1 /*
2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include <openssl/rand.h>
36 # include <crypto/ml_kem.h>
37 #include "testutil.h"
38 #include "internal/nelem.h"
39 #include "internal/sizes.h"
40 #include "crypto/evp.h"
41 #include "fake_rsaprov.h"
42 #include "fake_pipelineprov.h"
43
44 #ifdef STATIC_LEGACY
45 OSSL_provider_init_fn ossl_legacy_provider_init;
46 #endif
47
48 static OSSL_LIB_CTX *testctx = NULL;
49 static char *testpropq = NULL;
50
51 static OSSL_PROVIDER *nullprov = NULL;
52 static OSSL_PROVIDER *deflprov = NULL;
53 static OSSL_PROVIDER *lgcyprov = NULL;
54
55 /*
56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
57 * should never use this key anywhere but in an example.
58 */
59 static const unsigned char kExampleRSAKeyDER[] = {
60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
111 };
112
113 /* An invalid key whose prime factors exceed modulus n. */
114 static const unsigned char kInvalidRSAKeyDER[] = {
115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
289 0xe2, 0x80,
290 };
291
292 /*
293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
294 * should never use this key anywhere but in an example.
295 */
296 #ifndef OPENSSL_NO_DSA
297 static const unsigned char kExampleDSAKeyDER[] = {
298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
335 0x40, 0x48
336 };
337 #endif
338
339 /*
340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
341 * components are not correct.
342 */
343 static const unsigned char kExampleBadRSAKeyDER[] = {
344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
433 };
434
435 /*
436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
437 * values are 0.
438 */
439 static const unsigned char kExampleBad2RSAKeyDER[] = {
440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
442 0x01, 0x00, 0x02, 0x01, 0x00
443 };
444
445 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
446
447 static const unsigned char kSignature[] = {
448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
459 };
460
461 /*
462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1
463 * PrivateKeyInfo.
464 */
465 static const unsigned char kExampleRSAKeyPKCS8[] = {
466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
519 };
520
521 /*
522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2
523 * PrivateKeyInfo (with an optional public key).
524 */
525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = {
526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
579 /* Implicit optional Public key BIT STRING */
580 0x81, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8,
581 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
582 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
583 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
584 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
585 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
586 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
587 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
588 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
589 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
590 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
591 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01
592 };
593
594 #ifndef OPENSSL_NO_EC
595 /*
596 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
597 * structure.
598 */
599 static const unsigned char kExampleECKeyDER[] = {
600 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
601 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
602 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
603 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
604 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
605 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
606 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
607 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
608 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
609 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
610 0xc1,
611 };
612
613 static const unsigned char kExampleECKeyPKCS8_v2[] = {
614 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
615 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
616 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
617 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9,
618 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e,
619 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42,
620 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f,
621 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d,
622 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7,
623 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2,
624 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94,
625 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1,
626 /* Optional implicit public key BIT STRING */
627 0x81, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97,
628 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9,
629 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a,
630 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e,
631 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e,
632 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1
633 };
634
635 /*
636 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
637 * structure. The private key is equal to the order and will fail to import
638 */
639 static const unsigned char kExampleBadECKeyDER[] = {
640 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
641 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
642 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
643 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
644 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
645 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
646 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
647 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
648 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
649 };
650
651 /* prime256v1 */
652 static const unsigned char kExampleECPubKeyDER[] = {
653 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
654 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
655 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
656 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
657 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
658 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
659 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
660 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
661 };
662
663 /*
664 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
665 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
666 */
667 static const unsigned char kExampleBadECPubKeyDER[] = {
668 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
669 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
670 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
671 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
672 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
673 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
674 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
675 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
676 };
677
678 static const unsigned char pExampleECParamDER[] = {
679 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
680 };
681
682 # ifndef OPENSSL_NO_ECX
683 static const unsigned char kExampleED25519KeyDER[] = {
684 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
685 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
686 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
687 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
688 };
689
690 static const unsigned char kExampleED25519PubKeyDER[] = {
691 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
692 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
693 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
694 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
695 };
696
697 # ifndef OPENSSL_NO_DEPRECATED_3_0
698 static const unsigned char kExampleX25519KeyDER[] = {
699 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
700 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
701 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
702 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
703 };
704 # endif
705 # endif
706 #endif
707
708 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
709 #ifndef OPENSSL_NO_DEPRECATED_3_0
710 # ifndef OPENSSL_NO_DH
711 static const unsigned char kExampleDHKeyDER[] = {
712 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
713 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
714 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
715 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
716 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
717 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
718 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
719 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
720 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
721 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
722 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
723 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
724 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
725 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
726 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
727 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
728 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
729 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
730 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
731 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
732 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
733 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
734 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
735 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
736 0x2e, 0x87, 0x2a, 0x0b, 0x7a
737 };
738 # endif
739 #endif
740
741 static const unsigned char kCFBDefaultKey[] = {
742 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
743 0x09, 0xCF, 0x4F, 0x3C
744 };
745
746 static const unsigned char kGCMDefaultKey[32] = { 0 };
747
748 static const unsigned char kGCMResetKey[] = {
749 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
750 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
751 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
752 };
753
754 static const unsigned char iCFBIV[] = {
755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
756 0x0C, 0x0D, 0x0E, 0x0F
757 };
758
759 static const unsigned char iGCMDefaultIV[12] = { 0 };
760
761 static const unsigned char iGCMResetIV1[] = {
762 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
763 };
764
765 static const unsigned char iGCMResetIV2[] = {
766 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
767 };
768
769 static const unsigned char cfbPlaintext[] = {
770 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
771 0x73, 0x93, 0x17, 0x2A
772 };
773 static const unsigned char cfbPlaintext_partial[] = {
774 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
775 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
776 };
777
778 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
779
780 static const unsigned char gcmResetPlaintext[] = {
781 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
782 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
783 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
784 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
785 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
786 };
787
788 static const unsigned char cfbCiphertext[] = {
789 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
790 0xE8, 0x3C, 0xFB, 0x4A
791 };
792
793 static const unsigned char cfbCiphertext_partial[] = {
794 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
795 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
796 };
797
798 static const unsigned char ofbCiphertext_partial[] = {
799 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
800 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
801 };
802
803 static const unsigned char gcmDefaultCiphertext[] = {
804 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
805 0xba, 0xf3, 0x9d, 0x18
806 };
807
808 static const unsigned char gcmResetCiphertext1[] = {
809 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
810 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
811 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
812 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
813 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
814 };
815
816 static const unsigned char gcmResetCiphertext2[] = {
817 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
818 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
819 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
820 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
821 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
822 };
823
824 static const unsigned char gcmAAD[] = {
825 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
826 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
827 };
828
829 static const unsigned char gcmDefaultTag[] = {
830 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
831 0xd4, 0x8a, 0xb9, 0x19
832 };
833
834 static const unsigned char gcmResetTag1[] = {
835 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
836 0xfe, 0x2e, 0xa8, 0xf2
837 };
838
839 static const unsigned char gcmResetTag2[] = {
840 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
841 0xbb, 0x2d, 0x55, 0x1b
842 };
843
844 typedef struct APK_DATA_st {
845 const unsigned char *kder;
846 size_t size;
847 const char *keytype;
848 int evptype;
849 int check;
850 int pub_check;
851 int param_check;
852 int type; /* 0 for private, 1 for public, 2 for params */
853 } APK_DATA;
854
855 static APK_DATA keydata[] = {
856 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
857 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
858 #ifndef OPENSSL_NO_EC
859 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
860 #endif
861 };
862
863 static APK_DATA keydata_v2[] = {
864 {kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA},
865 #ifndef OPENSSL_NO_EC
866 {kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC}
867 #endif
868 };
869
870 static APK_DATA keycheckdata[] = {
871 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
872 0},
873 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
874 0, 1, 1, 0},
875 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
876 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
877 #ifndef OPENSSL_NO_EC
878 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
879 /* group is also associated in our pub key */
880 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
881 1, 1},
882 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
883 2},
884 # ifndef OPENSSL_NO_ECX
885 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
886 EVP_PKEY_ED25519, 1, 1, 1, 0},
887 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
888 EVP_PKEY_ED25519, 0, 1, 1, 1},
889 # endif
890 #endif
891 };
892
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)893 static EVP_PKEY *load_example_key(const char *keytype,
894 const unsigned char *data, size_t data_len)
895 {
896 const unsigned char **pdata = &data;
897 EVP_PKEY *pkey = NULL;
898 OSSL_DECODER_CTX *dctx =
899 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
900 testctx, testpropq);
901
902 /* |pkey| will be NULL on error */
903 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
904 OSSL_DECODER_CTX_free(dctx);
905 return pkey;
906 }
907
load_example_rsa_key(void)908 static EVP_PKEY *load_example_rsa_key(void)
909 {
910 return load_example_key("RSA", kExampleRSAKeyDER,
911 sizeof(kExampleRSAKeyDER));
912 }
913
914 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)915 static EVP_PKEY *load_example_dsa_key(void)
916 {
917 return load_example_key("DSA", kExampleDSAKeyDER,
918 sizeof(kExampleDSAKeyDER));
919 }
920 #endif
921
922 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)923 static EVP_PKEY *load_example_ec_key(void)
924 {
925 return load_example_key("EC", kExampleECKeyDER,
926 sizeof(kExampleECKeyDER));
927 }
928 #endif
929
930 #ifndef OPENSSL_NO_DEPRECATED_3_0
931 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)932 static EVP_PKEY *load_example_dh_key(void)
933 {
934 return load_example_key("DH", kExampleDHKeyDER,
935 sizeof(kExampleDHKeyDER));
936 }
937 # endif
938
939 # ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)940 static EVP_PKEY *load_example_ed25519_key(void)
941 {
942 return load_example_key("ED25519", kExampleED25519KeyDER,
943 sizeof(kExampleED25519KeyDER));
944 }
945
load_example_x25519_key(void)946 static EVP_PKEY *load_example_x25519_key(void)
947 {
948 return load_example_key("X25519", kExampleX25519KeyDER,
949 sizeof(kExampleX25519KeyDER));
950 }
951 # endif
952 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
953
load_example_hmac_key(void)954 static EVP_PKEY *load_example_hmac_key(void)
955 {
956 EVP_PKEY *pkey = NULL;
957 unsigned char key[] = {
958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
959 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
960 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
961 };
962
963 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
964 NULL, key, sizeof(key));
965 if (!TEST_ptr(pkey))
966 return NULL;
967
968 return pkey;
969 }
970
test_EVP_set_config_properties(void)971 static int test_EVP_set_config_properties(void)
972 {
973 char *fetched_properties = NULL;
974 const char test_propq[] = "test.fizzbuzz=buzzfizz";
975 int res = 0;
976
977 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
978 if (!TEST_ptr(fetched_properties)
979 || !TEST_str_eq(fetched_properties, test_propq))
980 goto err;
981 OPENSSL_free(fetched_properties);
982 fetched_properties = NULL;
983
984 res = 1;
985 err:
986 OPENSSL_free(fetched_properties);
987 return res;
988 }
989
test_EVP_set_default_properties(void)990 static int test_EVP_set_default_properties(void)
991 {
992 OSSL_LIB_CTX *ctx;
993 EVP_MD *md = NULL;
994 int res = 0;
995 char *fetched_properties = NULL;
996 const char test_propq[] = "provider=fizzbang";
997 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
998
999 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
1000 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1001 goto err;
1002 EVP_MD_free(md);
1003 md = NULL;
1004
1005 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
1006 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
1007 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
1008 goto err;
1009 EVP_MD_free(md);
1010 md = NULL;
1011
1012 fetched_properties = EVP_get1_default_properties(ctx);
1013 if (!TEST_ptr(fetched_properties)
1014 || !TEST_str_eq(fetched_properties, test_propq))
1015 goto err;
1016 OPENSSL_free(fetched_properties);
1017 fetched_properties = NULL;
1018
1019 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
1020 goto err;
1021 fetched_properties = EVP_get1_default_properties(ctx);
1022 if (!TEST_ptr(fetched_properties)
1023 || !TEST_str_eq(fetched_properties, test_fips_propq))
1024 goto err;
1025 OPENSSL_free(fetched_properties);
1026 fetched_properties = NULL;
1027
1028 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
1029 goto err;
1030
1031 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
1032 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1033 goto err;
1034 res = 1;
1035 err:
1036 OPENSSL_free(fetched_properties);
1037 EVP_MD_free(md);
1038 OSSL_LIB_CTX_free(ctx);
1039 return res;
1040 }
1041
1042 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)1043 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
1044 {
1045 EVP_PKEY_CTX *pctx = NULL;
1046 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
1047
1048 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
1049 goto err;
1050 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
1051 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
1052 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1053 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
1054 params), 0))
1055 goto err;
1056
1057 if (!TEST_ptr(tmp_pkey))
1058 goto err;
1059
1060 pkey = tmp_pkey;
1061 tmp_pkey = NULL;
1062 err:
1063 EVP_PKEY_free(tmp_pkey);
1064 EVP_PKEY_CTX_free(pctx);
1065 return pkey;
1066 }
1067
test_selection(EVP_PKEY * pkey,int selection)1068 static int test_selection(EVP_PKEY *pkey, int selection)
1069 {
1070 int testresult = 0;
1071 int ret;
1072 BIO *bio = BIO_new(BIO_s_mem());
1073
1074 ret = PEM_write_bio_PUBKEY(bio, pkey);
1075 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
1076 if (!TEST_true(ret))
1077 goto err;
1078 } else {
1079 if (!TEST_false(ret))
1080 goto err;
1081 }
1082 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
1083 testctx, NULL);
1084 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
1085 if (!TEST_true(ret))
1086 goto err;
1087 } else {
1088 if (!TEST_false(ret))
1089 goto err;
1090 }
1091
1092 testresult = 1;
1093 err:
1094 BIO_free(bio);
1095
1096 return testresult;
1097 }
1098 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
1099
1100 /*
1101 * Test combinations of private, public, missing and private + public key
1102 * params to ensure they are all accepted
1103 */
1104 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)1105 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1106 {
1107 OSSL_PARAM_BLD *bld = NULL;
1108 OSSL_PARAM *params = NULL;
1109 EVP_PKEY *just_params = NULL;
1110 EVP_PKEY *params_and_priv = NULL;
1111 EVP_PKEY *params_and_pub = NULL;
1112 EVP_PKEY *params_and_keypair = NULL;
1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1114 int ret = 0;
1115
1116 /*
1117 * Setup the parameters for our pkey object. For our purposes they don't
1118 * have to actually be *valid* parameters. We just need to set something.
1119 */
1120 if (!TEST_ptr(p = BN_new())
1121 || !TEST_ptr(q = BN_new())
1122 || !TEST_ptr(g = BN_new())
1123 || !TEST_ptr(pub = BN_new())
1124 || !TEST_ptr(priv = BN_new()))
1125 goto err;
1126
1127 /* Test !priv and !pub */
1128 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1130 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1132 goto err;
1133 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1134 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1135 goto err;
1136
1137 OSSL_PARAM_free(params);
1138 OSSL_PARAM_BLD_free(bld);
1139 params = NULL;
1140 bld = NULL;
1141
1142 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1143 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1144 goto err;
1145
1146 /* Test priv and !pub */
1147 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1148 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1149 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1152 priv)))
1153 goto err;
1154 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1155 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1156 goto err;
1157
1158 OSSL_PARAM_free(params);
1159 OSSL_PARAM_BLD_free(bld);
1160 params = NULL;
1161 bld = NULL;
1162
1163 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1164 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1165 goto err;
1166
1167 /* Test !priv and pub */
1168 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1169 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1170 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1173 pub)))
1174 goto err;
1175 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1176 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1177 goto err;
1178
1179 OSSL_PARAM_free(params);
1180 OSSL_PARAM_BLD_free(bld);
1181 params = NULL;
1182 bld = NULL;
1183
1184 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1185 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1186 goto err;
1187
1188 /* Test priv and pub */
1189 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1191 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1194 pub))
1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1196 priv)))
1197 goto err;
1198 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1199 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1200 goto err;
1201
1202 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1203 goto err;
1204
1205 ret = 1;
1206 err:
1207 OSSL_PARAM_free(params);
1208 OSSL_PARAM_BLD_free(bld);
1209 EVP_PKEY_free(just_params);
1210 EVP_PKEY_free(params_and_priv);
1211 EVP_PKEY_free(params_and_pub);
1212 EVP_PKEY_free(params_and_keypair);
1213 BN_free(p);
1214 BN_free(q);
1215 BN_free(g);
1216 BN_free(pub);
1217 BN_free(priv);
1218
1219 return ret;
1220 }
1221 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1222
1223 /*
1224 * Test combinations of private, public, missing and private + public key
1225 * params to ensure they are all accepted for EC keys
1226 */
1227 #ifndef OPENSSL_NO_EC
1228 static unsigned char ec_priv[] = {
1229 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1230 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1231 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1232 };
1233 static unsigned char ec_pub[] = {
1234 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1235 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1236 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1237 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1238 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1239 0x08, 0x09, 0xb8, 0xdb, 0x03
1240 };
1241
test_EC_priv_pub(void)1242 static int test_EC_priv_pub(void)
1243 {
1244 OSSL_PARAM_BLD *bld = NULL;
1245 OSSL_PARAM *params = NULL;
1246 EVP_PKEY *just_params = NULL;
1247 EVP_PKEY *params_and_priv = NULL;
1248 EVP_PKEY *params_and_pub = NULL;
1249 EVP_PKEY *params_and_keypair = NULL;
1250 BIGNUM *priv = NULL;
1251 int ret = 0;
1252 unsigned char *encoded = NULL;
1253 size_t len = 0;
1254 unsigned char buffer[128];
1255
1256 /*
1257 * Setup the parameters for our pkey object. For our purposes they don't
1258 * have to actually be *valid* parameters. We just need to set something.
