EVP_MD *shake256 = NULL;
1196 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1199 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1200 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1203 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1204 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1205 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1206 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1207 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1210 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1211 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1212 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1213 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1214 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1216 * EVP_DigestInit_ex with NULL type should work on
1217 * pre-initialized context.
1219 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1222 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1223 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1224 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1225 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1226 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1227 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1232 EVP_MD_CTX_free(md_ctx);
1233 EVP_MD_free(sha256);
1234 EVP_MD_free(shake256);
1238 static int test_d2i_AutoPrivateKey(int i)
1241 const unsigned char *p;
1242 EVP_PKEY *pkey = NULL;
1243 const APK_DATA *ak = &keydata[i];
1244 const unsigned char *input = ak->kder;
1245 size_t input_len = ak->size;
1246 int expected_id = ak->evptype;
1249 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1250 || !TEST_ptr_eq(p, input + input_len)
1251 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1257 EVP_PKEY_free(pkey);
1261 #ifndef OPENSSL_NO_EC
1263 static const unsigned char ec_public_sect163k1_validxy[] = {
1264 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1265 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1266 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1267 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1268 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1269 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1272 static const unsigned char ec_public_sect163k1_badx[] = {
1273 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1274 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1275 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1276 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1277 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1278 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1281 static const unsigned char ec_public_sect163k1_bady[] = {
1282 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1283 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1284 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1285 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1286 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1287 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1290 static struct ec_der_pub_keys_st {
1291 const unsigned char *der;
1294 } ec_der_pub_keys[] = {
1295 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1296 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1297 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1301 * Tests the range of the decoded EC char2 public point.
1302 * See ec_GF2m_simple_oct2point().
1304 static int test_invalide_ec_char2_pub_range_decode(int id)
1309 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1310 ec_der_pub_keys[id].len);
1312 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1313 || TEST_ptr_null(pkey);
1314 EVP_PKEY_free(pkey);
1318 /* Tests loading a bad key in PKCS8 format */
1319 static int test_EVP_PKCS82PKEY(void)
1322 const unsigned char *derp = kExampleBadECKeyDER;
1323 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1324 EVP_PKEY *pkey = NULL;
1326 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1327 sizeof(kExampleBadECKeyDER))))
1330 if (!TEST_ptr_eq(derp,
1331 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1334 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1340 PKCS8_PRIV_KEY_INFO_free(p8inf);
1341 EVP_PKEY_free(pkey);
1347 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1349 EVP_PKEY *pkey = NULL;
1350 EVP_PKEY *pkey2 = NULL;
1352 char *membuf = NULL;
1353 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1356 if (testctx != NULL)
1357 /* test not supported with non-default context */
1360 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1361 || !TEST_ptr(pkey = load_example_rsa_key())
1362 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1363 NULL, 0, NULL, NULL),
1365 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1366 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1367 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1368 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1374 EVP_PKEY_free(pkey);
1375 EVP_PKEY_free(pkey2);
1376 PKCS8_PRIV_KEY_INFO_free(p8inf);
1377 BIO_free_all(membio);
1381 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1382 static int test_privatekey_to_pkcs8(void)
1384 EVP_PKEY *pkey = NULL;
1386 char *membuf = NULL;
1387 long membuf_len = 0;
1390 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1391 || !TEST_ptr(pkey = load_example_rsa_key())
1392 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1393 NULL, 0, NULL, NULL),
1395 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1396 || !TEST_ptr(membuf)
1397 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1398 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1400 * We try to write PEM as well, just to see that it doesn't err, but
1401 * assume that the result is correct.
1403 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1404 NULL, 0, NULL, NULL),
1410 EVP_PKEY_free(pkey);
1411 BIO_free_all(membio);
1415 #ifndef OPENSSL_NO_EC
1416 static const struct {
1418 const char *encoding_name;
1419 } ec_encodings[] = {
1420 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1421 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1424 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1426 const OSSL_PARAM *p;
1427 const char *enc_name = NULL;
1433 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1434 OSSL_PKEY_PARAM_EC_ENCODING))
1435 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1438 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1439 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1440 *enc = ec_encodings[i].encoding;
1445 return (*enc != -1);
1448 static int test_EC_keygen_with_enc(int idx)
1450 EVP_PKEY *params = NULL, *key = NULL;
1451 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1455 enc = ec_encodings[idx].encoding;
1457 /* Create key parameters */
1458 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1459 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1460 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1461 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1462 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1463 || !TEST_ptr(params))
1467 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1468 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1469 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1473 /* Check that the encoding got all the way into the key */
1474 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1475 ec_export_get_encoding_cb, &enc))
1476 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1482 EVP_PKEY_free(params);
1483 EVP_PKEY_CTX_free(kctx);
1484 EVP_PKEY_CTX_free(pctx);
1489 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1491 static int test_EVP_SM2_verify(void)
1493 const char *pubkey =
1494 "-----BEGIN PUBLIC KEY-----\n"
1495 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1496 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1497 "-----END PUBLIC KEY-----\n";
1499 const char *msg = "message digest";
1500 const char *id = "ALICE123@YAHOO.COM";
1502 const uint8_t signature[] = {
1503 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1504 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1505 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1506 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1507 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1508 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1509 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1514 EVP_PKEY *pkey = NULL;
1515 EVP_MD_CTX *mctx = NULL;
1516 EVP_PKEY_CTX *pctx = NULL;
1519 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1520 if (!TEST_true(bio != NULL))
1523 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1524 if (!TEST_true(pkey != NULL))
1527 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1530 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1533 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1536 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1538 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1541 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1544 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1547 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1550 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1556 EVP_PKEY_free(pkey);
1557 EVP_PKEY_CTX_free(pctx);
1558 EVP_MD_CTX_free(mctx);
1563 static int test_EVP_SM2(void)
1566 EVP_PKEY *pkey = NULL;
1567 EVP_PKEY *pkeyparams = NULL;
1568 EVP_PKEY_CTX *pctx = NULL;
1569 EVP_PKEY_CTX *kctx = NULL;
1570 EVP_PKEY_CTX *sctx = NULL;
1572 unsigned char *sig = NULL;
1573 EVP_MD_CTX *md_ctx = NULL;
1574 EVP_MD_CTX *md_ctx_verify = NULL;
1575 EVP_PKEY_CTX *cctx = NULL;
1576 EVP_MD *check_md = NULL;
1578 uint8_t ciphertext[128];
1579 size_t ctext_len = sizeof(ciphertext);
1581 uint8_t plaintext[8];
1582 size_t ptext_len = sizeof(plaintext);
1584 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1586 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1587 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1589 char mdname[OSSL_MAX_NAME_SIZE];
1591 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1595 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1598 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1601 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1604 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1605 pkeyparams, testpropq)))
1608 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1611 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1614 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1617 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1620 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1623 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1624 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1626 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1629 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1635 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1638 /* Determine the size of the signature. */
1639 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1642 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1645 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1648 /* Ensure that the signature round-trips. */
1650 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1654 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1657 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1660 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1663 /* now check encryption/decryption */
1665 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1666 mdname, sizeof(mdname));
1667 for (i = 0; i < 2; i++) {
1668 const char *mdnames[] = {
1669 #ifndef OPENSSL_NO_SM3
1675 EVP_PKEY_CTX_free(cctx);
1677 if (mdnames[i] == NULL)
1681 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1682 (char *)mdnames[i], 0);
1684 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1688 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1691 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1694 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1698 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1701 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1704 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1708 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1712 * Test we're still using the digest we think we are.