1259 */
1260 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1261 goto err;
1262
1263 /* Test !priv and !pub */
1264 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1265 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1266 OSSL_PKEY_PARAM_GROUP_NAME,
1267 "P-256", 0)))
1268 goto err;
1269 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1270 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1271 goto err;
1272
1273 OSSL_PARAM_free(params);
1274 OSSL_PARAM_BLD_free(bld);
1275 params = NULL;
1276 bld = NULL;
1277
1278 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1279 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1280 goto err;
1281
1282 /* Test priv and !pub */
1283 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1284 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1285 OSSL_PKEY_PARAM_GROUP_NAME,
1286 "P-256", 0))
1287 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1288 priv)))
1289 goto err;
1290 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1291 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1292 goto err;
1293
1294 OSSL_PARAM_free(params);
1295 OSSL_PARAM_BLD_free(bld);
1296 params = NULL;
1297 bld = NULL;
1298
1299 /*
1300 * We indicate only parameters here, in spite of having built a key that
1301 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1302 * expected to fail because it does not support exporting a private EC
1303 * key without a corresponding public key
1304 */
1305 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1306 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1307 goto err;
1308
1309 /* Test !priv and pub */
1310 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1311 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1312 OSSL_PKEY_PARAM_GROUP_NAME,
1313 "P-256", 0))
1314 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1315 OSSL_PKEY_PARAM_PUB_KEY,
1316 ec_pub, sizeof(ec_pub))))
1317 goto err;
1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1319 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1320 goto err;
1321
1322 OSSL_PARAM_free(params);
1323 OSSL_PARAM_BLD_free(bld);
1324 params = NULL;
1325 bld = NULL;
1326
1327 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1328 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1329 goto err;
1330
1331 /* Test priv and pub */
1332 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1333 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1334 OSSL_PKEY_PARAM_GROUP_NAME,
1335 "P-256", 0))
1336 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1337 OSSL_PKEY_PARAM_PUB_KEY,
1338 ec_pub, sizeof(ec_pub)))
1339 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1340 priv)))
1341 goto err;
1342 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1343 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1344 goto err;
1345
1346 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1347 goto err;
1348
1349 /* Try key equality */
1350 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1351 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1352 0)
1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1354 0)
1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1356 0)
1357 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1358 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1361 goto err;
1362
1363 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1364 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1365 goto err;
1366 OPENSSL_free(encoded);
1367 encoded = NULL;
1368 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1369 OPENSSL_free(encoded);
1370 encoded = NULL;
1371 goto err;
1372 }
1373
1374 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1375 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1376 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1377 buffer, sizeof(buffer), &len), 1)
1378 || !TEST_int_eq(len, 65))
1379 goto err;
1380
1381 len = 0;
1382 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1383 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1384 NULL, 0, &len), 1)
1385 || !TEST_int_eq(len, 65))
1386 goto err;
1387
1388 /* too-short buffer len*/
1389 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1390 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1391 buffer, 10, &len), 0))
1392 goto err;
1393
1394 ret = 1;
1395 err:
1396 OSSL_PARAM_free(params);
1397 OSSL_PARAM_BLD_free(bld);
1398 EVP_PKEY_free(just_params);
1399 EVP_PKEY_free(params_and_priv);
1400 EVP_PKEY_free(params_and_pub);
1401 EVP_PKEY_free(params_and_keypair);
1402 BN_free(priv);
1403
1404 return ret;
1405 }
1406
1407 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1408 static int test_evp_get_ec_pub(void)
1409 {
1410 OSSL_PARAM_BLD *bld = NULL;
1411 OSSL_PARAM *params = NULL;
1412 unsigned char *pad = NULL;
1413 EVP_PKEY *keypair = NULL;
1414 BIGNUM *priv = NULL;
1415 BIGNUM *x = NULL;
1416 BIGNUM *y = NULL;
1417 int ret = 0;
1418
1419 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1420 goto err;
1421
1422 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1423 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1424 OSSL_PKEY_PARAM_GROUP_NAME,
1425 "P-256", 0))
1426 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1427 OSSL_PKEY_PARAM_PUB_KEY,
1428 ec_pub, sizeof(ec_pub)))
1429 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1430 priv)))
1431 goto err;
1432
1433 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1434 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1435 goto err;
1436
1437 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1438 goto err;
1439
1440 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1441 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1442 goto err;
1443
1444 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1445 goto err;
1446
1447 pad[0] = ec_pub[0];
1448 BN_bn2bin(x, &pad[1]);
1449 BN_bn2bin(y, &pad[33]);
1450 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1451 goto err;
1452
1453 ret = 1;
1454
1455 err:
1456 OSSL_PARAM_free(params);
1457 OSSL_PARAM_BLD_free(bld);
1458 EVP_PKEY_free(keypair);
1459 OPENSSL_free(pad);
1460 BN_free(priv);
1461 BN_free(x);
1462 BN_free(y);
1463 return ret;
1464 }
1465
1466 /* Test that using a legacy EC key with only a private key in it works */
1467 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1468 static int test_EC_priv_only_legacy(void)
1469 {
1470 BIGNUM *priv = NULL;
1471 int ret = 0;
1472 EC_KEY *eckey = NULL;
1473 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1474 EVP_MD_CTX *ctx = NULL;
1475
1476 /* Create the low level EC_KEY */
1477 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1478 goto err;
1479
1480 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1481 if (!TEST_ptr(eckey))
1482 goto err;
1483
1484 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1485 goto err;
1486
1487 pkey = EVP_PKEY_new();
1488 if (!TEST_ptr(pkey))
1489 goto err;
1490
1491 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1492 goto err;
1493 eckey = NULL;
1494
1495 for (;;) {
1496 ret = 0;
1497 ctx = EVP_MD_CTX_new();
1498 if (!TEST_ptr(ctx))
1499 goto err;
1500
1501 /*
1502 * The EVP_DigestSignInit function should create the key on the
1503 * provider side which is sufficient for this test.
1504 */
1505 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1506 testpropq, pkey, NULL)))
1507 goto err;
1508 EVP_MD_CTX_free(ctx);
1509 ctx = NULL;
1510
1511 if (dup_pk != NULL)
1512 break;
1513
1514 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1515 goto err;
1516 /* EVP_PKEY_eq() returns -2 with missing public keys */
1517 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1518 EVP_PKEY_free(pkey);
1519 pkey = dup_pk;
1520 if (!ret)
1521 goto err;
1522 }
1523 ret = 1;
1524
1525 err:
1526 EVP_MD_CTX_free(ctx);
1527 EVP_PKEY_free(pkey);
1528 EC_KEY_free(eckey);
1529 BN_free(priv);
1530
1531 return ret;
1532 }
1533
test_evp_get_ec_pub_legacy(void)1534 static int test_evp_get_ec_pub_legacy(void)
1535 {
1536 OSSL_LIB_CTX *libctx = NULL;
1537 unsigned char *pad = NULL;
1538 EVP_PKEY *pkey = NULL;
1539 EC_KEY *eckey = NULL;
1540 BIGNUM *priv = NULL;
1541 BIGNUM *x = NULL;
1542 BIGNUM *y = NULL;
1543 int ret = 0;
1544
1545 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1546 goto err;
1547
1548 /* Create the legacy key */
1549 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1550 NID_X9_62_prime256v1)))
1551 goto err;
1552
1553 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1554 goto err;
1555
1556 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1557 goto err;
1558
1559 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1560 goto err;
1561
1562 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1563 goto err;
1564
1565 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1566 goto err;
1567
1568 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1569 goto err;
1570
1571 /* Transfer the legacy key */
1572 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1573 goto err;
1574 eckey = NULL;
1575
1576 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1577 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1578 goto err;
1579
1580 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1581 goto err;
1582
1583 pad[0] = ec_pub[0];
1584 BN_bn2bin(x, &pad[1]);
1585 BN_bn2bin(y, &pad[33]);
1586
1587 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1588 goto err;
1589
1590 ret = 1;
1591
1592 err:
1593 OSSL_LIB_CTX_free(libctx);
1594 EVP_PKEY_free(pkey);
1595 EC_KEY_free(eckey);
1596 OPENSSL_free(pad);
1597 BN_free(priv);
1598 BN_free(x);
1599 BN_free(y);
1600
1601 return ret;
1602 }
1603 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1604 #endif /* OPENSSL_NO_EC */
1605
test_EVP_PKEY_sign(int tst)1606 static int test_EVP_PKEY_sign(int tst)
1607 {
1608 int ret = 0;
1609 EVP_PKEY *pkey = NULL;
1610 unsigned char *sig = NULL;
1611 size_t sig_len = 0, shortsig_len = 1;
1612 EVP_PKEY_CTX *ctx = NULL;
1613 unsigned char tbs[] = {
1614 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1615 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1616 };
1617
1618 if (tst == 0) {
1619 if (!TEST_ptr(pkey = load_example_rsa_key()))
1620 goto out;
1621 } else if (tst == 1) {
1622 #ifndef OPENSSL_NO_DSA
1623 if (!TEST_ptr(pkey = load_example_dsa_key()))
1624 goto out;
1625 #else
1626 ret = 1;
1627 goto out;
1628 #endif
1629 } else {
1630 #ifndef OPENSSL_NO_EC
1631 if (!TEST_ptr(pkey = load_example_ec_key()))
1632 goto out;
1633 #else
1634 ret = 1;
1635 goto out;
1636 #endif
1637 }
1638
1639 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1640 if (!TEST_ptr(ctx)
1641 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1642 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1643 sizeof(tbs)), 0))
1644 goto out;
1645 sig = OPENSSL_malloc(sig_len);
1646 if (!TEST_ptr(sig)
1647 /* Test sending a signature buffer that is too short is rejected */
1648 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1649 sizeof(tbs)), 0)
1650 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1651 0)
1652 /* Test the signature round-trips */
1653 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1654 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1655 0))
1656 goto out;
1657
1658 ret = 1;
1659 out:
1660 EVP_PKEY_CTX_free(ctx);
1661 OPENSSL_free(sig);
1662 EVP_PKEY_free(pkey);
1663 return ret;
1664 }
1665
1666 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1667 static int test_EVP_PKEY_sign_with_app_method(int tst)
1668 {
1669 int ret = 0;
1670 EVP_PKEY *pkey = NULL;
1671 RSA *rsa = NULL;
1672 RSA_METHOD *rsa_meth = NULL;
1673 #ifndef OPENSSL_NO_DSA
1674 DSA *dsa = NULL;
1675 DSA_METHOD *dsa_meth = NULL;
1676 #endif
1677 unsigned char *sig = NULL;
1678 size_t sig_len = 0, shortsig_len = 1;
1679 EVP_PKEY_CTX *ctx = NULL;
1680 unsigned char tbs[] = {
1681 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1682 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1683 };
1684
1685 if (tst == 0) {
1686 if (!TEST_ptr(pkey = load_example_rsa_key()))
1687 goto out;
1688 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1689 goto out;
1690
1691 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1692 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1693 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1694 goto out;
1695 rsa = NULL; /* now owned by the pkey */
1696 } else {
1697 #ifndef OPENSSL_NO_DSA
1698 if (!TEST_ptr(pkey = load_example_dsa_key()))
1699 goto out;
1700 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1701 goto out;
1702
1703 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1704 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1705 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1706 goto out;
1707 dsa = NULL; /* now owned by the pkey */
1708 #else
1709 ret = 1;
1710 goto out;
1711 #endif
1712 }
1713
1714 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1715 if (!TEST_ptr(ctx)
1716 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1717 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1718 sizeof(tbs)), 0))
1719 goto out;
1720 sig = OPENSSL_malloc(sig_len);
1721 if (!TEST_ptr(sig)
1722 /* Test sending a signature buffer that is too short is rejected */
1723 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1724 sizeof(tbs)), 0)
1725 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1726 0)
1727 /* Test the signature round-trips */
1728 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1729 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1730 0))
1731 goto out;
1732
1733 ret = 1;
1734 out:
1735 EVP_PKEY_CTX_free(ctx);
1736 OPENSSL_free(sig);
1737 EVP_PKEY_free(pkey);
1738 RSA_free(rsa);
1739 RSA_meth_free(rsa_meth);
1740 #ifndef OPENSSL_NO_DSA
1741 DSA_free(dsa);
1742 DSA_meth_free(dsa_meth);
1743 #endif
1744 return ret;
1745 }
1746 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1747
1748 /*
1749 * n = 0 => test using legacy cipher
1750 * n = 1 => test using fetched cipher
1751 */
test_EVP_Enveloped(int n)1752 static int test_EVP_Enveloped(int n)
1753 {
1754 int ret = 0;
1755 EVP_CIPHER_CTX *ctx = NULL;
1756 EVP_PKEY *keypair = NULL;
1757 unsigned char *kek = NULL;
1758 unsigned char iv[EVP_MAX_IV_LENGTH];
1759 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1760 int len, kek_len, ciphertext_len, plaintext_len;
1761 unsigned char ciphertext[32], plaintext[16];
1762 EVP_CIPHER *type = NULL;
1763
1764 if (nullprov != NULL)
1765 return TEST_skip("Test does not support a non-default library context");
1766
1767 if (n == 0)
1768 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1769 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1770 testpropq)))
1771 goto err;
1772
1773 if (!TEST_ptr(keypair = load_example_rsa_key())
1774 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1775 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1776 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1777 &keypair, 1))
1778 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1779 msg, sizeof(msg)))
1780 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1781 &len)))
1782 goto err;
1783
1784 ciphertext_len += len;
1785
1786 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1787 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1788 ciphertext, ciphertext_len))
1789 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1790 goto err;
1791
1792 plaintext_len += len;
1793 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1794 goto err;
1795
1796 ret = 1;
1797 err:
1798 if (n != 0)
1799 EVP_CIPHER_free(type);
1800 OPENSSL_free(kek);
1801 EVP_PKEY_free(keypair);
1802 EVP_CIPHER_CTX_free(ctx);
1803 return ret;
1804 }
1805
1806 /*
1807 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1808 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1809 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1810 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1811 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1812 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1813 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1814 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1815 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1816 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1817 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1818 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1819 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1820 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1821 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1822 * Test 15-29: Same as above with reinitialization
1823 */
test_EVP_DigestSignInit(int tst)1824 static int test_EVP_DigestSignInit(int tst)
1825 {
1826 int ret = 0;
1827 EVP_PKEY *pkey = NULL;
1828 unsigned char *sig = NULL, *sig2 = NULL;
1829 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1830 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1831 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1832 BIO *mdbio = NULL, *membio = NULL;
1833 size_t written;
1834 const EVP_MD *md;
1835 EVP_MD *mdexp = NULL;
1836 int reinit = 0;
1837
1838 if (nullprov != NULL)
1839 return TEST_skip("Test does not support a non-default library context");
1840
1841 if (tst >= 15) {
1842 reinit = 1;
1843 tst -= 15;
1844 }
1845
1846 if (tst >= 6 && tst <= 8) {
1847 membio = BIO_new(BIO_s_mem());
1848 mdbio = BIO_new(BIO_f_md());
1849 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1850 goto out;
1851 BIO_push(mdbio, membio);
1852 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1853 goto out;
1854 } else {
1855 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1856 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1857 goto out;
1858 }
1859
1860 if (tst % 3 == 0) {
1861 if (!TEST_ptr(pkey = load_example_rsa_key()))
1862 goto out;
1863 } else if (tst % 3 == 1) {
1864 #ifndef OPENSSL_NO_DSA
1865 if (!TEST_ptr(pkey = load_example_dsa_key()))
1866 goto out;
1867 #else
1868 ret = 1;
1869 goto out;
1870 #endif
1871 } else {
1872 if (!TEST_ptr(pkey = load_example_hmac_key()))
1873 goto out;
1874 }
1875
1876 if (tst >= 3 && tst <= 5)
1877 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1878 else
1879 md = EVP_sha256();
1880
1881 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1882 goto out;
1883
1884 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1885 goto out;
1886
1887 if (tst >= 6 && tst <= 8) {
1888 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1889 goto out;
1890 } else if (tst < 6) {
1891 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1892 goto out;
1893 }
1894
1895 if (tst >= 9) {
1896 /* Determine the size of the signature. */
1897 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1898 sizeof(kMsg)))
1899 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1900 goto out;
1901 if (tst <= 11) {
1902 /* Test that supply a short sig buffer fails */
1903 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1904 sizeof(kMsg))))
1905 goto out;
1906 /*
1907 * We end here because once EVP_DigestSign() has failed you should
1908 * not call it again without re-initing the ctx
1909 */
1910 ret = 1;
1911 goto out;
1912 }
1913 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1914 sizeof(kMsg))))
1915 goto out;
1916 } else {
1917 /* Determine the size of the signature. */
1918 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1919 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1920 /*
1921 * Trying to create a signature with a deliberately short
1922 * buffer should fail.