1713 * Because of aliases, the easiest is to fetch the digest and
1714 * check the name with EVP_MD_is_a().
1716 EVP_MD_free(check_md);
1717 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1719 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1720 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1724 if (!TEST_true(ptext_len == sizeof(kMsg)))
1727 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1733 EVP_PKEY_CTX_free(pctx);
1734 EVP_PKEY_CTX_free(kctx);
1735 EVP_PKEY_CTX_free(sctx);
1736 EVP_PKEY_CTX_free(cctx);
1737 EVP_PKEY_free(pkey);
1738 EVP_PKEY_free(pkeyparams);
1739 EVP_MD_CTX_free(md_ctx);
1740 EVP_MD_CTX_free(md_ctx_verify);
1741 EVP_MD_free(check_md);
1748 static struct keys_st {
1754 EVP_PKEY_HMAC, "0123456789", NULL
1757 EVP_PKEY_HMAC, "", NULL
1758 #ifndef OPENSSL_NO_POLY1305
1760 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1762 #ifndef OPENSSL_NO_SIPHASH
1764 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1767 #ifndef OPENSSL_NO_EC
1769 EVP_PKEY_X25519, "01234567890123456789012345678901",
1770 "abcdefghijklmnopqrstuvwxyzabcdef"
1772 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1773 "abcdefghijklmnopqrstuvwxyzabcdef"
1776 "01234567890123456789012345678901234567890123456789012345",
1777 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1780 "012345678901234567890123456789012345678901234567890123456",
1781 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1786 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1789 unsigned char buf[80];
1791 size_t inlen, len = 0;
1794 /* Check if this algorithm supports public keys */
1795 if (pub && keys[tst].pub == NULL)
1798 memset(buf, 0, sizeof(buf));
1801 #ifndef OPENSSL_NO_EC
1802 inlen = strlen(keys[tst].pub);
1803 in = (unsigned char *)keys[tst].pub;
1805 pkey = EVP_PKEY_new_raw_public_key_ex(
1807 OBJ_nid2sn(keys[tst].type),
1812 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1821 inlen = strlen(keys[tst].priv);
1822 in = (unsigned char *)keys[tst].priv;
1824 pkey = EVP_PKEY_new_raw_private_key_ex(
1825 testctx, OBJ_nid2sn(keys[tst].type),
1830 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1838 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1839 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1840 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1841 || !TEST_true(len == inlen)
1842 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1843 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1844 || !TEST_mem_eq(in, inlen, buf, len))
1849 EVP_PKEY_free(pkey);
1853 static int test_set_get_raw_keys(int tst)
1855 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1856 && test_set_get_raw_keys_int(tst, 0, 1)
1857 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1858 && test_set_get_raw_keys_int(tst, 1, 1);
1861 #ifndef OPENSSL_NO_DEPRECATED_3_0
1862 static int pkey_custom_check(EVP_PKEY *pkey)
1867 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1872 static int pkey_custom_param_check(EVP_PKEY *pkey)
1877 static EVP_PKEY_METHOD *custom_pmeth;
1880 static int test_EVP_PKEY_check(int i)
1883 EVP_PKEY *pkey = NULL;
1884 EVP_PKEY_CTX *ctx = NULL;
1885 #ifndef OPENSSL_NO_DEPRECATED_3_0
1886 EVP_PKEY_CTX *ctx2 = NULL;
1888 const APK_DATA *ak = &keycheckdata[i];
1889 const unsigned char *input = ak->kder;
1890 size_t input_len = ak->size;
1891 int expected_id = ak->evptype;
1892 int expected_check = ak->check;
1893 int expected_pub_check = ak->pub_check;
1894 int expected_param_check = ak->param_check;
1895 int type = ak->type;
1897 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1900 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1903 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1906 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1909 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1912 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1915 #ifndef OPENSSL_NO_DEPRECATED_3_0
1916 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1917 /* assign the pkey directly, as an internal test */
1918 EVP_PKEY_up_ref(pkey);
1921 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1924 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1927 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1934 EVP_PKEY_CTX_free(ctx);
1935 #ifndef OPENSSL_NO_DEPRECATED_3_0
1936 EVP_PKEY_CTX_free(ctx2);
1938 EVP_PKEY_free(pkey);
1942 #ifndef OPENSSL_NO_CMAC
1943 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1945 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1946 const char msg[] = "Hello World";
1950 if (!TEST_ptr(mdctx)
1951 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1952 testpropq, pkey, NULL))
1953 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1954 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1955 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1958 EVP_MD_CTX_free(mdctx);
1962 static int test_CMAC_keygen(void)
1964 static unsigned char key[] = {
1965 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1966 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1967 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1969 EVP_PKEY_CTX *kctx = NULL;
1971 EVP_PKEY *pkey = NULL;
1972 unsigned char mac[AES_BLOCK_SIZE];
1973 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1974 unsigned char mac2[AES_BLOCK_SIZE];
1977 if (nullprov != NULL)
1978 return TEST_skip("Test does not support a non-default library context");
1981 * This is a legacy method for CMACs, but should still work.