1923 */
1924 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1925 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1926 goto out;
1927 }
1928
1929 /*
1930 * Ensure that the signature round-trips (Verification isn't supported for
1931 * HMAC via EVP_DigestVerify*)
1932 */
1933 if (tst % 3 != 2) {
1934 if (tst >= 6 && tst <= 8) {
1935 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1936 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1937 goto out;
1938 }
1939
1940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1941 NULL, pkey)))
1942 goto out;
1943
1944 if (tst >= 6 && tst <= 8) {
1945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1946 goto out;
1947 } else {
1948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1949 sizeof(kMsg))))
1950 goto out;
1951 }
1952 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1953 goto out;
1954
1955 /* Multiple calls to EVP_DigestVerifyFinal should work */
1956 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1957 goto out;
1958 } else {
1959 /*
1960 * For HMAC a doubled call to DigestSignFinal should produce the same
1961 * value as finalization should not happen.
1962 */
1963 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1964 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1965 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1966 goto out;
1967
1968 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1969 goto out;
1970 }
1971
1972 ret = 1;
1973
1974 out:
1975 BIO_free(membio);
1976 BIO_free(mdbio);
1977 EVP_MD_CTX_free(a_md_ctx);
1978 EVP_MD_CTX_free(a_md_ctx_verify);
1979 EVP_PKEY_free(pkey);
1980 OPENSSL_free(sig);
1981 OPENSSL_free(sig2);
1982 EVP_MD_free(mdexp);
1983
1984 return ret;
1985 }
1986
test_EVP_DigestVerifyInit(void)1987 static int test_EVP_DigestVerifyInit(void)
1988 {
1989 int ret = 0;
1990 EVP_PKEY *pkey = NULL;
1991 EVP_MD_CTX *md_ctx = NULL;
1992
1993 if (nullprov != NULL)
1994 return TEST_skip("Test does not support a non-default library context");
1995
1996 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1997 || !TEST_ptr(pkey = load_example_rsa_key()))
1998 goto out;
1999
2000 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
2001 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2002 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2003 sizeof(kSignature)), 0))
2004 goto out;
2005
2006 /* test with reinitialization */
2007 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
2008 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2009 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2010 sizeof(kSignature)), 0))
2011 goto out;
2012 ret = 1;
2013
2014 out:
2015 EVP_MD_CTX_free(md_ctx);
2016 EVP_PKEY_free(pkey);
2017 return ret;
2018 }
2019
2020 #ifndef OPENSSL_NO_EC
test_ecdsa_digestsign_keccak(void)2021 static int test_ecdsa_digestsign_keccak(void)
2022 {
2023 int ret = 0;
2024 EVP_PKEY *pkey = NULL;
2025 EVP_MD_CTX *ctx = NULL;
2026 EVP_MD *md = NULL;
2027
2028 if (nullprov != NULL)
2029 return TEST_skip("Test does not support a non-default library context");
2030
2031 pkey = load_example_ec_key();
2032 if (!TEST_ptr(pkey))
2033 goto err;
2034
2035 /* This would not work with FIPS provider so just use NULL libctx */
2036 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL);
2037 if (!TEST_ptr(md))
2038 goto err;
2039
2040 ctx = EVP_MD_CTX_new();
2041 if (!TEST_ptr(ctx))
2042 goto err;
2043
2044 /*
2045 * Just check EVP_DigestSignInit_ex() works.
2046 */
2047 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
2048 goto err;
2049
2050 ret = 1;
2051 err:
2052 EVP_MD_CTX_free(ctx);
2053 EVP_PKEY_free(pkey);
2054 EVP_MD_free(md);
2055
2056 return ret;
2057 }
2058 #endif
2059
2060 #ifndef OPENSSL_NO_SIPHASH
2061 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)2062 static int test_siphash_digestsign(void)
2063 {
2064 unsigned char key[16];
2065 unsigned char buf[8], digest[8];
2066 unsigned char expected[8] = {
2067 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
2068 };
2069 EVP_PKEY *pkey = NULL;
2070 EVP_MD_CTX *mdctx = NULL;
2071 EVP_PKEY_CTX *ctx = NULL;
2072 int ret = 0;
2073 size_t len = 8;
2074
2075 if (nullprov != NULL)
2076 return TEST_skip("Test does not support a non-default library context");
2077
2078 memset(buf, 0, 8);
2079 memset(key, 1, 16);
2080 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
2081 key, 16)))
2082 goto out;
2083
2084 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
2085 goto out;
2086
2087 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
2088 goto out;
2089 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
2090 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
2091 8, NULL), 1))
2092 goto out;
2093 /* reinitialize */
2094 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
2095 goto out;
2096 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
2097 goto out;
2098 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
2099 goto out;
2100 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
2101 goto out;
2102
2103 ret = 1;
2104 out:
2105 EVP_PKEY_free(pkey);
2106 EVP_MD_CTX_free(mdctx);
2107 return ret;
2108 }
2109 #endif
2110
2111 /*
2112 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
2113 */
test_EVP_Digest(void)2114 static int test_EVP_Digest(void)
2115 {
2116 int ret = 0;
2117 EVP_MD_CTX *md_ctx = NULL;
2118 unsigned char md[EVP_MAX_MD_SIZE];
2119 EVP_MD *sha256 = NULL;
2120 EVP_MD *shake256 = NULL;
2121
2122 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2123 goto out;
2124
2125 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
2126 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
2127 goto out;
2128
2129 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2130 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2131 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
2132 /* EVP_DigestFinal resets the EVP_MD_CTX. */
2133 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
2134 goto out;
2135
2136 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2137 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2138 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
2139 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
2140 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2141 /*
2142 * EVP_DigestInit_ex with NULL type should work on
2143 * pre-initialized context.
2144 */
2145 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2146 goto out;
2147
2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2150 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2151 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2153 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2154 goto out;
2155 ret = 1;
2156
2157 out:
2158 EVP_MD_CTX_free(md_ctx);
2159 EVP_MD_free(sha256);
2160 EVP_MD_free(shake256);
2161 return ret;
2162 }
2163
test_EVP_md_null(void)2164 static int test_EVP_md_null(void)
2165 {
2166 int ret = 0;
2167 EVP_MD_CTX *md_ctx = NULL;
2168 const EVP_MD *md_null = EVP_md_null();
2169 unsigned char md_value[EVP_MAX_MD_SIZE];
2170 unsigned int md_len = sizeof(md_value);
2171
2172 if (nullprov != NULL)
2173 return TEST_skip("Test does not support a non-default library context");
2174
2175 if (!TEST_ptr(md_null)
2176 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2177 goto out;
2178
2179 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2180 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2181 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2182 goto out;
2183
2184 if (!TEST_uint_eq(md_len, 0))
2185 goto out;
2186
2187 ret = 1;
2188 out:
2189 EVP_MD_CTX_free(md_ctx);
2190 return ret;
2191 }
2192
test_d2i_AutoPrivateKey(int i)2193 static int test_d2i_AutoPrivateKey(int i)
2194 {
2195 int ret = 0;
2196 const unsigned char *p;
2197 EVP_PKEY *pkey = NULL;
2198 const APK_DATA *ak = &keydata[i];
2199 const unsigned char *input = ak->kder;
2200 size_t input_len = ak->size;
2201 int expected_id = ak->evptype;
2202
2203 p = input;
2204 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2205 || !TEST_ptr_eq(p, input + input_len)
2206 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2207 goto done;
2208
2209 ret = 1;
2210
2211 done:
2212 EVP_PKEY_free(pkey);
2213 return ret;
2214 }
2215
2216 #ifndef OPENSSL_NO_EC
2217
2218 static const unsigned char ec_public_sect163k1_validxy[] = {
2219 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2220 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2221 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2222 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2223 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2224 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2225 };
2226
2227 static const unsigned char ec_public_sect163k1_badx[] = {
2228 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2229 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2230 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2231 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2232 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2233 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2234 };
2235
2236 static const unsigned char ec_public_sect163k1_bady[] = {
2237 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2238 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2239 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2240 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2241 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2242 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2243 };
2244
2245 static struct ec_der_pub_keys_st {
2246 const unsigned char *der;
2247 size_t len;
2248 int valid;
2249 } ec_der_pub_keys[] = {
2250 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2251 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2252 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2253 };
2254
2255 /*
2256 * Tests the range of the decoded EC char2 public point.
2257 * See ec_GF2m_simple_oct2point().
2258 */
test_invalide_ec_char2_pub_range_decode(int id)2259 static int test_invalide_ec_char2_pub_range_decode(int id)
2260 {
2261 int ret = 0;
2262 EVP_PKEY *pkey;
2263
2264 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2265 ec_der_pub_keys[id].len);
2266
2267 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2268 || TEST_ptr_null(pkey);
2269 EVP_PKEY_free(pkey);
2270 return ret;
2271 }
2272
test_EVP_PKCS82PKEY(void)2273 static int test_EVP_PKCS82PKEY(void)
2274 {
2275 int ret = 0;
2276 const unsigned char *derp = kExampleBadECKeyDER;
2277 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2278 EVP_PKEY *pkey = NULL;
2279
2280 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2281 sizeof(kExampleBadECKeyDER))))
2282 goto done;
2283
2284 if (!TEST_ptr_eq(derp,
2285 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2286 goto done;
2287
2288 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2289 goto done;
2290
2291 ret = 1;
2292
2293 done:
2294 PKCS8_PRIV_KEY_INFO_free(p8inf);
2295 EVP_PKEY_free(pkey);
2296
2297 return ret;
2298 }
2299
2300 #endif
2301
test_EVP_PKCS82PKEY_v2(int i)2302 static int test_EVP_PKCS82PKEY_v2(int i)
2303 {
2304 int ret = 0;
2305 const unsigned char *p;
2306 const APK_DATA *ak = &keydata_v2[i];
2307 const unsigned char *input = ak->kder;
2308 size_t input_len = ak->size;
2309 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2310
2311 /* Can we parse PKCS#8 v2, ignoring the public key for now? */
2312 p = input;
2313 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len);
2314 if (!TEST_ptr(p8inf)
2315 || !TEST_true(p == input + input_len))
2316 goto done;
2317
2318 ret = 1;
2319 done:
2320 PKCS8_PRIV_KEY_INFO_free(p8inf);
2321 return ret;
2322 }
2323
2324 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY_wrong_tag(void)2325 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2326 {
2327 EVP_PKEY *pkey = NULL;
2328 EVP_PKEY *pkey2 = NULL;
2329 BIO *membio = NULL;
2330 char *membuf = NULL;
2331 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2332 int ok = 0;
2333
2334 if (testctx != NULL)
2335 /* test not supported with non-default context */
2336 return 1;
2337
2338 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2339 || !TEST_ptr(pkey = load_example_rsa_key())
2340 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2341 NULL, 0, NULL, NULL),
2342 0)
2343 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2344 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2345 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2346 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2347 goto done;
2348 }
2349
2350 ok = 1;
2351 done:
2352 EVP_PKEY_free(pkey);
2353 EVP_PKEY_free(pkey2);
2354 PKCS8_PRIV_KEY_INFO_free(p8inf);
2355 BIO_free_all(membio);
2356 return ok;
2357 }
2358
2359 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2360 static int test_privatekey_to_pkcs8(void)
2361 {
2362 EVP_PKEY *pkey = NULL;
2363 BIO *membio = NULL;
2364 char *membuf = NULL;
2365 long membuf_len = 0;
2366 int ok = 0;
2367
2368 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2369 || !TEST_ptr(pkey = load_example_rsa_key())
2370 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2371 NULL, 0, NULL, NULL),
2372 0)
2373 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2374 || !TEST_ptr(membuf)
2375 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2376 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2377 /*
2378 * We try to write PEM as well, just to see that it doesn't err, but
2379 * assume that the result is correct.
2380 */
2381 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2382 NULL, 0, NULL, NULL),
2383 0))
2384 goto done;
2385
2386 ok = 1;
2387 done:
2388 EVP_PKEY_free(pkey);
2389 BIO_free_all(membio);
2390 return ok;
2391 }
2392
2393 #ifndef OPENSSL_NO_EC
2394 static const struct {
2395 int encoding;
2396 const char *encoding_name;
2397 } ec_encodings[] = {
2398 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2399 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2400 };
2401
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2402 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2403 {
2404 const OSSL_PARAM *p;
2405 const char *enc_name = NULL;
2406 int *enc = arg;
2407 size_t i;
2408
2409 *enc = -1;
2410
2411 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2412 OSSL_PKEY_PARAM_EC_ENCODING))
2413 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2414 return 0;
2415
2416 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2417 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2418 *enc = ec_encodings[i].encoding;
2419 break;
2420 }
2421 }
2422
2423 return (*enc != -1);
2424 }
2425
test_EC_keygen_with_enc(int idx)2426 static int test_EC_keygen_with_enc(int idx)
2427 {
2428 EVP_PKEY *params = NULL, *key = NULL;
2429 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2430 int enc;
2431 int ret = 0;
2432
2433 enc = ec_encodings[idx].encoding;
2434
2435 /* Create key parameters */
2436 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2437 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2438 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2439 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2440 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2441 || !TEST_ptr(params))
2442 goto done;
2443
2444 /* Create key */
2445 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2446 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2447 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2448 || !TEST_ptr(key))
2449 goto done;
2450
2451 /* Check that the encoding got all the way into the key */
2452 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2453 ec_export_get_encoding_cb, &enc))
2454 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2455 goto done;
2456
2457 ret = 1;
2458 done:
2459 EVP_PKEY_free(key);
2460 EVP_PKEY_free(params);
2461 EVP_PKEY_CTX_free(kctx);
2462 EVP_PKEY_CTX_free(pctx);
2463 return ret;
2464 }
2465 #endif
2466
2467 #if !defined(OPENSSL_NO_SM2)
2468
test_EVP_SM2_verify(void)2469 static int test_EVP_SM2_verify(void)
2470 {
2471 const char *pubkey =
2472 "-----BEGIN PUBLIC KEY-----\n"
2473 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2474 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2475 "-----END PUBLIC KEY-----\n";
2476
2477 const char *msg = "message digest";
2478 const char *id = "ALICE123@YAHOO.COM";
2479
2480 const uint8_t signature[] = {
2481 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2482 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2483 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2484 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2485 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2486 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2487 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2488 };
2489
2490 int rc = 0;
2491 BIO *bio = NULL;
2492 EVP_PKEY *pkey = NULL;
2493 EVP_MD_CTX *mctx = NULL;
2494 EVP_PKEY_CTX *pctx = NULL;
2495 EVP_MD *sm3 = NULL;
2496
2497 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2498 if (!TEST_true(bio != NULL))
2499 goto done;
2500
2501 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2502 if (!TEST_true(pkey != NULL))
2503 goto done;
2504
2505 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2506 goto done;
2507
2508 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2509 goto done;
2510
2511 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2512 goto done;
2513
2514 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2515
2516 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2517 goto done;
2518
2519 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2520 goto done;
2521
2522 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2523 goto done;
2524
2525 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2526 goto done;
2527
2528 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2529 goto done;
2530 rc = 1;
2531
2532 done:
2533 BIO_free(bio);
2534 EVP_PKEY_free(pkey);
2535 EVP_PKEY_CTX_free(pctx);
2536 EVP_MD_CTX_free(mctx);
2537 EVP_MD_free(sm3);
2538 return rc;
2539 }
2540
test_EVP_SM2(void)2541 static int test_EVP_SM2(void)
2542 {
2543 int ret = 0;
2544 EVP_PKEY *pkey = NULL;
2545 EVP_PKEY *pkeyparams = NULL;
2546 EVP_PKEY_CTX *pctx = NULL;
2547 EVP_PKEY_CTX *kctx = NULL;
2548 EVP_PKEY_CTX *sctx = NULL;
2549 size_t sig_len = 0;
2550 unsigned char *sig = NULL;
2551 EVP_MD_CTX *md_ctx = NULL;
2552 EVP_MD_CTX *md_ctx_verify = NULL;
2553 EVP_PKEY_CTX *cctx = NULL;
2554 EVP_MD *check_md = NULL;
2555
2556 uint8_t ciphertext[128];
2557 size_t ctext_len = sizeof(ciphertext);
2558
2559 uint8_t plaintext[8];
2560 size_t ptext_len = sizeof(plaintext);
2561
2562 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2563
2564 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2565 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2566 int i;
2567 char mdname[OSSL_MAX_NAME_SIZE];
2568
2569 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2570 "SM2", testpropq)))
2571 goto done;
2572
2573 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2574 goto done;
2575
2576 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2577 goto done;
2578
2579 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2580 goto done;
2581
2582 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2583 pkeyparams, testpropq)))
2584 goto done;
2585
2586 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2587 goto done;
2588
2589 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2590 goto done;
2591
2592 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2593 goto done;
2594
2595 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2596 goto done;
2597
2598 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2599 goto done;
2600
2601 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2602 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2603
2604 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2605 goto done;
2606
2607 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2608 goto done;
2609
2610 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2611 goto done;
2612
2613 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2614 goto done;
2615
2616 /* Determine the size of the signature. */
2617 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2618 goto done;
2619
2620 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2621 goto done;
2622
2623 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2624 goto done;
2625
2626 /* Ensure that the signature round-trips. */
2627
2628 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2629 pkey)))
2630 goto done;
2631
2632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2633 goto done;
2634
2635 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2636 goto done;
2637
2638 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2639 goto done;
2640
2641 /*
2642 * Try verify again with non-matching 0 length id but ensure that it can
2643 * be set on the context and overrides the previous value.