1982 * This verifies that it works without an ENGINE.
1984 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1986 /* Test a CMAC key created using the "generated" method */
1987 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1988 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1989 EVP_PKEY_CTRL_CIPHER,
1990 0, (void *)EVP_aes_256_ecb()), 0)
1991 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1992 EVP_PKEY_CTRL_SET_MAC_KEY,
1993 sizeof(key), (void *)key), 0)
1994 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1996 || !TEST_true(get_cmac_val(pkey, mac)))
1999 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2000 EVP_PKEY_free(pkey);
2003 * Test a CMAC key using the direct method, and compare with the mac
2006 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2008 || !TEST_true(get_cmac_val(pkey, mac2))
2009 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2016 EVP_PKEY_free(pkey);
2017 EVP_PKEY_CTX_free(kctx);
2022 static int test_HKDF(void)
2025 unsigned char out[20];
2028 unsigned char salt[] = "0123456789";
2029 unsigned char key[] = "012345678901234567890123456789";
2030 unsigned char info[] = "infostring";
2031 const unsigned char expected[] = {
2032 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2033 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2035 size_t expectedlen = sizeof(expected);
2037 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2040 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2041 for (i = 0; i < 2; i++) {
2042 outlen = sizeof(out);
2043 memset(out, 0, outlen);
2045 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2046 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2048 sizeof(salt) - 1), 0)
2049 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2050 sizeof(key) - 1), 0)
2051 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2052 sizeof(info) - 1), 0)
2053 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2054 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2061 EVP_PKEY_CTX_free(pctx);
2066 static int test_emptyikm_HKDF(void)
2069 unsigned char out[20];
2072 unsigned char salt[] = "9876543210";
2073 unsigned char key[] = "";
2074 unsigned char info[] = "stringinfo";
2075 const unsigned char expected[] = {
2076 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2077 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2079 size_t expectedlen = sizeof(expected);
2081 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2084 outlen = sizeof(out);
2085 memset(out, 0, outlen);
2087 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2088 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2089 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2090 sizeof(salt) - 1), 0)
2091 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2092 sizeof(key) - 1), 0)
2093 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2094 sizeof(info) - 1), 0)
2095 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2096 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2102 EVP_PKEY_CTX_free(pctx);
2107 #ifndef OPENSSL_NO_EC
2108 static int test_X509_PUBKEY_inplace(void)
2111 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2112 const unsigned char *p = kExampleECPubKeyDER;
2113 size_t input_len = sizeof(kExampleECPubKeyDER);
2117 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2120 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2123 p = kExampleBadECPubKeyDER;
2124 input_len = sizeof(kExampleBadECPubKeyDER);
2126 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2129 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2135 X509_PUBKEY_free(xp);
2139 static int test_X509_PUBKEY_dup(void)
2142 X509_PUBKEY *xp = NULL, *xq = NULL;
2143 const unsigned char *p = kExampleECPubKeyDER;
2144 size_t input_len = sizeof(kExampleECPubKeyDER);
2146 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2148 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2149 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2150 || !TEST_ptr_ne(xp, xq))
2153 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2154 || !TEST_ptr(X509_PUBKEY_get0(xp))
2155 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2158 X509_PUBKEY_free(xq);
2160 p = kExampleBadECPubKeyDER;
2161 input_len = sizeof(kExampleBadECPubKeyDER);
2163 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2164 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2167 X509_PUBKEY_free(xp);
2169 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2175 X509_PUBKEY_free(xp);
2176 X509_PUBKEY_free(xq);
2179 #endif /* OPENSSL_NO_EC */
2181 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2182 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2184 EVP_MD_CTX *mdctx = NULL;
2185 EVP_PKEY_CTX *ctx = NULL;
2186 const OSSL_PARAM *params;
2187 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2190 char mdname[OSSL_MAX_NAME_SIZE];
2193 /* Initialise a sign operation */
2194 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2196 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2200 * We should be able to query the parameters now.
2202 params = EVP_PKEY_CTX_settable_params(ctx);
2203 if (!TEST_ptr(params)
2204 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2205 OSSL_SIGNATURE_PARAM_DIGEST)))
2208 params = EVP_PKEY_CTX_gettable_params(ctx);
2209 if (!TEST_ptr(params)
2210 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2211 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2212 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2213 OSSL_SIGNATURE_PARAM_DIGEST)))
2217 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2218 * EVP_PKEY_CTX_get_params()
2220 strcpy(mdname, "SHA512");
2222 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2224 *param++ = OSSL_PARAM_construct_end();
2226 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2230 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2231 mdname, sizeof(mdname));
2232 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2233 || !TEST_str_eq(mdname, "SHA512"))
2237 * Test the TEST_PKEY_CTX_set_signature_md() and
2238 * TEST_PKEY_CTX_get_signature_md() functions
2240 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2241 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2242 || !TEST_ptr_eq(md, EVP_sha256()))
2246 * Test getting MD parameters via an associated EVP_PKEY_CTX
2248 mdctx = EVP_MD_CTX_new();
2249 if (!TEST_ptr(mdctx)
2250 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2255 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2256 * able to obtain the digest's settable parameters from the provider.
2258 params = EVP_MD_CTX_settable_params(mdctx);
2259 if (!TEST_ptr(params)
2260 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2261 /* The final key should be NULL */
2262 || !TEST_ptr_null(params[1].key))
2266 memset(ssl3ms, 0, sizeof(ssl3ms));
2267 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2268 ssl3ms, sizeof(ssl3ms));
2269 *param++ = OSSL_PARAM_construct_end();
2271 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2277 EVP_MD_CTX_free(mdctx);
2278 EVP_PKEY_CTX_free(ctx);
2283 #ifndef OPENSSL_NO_DSA
2284 static int test_DSA_get_set_params(void)
2286 OSSL_PARAM_BLD *bld = NULL;
2287 OSSL_PARAM *params = NULL;
2288 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2289 EVP_PKEY_CTX *pctx = NULL;
2290 EVP_PKEY *pkey = NULL;
2294 * Setup the parameters for our DSA object. For our purposes they don't
2295 * have to actually be *valid* parameters. We just need to set something.
2297 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2298 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2299 || !TEST_ptr(p = BN_new())
2300 || !TEST_ptr(q = BN_new())
2301 || !TEST_ptr(g = BN_new())
2302 || !TEST_ptr(pub = BN_new())
2303 || !TEST_ptr(priv = BN_new()))
2305 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2306 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2307 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2308 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2310 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2313 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2316 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2317 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2321 if (!TEST_ptr(pkey))
2324 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2327 EVP_PKEY_free(pkey);
2328 EVP_PKEY_CTX_free(pctx);
2329 OSSL_PARAM_free(params);
2330 OSSL_PARAM_BLD_free(bld);
2341 * Test combinations of private, public, missing and private + public key
2342 * params to ensure they are all accepted
2344 static int test_DSA_priv_pub(void)
2346 return test_EVP_PKEY_ffc_priv_pub("DSA");
2349 #endif /* !OPENSSL_NO_DSA */
2351 static int test_RSA_get_set_params(void)
2353 OSSL_PARAM_BLD *bld = NULL;
2354 OSSL_PARAM *params = NULL;
2355 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2356 EVP_PKEY_CTX *pctx = NULL;
2357 EVP_PKEY *pkey = NULL;
2361 * Setup the parameters for our RSA object. For our purposes they don't
2362 * have to actually be *valid* parameters. We just need to set something.
2364 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2365 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2366 || !TEST_ptr(n = BN_new())
2367 || !TEST_ptr(e = BN_new())
2368 || !TEST_ptr(d = BN_new()))
2370 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2371 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2372 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2374 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2377 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2378 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2382 if (!TEST_ptr(pkey))
2385 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2388 EVP_PKEY_free(pkey);
2389 EVP_PKEY_CTX_free(pctx);
2390 OSSL_PARAM_free(params);
2391 OSSL_PARAM_BLD_free(bld);
2399 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2400 static int test_decrypt_null_chunks(void)
2402 EVP_CIPHER_CTX* ctx = NULL;
2403 EVP_CIPHER *cipher = NULL;
2404 const unsigned char key[32] = {
2405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2406 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2407 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2409 unsigned char iv[12] = {
2410 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2412 unsigned char msg[] = "It was the best of times, it was the worst of times";
2413 unsigned char ciphertext[80];
2414 unsigned char plaintext[80];
2415 /* We initialise tmp to a non zero value on purpose */
2416 int ctlen, ptlen, tmp = 99;
2418 const int enc_offset = 10, dec_offset = 20;
2420 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2421 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2422 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2424 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2426 /* Deliberate add a zero length update */
2427 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2429 || !TEST_int_eq(tmp, 0)
2430 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2432 sizeof(msg) - enc_offset))
2433 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2434 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2435 || !TEST_int_eq(tmp, 0))
2438 /* Deliberately initialise tmp to a non zero value */
2440 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2441 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2444 * Deliberately add a zero length update. We also deliberately do
2445 * this at a different offset than for encryption.
2447 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2449 || !TEST_int_eq(tmp, 0)
2450 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2451 ciphertext + dec_offset,
2452 ctlen - dec_offset))
2453 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2454 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2455 || !TEST_int_eq(tmp, 0)
2456 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2461 EVP_CIPHER_CTX_free(ctx);
2462 EVP_CIPHER_free(cipher);
2465 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2467 #ifndef OPENSSL_NO_DH
2469 * Test combinations of private, public, missing and private + public key
2470 * params to ensure they are all accepted
2472 static int test_DH_priv_pub(void)
2474 return test_EVP_PKEY_ffc_priv_pub("DH");
2477 # ifndef OPENSSL_NO_DEPRECATED_3_0
2478 static int test_EVP_PKEY_set1_DH(void)
2480 DH *x942dh = NULL, *noqdh = NULL;
2481 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2483 BIGNUM *p, *g = NULL;
2484 BIGNUM *pubkey = NULL;
2485 unsigned char pub[2048 / 8];
2488 if (!TEST_ptr(p = BN_new())
2489 || !TEST_ptr(g = BN_new())
2490 || !TEST_ptr(pubkey = BN_new())
2491 || !TEST_true(BN_set_word(p, 9999))
2492 || !TEST_true(BN_set_word(g, 2))
2493 || !TEST_true(BN_set_word(pubkey, 4321))
2494 || !TEST_ptr(noqdh = DH_new())
2495 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2496 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2497 || !TEST_ptr(pubkey = BN_new())
2498 || !TEST_true(BN_set_word(pubkey, 4321)))
2502 x942dh = DH_get_2048_256();
2503 pkey1 = EVP_PKEY_new();
2504 pkey2 = EVP_PKEY_new();
2505 if (!TEST_ptr(x942dh)
2509 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2513 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2514 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2517 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2519 || !TEST_ptr(pubkey))
2522 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2523 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2526 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2527 OSSL_PKEY_PARAM_PUB_KEY,
2528 pub, sizeof(pub), &len))
2529 || !TEST_size_t_ne(len, 0))
2537 EVP_PKEY_free(pkey1);
2538 EVP_PKEY_free(pkey2);
2544 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2545 #endif /* !OPENSSL_NO_DH */
2548 * We test what happens with an empty template. For the sake of this test,
2549 * the template must be ignored, and we know that's the case for RSA keys
2550 * (this might arguably be a misfeature, but that's what we currently do,
2551 * even in provider code, since that's how the legacy RSA implementation
2554 static int test_keygen_with_empty_template(int n)
2556 EVP_PKEY_CTX *ctx = NULL;
2557 EVP_PKEY *pkey = NULL;
2558 EVP_PKEY *tkey = NULL;
2561 if (nullprov != NULL)
2562 return TEST_skip("Test does not support a non-default library context");
2566 /* We do test with no template at all as well */
2567 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2571 /* Here we create an empty RSA key that serves as our template */
2572 if (!TEST_ptr(tkey = EVP_PKEY_new())
2573 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2574 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2579 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2580 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2585 EVP_PKEY_CTX_free(ctx);
2586 EVP_PKEY_free(pkey);
2587 EVP_PKEY_free(tkey);
2592 * Test that we fail if we attempt to use an algorithm that is not available
2593 * in the current library context (unless we are using an algorithm that
2594 * should be made available via legacy codepaths).