2644 */
2645
2646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2647 pkey)))
2648 goto done;
2649
2650 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2651 goto done;
2652
2653 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2654 goto done;
2655
2656 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2657 goto done;
2658
2659 /* now check encryption/decryption */
2660
2661 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2662 mdname, sizeof(mdname));
2663 for (i = 0; i < 2; i++) {
2664 const char *mdnames[] = {
2665 #ifndef OPENSSL_NO_SM3
2666 "SM3",
2667 #else
2668 NULL,
2669 #endif
2670 "SHA2-256" };
2671 EVP_PKEY_CTX_free(cctx);
2672
2673 if (mdnames[i] == NULL)
2674 continue;
2675
2676 sparams[0] =
2677 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2678 (char *)mdnames[i], 0);
2679
2680 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2681 pkey, testpropq)))
2682 goto done;
2683
2684 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2685 goto done;
2686
2687 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2688 goto done;
2689
2690 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2691 sizeof(kMsg))))
2692 goto done;
2693
2694 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2695 goto done;
2696
2697 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2698 goto done;
2699
2700 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2701 ctext_len), 0))
2702 goto done;
2703
2704 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2705 goto done;
2706
2707 /*
2708 * Test we're still using the digest we think we are.
2709 * Because of aliases, the easiest is to fetch the digest and
2710 * check the name with EVP_MD_is_a().
2711 */
2712 EVP_MD_free(check_md);
2713 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2714 goto done;
2715 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2716 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2717 goto done;
2718 }
2719
2720 if (!TEST_true(ptext_len == sizeof(kMsg)))
2721 goto done;
2722
2723 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2724 goto done;
2725 }
2726
2727 ret = 1;
2728 done:
2729 EVP_PKEY_CTX_free(pctx);
2730 EVP_PKEY_CTX_free(kctx);
2731 EVP_PKEY_CTX_free(sctx);
2732 EVP_PKEY_CTX_free(cctx);
2733 EVP_PKEY_free(pkey);
2734 EVP_PKEY_free(pkeyparams);
2735 EVP_MD_CTX_free(md_ctx);
2736 EVP_MD_CTX_free(md_ctx_verify);
2737 EVP_MD_free(check_md);
2738 OPENSSL_free(sig);
2739 return ret;
2740 }
2741
2742 #endif
2743
2744 #ifndef OPENSSL_NO_ML_KEM
2745 static const uint8_t ml_kem_seed[] = {
2746 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4,
2747 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
2748 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79,
2749 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
2750 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b,
2751 0x87, 0x2b, 0xfb, 0x8f
2752 };
2753 static const uint8_t ml_kem_512_pubkey[] = {
2754 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
2755 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
2756 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26,
2757 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
2758 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19,
2759 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
2760 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36,
2761 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
2762 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb,
2763 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
2764 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3,
2765 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
2766 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8,
2767 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
2768 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82,
2769 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
2770 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b,
2771 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
2772 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74,
2773 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
2774 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07,
2775 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
2776 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92,
2777 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
2778 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55,
2779 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
2780 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a,
2781 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
2782 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f,
2783 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
2784 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3,
2785 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
2786 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b,
2787 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
2788 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a,
2789 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
2790 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50,
2791 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
2792 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6,
2793 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
2794 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13,
2795 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
2796 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22,
2797 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
2798 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27,
2799 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
2800 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06,
2801 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
2802 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f,
2803 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
2804 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a,
2805 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
2806 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a,
2807 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
2808 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a,
2809 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
2810 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d,
2811 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
2812 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77,
2813 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
2814 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e,
2815 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
2816 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8,
2817 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
2818 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae,
2819 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
2820 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
2821 };
2822 static const uint8_t ml_kem_768_pubkey[] = {
2823 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
2824 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
2825 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13,
2826 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
2827 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25,
2828 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
2829 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce,
2830 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
2831 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e,
2832 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
2833 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56,
2834 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
2835 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba,
2836 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
2837 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74,
2838 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
2839 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49,
2840 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
2841 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74,
2842 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
2843 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0,
2844 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
2845 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b,
2846 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
2847 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf,
2848 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
2849 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53,
2850 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
2851 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc,
2852 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
2853 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19,
2854 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
2855 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a,
2856 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
2857 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7,
2858 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
2859 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5,
2860 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
2861 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51,
2862 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
2863 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf,
2864 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
2865 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48,
2866 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
2867 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a,
2868 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
2869 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7,
2870 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
2871 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28,
2872 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
2873 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11,
2874 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
2875 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0,
2876 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
2877 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f,
2878 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
2879 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7,
2880 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
2881 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e,
2882 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
2883 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68,
2884 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
2885 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82,
2886 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
2887 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d,
2888 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
2889 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e,
2890 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
2891 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce,
2892 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
2893 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d,
2894 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
2895 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48,
2896 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
2897 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b,
2898 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
2899 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97,
2900 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
2901 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac,
2902 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
2903 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1,
2904 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
2905 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62,
2906 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
2907 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f,
2908 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
2909 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd,
2910 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
2911 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd,
2912 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
2913 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63,
2914 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
2915 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82,
2916 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
2917 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e,
2918 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
2919 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb,
2920 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
2921 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
2922 };
2923 static const uint8_t ml_kem_1024_pubkey[] = {
2924 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
2925 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
2926 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18,
2927 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
2928 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33,
2929 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
2930 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45,
2931 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
2932 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45,
2933 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
2934 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06,
2935 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
2936 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d,
2937 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
2938 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97,
2939 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
2940 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80,
2941 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
2942 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d,
2943 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
2944 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7,
2945 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
2946 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7,
2947 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
2948 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc,
2949 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
2950 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39,
2951 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
2952 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5,
2953 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
2954 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89,
2955 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
2956 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1,
2957 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
2958 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca,
2959 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
2960 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b,
2961 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
2962 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50,
2963 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
2964 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86,
2965 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
2966 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c,
2967 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
2968 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44,
2969 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
2970 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f,
2971 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
2972 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65,
2973 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
2974 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7,
2975 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
2976 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d,
2977 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
2978 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e,
2979 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
2980 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94,
2981 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
2982 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d,
2983 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
2984 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f,
2985 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
2986 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e,
2987 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
2988 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b,
2989 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
2990 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe,
2991 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
2992 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98,
2993 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
2994 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f,
2995 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
2996 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4,
2997 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
2998 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0,
2999 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
3000 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a,
3001 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
3002 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a,
3003 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
3004 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24,
3005 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
3006 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f,
3007 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
3008 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33,
3009 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
3010 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89,
3011 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
3012 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32,
3013 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
3014 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37,
3015 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
3016 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84,
3017 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
3018 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50,
3019 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
3020 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25,
3021 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
3022 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6,
3023 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
3024 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e,
3025 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
3026 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b,
3027 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
3028 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf,
3029 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
3030 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2,
3031 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
3032 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03,
3033 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
3034 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66,
3035 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
3036 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55,
3037 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
3038 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e,
3039 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
3040 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76,
3041 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
3042 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a,
3043 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
3044 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86,
3045 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
3046 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44,
3047 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
3048 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34,
3049 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
3050 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d,
3051 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
3052 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf,
3053 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
3054 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
3055 };
3056 #endif
3057
3058 static struct keys_st {
3059 int type;
3060 const uint8_t *priv;
3061 const uint8_t *pub;
3062 /* If "name" is non-NULL, create via non-legacy _ex() API */
3063 char *name;
3064 int privlen;
3065 int publen;
3066 } keys[] = {
3067 {
3068 EVP_PKEY_HMAC,
3069 (const uint8_t *)"0123456789",
3070 NULL,
3071 NULL, 10, 0
3072 },
3073 {
3074 EVP_PKEY_HMAC, (const uint8_t *)"", NULL,
3075 NULL, 0, 0
3076 #ifndef OPENSSL_NO_POLY1305
3077 }, {
3078 EVP_PKEY_POLY1305,
3079 (const uint8_t *)"01234567890123456789012345678901",
3080 NULL,
3081 NULL, 32, 0
3082 #endif
3083 #ifndef OPENSSL_NO_SIPHASH
3084 }, {
3085 EVP_PKEY_SIPHASH,
3086 (const uint8_t *)"0123456789012345",
3087 NULL,
3088 NULL, 16, 0
3089 #endif
3090 },
3091 #ifndef OPENSSL_NO_ECX
3092 {
3093 EVP_PKEY_X25519,
3094 (const uint8_t *)"01234567890123456789012345678901",
3095 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef",
3096 NULL, 32, 32
3097 }, {
3098 EVP_PKEY_ED25519,
3099 (const uint8_t *)"01234567890123456789012345678901",
3100 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef",
3101 NULL, 32, 32
3102 }, {
3103 EVP_PKEY_X448,
3104 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345",
3105 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd",
3106 NULL, 56, 56
3107 }, {
3108 EVP_PKEY_ED448,
3109 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456",
3110 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde",
3111 NULL, 57, 57
3112 },
3113 #endif
3114 #ifndef OPENSSL_NO_ML_KEM
3115 {
3116 NID_undef, ml_kem_seed, ml_kem_512_pubkey,
3117 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey)
3118 }, {
3119 NID_undef, ml_kem_seed, ml_kem_768_pubkey,
3120 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey)
3121 }, {
3122 NID_undef, ml_kem_seed, ml_kem_1024_pubkey,
3123 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey)
3124 },
3125 #endif
3126 };
3127
3128 #ifndef OPENSSL_NO_ML_KEM
3129 static int
ml_kem_seed_to_priv(const char * alg,const unsigned char * seed,int seedlen,unsigned char ** ret,size_t * retlen)3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen,
3131 unsigned char **ret, size_t *retlen)
3132 {
3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3134 EVP_PKEY_CTX *ctx = NULL;
3135 EVP_PKEY *pkey = NULL;
3136 const OSSL_PARAM *p;
3137 OSSL_PARAM *params = NULL;
3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
3139 int ok = 0;
3140
3141 /* Import the seed to generate a key */
3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL);
3143 if (!TEST_ptr(ctx)
3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0))
3145 goto done;
3146 parr[0] = OSSL_PARAM_construct_octet_string(
3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen);
3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0))
3149 goto done;
3150
3151 /* Export the key to get the encoded form */
3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms)))
3153 goto done;
3154
3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
3156 if (!TEST_ptr(p)
3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen)))
3158 goto done;
3159 ok = 1;
3160
3161 done:
3162 EVP_PKEY_free(pkey);
3163 OSSL_PARAM_free(params);
3164 EVP_PKEY_CTX_free(ctx);
3165 return ok;
3166 }
3167 #endif
3168
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
3170 {
3171 int ret = 0;
3172 uint8_t *buf = NULL;
3173 const uint8_t *in;
3174 uint8_t shortbuf[1];
3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf);
3176 EVP_PKEY *pkey = NULL;
3177 unsigned char *privalloc = NULL;
3178 const char *name;
3179
3180 /* Check if this algorithm supports public keys */
3181 if (pub && keys[tst].pub == NULL)
3182 return 1;
3183
3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type);
3185
3186 if (pub) {
3187 #ifndef OPENSSL_NO_EC
3188 inlen = keys[tst].publen;
3189 in = keys[tst].pub;
3190 if (uselibctx || keys[tst].name != NULL) {
3191 pkey = EVP_PKEY_new_raw_public_key_ex(
3192 testctx,
3193 name,
3194 NULL,
3195 in,
3196 inlen);
3197 } else {
3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
3199 NULL,
3200 in,
3201 inlen);
3202 }
3203 #else
3204 return 1;
3205 #endif
3206 } else {
3207 inlen = keys[tst].privlen;
3208 in = keys[tst].priv;
3209 #ifndef OPENSSL_NO_ML_KEM
3210 if (in == ml_kem_seed) {
3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen,
3212 &privalloc, &inlen)))
3213 goto done;
3214 in = privalloc;
3215 }
3216 #endif
3217 if (uselibctx || keys[tst].name != NULL) {
3218 pkey = EVP_PKEY_new_raw_private_key_ex(
3219 testctx,
3220 name,
3221 NULL,
3222 in,
3223 inlen);
3224 } else {
3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
3226 NULL,
3227 in,
3228 inlen);
3229 }
3230 }
3231
3232 if (!TEST_ptr(pkey)
3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
3236 || !TEST_true(len == inlen))
3237 goto done;
3238 if (tst != 1) {
3239 /*
3240 * Test that supplying a buffer that is too small fails. Doesn't apply
3241 * to HMAC with a zero length key
3242 */
3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf,
3244 &shortlen)))
3245 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf,
3246 &shortlen))))
3247 goto done;
3248 }
3249 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len)))
3250 goto done;
3251 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
3252 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
3253 || !TEST_mem_eq(in, inlen, buf, len))
3254 goto done;
3255
3256 ret = 1;
3257 done:
3258 OPENSSL_free(privalloc);
3259 OPENSSL_free(buf);
3260 EVP_PKEY_free(pkey);
3261 return ret;
3262 }
3263
test_set_get_raw_keys(int tst)3264 static int test_set_get_raw_keys(int tst)
3265 {
3266 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
3267 && test_set_get_raw_keys_int(tst, 0, 1)
3268 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
3269 && test_set_get_raw_keys_int(tst, 1, 1);
3270 }
3271
3272 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)3273 static int pkey_custom_check(EVP_PKEY *pkey)
3274 {
3275 return 0xbeef;
3276 }
3277
pkey_custom_pub_check(EVP_PKEY * pkey)3278 static int pkey_custom_pub_check(EVP_PKEY *pkey)
3279 {
3280 return 0xbeef;
3281 }
3282
pkey_custom_param_check(EVP_PKEY * pkey)3283 static int pkey_custom_param_check(EVP_PKEY *pkey)
3284 {
3285 return 0xbeef;
3286 }
3287
3288 static EVP_PKEY_METHOD *custom_pmeth;
3289 #endif
3290
test_EVP_PKEY_check(int i)3291 static int test_EVP_PKEY_check(int i)
3292 {
3293 int ret = 0;
3294 EVP_PKEY *pkey = NULL;
3295 EVP_PKEY_CTX *ctx = NULL;
3296 #ifndef OPENSSL_NO_DEPRECATED_3_0
3297 EVP_PKEY_CTX *ctx2 = NULL;
3298 #endif
3299 const APK_DATA *ak = &keycheckdata[i];
3300 const unsigned char *input = ak->kder;
3301 size_t input_len = ak->size;
3302 int expected_id = ak->evptype;
3303 int expected_check = ak->check;
3304 int expected_pub_check = ak->pub_check;
3305 int expected_param_check = ak->param_check;
3306 int type = ak->type;
3307
3308 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
3309 goto done;
3310 if (type == 0
3311 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
3312 goto done;
3313
3314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
3315 goto done;
3316
3317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
3318 goto done;
3319
3320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
3321 goto done;
3322
3323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
3324 goto done;
3325
3326 #ifndef OPENSSL_NO_DEPRECATED_3_0
3327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
3328 /* assign the pkey directly, as an internal test */
3329 if (!EVP_PKEY_up_ref(pkey))
3330 goto done;
3331
3332 ctx2->pkey = pkey;
3333
3334 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
3335 goto done;
3336
3337 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
3338 goto done;
3339
3340 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
3341 goto done;
3342 #endif
3343
3344 ret = 1;
3345
3346 done:
3347 EVP_PKEY_CTX_free(ctx);
3348 #ifndef OPENSSL_NO_DEPRECATED_3_0
3349 EVP_PKEY_CTX_free(ctx2);
3350 #endif
3351 EVP_PKEY_free(pkey);
3352 return ret;
3353 }
3354
3355 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)3356 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
3357 {
3358 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
3359 const char msg[] = "Hello World";
3360 size_t maclen = AES_BLOCK_SIZE;
3361 int ret = 1;
3362
3363 if (!TEST_ptr(mdctx)
3364 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
3365 testpropq, pkey, NULL))
3366 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
3367 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
3368 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
3369 ret = 0;
3370
3371 EVP_MD_CTX_free(mdctx);
3372
3373 return ret;
3374 }
test_CMAC_keygen(void)3375 static int test_CMAC_keygen(void)
3376 {
3377 static unsigned char key[] = {
3378 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3379 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3380 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3381 };
3382 EVP_PKEY_CTX *kctx = NULL;
3383 int ret = 0;
3384 EVP_PKEY *pkey = NULL;
3385 unsigned char mac[AES_BLOCK_SIZE];
3386 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
3387 unsigned char mac2[AES_BLOCK_SIZE];
3388 # endif
3389
3390 if (nullprov != NULL)
3391 return TEST_skip("Test does not support a non-default library context");
3392
3393 /*
3394 * This is a legacy method for CMACs, but should still work.
3395 * This verifies that it works without an ENGINE.
3396 */
3397 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
3398
3399 /* Test a CMAC key created using the "generated" method */
3400 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
3401 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3402 EVP_PKEY_CTRL_CIPHER,
3403 0, (void *)EVP_aes_256_cbc()), 0)
3404 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3405 EVP_PKEY_CTRL_SET_MAC_KEY,
3406 sizeof(key), (void *)key), 0)
3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
3408 || !TEST_ptr(pkey)
3409 || !TEST_true(get_cmac_val(pkey, mac)))
3410 goto done;
3411
3412 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
3413 EVP_PKEY_free(pkey);
3414
3415 /*
3416 * Test a CMAC key using the direct method, and compare with the mac
3417 * created above.