2599 static int test_pkey_ctx_fail_without_provider(int tst)
2601 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2602 OSSL_PROVIDER *tmpnullprov = NULL;
2603 EVP_PKEY_CTX *pctx = NULL;
2604 const char *keytype = NULL;
2605 int expect_null = 0;
2608 if (!TEST_ptr(tmpctx))
2611 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2612 if (!TEST_ptr(tmpnullprov))
2616 * We check for certain algos in the null provider.
2617 * If an algo is expected to have a provider keymgmt, contructing an
2618 * EVP_PKEY_CTX is expected to fail (return NULL).
2619 * Otherwise, if it's expected to have legacy support, contructing an
2620 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2630 #ifdef OPENSSL_NO_EC
2631 TEST_info("EC disable, skipping SM2 check...");
2634 #ifdef OPENSSL_NO_SM2
2635 TEST_info("SM2 disable, skipping SM2 check...");
2640 TEST_error("No test for case %d", tst);
2644 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2645 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2648 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2654 EVP_PKEY_CTX_free(pctx);
2655 OSSL_PROVIDER_unload(tmpnullprov);
2656 OSSL_LIB_CTX_free(tmpctx);
2660 static int test_rand_agglomeration(void)
2664 OSSL_PARAM params[3], *p = params;
2666 unsigned int step = 7;
2667 static unsigned char seed[] = "It does not matter how slowly you go "
2668 "as long as you do not stop.";
2669 unsigned char out[sizeof(seed)];
2671 if (!TEST_int_ne(sizeof(seed) % step, 0)
2672 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2674 ctx = EVP_RAND_CTX_new(rand, NULL);
2675 EVP_RAND_free(rand);
2679 memset(out, 0, sizeof(out));
2680 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2681 seed, sizeof(seed));
2682 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2683 *p = OSSL_PARAM_construct_end();
2684 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2685 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2686 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2687 EVP_RAND_CTX_free(ctx);
2692 * Test that we correctly return the original or "running" IV after
2693 * an encryption operation.
2694 * Run multiple times for some different relevant algorithms/modes.
2696 static int test_evp_iv_aes(int idx)
2699 EVP_CIPHER_CTX *ctx = NULL;
2700 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2701 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2702 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2703 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2704 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2705 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2706 9, 10, 11, 12, 13, 14, 15, 16 };
2707 unsigned char ciphertext[32], oiv[16], iv[16];
2708 unsigned char *ref_iv;
2709 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2710 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2712 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2713 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2714 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2715 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2716 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2717 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2718 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2719 #ifndef OPENSSL_NO_OCB
2720 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2721 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2723 int len = sizeof(ciphertext);
2724 size_t ivlen, ref_len;
2725 const EVP_CIPHER *type = NULL;
2728 if (nullprov != NULL && idx < 6)
2729 return TEST_skip("Test does not support a non-default library context");
2733 type = EVP_aes_128_cbc();
2736 type = (type != NULL) ? type :
2737 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2739 ref_len = sizeof(cbc_state);
2743 type = EVP_aes_128_ofb();
2746 type = (type != NULL) ? type :
2747 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2749 ref_len = sizeof(ofb_state);
2753 type = EVP_aes_128_cfb();
2756 type = (type != NULL) ? type :
2757 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2759 ref_len = sizeof(cfb_state);
2763 type = EVP_aes_128_gcm();
2766 type = (type != NULL) ? type :
2767 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2769 ref_len = sizeof(gcm_state);
2772 type = EVP_aes_128_ccm();
2775 type = (type != NULL) ? type :
2776 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2778 ref_len = sizeof(ccm_state);
2780 #ifdef OPENSSL_NO_OCB
2786 type = EVP_aes_128_ocb();
2789 type = (type != NULL) ? type :
2790 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2792 ref_len = sizeof(ocb_state);
2800 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2801 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2802 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2804 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2805 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2806 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2808 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2809 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2810 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2813 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2814 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2815 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2818 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2821 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2827 EVP_CIPHER_CTX_free(ctx);
2829 EVP_CIPHER_free((EVP_CIPHER *)type);
2833 #ifndef OPENSSL_NO_DES
2834 static int test_evp_iv_des(int idx)
2837 EVP_CIPHER_CTX *ctx = NULL;
2838 static const unsigned char key[24] = {
2839 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2840 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2841 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2843 static const unsigned char init_iv[8] = {
2844 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2846 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2847 9, 10, 11, 12, 13, 14, 15, 16 };
2848 unsigned char ciphertext[32], oiv[8], iv[8];
2849 unsigned const char *ref_iv;
2850 static const unsigned char cbc_state_des[8] = {
2851 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2853 static const unsigned char cbc_state_3des[8] = {
2854 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2856 static const unsigned char ofb_state_des[8] = {
2857 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2859 static const unsigned char ofb_state_3des[8] = {
2860 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2862 static const unsigned char cfb_state_des[8] = {
2863 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2865 static const unsigned char cfb_state_3des[8] = {
2866 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2868 int len = sizeof(ciphertext);
2869 size_t ivlen, ref_len;