3418 */
3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
3420 if (!TEST_ptr(pkey)
3421 || !TEST_true(get_cmac_val(pkey, mac2))
3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
3423 goto done;
3424 # endif
3425
3426 ret = 1;
3427
3428 done:
3429 EVP_PKEY_free(pkey);
3430 EVP_PKEY_CTX_free(kctx);
3431 return ret;
3432 }
3433 #endif
3434
test_HKDF(void)3435 static int test_HKDF(void)
3436 {
3437 EVP_PKEY_CTX *pctx;
3438 unsigned char out[20];
3439 size_t outlen;
3440 int i, ret = 0;
3441 unsigned char salt[] = "0123456789";
3442 unsigned char key[] = "012345678901234567890123456789";
3443 unsigned char info[] = "infostring";
3444 const unsigned char expected[] = {
3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
3447 };
3448 size_t expectedlen = sizeof(expected);
3449
3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3451 goto done;
3452
3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */
3454 for (i = 0; i < 2; i++) {
3455 outlen = sizeof(out);
3456 memset(out, 0, outlen);
3457
3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3461 sizeof(salt) - 1), 0)
3462 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3463 sizeof(key) - 1), 0)
3464 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3465 sizeof(info) - 1), 0)
3466 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3467 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3468 goto done;
3469 }
3470
3471 ret = 1;
3472
3473 done:
3474 EVP_PKEY_CTX_free(pctx);
3475
3476 return ret;
3477 }
3478
test_emptyikm_HKDF(void)3479 static int test_emptyikm_HKDF(void)
3480 {
3481 EVP_PKEY_CTX *pctx;
3482 unsigned char out[20];
3483 size_t outlen;
3484 int ret = 0;
3485 unsigned char salt[] = "9876543210";
3486 unsigned char key[] = "";
3487 unsigned char info[] = "stringinfo";
3488 const unsigned char expected[] = {
3489 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
3490 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
3491 };
3492 size_t expectedlen = sizeof(expected);
3493
3494 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3495 goto done;
3496
3497 outlen = sizeof(out);
3498 memset(out, 0, outlen);
3499
3500 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3501 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3502 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3503 sizeof(salt) - 1), 0)
3504 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3505 sizeof(key) - 1), 0)
3506 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3507 sizeof(info) - 1), 0)
3508 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3509 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3510 goto done;
3511
3512 ret = 1;
3513
3514 done:
3515 EVP_PKEY_CTX_free(pctx);
3516
3517 return ret;
3518 }
3519
test_empty_salt_info_HKDF(void)3520 static int test_empty_salt_info_HKDF(void)
3521 {
3522 EVP_PKEY_CTX *pctx;
3523 unsigned char out[20];
3524 size_t outlen;
3525 int ret = 0;
3526 unsigned char salt[] = "";
3527 unsigned char fake[] = "0123456789";
3528 unsigned char key[] = "012345678901234567890123456789";
3529 unsigned char info[] = "";
3530 const unsigned char expected[] = {
3531 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
3532 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
3533 };
3534 size_t expectedlen = sizeof(expected);
3535
3536 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3537 goto done;
3538
3539 outlen = sizeof(out);
3540 memset(out, 0, outlen);
3541
3542 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3543 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3544 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
3545 sizeof(fake) - 1), 0)
3546 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3547 sizeof(salt) - 1), 0)
3548 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3549 sizeof(key) - 1), 0)
3550 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3551 sizeof(info) - 1), 0)
3552 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3553 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3554 goto done;
3555
3556 ret = 1;
3557
3558 done:
3559 EVP_PKEY_CTX_free(pctx);
3560
3561 return ret;
3562 }
3563
3564 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)3565 static int test_X509_PUBKEY_inplace(void)
3566 {
3567 int ret = 0;
3568 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
3569 const unsigned char *p = kExampleECPubKeyDER;
3570 size_t input_len = sizeof(kExampleECPubKeyDER);
3571
3572 if (!TEST_ptr(xp))
3573 goto done;
3574 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
3575 goto done;
3576
3577 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3578 goto done;
3579
3580 p = kExampleBadECPubKeyDER;
3581 input_len = sizeof(kExampleBadECPubKeyDER);
3582
3583 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3584 goto done;
3585
3586 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3587 goto done;
3588
3589 ret = 1;
3590
3591 done:
3592 X509_PUBKEY_free(xp);
3593 return ret;
3594 }
3595
test_X509_PUBKEY_dup(void)3596 static int test_X509_PUBKEY_dup(void)
3597 {
3598 int ret = 0;
3599 X509_PUBKEY *xp = NULL, *xq = NULL;
3600 const unsigned char *p = kExampleECPubKeyDER;
3601 size_t input_len = sizeof(kExampleECPubKeyDER);
3602
3603 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3604 if (!TEST_ptr(xp)
3605 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3606 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3607 || !TEST_ptr_ne(xp, xq))
3608 goto done;
3609
3610 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3611 || !TEST_ptr(X509_PUBKEY_get0(xp))
3612 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3613 goto done;
3614
3615 X509_PUBKEY_free(xq);
3616 xq = NULL;
3617 p = kExampleBadECPubKeyDER;
3618 input_len = sizeof(kExampleBadECPubKeyDER);
3619
3620 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3621 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3622 goto done;
3623
3624 X509_PUBKEY_free(xp);
3625 xp = NULL;
3626 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3627 goto done;
3628
3629 ret = 1;
3630
3631 done:
3632 X509_PUBKEY_free(xp);
3633 X509_PUBKEY_free(xq);
3634 return ret;
3635 }
3636 #endif /* OPENSSL_NO_EC */
3637
3638 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3639 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3640 {
3641 EVP_MD_CTX *mdctx = NULL;
3642 EVP_PKEY_CTX *ctx = NULL;
3643 const OSSL_PARAM *params;
3644 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3645 int ret = 0;
3646 const EVP_MD *md;
3647 char mdname[OSSL_MAX_NAME_SIZE];
3648 char ssl3ms[48];
3649
3650 /* Initialise a sign operation */
3651 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3652 if (!TEST_ptr(ctx)
3653 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3654 goto err;
3655
3656 /*
3657 * We should be able to query the parameters now.
3658 */
3659 params = EVP_PKEY_CTX_settable_params(ctx);
3660 if (!TEST_ptr(params)
3661 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3662 OSSL_SIGNATURE_PARAM_DIGEST)))
3663 goto err;
3664
3665 params = EVP_PKEY_CTX_gettable_params(ctx);
3666 if (!TEST_ptr(params)
3667 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3668 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3669 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3670 OSSL_SIGNATURE_PARAM_DIGEST)))
3671 goto err;
3672
3673 /*
3674 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3675 * EVP_PKEY_CTX_get_params()
3676 */
3677 strcpy(mdname, "SHA512");
3678 param_md = param;
3679 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3680 mdname, 0);
3681 *param++ = OSSL_PARAM_construct_end();
3682
3683 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3684 goto err;
3685
3686 mdname[0] = '\0';
3687 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3688 mdname, sizeof(mdname));
3689 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3690 || !TEST_str_eq(mdname, "SHA512"))
3691 goto err;
3692
3693 /*
3694 * Test the TEST_PKEY_CTX_set_signature_md() and
3695 * TEST_PKEY_CTX_get_signature_md() functions
3696 */
3697 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3698 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3699 || !TEST_ptr_eq(md, EVP_sha256()))
3700 goto err;
3701
3702 /*
3703 * Test getting MD parameters via an associated EVP_PKEY_CTX
3704 */
3705 mdctx = EVP_MD_CTX_new();
3706 if (!TEST_ptr(mdctx)
3707 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3708 pkey, NULL)))
3709 goto err;
3710
3711 /*
3712 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3713 * able to obtain the digest's settable parameters from the provider.
3714 */
3715 params = EVP_MD_CTX_settable_params(mdctx);
3716 if (!TEST_ptr(params)
3717 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3718 /* The final key should be NULL */
3719 || !TEST_ptr_null(params[1].key))
3720 goto err;
3721
3722 param = ourparams;
3723 memset(ssl3ms, 0, sizeof(ssl3ms));
3724 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3725 ssl3ms, sizeof(ssl3ms));
3726 *param++ = OSSL_PARAM_construct_end();
3727
3728 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3729 goto err;
3730
3731 ret = 1;
3732
3733 err:
3734 EVP_MD_CTX_free(mdctx);
3735 EVP_PKEY_CTX_free(ctx);
3736
3737 return ret;
3738 }
3739
3740 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3741 static int test_DSA_get_set_params(void)
3742 {
3743 OSSL_PARAM_BLD *bld = NULL;
3744 OSSL_PARAM *params = NULL;
3745 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3746 EVP_PKEY_CTX *pctx = NULL;
3747 EVP_PKEY *pkey = NULL;
3748 int ret = 0;
3749
3750 /*
3751 * Setup the parameters for our DSA object. For our purposes they don't
3752 * have to actually be *valid* parameters. We just need to set something.
3753 */
3754 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3755 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3756 || !TEST_ptr(p = BN_new())
3757 || !TEST_ptr(q = BN_new())
3758 || !TEST_ptr(g = BN_new())
3759 || !TEST_ptr(pub = BN_new())
3760 || !TEST_ptr(priv = BN_new()))
3761 goto err;
3762 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3766 pub))
3767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3768 priv)))
3769 goto err;
3770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3771 goto err;
3772
3773 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3774 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3775 params), 0))
3776 goto err;
3777
3778 if (!TEST_ptr(pkey))
3779 goto err;
3780
3781 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3782
3783 err:
3784 EVP_PKEY_free(pkey);
3785 EVP_PKEY_CTX_free(pctx);
3786 OSSL_PARAM_free(params);
3787 OSSL_PARAM_BLD_free(bld);
3788 BN_free(p);
3789 BN_free(q);
3790 BN_free(g);
3791 BN_free(pub);
3792 BN_free(priv);
3793
3794 return ret;
3795 }
3796
3797 /*
3798 * Test combinations of private, public, missing and private + public key
3799 * params to ensure they are all accepted
3800 */
test_DSA_priv_pub(void)3801 static int test_DSA_priv_pub(void)
3802 {
3803 return test_EVP_PKEY_ffc_priv_pub("DSA");
3804 }
3805
3806 #endif /* !OPENSSL_NO_DSA */
3807
test_RSA_get_set_params(void)3808 static int test_RSA_get_set_params(void)
3809 {
3810 OSSL_PARAM_BLD *bld = NULL;
3811 OSSL_PARAM *params = NULL;
3812 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3813 EVP_PKEY_CTX *pctx = NULL;
3814 EVP_PKEY *pkey = NULL;
3815 int ret = 0;
3816
3817 /*
3818 * Setup the parameters for our RSA object. For our purposes they don't
3819 * have to actually be *valid* parameters. We just need to set something.
3820 */
3821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3823 || !TEST_ptr(n = BN_new())
3824 || !TEST_ptr(e = BN_new())
3825 || !TEST_ptr(d = BN_new()))
3826 goto err;
3827 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3830 goto err;
3831 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3832 goto err;
3833
3834 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3835 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3836 params), 0))
3837 goto err;
3838
3839 if (!TEST_ptr(pkey))
3840 goto err;
3841
3842 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3843
3844 err:
3845 EVP_PKEY_free(pkey);
3846 EVP_PKEY_CTX_free(pctx);
3847 OSSL_PARAM_free(params);
3848 OSSL_PARAM_BLD_free(bld);
3849 BN_free(n);
3850 BN_free(e);
3851 BN_free(d);
3852
3853 return ret;
3854 }
3855
test_RSA_OAEP_set_get_params(void)3856 static int test_RSA_OAEP_set_get_params(void)
3857 {
3858 int ret = 0;
3859 EVP_PKEY *key = NULL;
3860 EVP_PKEY_CTX *key_ctx = NULL;
3861
3862 if (nullprov != NULL)
3863 return TEST_skip("Test does not support a non-default library context");
3864
3865 if (!TEST_ptr(key = load_example_rsa_key())
3866 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3867 goto err;
3868
3869 {
3870 int padding = RSA_PKCS1_OAEP_PADDING;
3871 OSSL_PARAM params[4];
3872
3873 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3874 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3875 OSSL_DIGEST_NAME_SHA2_256, 0);
3876 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3877 OSSL_DIGEST_NAME_SHA1, 0);
3878 params[3] = OSSL_PARAM_construct_end();
3879
3880 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3881 goto err;
3882 }
3883 {
3884 OSSL_PARAM params[3];
3885 char oaepmd[30] = { '\0' };
3886 char mgf1md[30] = { '\0' };
3887
3888 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3889 oaepmd, sizeof(oaepmd));
3890 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3891 mgf1md, sizeof(mgf1md));
3892 params[2] = OSSL_PARAM_construct_end();
3893
3894 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3895 goto err;
3896
3897 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3898 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3899 goto err;
3900 }
3901
3902 ret = 1;
3903
3904 err:
3905 EVP_PKEY_free(key);
3906 EVP_PKEY_CTX_free(key_ctx);
3907
3908 return ret;
3909 }
3910
3911 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3912 static int test_RSA_OAEP_set_null_label(void)
3913 {
3914 int ret = 0;
3915 EVP_PKEY *key = NULL;
3916 EVP_PKEY_CTX *key_ctx = NULL;
3917
3918 if (!TEST_ptr(key = load_example_rsa_key())
3919 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3920 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3921 goto err;
3922
3923 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3924 goto err;
3925
3926 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3927 goto err;
3928
3929 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3930 goto err;
3931
3932 ret = 1;
3933
3934 err:
3935 EVP_PKEY_free(key);
3936 EVP_PKEY_CTX_free(key_ctx);
3937
3938 return ret;
3939 }
3940
3941 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3942 static int test_RSA_legacy(void)
3943 {
3944 int ret = 0;
3945 BIGNUM *p = NULL;
3946 BIGNUM *q = NULL;
3947 BIGNUM *n = NULL;
3948 BIGNUM *e = NULL;
3949 BIGNUM *d = NULL;
3950 const EVP_MD *md = EVP_sha256();
3951 EVP_MD_CTX *ctx = NULL;
3952 EVP_PKEY *pkey = NULL;
3953 RSA *rsa = NULL;
3954
3955 if (nullprov != NULL)
3956 return TEST_skip("Test does not support a non-default library context");
3957
3958 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3959 || !TEST_ptr(q = BN_dup(BN_value_one()))
3960 || !TEST_ptr(n = BN_dup(BN_value_one()))
3961 || !TEST_ptr(e = BN_dup(BN_value_one()))
3962 || !TEST_ptr(d = BN_dup(BN_value_one())))
3963 goto err;
3964
3965 if (!TEST_ptr(rsa = RSA_new())
3966 || !TEST_ptr(pkey = EVP_PKEY_new())
3967 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3968 goto err;
3969
3970 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3971 goto err;
3972 p = NULL;
3973 q = NULL;
3974
3975 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3976 goto err;
3977 n = NULL;
3978 e = NULL;
3979 d = NULL;
3980
3981 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3982 goto err;
3983
3984 rsa = NULL;
3985
3986 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3987 goto err;
3988
3989 ret = 1;
3990
3991 err:
3992 RSA_free(rsa);
3993 EVP_MD_CTX_free(ctx);
3994 EVP_PKEY_free(pkey);
3995 BN_free(p);
3996 BN_free(q);
3997 BN_free(n);
3998 BN_free(e);
3999 BN_free(d);
4000
4001 return ret;
4002 }
4003 #endif
4004
4005 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)4006 static int test_decrypt_null_chunks(void)
4007 {
4008 EVP_CIPHER_CTX* ctx = NULL;
4009 EVP_CIPHER *cipher = NULL;
4010 const unsigned char key[32] = {
4011 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4012 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4013 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
4014 };
4015 unsigned char iv[12] = {
4016 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
4017 };
4018 unsigned char msg[] = "It was the best of times, it was the worst of times";
4019 unsigned char ciphertext[80];
4020 unsigned char plaintext[80];
4021 /* We initialise tmp to a non zero value on purpose */
4022 int ctlen, ptlen, tmp = 99;
4023 int ret = 0;
4024 const int enc_offset = 10, dec_offset = 20;
4025
4026 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
4027 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4028 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
4029 key, iv))
4030 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
4031 enc_offset))
4032 /* Deliberate add a zero length update */
4033 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
4034 0))
4035 || !TEST_int_eq(tmp, 0)
4036 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
4037 msg + enc_offset,
4038 sizeof(msg) - enc_offset))
4039 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
4040 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
4041 || !TEST_int_eq(tmp, 0))
4042 goto err;
4043
4044 /* Deliberately initialise tmp to a non zero value */
4045 tmp = 99;
4046 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
4047 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
4048 dec_offset))
4049 /*
4050 * Deliberately add a zero length update. We also deliberately do
4051 * this at a different offset than for encryption.