2870 EVP_CIPHER *type = NULL;
2872 if (lgcyprov == NULL && idx < 3)
2873 return TEST_skip("Test requires legacy provider to be loaded");
2877 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2878 ref_iv = cbc_state_des;
2879 ref_len = sizeof(cbc_state_des);
2882 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2883 ref_iv = ofb_state_des;
2884 ref_len = sizeof(ofb_state_des);
2887 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2888 ref_iv = cfb_state_des;
2889 ref_len = sizeof(cfb_state_des);
2892 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2893 ref_iv = cbc_state_3des;
2894 ref_len = sizeof(cbc_state_3des);
2897 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2898 ref_iv = ofb_state_3des;
2899 ref_len = sizeof(ofb_state_3des);
2902 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2903 ref_iv = cfb_state_3des;
2904 ref_len = sizeof(cfb_state_3des);
2911 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2912 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2913 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2915 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2916 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2917 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2919 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2920 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2921 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2924 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2925 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2927 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2932 EVP_CIPHER_CTX_free(ctx);
2933 EVP_CIPHER_free(type);
2938 #ifndef OPENSSL_NO_EC
2939 static int ecpub_nids[] = {
2940 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2941 NID_secp384r1, NID_secp521r1,
2942 # ifndef OPENSSL_NO_EC2M
2943 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2944 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2946 NID_brainpoolP384r1, NID_brainpoolP512r1
2949 static int test_ecpub(int idx)
2951 int ret = 0, len, savelen;
2953 unsigned char buf[1024];
2955 EVP_PKEY *pkey = NULL;
2956 EVP_PKEY_CTX *ctx = NULL;
2957 # ifndef OPENSSL_NO_DEPRECATED_3_0
2958 const unsigned char *q;
2959 EVP_PKEY *pkey2 = NULL;
2963 if (nullprov != NULL)
2964 return TEST_skip("Test does not support a non-default library context");
2966 nid = ecpub_nids[idx];
2968 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2970 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2971 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2972 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2974 len = i2d_PublicKey(pkey, NULL);
2976 if (!TEST_int_ge(len, 1)
2977 || !TEST_int_lt(len, 1024))
2980 len = i2d_PublicKey(pkey, &p);
2981 if (!TEST_int_ge(len, 1)
2982 || !TEST_int_eq(len, savelen))
2985 # ifndef OPENSSL_NO_DEPRECATED_3_0
2986 /* Now try to decode the just-created DER. */
2988 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2989 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2990 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2992 /* EC_KEY ownership transferred */
2994 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2996 /* The keys should match. */
2997 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3004 EVP_PKEY_CTX_free(ctx);
3005 EVP_PKEY_free(pkey);
3006 # ifndef OPENSSL_NO_DEPRECATED_3_0
3007 EVP_PKEY_free(pkey2);
3014 static int test_EVP_rsa_pss_with_keygen_bits(void)
3017 EVP_PKEY_CTX *ctx = NULL;
3018 EVP_PKEY *pkey = NULL;
3021 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3023 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3024 && TEST_true(EVP_PKEY_keygen_init(ctx))
3025 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3026 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3027 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3030 EVP_PKEY_free(pkey);
3031 EVP_PKEY_CTX_free(ctx);
3035 static int success = 1;
3036 static void md_names(const char *name, void *vctx)
3038 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3039 /* Force a namemap update */
3040 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3042 if (!TEST_ptr(aes128))
3045 EVP_CIPHER_free(aes128);
3049 * Test that changing the namemap in a user callback works in a names_do_all
3052 static int test_names_do_all(void)
3054 /* We use a custom libctx so that we know the state of the namemap */
3055 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3056 EVP_MD *sha256 = NULL;
3062 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3063 if (!TEST_ptr(sha256))
3067 * We loop through all the names for a given digest. This should still work
3068 * even if the namemap changes part way through.
3070 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3073 if (!TEST_true(success))
3078 EVP_MD_free(sha256);
3079 OSSL_LIB_CTX_free(ctx);
3085 const unsigned char *key;
3086 const unsigned char *iv;
3087 const unsigned char *input;
3088 const unsigned char *expected;
3089 const unsigned char *tag;
3090 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3099 static const EVP_INIT_TEST_st evp_init_tests[] = {
3101 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3102 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3106 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3107 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3108 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3109 sizeof(gcmDefaultTag), 1, 0, 1
3112 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3113 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3117 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3118 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3119 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3120 sizeof(gcmDefaultTag), 0, 0, 1
3123 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3124 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3128 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3129 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3130 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3131 sizeof(gcmDefaultTag), 1, 1, 0
3134 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3135 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3139 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3140 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3141 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3142 sizeof(gcmDefaultTag), 0, 1, 0
3146 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3150 if (t->ivlen != 0) {
3151 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3154 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3162 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3163 * arguments are given one at a time and a final adjustment to the enc
3164 * parameter sets the correct operation.
3166 static int test_evp_init_seq(int idx)
3168 int outlen1, outlen2;
3170 unsigned char outbuf[1024];
3171 unsigned char tag[16];
3172 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3173 EVP_CIPHER_CTX *ctx = NULL;
3174 EVP_CIPHER *type = NULL;
3175 size_t taglen = sizeof(tag);
3176 char *errmsg = NULL;
3178 ctx = EVP_CIPHER_CTX_new();
3180 errmsg = "CTX_ALLOC";
3183 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3184 errmsg = "CIPHER_FETCH";
3187 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3188 errmsg = "EMPTY_ENC_INIT";
3191 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3195 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3196 errmsg = "KEY_INIT (before iv)";
3199 if (!evp_init_seq_set_iv(ctx, t)) {
3203 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3204 errmsg = "KEY_INIT (after iv)";
3207 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3208 errmsg = "FINAL_ENC_INIT";
3211 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3212 errmsg = "CIPHER_UPDATE";
3215 if (t->finalenc == 0 && t->tag != NULL) {
3216 /* Set expected tag */
3217 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3218 t->taglen, (void *)t->tag))) {
3223 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3224 errmsg = "CIPHER_FINAL";
3227 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3228 errmsg = "WRONG_RESULT";
3231 if (t->finalenc != 0 && t->tag != NULL) {
3232 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3236 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3237 errmsg = "TAG_ERROR";
3244 TEST_info("evp_init_test %d: %s", idx, errmsg);
3245 EVP_CIPHER_CTX_free(ctx);
3246 EVP_CIPHER_free(type);
3251 const unsigned char *input;
3252 const unsigned char *expected;
3256 } EVP_RESET_TEST_st;
3258 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3260 cfbPlaintext, cfbCiphertext,
3261 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3264 cfbCiphertext, cfbPlaintext,
3265 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3270 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3273 static int test_evp_reset(int idx)
3275 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3276 int outlen1, outlen2;
3278 unsigned char outbuf[1024];
3279 EVP_CIPHER_CTX *ctx = NULL;
3280 EVP_CIPHER *type = NULL;
3281 char *errmsg = NULL;
3283 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3284 errmsg = "CTX_ALLOC";
3287 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3288 errmsg = "CIPHER_FETCH";
3291 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3292 errmsg = "CIPHER_INIT";
3295 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3299 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3300 errmsg = "CIPHER_UPDATE";
3303 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3304 errmsg = "CIPHER_FINAL";
3307 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3308 errmsg = "WRONG_RESULT";
3311 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3312 errmsg = "CIPHER_REINIT";
3315 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3316 errmsg = "CIPHER_UPDATE (reinit)";
3319 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3320 errmsg = "CIPHER_FINAL (reinit)";
3323 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3324 errmsg = "WRONG_RESULT (reinit)";
3330 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3331 EVP_CIPHER_CTX_free(ctx);
3332 EVP_CIPHER_free(type);
3339 } EVP_UPDATED_IV_TEST_st;
3341 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3381 * Test that the IV in the context is updated during a crypto operation for CFB
3384 static int test_evp_updated_iv(int idx)
3386 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3387 int outlen1, outlen2;
3389 unsigned char outbuf[1024];
3390 EVP_CIPHER_CTX *ctx = NULL;
3391 EVP_CIPHER *type = NULL;
3392 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3394 char *errmsg = NULL;
3396 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3397 errmsg = "CTX_ALLOC";
3400 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3401 TEST_info("cipher %s not supported, skipping", t->cipher);
3405 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3406 errmsg = "CIPHER_INIT";
3409 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3413 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3414 errmsg = "CIPHER_UPDATE";
3417 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3418 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3421 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3422 errmsg = "CIPHER_CTX_GET_IV_LEN";
3425 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3426 errmsg = "IV_NOT_UPDATED";
3429 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3430 errmsg = "CIPHER_FINAL";
3437 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3438 EVP_CIPHER_CTX_free(ctx);
3439 EVP_CIPHER_free(type);
3444 const unsigned char *iv1;
3445 const unsigned char *iv2;
3446 const unsigned char *expected1;
3447 const unsigned char *expected2;
3448 const unsigned char *tag1;
3449 const unsigned char *tag2;
3452 size_t expectedlen1;
3453 size_t expectedlen2;
3454 } TEST_GCM_IV_REINIT_st;
3456 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3458 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3459 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3460 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3463 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3464 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3465 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3469 static int test_gcm_reinit(int idx)
3471 int outlen1, outlen2, outlen3;
3473 unsigned char outbuf[1024];
3474 unsigned char tag[16];
3475 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3476 EVP_CIPHER_CTX *ctx = NULL;
3477 EVP_CIPHER *type = NULL;
3478 size_t taglen = sizeof(tag);
3479 char *errmsg = NULL;
3481 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3482 errmsg = "CTX_ALLOC";
3485 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3486 errmsg = "CIPHER_FETCH";
3489 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3490 errmsg = "ENC_INIT";
3493 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3494 errmsg = "SET_IVLEN1";
3497 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3501 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3505 EVP_CIPHER_CTX_set_padding(ctx, 0);
3506 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3507 sizeof(gcmResetPlaintext)))) {
3508 errmsg = "CIPHER_UPDATE1";
3511 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3512 errmsg = "CIPHER_FINAL1";
3515 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3516 errmsg = "WRONG_RESULT1";
3519 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3520 errmsg = "GET_TAG1";
3523 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3524 errmsg = "TAG_ERROR1";
3528 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3529 errmsg = "SET_IVLEN2";
3532 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3536 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3540 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3541 sizeof(gcmResetPlaintext)))) {
3542 errmsg = "CIPHER_UPDATE2";
3545 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3546 errmsg = "CIPHER_FINAL2";
3549 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3550 errmsg = "WRONG_RESULT2";
3553 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3554 errmsg = "GET_TAG2";
3557 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3558 errmsg = "TAG_ERROR2";
3564 TEST_info("evp_init_test %d: %s", idx, errmsg);
3565 EVP_CIPHER_CTX_free(ctx);
3566 EVP_CIPHER_free(type);
3570 #ifndef OPENSSL_NO_DEPRECATED_3_0
3571 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3572 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3574 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3576 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3578 int (*pinit)(EVP_PKEY_CTX *ctx);
3580 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3584 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3586 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3588 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3592 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3593 size_t *outlen, const unsigned char *in,
3596 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3597 const unsigned char *tbs, size_t tbslen);