4052 */
4053 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
4054 0))
4055 || !TEST_int_eq(tmp, 0)
4056 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
4057 ciphertext + dec_offset,
4058 ctlen - dec_offset))
4059 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
4060 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
4061 || !TEST_int_eq(tmp, 0)
4062 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
4063 goto err;
4064
4065 ret = 1;
4066 err:
4067 EVP_CIPHER_CTX_free(ctx);
4068 EVP_CIPHER_free(cipher);
4069 return ret;
4070 }
4071 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
4072
4073 #ifndef OPENSSL_NO_DH
4074 /*
4075 * Test combinations of private, public, missing and private + public key
4076 * params to ensure they are all accepted
4077 */
test_DH_priv_pub(void)4078 static int test_DH_priv_pub(void)
4079 {
4080 return test_EVP_PKEY_ffc_priv_pub("DH");
4081 }
4082
4083 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)4084 static int test_EVP_PKEY_set1_DH(void)
4085 {
4086 DH *x942dh = NULL, *noqdh = NULL;
4087 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
4088 int ret = 0;
4089 BIGNUM *p, *g = NULL;
4090 BIGNUM *pubkey = NULL;
4091 unsigned char pub[2048 / 8];
4092 size_t len = 0;
4093
4094 if (!TEST_ptr(p = BN_new())
4095 || !TEST_ptr(g = BN_new())
4096 || !TEST_ptr(pubkey = BN_new())
4097 || !TEST_true(BN_set_word(p, 9999))
4098 || !TEST_true(BN_set_word(g, 2))
4099 || !TEST_true(BN_set_word(pubkey, 4321))
4100 || !TEST_ptr(noqdh = DH_new())
4101 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
4102 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
4103 || !TEST_ptr(pubkey = BN_new())
4104 || !TEST_true(BN_set_word(pubkey, 4321)))
4105 goto err;
4106 p = g = NULL;
4107
4108 x942dh = DH_get_2048_256();
4109 pkey1 = EVP_PKEY_new();
4110 pkey2 = EVP_PKEY_new();
4111 if (!TEST_ptr(x942dh)
4112 || !TEST_ptr(noqdh)
4113 || !TEST_ptr(pkey1)
4114 || !TEST_ptr(pkey2)
4115 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
4116 goto err;
4117 pubkey = NULL;
4118
4119 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
4120 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
4121 goto err;
4122
4123 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
4124 &pubkey))
4125 || !TEST_ptr(pubkey))
4126 goto err;
4127
4128 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
4129 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
4130 goto err;
4131
4132 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
4133 OSSL_PKEY_PARAM_PUB_KEY,
4134 pub, sizeof(pub), &len))
4135 || !TEST_size_t_ne(len, 0))
4136 goto err;
4137
4138 ret = 1;
4139 err:
4140 BN_free(p);
4141 BN_free(g);
4142 BN_free(pubkey);
4143 EVP_PKEY_free(pkey1);
4144 EVP_PKEY_free(pkey2);
4145 DH_free(x942dh);
4146 DH_free(noqdh);
4147
4148 return ret;
4149 }
4150 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4151 #endif /* !OPENSSL_NO_DH */
4152
4153 /*
4154 * We test what happens with an empty template. For the sake of this test,
4155 * the template must be ignored, and we know that's the case for RSA keys
4156 * (this might arguably be a misfeature, but that's what we currently do,
4157 * even in provider code, since that's how the legacy RSA implementation
4158 * does things)
4159 */
test_keygen_with_empty_template(int n)4160 static int test_keygen_with_empty_template(int n)
4161 {
4162 EVP_PKEY_CTX *ctx = NULL;
4163 EVP_PKEY *pkey = NULL;
4164 EVP_PKEY *tkey = NULL;
4165 int ret = 0;
4166
4167 if (nullprov != NULL)
4168 return TEST_skip("Test does not support a non-default library context");
4169
4170 switch (n) {
4171 case 0:
4172 /* We do test with no template at all as well */
4173 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
4174 goto err;
4175 break;
4176 case 1:
4177 /* Here we create an empty RSA key that serves as our template */
4178 if (!TEST_ptr(tkey = EVP_PKEY_new())
4179 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
4180 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
4181 goto err;
4182 break;
4183 }
4184
4185 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4186 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
4187 goto err;
4188
4189 ret = 1;
4190 err:
4191 EVP_PKEY_CTX_free(ctx);
4192 EVP_PKEY_free(pkey);
4193 EVP_PKEY_free(tkey);
4194 return ret;
4195 }
4196
4197 /*
4198 * Test that we fail if we attempt to use an algorithm that is not available
4199 * in the current library context (unless we are using an algorithm that
4200 * should be made available via legacy codepaths).
4201 *
4202 * 0: RSA
4203 * 1: SM2
4204 */
test_pkey_ctx_fail_without_provider(int tst)4205 static int test_pkey_ctx_fail_without_provider(int tst)
4206 {
4207 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
4208 OSSL_PROVIDER *tmpnullprov = NULL;
4209 EVP_PKEY_CTX *pctx = NULL;
4210 const char *keytype = NULL;
4211 int expect_null = 0;
4212 int ret = 0;
4213
4214 if (!TEST_ptr(tmpctx))
4215 goto err;
4216
4217 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
4218 if (!TEST_ptr(tmpnullprov))
4219 goto err;
4220
4221 /*
4222 * We check for certain algos in the null provider.
4223 * If an algo is expected to have a provider keymgmt, constructing an
4224 * EVP_PKEY_CTX is expected to fail (return NULL).
4225 * Otherwise, if it's expected to have legacy support, constructing an
4226 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
4227 */
4228 switch (tst) {
4229 case 0:
4230 keytype = "RSA";
4231 expect_null = 1;
4232 break;
4233 case 1:
4234 keytype = "SM2";
4235 expect_null = 1;
4236 #ifdef OPENSSL_NO_EC
4237 TEST_info("EC disable, skipping SM2 check...");
4238 goto end;
4239 #endif
4240 #ifdef OPENSSL_NO_SM2
4241 TEST_info("SM2 disable, skipping SM2 check...");
4242 goto end;
4243 #endif
4244 break;
4245 default:
4246 TEST_error("No test for case %d", tst);
4247 goto err;
4248 }
4249
4250 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
4251 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
4252 goto err;
4253
4254 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
4255 end:
4256 #endif
4257 ret = 1;
4258
4259 err:
4260 EVP_PKEY_CTX_free(pctx);
4261 OSSL_PROVIDER_unload(tmpnullprov);
4262 OSSL_LIB_CTX_free(tmpctx);
4263 return ret;
4264 }
4265
test_rand_agglomeration(void)4266 static int test_rand_agglomeration(void)
4267 {
4268 EVP_RAND *rand;
4269 EVP_RAND_CTX *ctx;
4270 OSSL_PARAM params[3], *p = params;
4271 int res;
4272 unsigned int step = 7;
4273 static unsigned char seed[] = "It does not matter how slowly you go "
4274 "as long as you do not stop.";
4275 unsigned char out[sizeof(seed)];
4276
4277 if (!TEST_int_ne(sizeof(seed) % step, 0)
4278 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
4279 return 0;
4280 ctx = EVP_RAND_CTX_new(rand, NULL);
4281 EVP_RAND_free(rand);
4282 if (!TEST_ptr(ctx))
4283 return 0;
4284
4285 memset(out, 0, sizeof(out));
4286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
4287 seed, sizeof(seed));
4288 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
4289 *p = OSSL_PARAM_construct_end();
4290 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
4291 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
4292 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
4293 EVP_RAND_CTX_free(ctx);
4294 return res;
4295 }
4296
4297 /*
4298 * Test that we correctly return the original or "running" IV after
4299 * an encryption operation.
4300 * Run multiple times for some different relevant algorithms/modes.
4301 */
test_evp_iv_aes(int idx)4302 static int test_evp_iv_aes(int idx)
4303 {
4304 int ret = 0;
4305 EVP_CIPHER_CTX *ctx = NULL;
4306 unsigned char key[16] = {
4307 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
4308 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
4309 };
4310 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
4311 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4312 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4313 };
4314 static const unsigned char msg[] = {
4315 1, 2, 3, 4, 5, 6, 7, 8,
4316 9, 10, 11, 12, 13, 14, 15, 16
4317 };
4318 unsigned char ciphertext[32], oiv[16], iv[16];
4319 unsigned char *ref_iv;
4320 unsigned char cbc_state[16] = {
4321 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
4322 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
4323 };
4324
4325 unsigned char ofb_state[16] = {
4326 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
4327 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
4328 };
4329 unsigned char cfb_state[16] = {
4330 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
4331 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
4332 };
4333 unsigned char gcm_state[12] = {
4334 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4335 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4336 };
4337 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
4338 #ifndef OPENSSL_NO_OCB
4339 unsigned char ocb_state[12] = {
4340 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4341 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4342 };
4343 #endif
4344 int len = sizeof(ciphertext);
4345 size_t ivlen, ref_len;
4346 const EVP_CIPHER *type = NULL;
4347 int iv_reset = 0;
4348
4349 if (nullprov != NULL && idx < 6)
4350 return TEST_skip("Test does not support a non-default library context");
4351
4352 switch (idx) {
4353 case 0:
4354 type = EVP_aes_128_cbc();
4355 /* FALLTHROUGH */
4356 case 6:
4357 type = (type != NULL) ? type :
4358 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
4359 ref_iv = cbc_state;
4360 ref_len = sizeof(cbc_state);
4361 iv_reset = 1;
4362 break;
4363 case 1:
4364 type = EVP_aes_128_ofb();
4365 /* FALLTHROUGH */
4366 case 7:
4367 type = (type != NULL) ? type :
4368 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
4369 ref_iv = ofb_state;
4370 ref_len = sizeof(ofb_state);
4371 iv_reset = 1;
4372 break;
4373 case 2:
4374 type = EVP_aes_128_cfb();
4375 /* FALLTHROUGH */
4376 case 8:
4377 type = (type != NULL) ? type :
4378 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
4379 ref_iv = cfb_state;
4380 ref_len = sizeof(cfb_state);
4381 iv_reset = 1;
4382 break;
4383 case 3:
4384 type = EVP_aes_128_gcm();
4385 /* FALLTHROUGH */
4386 case 9:
4387 type = (type != NULL) ? type :
4388 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
4389 ref_iv = gcm_state;
4390 ref_len = sizeof(gcm_state);
4391 break;
4392 case 4:
4393 type = EVP_aes_128_ccm();
4394 /* FALLTHROUGH */
4395 case 10:
4396 type = (type != NULL) ? type :
4397 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
4398 ref_iv = ccm_state;
4399 ref_len = sizeof(ccm_state);
4400 break;
4401 #ifdef OPENSSL_NO_OCB
4402 case 5:
4403 case 11:
4404 return 1;
4405 #else
4406 case 5:
4407 type = EVP_aes_128_ocb();
4408 /* FALLTHROUGH */
4409 case 11:
4410 type = (type != NULL) ? type :
4411 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
4412 ref_iv = ocb_state;
4413 ref_len = sizeof(ocb_state);
4414 break;
4415 #endif
4416 default:
4417 return 0;
4418 }
4419
4420 if (!TEST_ptr(type)
4421 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4422 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4423 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4424 (int)sizeof(msg)))
4425 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4426 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4427 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4428 goto err;
4429 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4430
4431 if (!TEST_int_gt(ivlen, 0))
4432 goto err;
4433
4434 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4435 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4436 goto err;
4437
4438 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
4439 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4440 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4441 goto err;
4442 if (iv_reset) {
4443 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4444 goto err;
4445 } else {
4446 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
4447 goto err;
4448 }
4449
4450 ret = 1;
4451 err:
4452 EVP_CIPHER_CTX_free(ctx);
4453 if (idx >= 6)
4454 EVP_CIPHER_free((EVP_CIPHER *)type);
4455 return ret;
4456 }
4457
4458 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)4459 static int test_evp_iv_des(int idx)
4460 {
4461 int ret = 0;
4462 EVP_CIPHER_CTX *ctx = NULL;
4463 static const unsigned char key[24] = {
4464 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
4465 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
4466 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4467 };
4468 static const unsigned char init_iv[8] = {
4469 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4470 };
4471 static const unsigned char msg[] = {
4472 1, 2, 3, 4, 5, 6, 7, 8,
4473 9, 10, 11, 12, 13, 14, 15, 16
4474 };
4475 unsigned char ciphertext[32], oiv[8], iv[8];
4476 unsigned const char *ref_iv;
4477 static const unsigned char cbc_state_des[8] = {
4478 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
4479 };
4480 static const unsigned char cbc_state_3des[8] = {
4481 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
4482 };
4483 static const unsigned char ofb_state_des[8] = {
4484 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
4485 };
4486 static const unsigned char ofb_state_3des[8] = {
4487 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
4488 };
4489 static const unsigned char cfb_state_des[8] = {
4490 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
4491 };
4492 static const unsigned char cfb_state_3des[8] = {
4493 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
4494 };
4495 int len = sizeof(ciphertext);
4496 size_t ivlen, ref_len;
4497 EVP_CIPHER *type = NULL;
4498
4499 if (lgcyprov == NULL && idx < 3)
4500 return TEST_skip("Test requires legacy provider to be loaded");
4501
4502 switch (idx) {
4503 case 0:
4504 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
4505 ref_iv = cbc_state_des;
4506 ref_len = sizeof(cbc_state_des);
4507 break;
4508 case 1:
4509 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
4510 ref_iv = ofb_state_des;
4511 ref_len = sizeof(ofb_state_des);
4512 break;
4513 case 2:
4514 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
4515 ref_iv = cfb_state_des;
4516 ref_len = sizeof(cfb_state_des);
4517 break;
4518 case 3:
4519 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
4520 ref_iv = cbc_state_3des;
4521 ref_len = sizeof(cbc_state_3des);
4522 break;
4523 case 4:
4524 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
4525 ref_iv = ofb_state_3des;
4526 ref_len = sizeof(ofb_state_3des);
4527 break;
4528 case 5:
4529 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
4530 ref_iv = cfb_state_3des;
4531 ref_len = sizeof(cfb_state_3des);
4532 break;
4533 default:
4534 return 0;
4535 }
4536
4537 if (!TEST_ptr(type)
4538 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4539 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4540 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4541 (int)sizeof(msg)))
4542 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4543 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4544 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4545 goto err;
4546 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4547
4548 if (!TEST_int_gt(ivlen, 0))
4549 goto err;
4550
4551 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4552 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4553 goto err;
4554
4555 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4556 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4557 goto err;
4558 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4559 goto err;
4560
4561 ret = 1;
4562 err:
4563 EVP_CIPHER_CTX_free(ctx);
4564 EVP_CIPHER_free(type);
4565 return ret;
4566 }
4567 #endif
4568
4569 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)4570 static int test_evp_bf_default_keylen(int idx)
4571 {
4572 int ret = 0;
4573 static const char *algos[4] = {
4574 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
4575 };
4576 int ivlen[4] = { 0, 8, 8, 8 };
4577 EVP_CIPHER *cipher = NULL;
4578
4579 if (lgcyprov == NULL)
4580 return TEST_skip("Test requires legacy provider to be loaded");
4581
4582 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4583 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4584 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4585 goto err;
4586
4587 ret = 1;
4588 err:
4589 EVP_CIPHER_free(cipher);
4590 return ret;
4591 }
4592 #endif
4593
4594 #ifndef OPENSSL_NO_EC
4595 static int ecpub_nids[] = {
4596 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4597 NID_secp384r1, NID_secp521r1,
4598 # ifndef OPENSSL_NO_EC2M
4599 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4600 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4601 # endif
4602 NID_brainpoolP384r1, NID_brainpoolP512r1
4603 };
4604
test_ecpub(int idx)4605 static int test_ecpub(int idx)
4606 {
4607 int ret = 0, len, savelen;
4608 int nid;
4609 unsigned char buf[1024];
4610 unsigned char *p;
4611 EVP_PKEY *pkey = NULL;
4612 EVP_PKEY_CTX *ctx = NULL;
4613 # ifndef OPENSSL_NO_DEPRECATED_3_0
4614 const unsigned char *q;
4615 EVP_PKEY *pkey2 = NULL;
4616 EC_KEY *ec = NULL;
4617 # endif
4618
4619 if (nullprov != NULL)
4620 return TEST_skip("Test does not support a non-default library context");
4621
4622 nid = ecpub_nids[idx];
4623
4624 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4625 if (!TEST_ptr(ctx)
4626 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4627 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4628 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4629 goto done;
4630 len = i2d_PublicKey(pkey, NULL);
4631 savelen = len;
4632 if (!TEST_int_ge(len, 1)
4633 || !TEST_int_lt(len, 1024))
4634 goto done;
4635 p = buf;
4636 len = i2d_PublicKey(pkey, &p);
4637 if (!TEST_int_ge(len, 1)
4638 || !TEST_int_eq(len, savelen))
4639 goto done;
4640
4641 # ifndef OPENSSL_NO_DEPRECATED_3_0
4642 /* Now try to decode the just-created DER. */
4643 q = buf;
4644 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4645 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4646 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4647 goto done;
4648 /* EC_KEY ownership transferred */
4649 ec = NULL;
4650 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4651 goto done;
4652 /* The keys should match. */
4653 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4654 goto done;
4655 # endif
4656
4657 ret = 1;
4658
4659 done:
4660 EVP_PKEY_CTX_free(ctx);
4661 EVP_PKEY_free(pkey);
4662 # ifndef OPENSSL_NO_DEPRECATED_3_0
4663 EVP_PKEY_free(pkey2);
4664 EC_KEY_free(ec);
4665 # endif
4666 return ret;
4667 }
4668 #endif
4669
test_EVP_rsa_pss_with_keygen_bits(void)4670 static int test_EVP_rsa_pss_with_keygen_bits(void)
4671 {
4672 int ret = 0;
4673 EVP_PKEY_CTX *ctx = NULL;
4674 EVP_PKEY *pkey = NULL;
4675 EVP_MD *md;
4676
4677 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4678 ret = TEST_ptr(md)
4679 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4680 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4681 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4682 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4683 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4684
4685 EVP_MD_free(md);
4686 EVP_PKEY_free(pkey);
4687 EVP_PKEY_CTX_free(ctx);
4688 return ret;
4689 }
4690
test_EVP_rsa_pss_set_saltlen(void)4691 static int test_EVP_rsa_pss_set_saltlen(void)
4692 {
4693 int ret = 0;
4694 EVP_PKEY *pkey = NULL;
4695 EVP_PKEY_CTX *pkey_ctx = NULL;
4696 EVP_MD *sha256 = NULL;
4697 EVP_MD_CTX *sha256_ctx = NULL;
4698 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4699 const int test_value = 32;
4700
4701 ret = TEST_ptr(pkey = load_example_rsa_key())
4702 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4703 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4704 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4705 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4706 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4707 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4708 && TEST_int_eq(saltlen, test_value);
4709
4710 EVP_MD_CTX_free(sha256_ctx);
4711 EVP_PKEY_free(pkey);
4712 EVP_MD_free(sha256);
4713
4714 return ret;
4715 }
4716
test_EVP_rsa_invalid_key(void)4717 static int test_EVP_rsa_invalid_key(void)
4718 {
4719 int ret = 0;
4720 EVP_PKEY *pkey = NULL;
4721
4722 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4723 /* we expect to fail to load bogus key */
4724 ret = !TEST_ptr(pkey);
4725 EVP_PKEY_free(pkey);
4726
4727 return ret;
4728 }
4729
4730 static int success = 1;
md_names(const char * name,void * vctx)4731 static void md_names(const char *name, void *vctx)
4732 {
4733 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4734 /* Force a namemap update */
4735 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4736
4737 if (!TEST_ptr(aes128))
4738 success = 0;
4739
4740 EVP_CIPHER_free(aes128);
4741 }
4742
4743 /*
4744 * Test that changing the namemap in a user callback works in a names_do_all
4745 * function.