3599 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3600 return psign(ctx, out, outlen, in, inlen);
3603 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3604 size_t *siglen, const unsigned char *tbs,
3607 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3608 const unsigned char *tbs, size_t tbslen);
3610 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3611 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3614 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3617 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3619 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3620 return pderive(ctx, key, keylen);
3623 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3625 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3627 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3628 return pcopy(dst, src);
3631 static int ctrl_called;
3633 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3635 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3637 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3639 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3644 return pctrl(ctx, type, p1, p2);
3647 static int test_custom_pmeth(int idx)
3649 EVP_PKEY_CTX *pctx = NULL;
3650 EVP_MD_CTX *ctx = NULL;
3651 EVP_PKEY *pkey = NULL;
3652 int id, orig_id, orig_flags;
3655 unsigned char *res = NULL;
3656 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3657 const EVP_MD *md = EVP_sha256();
3662 /* We call deprecated APIs so this test doesn't support a custom libctx */
3663 if (testctx != NULL)
3670 pkey = load_example_rsa_key();
3674 # ifndef OPENSSL_NO_DSA
3676 pkey = load_example_dsa_key();
3683 # ifndef OPENSSL_NO_EC
3685 pkey = load_example_ec_key();
3692 # ifndef OPENSSL_NO_EC
3693 id = EVP_PKEY_ED25519;
3695 pkey = load_example_ed25519_key();
3702 # ifndef OPENSSL_NO_DH
3705 pkey = load_example_dh_key();
3712 # ifndef OPENSSL_NO_EC
3713 id = EVP_PKEY_X25519;
3715 pkey = load_example_x25519_key();
3721 TEST_error("Should not happen");
3725 if (!TEST_ptr(pkey))
3729 if (!TEST_true(evp_pkey_is_provided(pkey)))
3732 EVP_PKEY *tmp = pkey;
3734 /* Convert to a legacy key */
3735 pkey = EVP_PKEY_new();
3736 if (!TEST_ptr(pkey)) {
3740 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3745 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3749 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3753 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3754 if (!TEST_int_eq(orig_id, id)
3755 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3758 if (id == EVP_PKEY_ED25519) {
3759 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3760 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3761 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3763 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3765 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3766 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3767 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3768 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3770 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3771 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3775 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3777 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3778 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3779 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3781 || !TEST_int_eq(ctrl_called, 1)
3782 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3783 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3784 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3785 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3788 ctx = EVP_MD_CTX_new();
3789 reslen = EVP_PKEY_size(pkey);
3790 res = OPENSSL_malloc(reslen);
3793 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3794 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3795 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3797 || !TEST_int_eq(ctrl_called, 1))
3800 if (id == EVP_PKEY_ED25519) {
3801 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3804 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3805 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3813 EVP_MD_CTX_free(ctx);
3815 EVP_PKEY_CTX_free(pctx);
3816 EVP_PKEY_free(pkey);
3817 EVP_PKEY_meth_remove(custom_pmeth);
3818 EVP_PKEY_meth_free(custom_pmeth);
3819 custom_pmeth = NULL;
3823 static int test_evp_md_cipher_meth(void)
3825 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3826 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3829 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3835 EVP_MD_meth_free(md);
3836 EVP_CIPHER_meth_free(ciph);
3840 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
3842 typedef enum OPTION_choice {
3849 const OPTIONS *test_get_options(void)
3851 static const OPTIONS options[] = {
3852 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3853 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3859 int setup_tests(void)
3863 while ((o = opt_next()) != OPT_EOF) {
3866 /* Set up an alternate library context */
3867 testctx = OSSL_LIB_CTX_new();
3868 if (!TEST_ptr(testctx))
3870 /* Swap the libctx to test non-default context only */
3871 nullprov = OSSL_PROVIDER_load(NULL, "null");
3872 deflprov = OSSL_PROVIDER_load(testctx, "default");
3873 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3875 case OPT_TEST_CASES:
3882 ADD_TEST(test_EVP_set_default_properties);
3883 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
3884 ADD_TEST(test_EVP_DigestVerifyInit);
3885 ADD_TEST(test_EVP_Digest);
3886 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
3887 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
3888 ADD_TEST(test_privatekey_to_pkcs8);
3889 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
3890 #ifndef OPENSSL_NO_EC
3891 ADD_TEST(test_EVP_PKCS82PKEY);
3893 #ifndef OPENSSL_NO_EC
3894 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3896 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
3897 ADD_TEST(test_EVP_SM2);
3898 ADD_TEST(test_EVP_SM2_verify);
3900 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
3901 #ifndef OPENSSL_NO_DEPRECATED_3_0
3902 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3903 if (!TEST_ptr(custom_pmeth))
3905 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
3906 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3907 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
3908 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3911 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
3912 #ifndef OPENSSL_NO_CMAC
3913 ADD_TEST(test_CMAC_keygen);
3915 ADD_TEST(test_HKDF);
3916 ADD_TEST(test_emptyikm_HKDF);
3917 #ifndef OPENSSL_NO_EC
3918 ADD_TEST(test_X509_PUBKEY_inplace);
3919 ADD_TEST(test_X509_PUBKEY_dup);
3920 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3921 OSSL_NELEM(ec_der_pub_keys));
3923 #ifndef OPENSSL_NO_DSA
3924 ADD_TEST(test_DSA_get_set_params);
3925 ADD_TEST(test_DSA_priv_pub);
3927 ADD_TEST(test_RSA_get_set_params);
3928 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3929 ADD_TEST(test_decrypt_null_chunks);
3931 #ifndef OPENSSL_NO_DH
3932 ADD_TEST(test_DH_priv_pub);
3933 # ifndef OPENSSL_NO_DEPRECATED_3_0
3934 ADD_TEST(test_EVP_PKEY_set1_DH);
3937 #ifndef OPENSSL_NO_EC
3938 ADD_TEST(test_EC_priv_pub);
3939 # ifndef OPENSSL_NO_DEPRECATED_3_0
3940 ADD_TEST(test_EC_priv_only_legacy);
3943 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
3944 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
3946 ADD_TEST(test_rand_agglomeration);
3947 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3948 #ifndef OPENSSL_NO_DES
3949 ADD_ALL_TESTS(test_evp_iv_des, 6);
3951 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3952 #ifndef OPENSSL_NO_EC
3953 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3956 ADD_TEST(test_names_do_all);
3958 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3959 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3960 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3961 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
3963 #ifndef OPENSSL_NO_DEPRECATED_3_0
3964 ADD_ALL_TESTS(test_custom_pmeth, 12);
3965 ADD_TEST(test_evp_md_cipher_meth);
3971 void cleanup_tests(void)
3973 OSSL_PROVIDER_unload(nullprov);
3974 OSSL_PROVIDER_unload(deflprov);
3975 OSSL_PROVIDER_unload(lgcyprov);
3976 OSSL_LIB_CTX_free(testctx);