4746 */
test_names_do_all(void)4747 static int test_names_do_all(void)
4748 {
4749 /* We use a custom libctx so that we know the state of the namemap */
4750 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4751 EVP_MD *sha256 = NULL;
4752 int testresult = 0;
4753
4754 if (!TEST_ptr(ctx))
4755 goto err;
4756
4757 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4758 if (!TEST_ptr(sha256))
4759 goto err;
4760
4761 /*
4762 * We loop through all the names for a given digest. This should still work
4763 * even if the namemap changes part way through.
4764 */
4765 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4766 goto err;
4767
4768 if (!TEST_true(success))
4769 goto err;
4770
4771 testresult = 1;
4772 err:
4773 EVP_MD_free(sha256);
4774 OSSL_LIB_CTX_free(ctx);
4775 return testresult;
4776 }
4777
4778 typedef struct {
4779 const char *cipher;
4780 const unsigned char *key;
4781 const unsigned char *iv;
4782 const unsigned char *input;
4783 const unsigned char *expected;
4784 const unsigned char *tag;
4785 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4786 size_t inlen;
4787 size_t expectedlen;
4788 size_t taglen;
4789 int keyfirst;
4790 int initenc;
4791 int finalenc;
4792 } EVP_INIT_TEST_st;
4793
4794 static const EVP_INIT_TEST_st evp_init_tests[] = {
4795 {
4796 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4797 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4798 0, 1, 0, 1
4799 },
4800 {
4801 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4802 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4803 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4804 sizeof(gcmDefaultTag), 1, 0, 1
4805 },
4806 {
4807 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4808 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4809 0, 0, 0, 1
4810 },
4811 {
4812 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4813 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4814 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4815 sizeof(gcmDefaultTag), 0, 0, 1
4816 },
4817 {
4818 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4819 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4820 0, 1, 1, 0
4821 },
4822 {
4823 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4824 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4825 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4826 sizeof(gcmDefaultTag), 1, 1, 0
4827 },
4828 {
4829 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4830 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4831 0, 0, 1, 0
4832 },
4833 {
4834 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4835 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4836 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4837 sizeof(gcmDefaultTag), 0, 1, 0
4838 }
4839 };
4840
4841 /* use same key, iv and plaintext for cfb and ofb */
4842 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4843 {
4844 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4845 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4846 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4847 },
4848 {
4849 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4850 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4851 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4852 },
4853 {
4854 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4855 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4856 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4857 },
4858 {
4859 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4860 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4861 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4862 },
4863 };
4864
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4865 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4866 {
4867 int res = 0;
4868
4869 if (t->ivlen != 0) {
4870 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4871 goto err;
4872 }
4873 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4874 goto err;
4875 res = 1;
4876 err:
4877 return res;
4878 }
4879
4880 /*
4881 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4882 * arguments are given one at a time and a final adjustment to the enc
4883 * parameter sets the correct operation.
4884 */
test_evp_init_seq(int idx)4885 static int test_evp_init_seq(int idx)
4886 {
4887 int outlen1, outlen2;
4888 int testresult = 0;
4889 unsigned char outbuf[1024];
4890 unsigned char tag[16];
4891 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4892 EVP_CIPHER_CTX *ctx = NULL;
4893 EVP_CIPHER *type = NULL;
4894 size_t taglen = sizeof(tag);
4895 char *errmsg = NULL;
4896
4897 ctx = EVP_CIPHER_CTX_new();
4898 if (ctx == NULL) {
4899 errmsg = "CTX_ALLOC";
4900 goto err;
4901 }
4902 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4903 errmsg = "CIPHER_FETCH";
4904 goto err;
4905 }
4906 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4907 errmsg = "EMPTY_ENC_INIT";
4908 goto err;
4909 }
4910 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4911 errmsg = "PADDING";
4912 goto err;
4913 }
4914 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4915 errmsg = "KEY_INIT (before iv)";
4916 goto err;
4917 }
4918 if (!evp_init_seq_set_iv(ctx, t)) {
4919 errmsg = "IV_INIT";
4920 goto err;
4921 }
4922 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4923 errmsg = "KEY_INIT (after iv)";
4924 goto err;
4925 }
4926 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4927 errmsg = "FINAL_ENC_INIT";
4928 goto err;
4929 }
4930 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4931 errmsg = "CIPHER_UPDATE";
4932 goto err;
4933 }
4934 if (t->finalenc == 0 && t->tag != NULL) {
4935 /* Set expected tag */
4936 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4937 t->taglen, (void *)t->tag), 0)) {
4938 errmsg = "SET_TAG";
4939 goto err;
4940 }
4941 }
4942 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4943 errmsg = "CIPHER_FINAL";
4944 goto err;
4945 }
4946 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4947 errmsg = "WRONG_RESULT";
4948 goto err;
4949 }
4950 if (t->finalenc != 0 && t->tag != NULL) {
4951 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4952 errmsg = "GET_TAG";
4953 goto err;
4954 }
4955 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4956 errmsg = "TAG_ERROR";
4957 goto err;
4958 }
4959 }
4960 testresult = 1;
4961 err:
4962 if (errmsg != NULL)
4963 TEST_info("evp_init_test %d: %s", idx, errmsg);
4964 EVP_CIPHER_CTX_free(ctx);
4965 EVP_CIPHER_free(type);
4966 return testresult;
4967 }
4968
4969 /*
4970 * Test re-initialization of cipher context without changing key or iv.
4971 * The result of both iteration should be the same.
4972 */
test_evp_reinit_seq(int idx)4973 static int test_evp_reinit_seq(int idx)
4974 {
4975 int outlen1, outlen2, outlen_final;
4976 int testresult = 0;
4977 unsigned char outbuf1[1024];
4978 unsigned char outbuf2[1024];
4979 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4980 EVP_CIPHER_CTX *ctx = NULL;
4981 EVP_CIPHER *type = NULL;
4982
4983 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4984 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4985 /* setup cipher context */
4986 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4987 /* first iteration */
4988 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4989 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4990 /* check test results iteration 1 */
4991 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4992 /* now re-init the context (same cipher, key and iv) */
4993 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4994 /* second iteration */
4995 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4996 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4997 /* check test results iteration 2 */
4998 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4999 goto err;
5000 testresult = 1;
5001 err:
5002 EVP_CIPHER_CTX_free(ctx);
5003 EVP_CIPHER_free(type);
5004 return testresult;
5005 }
5006
5007 typedef struct {
5008 const unsigned char *input;
5009 const unsigned char *expected;
5010 size_t inlen;
5011 size_t expectedlen;
5012 int enc;
5013 } EVP_RESET_TEST_st;
5014
5015 static const EVP_RESET_TEST_st evp_reset_tests[] = {
5016 {
5017 cfbPlaintext, cfbCiphertext,
5018 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
5019 },
5020 {
5021 cfbCiphertext, cfbPlaintext,
5022 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
5023 }
5024 };
5025
5026 /*
5027 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
5028 * been used.
5029 */
test_evp_reset(int idx)5030 static int test_evp_reset(int idx)
5031 {
5032 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
5033 int outlen1, outlen2;
5034 int testresult = 0;
5035 unsigned char outbuf[1024];
5036 EVP_CIPHER_CTX *ctx = NULL;
5037 EVP_CIPHER *type = NULL;
5038 char *errmsg = NULL;
5039
5040 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5041 errmsg = "CTX_ALLOC";
5042 goto err;
5043 }
5044 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
5045 errmsg = "CIPHER_FETCH";
5046 goto err;
5047 }
5048 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5049 errmsg = "CIPHER_INIT";
5050 goto err;
5051 }
5052 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5053 errmsg = "PADDING";
5054 goto err;
5055 }
5056 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5057 errmsg = "CIPHER_UPDATE";
5058 goto err;
5059 }
5060 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5061 errmsg = "CIPHER_FINAL";
5062 goto err;
5063 }
5064 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5065 errmsg = "WRONG_RESULT";
5066 goto err;
5067 }
5068 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
5069 errmsg = "CIPHER_REINIT";
5070 goto err;
5071 }
5072 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5073 errmsg = "CIPHER_UPDATE (reinit)";
5074 goto err;
5075 }
5076 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5077 errmsg = "CIPHER_FINAL (reinit)";
5078 goto err;
5079 }
5080 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5081 errmsg = "WRONG_RESULT (reinit)";
5082 goto err;
5083 }
5084 testresult = 1;
5085 err:
5086 if (errmsg != NULL)
5087 TEST_info("test_evp_reset %d: %s", idx, errmsg);
5088 EVP_CIPHER_CTX_free(ctx);
5089 EVP_CIPHER_free(type);
5090 return testresult;
5091 }
5092
5093 typedef struct {
5094 const char *cipher;
5095 int enc;
5096 } EVP_UPDATED_IV_TEST_st;
5097
5098 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
5099 {
5100 "aes-128-cfb", 1
5101 },
5102 {
5103 "aes-128-cfb", 0
5104 },
5105 {
5106 "aes-128-cfb1", 1
5107 },
5108 {
5109 "aes-128-cfb1", 0
5110 },
5111 {
5112 "aes-128-cfb8", 1
5113 },
5114 {
5115 "aes-128-cfb8", 0
5116 },
5117 {
5118 "aes-128-ofb", 1
5119 },
5120 {
5121 "aes-128-ofb", 0
5122 },
5123 {
5124 "aes-128-ctr", 1
5125 },
5126 {
5127 "aes-128-ctr", 0
5128 },
5129 {
5130 "aes-128-cbc", 1
5131 },
5132 {
5133 "aes-128-cbc", 0
5134 }
5135 };
5136
5137 /*
5138 * Test that the IV in the context is updated during a crypto operation for CFB
5139 * and OFB.
5140 */
test_evp_updated_iv(int idx)5141 static int test_evp_updated_iv(int idx)
5142 {
5143 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
5144 int outlen1, outlen2;
5145 int testresult = 0;
5146 unsigned char outbuf[1024];
5147 EVP_CIPHER_CTX *ctx = NULL;
5148 EVP_CIPHER *type = NULL;
5149 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
5150 int iv_len;
5151 char *errmsg = NULL;
5152
5153 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5154 errmsg = "CTX_ALLOC";
5155 goto err;
5156 }
5157 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
5158 TEST_info("cipher %s not supported, skipping", t->cipher);
5159 goto ok;
5160 }
5161
5162 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5163 errmsg = "CIPHER_INIT";
5164 goto err;
5165 }
5166 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5167 errmsg = "PADDING";
5168 goto err;
5169 }
5170 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
5171 errmsg = "CIPHER_UPDATE";
5172 goto err;
5173 }
5174 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
5175 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
5176 goto err;
5177 }
5178 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
5179 if (!TEST_int_ge(iv_len,0)) {
5180 errmsg = "CIPHER_CTX_GET_IV_LEN";
5181 goto err;
5182 }
5183 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
5184 errmsg = "IV_NOT_UPDATED";
5185 goto err;
5186 }
5187 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5188 errmsg = "CIPHER_FINAL";
5189 goto err;
5190 }
5191 ok:
5192 testresult = 1;
5193 err:
5194 if (errmsg != NULL)
5195 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
5196 EVP_CIPHER_CTX_free(ctx);
5197 EVP_CIPHER_free(type);
5198 return testresult;
5199 }
5200
5201 typedef struct {
5202 const unsigned char *iv1;
5203 const unsigned char *iv2;
5204 const unsigned char *expected1;
5205 const unsigned char *expected2;
5206 const unsigned char *tag1;
5207 const unsigned char *tag2;
5208 size_t ivlen1;
5209 size_t ivlen2;
5210 size_t expectedlen1;
5211 size_t expectedlen2;
5212 } TEST_GCM_IV_REINIT_st;
5213
5214 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
5215 {
5216 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
5217 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
5218 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
5219 },
5220 {
5221 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
5222 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
5223 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
5224 }
5225 };
5226
test_gcm_reinit(int idx)5227 static int test_gcm_reinit(int idx)
5228 {
5229 int outlen1, outlen2, outlen3;
5230 int testresult = 0;
5231 unsigned char outbuf[1024];
5232 unsigned char tag[16];
5233 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
5234 EVP_CIPHER_CTX *ctx = NULL;
5235 EVP_CIPHER *type = NULL;
5236 size_t taglen = sizeof(tag);
5237 char *errmsg = NULL;
5238
5239 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5240 errmsg = "CTX_ALLOC";
5241 goto err;
5242 }
5243 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
5244 errmsg = "CIPHER_FETCH";
5245 goto err;
5246 }
5247 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
5248 errmsg = "ENC_INIT";
5249 goto err;
5250 }
5251 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
5252 errmsg = "SET_IVLEN1";
5253 goto err;
5254 }
5255 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
5256 errmsg = "SET_IV1";
5257 goto err;
5258 }
5259 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5260 errmsg = "AAD1";
5261 goto err;
5262 }
5263 EVP_CIPHER_CTX_set_padding(ctx, 0);
5264 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5265 sizeof(gcmResetPlaintext)))) {
5266 errmsg = "CIPHER_UPDATE1";
5267 goto err;
5268 }
5269 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5270 errmsg = "CIPHER_FINAL1";
5271 goto err;
5272 }
5273 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
5274 errmsg = "WRONG_RESULT1";
5275 goto err;
5276 }
5277 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5278 errmsg = "GET_TAG1";
5279 goto err;
5280 }
5281 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
5282 errmsg = "TAG_ERROR1";
5283 goto err;
5284 }
5285 /* Now reinit */
5286 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
5287 errmsg = "SET_IVLEN2";
5288 goto err;
5289 }
5290 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
5291 errmsg = "SET_IV2";
5292 goto err;
5293 }
5294 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5295 errmsg = "AAD2";
5296 goto err;
5297 }
5298 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5299 sizeof(gcmResetPlaintext)))) {
5300 errmsg = "CIPHER_UPDATE2";
5301 goto err;
5302 }
5303 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5304 errmsg = "CIPHER_FINAL2";
5305 goto err;
5306 }
5307 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
5308 errmsg = "WRONG_RESULT2";
5309 goto err;
5310 }
5311 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5312 errmsg = "GET_TAG2";
5313 goto err;
5314 }
5315 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
5316 errmsg = "TAG_ERROR2";
5317 goto err;
5318 }
5319 testresult = 1;
5320 err:
5321 if (errmsg != NULL)
5322 TEST_info("evp_init_test %d: %s", idx, errmsg);
5323 EVP_CIPHER_CTX_free(ctx);
5324 EVP_CIPHER_free(type);
5325 return testresult;
5326 }
5327
5328 static const char *ivlen_change_ciphers[] = {
5329 "AES-256-GCM",
5330 #ifndef OPENSSL_NO_OCB
5331 "AES-256-OCB",
5332 #endif
5333 "AES-256-CCM"
5334 };
5335
5336 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)5337 static int test_ivlen_change(int idx)
5338 {
5339 int outlen;
5340 int res = 0;
5341 unsigned char outbuf[1024];
5342 static const unsigned char iv[] = {
5343 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5344 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5345 };
5346 EVP_CIPHER_CTX *ctx = NULL;
5347 EVP_CIPHER *ciph = NULL;
5348 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5349 size_t ivlen = 13; /* non-default IV length */
5350
5351 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5352 goto err;
5353
5354 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
5355 testpropq)))
5356 goto err;
5357
5358 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
5359 goto err;
5360
5361 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5362 sizeof(gcmDefaultPlaintext))))
5363 goto err;
5364
5365 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5366 &ivlen);
5367 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5368 goto err;
5369
5370 ERR_set_mark();
5371 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5372 sizeof(gcmDefaultPlaintext)))) {
5373 ERR_clear_last_mark();
5374 goto err;
5375 }
5376 ERR_pop_to_mark();
5377
5378 res = 1;
5379 err:
5380 EVP_CIPHER_CTX_free(ctx);
5381 EVP_CIPHER_free(ciph);
5382 return res;
5383 }
5384
5385 static const char *keylen_change_ciphers[] = {
5386 #ifndef OPENSSL_NO_BF
5387 "BF-ECB",
5388 #endif
5389 #ifndef OPENSSL_NO_CAST
5390 "CAST5-ECB",
5391 #endif
5392 #ifndef OPENSSL_NO_RC2
5393 "RC2-ECB",
5394 #endif
5395 #ifndef OPENSSL_NO_RC4
5396 "RC4",
5397 #endif
5398 #ifndef OPENSSL_NO_RC5
5399 "RC5-ECB",
5400 #endif
5401 NULL
5402 };
5403
5404 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)5405 static int test_keylen_change(int idx)
5406 {
5407 int outlen;
5408 int res = 0;
5409 unsigned char outbuf[1024];
5410 static const unsigned char key[] = {
5411 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5412 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5413 };
5414 EVP_CIPHER_CTX *ctx = NULL;
5415 EVP_CIPHER *ciph = NULL;
5416 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5417 size_t keylen = 12; /* non-default key length */
5418
5419 if (lgcyprov == NULL)
5420 return TEST_skip("Test requires legacy provider to be loaded");
5421
5422 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5423 goto err;
5424
5425 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
5426 testpropq)))
5427 goto err;
5428
5429 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
5430 goto err;
5431
5432 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5433 sizeof(gcmDefaultPlaintext))))
5434 goto err;
5435
5436 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5437 &keylen);
5438 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5439 goto err;
5440
5441 ERR_set_mark();
5442 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5443 sizeof(gcmDefaultPlaintext)))) {
5444 ERR_clear_last_mark();
5445 goto err;
5446 }
5447 ERR_pop_to_mark();
5448
5449 res = 1;
5450 err:
5451 EVP_CIPHER_CTX_free(ctx);
5452 EVP_CIPHER_free(ciph);
5453 return res;
5454 }
5455
5456 #ifndef OPENSSL_NO_DEPRECATED_3_0
5457 static EVP_PKEY_METHOD *custom_pmeth = NULL;
5458 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
5459
5460 # define EVP_PKEY_CTRL_MY_COMMAND 9999
5461
custom_pmeth_init(EVP_PKEY_CTX * ctx)5462 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
5463 {
5464 int (*pinit)(EVP_PKEY_CTX *ctx);
5465
5466 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
5467 return pinit(ctx);
5468 }
5469
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)5470 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
5471 {
5472 void (*pcleanup)(EVP_PKEY_CTX *ctx);
5473
5474 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
5475 pcleanup(ctx);
5476 }
5477
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)5478 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
5479 size_t *outlen, const unsigned char *in,
5480 size_t inlen)
5481 {
5482 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
5483 const unsigned char *tbs, size_t tbslen);
5484
5485 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
5486 return psign(ctx, out, outlen, in, inlen);
5487 }
5488
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)5489 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
5490 size_t *siglen, const unsigned char *tbs,
5491 size_t tbslen)
5492 {
5493 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
5494 const unsigned char *tbs, size_t tbslen);
5495
5496 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
5497 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
5498 }
5499
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)5500 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
5501 size_t *keylen)
5502 {
5503 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
5504
5505 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
5506 return pderive(ctx, key, keylen);
5507 }
5508
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)5509 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
5510 {
5511 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
5512
5513 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
5514 return pcopy(dst, src);
5515 }
5516
5517 static int ctrl_called;
5518
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)5519 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
5520 {
5521 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
5522
5523 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
5524
5525 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
5526 ctrl_called = 1;
5527 return 1;
5528 }
5529
5530 return pctrl(ctx, type, p1, p2);
5531 }
5532
test_custom_pmeth(int idx)5533 static int test_custom_pmeth(int idx)
5534 {
5535 EVP_PKEY_CTX *pctx = NULL;
5536 EVP_MD_CTX *ctx = NULL;
5537 EVP_PKEY *pkey = NULL;
5538 int id, orig_id, orig_flags;
5539 int testresult = 0;
5540 size_t reslen;
5541 unsigned char *res = NULL;
5542 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
5543 const EVP_MD *md = EVP_sha256();
5544 int doderive = 0;
5545
5546 ctrl_called = 0;
5547
5548 /* We call deprecated APIs so this test doesn't support a custom libctx */
5549 if (testctx != NULL)
5550 return 1;
5551
5552 switch (idx) {
5553 case 0:
5554 case 6:
5555 id = EVP_PKEY_RSA;
5556 pkey = load_example_rsa_key();
5557 break;
5558 case 1:
5559 case 7:
5560 # ifndef OPENSSL_NO_DSA
5561 id = EVP_PKEY_DSA;
5562 pkey = load_example_dsa_key();
5563 break;
5564 # else
5565 return 1;
5566 # endif
5567 case 2:
5568 case 8:
5569 # ifndef OPENSSL_NO_EC
5570 id = EVP_PKEY_EC;
5571 pkey = load_example_ec_key();
5572 break;
5573 # else
5574 return 1;
5575 # endif
5576 case 3:
5577 case 9:
5578 # ifndef OPENSSL_NO_ECX
5579 id = EVP_PKEY_ED25519;
5580 md = NULL;
5581 pkey = load_example_ed25519_key();
5582 break;
5583 # else
5584 return 1;
5585 # endif
5586 case 4:
5587 case 10:
5588 # ifndef OPENSSL_NO_DH
5589 id = EVP_PKEY_DH;
5590 doderive = 1;
5591 pkey = load_example_dh_key();
5592 break;
5593 # else
5594 return 1;
5595 # endif
5596 case 5:
5597 case 11:
5598 # ifndef OPENSSL_NO_ECX
5599 id = EVP_PKEY_X25519;
5600 doderive = 1;
5601 pkey = load_example_x25519_key();
5602 break;
5603 # else
5604 return 1;
5605 # endif
5606 default:
5607 TEST_error("Should not happen");
5608 goto err;
5609 }
5610
5611 if (!TEST_ptr(pkey))
5612 goto err;
5613
5614 if (idx < 6) {
5615 if (!TEST_true(evp_pkey_is_provided(pkey)))
5616 goto err;
5617 } else {
5618 EVP_PKEY *tmp = pkey;
5619
5620 /* Convert to a legacy key */
5621 pkey = EVP_PKEY_new();
5622 if (!TEST_ptr(pkey)) {
5623 pkey = tmp;
5624 goto err;
5625 }
5626 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5627 EVP_PKEY_free(tmp);
5628 goto err;
5629 }
5630 EVP_PKEY_free(tmp);
5631 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5632 goto err;
5633 }
5634
5635 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5636 || !TEST_ptr(pkey))
5637 goto err;
5638
5639 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5640 if (!TEST_int_eq(orig_id, id)
5641 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5642 goto err;
5643
5644 if (id == EVP_PKEY_ED25519) {
5645 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5646 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5647 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5648 } else {
5649 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5650 }
5651 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5652 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5653 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5654 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5655 }
5656 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5657 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5658 goto err;
5659
5660 if (doderive) {
5661 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5662 if (!TEST_ptr(pctx)
5663 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5664 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5665 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5666 1)
5667 || !TEST_int_eq(ctrl_called, 1)
5668 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5669 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5670 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5671 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5672 goto err;
5673 } else {
5674 ctx = EVP_MD_CTX_new();
5675 reslen = EVP_PKEY_size(pkey);
5676 res = OPENSSL_malloc(reslen);
5677 if (!TEST_ptr(ctx)
5678 || !TEST_ptr(res)
5679 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5680 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5681 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5682 1)
5683 || !TEST_int_eq(ctrl_called, 1))
5684 goto err;
5685
5686 if (id == EVP_PKEY_ED25519) {
5687 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5688 goto err;
5689 } else {
5690 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5691 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5692 goto err;
5693 }
5694 }
5695
5696 testresult = 1;
5697 err:
5698 OPENSSL_free(res);
5699 EVP_MD_CTX_free(ctx);
5700 if (doderive)
5701 EVP_PKEY_CTX_free(pctx);
5702 EVP_PKEY_free(pkey);
5703 EVP_PKEY_meth_remove(custom_pmeth);
5704 EVP_PKEY_meth_free(custom_pmeth);
5705 custom_pmeth = NULL;
5706 return testresult;
5707 }
5708
test_evp_md_cipher_meth(void)5709 static int test_evp_md_cipher_meth(void)
5710 {
5711 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5712 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5713 int testresult = 0;
5714
5715 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5716 goto err;
5717
5718 testresult = 1;
5719
5720 err:
5721 EVP_MD_meth_free(md);
5722 EVP_CIPHER_meth_free(ciph);
5723
5724 return testresult;
5725 }
5726
5727 typedef struct {
5728 int data;
5729 } custom_dgst_ctx;
5730
5731 static int custom_md_init_called = 0;
5732 static int custom_md_cleanup_called = 0;
5733
custom_md_init(EVP_MD_CTX * ctx)5734 static int custom_md_init(EVP_MD_CTX *ctx)
5735 {
5736 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5737
5738 if (p == NULL)
5739 return 0;
5740
5741 custom_md_init_called++;
5742 return 1;
5743 }
5744
custom_md_cleanup(EVP_MD_CTX * ctx)5745 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5746 {
5747 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5748
5749 if (p == NULL)
5750 /* Nothing to do */
5751 return 1;
5752
5753 custom_md_cleanup_called++;
5754 return 1;
5755 }
5756
test_custom_md_meth(void)5757 static int test_custom_md_meth(void)
5758 {
5759 ASN1_OBJECT *o = NULL;
5760 EVP_MD_CTX *mdctx = NULL;
5761 EVP_MD *tmp = NULL;
5762 char mess[] = "Test Message\n";
5763 unsigned char md_value[EVP_MAX_MD_SIZE];
5764 unsigned int md_len;
5765 int testresult = 0;
5766 int nid;
5767
5768 /*
5769 * We are testing deprecated functions. We don't support a non-default
5770 * library context in this test.
5771 */
5772 if (testctx != NULL)
5773 return TEST_skip("Non-default libctx");
5774
5775 custom_md_init_called = custom_md_cleanup_called = 0;
5776
5777 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5778 if (!TEST_int_ne(nid, NID_undef))
5779 goto err;
5780 tmp = EVP_MD_meth_new(nid, NID_undef);
5781 if (!TEST_ptr(tmp))
5782 goto err;
5783
5784 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5785 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5786 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5787 sizeof(custom_dgst_ctx))))
5788 goto err;
5789
5790 mdctx = EVP_MD_CTX_new();
5791 if (!TEST_ptr(mdctx)
5792 /*
5793 * Initing our custom md and then initing another md should
5794 * result in the init and cleanup functions of the custom md
5795 * being called.
5796 */
5797 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5798 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5799 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5800 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5801 || !TEST_int_eq(custom_md_init_called, 1)
5802 || !TEST_int_eq(custom_md_cleanup_called, 1))
5803 goto err;
5804
5805 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5806 "custom-md", "custom-md"), NID_undef)
5807 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5808 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5809 goto err;
5810
5811 o = ASN1_OBJECT_create(nid, (unsigned char *)
5812 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5813 "custom-md", "custom-md");
5814 if (!TEST_int_eq(OBJ_add_object(o), nid))
5815 goto err;
5816
5817 testresult = 1;
5818 err:
5819 ASN1_OBJECT_free(o);
5820 EVP_MD_CTX_free(mdctx);
5821 EVP_MD_meth_free(tmp);
5822 return testresult;
5823 }
5824
5825 typedef struct {
5826 int data;
5827 } custom_ciph_ctx;
5828
5829 static int custom_ciph_init_called = 0;
5830 static int custom_ciph_cleanup_called = 0;
5831
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5832 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5833 const unsigned char *iv, int enc)
5834 {
5835 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5836
5837 if (p == NULL)
5838 return 0;
5839
5840 custom_ciph_init_called++;
5841 return 1;
5842 }
5843
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5844 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5845 {
5846 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5847
5848 if (p == NULL)
5849 /* Nothing to do */
5850 return 1;
5851
5852 custom_ciph_cleanup_called++;
5853 return 1;
5854 }
5855
test_custom_ciph_meth(void)5856 static int test_custom_ciph_meth(void)
5857 {
5858 EVP_CIPHER_CTX *ciphctx = NULL;
5859 EVP_CIPHER *tmp = NULL;
5860 int testresult = 0;
5861 int nid;
5862
5863 /*
5864 * We are testing deprecated functions. We don't support a non-default
5865 * library context in this test.
5866 */
5867 if (testctx != NULL)
5868 return TEST_skip("Non-default libctx");
5869
5870 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5871
5872 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5873 if (!TEST_int_ne(nid, NID_undef))
5874 goto err;
5875 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5876 if (!TEST_ptr(tmp))
5877 goto err;
5878
5879 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5880 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5881 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5882 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5883 sizeof(custom_ciph_ctx))))
5884 goto err;
5885
5886 ciphctx = EVP_CIPHER_CTX_new();
5887 if (!TEST_ptr(ciphctx)
5888 /*
5889 * Initing our custom cipher and then initing another cipher
5890 * should result in the init and cleanup functions of the custom
5891 * cipher being called.
5892 */
5893 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5894 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5895 NULL, NULL, 1))
5896 || !TEST_int_eq(custom_ciph_init_called, 1)
5897 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5898 goto err;
5899
5900 testresult = 1;
5901 err:
5902 EVP_CIPHER_CTX_free(ciphctx);
5903 EVP_CIPHER_meth_free(tmp);
5904 return testresult;
5905 }
5906
5907 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5908 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5909 static int test_signatures_with_engine(int tst)
5910 {
5911 ENGINE *e;
5912 const char *engine_id = "dasync";
5913 EVP_PKEY *pkey = NULL;
5914 const unsigned char badcmackey[] = { 0x00, 0x01 };
5915 const unsigned char cmackey[] = {
5916 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5917 0x0c, 0x0d, 0x0e, 0x0f
5918 };
5919 const unsigned char ed25519key[] = {
5920 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5921 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5922 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5923 };
5924 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5925 int testresult = 0;
5926 EVP_MD_CTX *ctx = NULL;
5927 unsigned char *mac = NULL;
5928 size_t maclen = 0;
5929 int ret;
5930
5931 # ifdef OPENSSL_NO_CMAC
5932 /* Skip CMAC tests in a no-cmac build */
5933 if (tst <= 1)
5934 return 1;
5935 # endif
5936 # ifdef OPENSSL_NO_ECX
5937 /* Skip ECX tests in a no-ecx build */
5938 if (tst == 2)
5939 return 1;
5940 # endif
5941
5942 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5943 return 0;
5944
5945 if (!TEST_true(ENGINE_init(e))) {
5946 ENGINE_free(e);
5947 return 0;
5948 }
5949
5950 switch (tst) {
5951 case 0:
5952 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5953 EVP_aes_128_cbc());
5954 break;
5955 case 1:
5956 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5957 EVP_aes_128_cbc());
5958 break;
5959 case 2:
5960 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5961 sizeof(ed25519key));
5962 break;
5963 default:
5964 TEST_error("Invalid test case");
5965 goto err;
5966 }
5967 if (!TEST_ptr(pkey))
5968 goto err;
5969
5970 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5971 goto err;
5972
5973 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5974 pkey);
5975 if (tst == 0) {
5976 if (!TEST_true(ret))
5977 goto err;
5978
5979 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5980 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5981 goto err;
5982
5983 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5984 goto err;
5985
5986 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5987 goto err;
5988 } else {
5989 /* We used a bad key. We expect a failure here */
5990 if (!TEST_false(ret))
5991 goto err;
5992 }
5993
5994 testresult = 1;
5995 err:
5996 EVP_MD_CTX_free(ctx);
5997 OPENSSL_free(mac);
5998 EVP_PKEY_free(pkey);
5999 ENGINE_finish(e);
6000 ENGINE_free(e);
6001
6002 return testresult;
6003 }
6004
test_cipher_with_engine(void)6005 static int test_cipher_with_engine(void)
6006 {
6007 ENGINE *e;
6008 const char *engine_id = "dasync";
6009 const unsigned char keyiv[] = {
6010 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
6011 0x0c, 0x0d, 0x0e, 0x0f
6012 };
6013 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6014 int testresult = 0;
6015 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
6016 unsigned char buf[AES_BLOCK_SIZE];
6017 int len = 0;
6018
6019 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
6020 return 0;
6021
6022 if (!TEST_true(ENGINE_init(e))) {
6023 ENGINE_free(e);
6024 return 0;
6025 }
6026
6027 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6028 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
6029 goto err;
6030
6031 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
6032 goto err;
6033
6034 /* Copy the ctx, and complete the operation with the new ctx */
6035 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
6036 goto err;
6037
6038 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
6039 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
6040 goto err;
6041
6042 testresult = 1;
6043 err:
6044 EVP_CIPHER_CTX_free(ctx);
6045 EVP_CIPHER_CTX_free(ctx2);
6046 ENGINE_finish(e);
6047 ENGINE_free(e);
6048
6049 return testresult;
6050 }
6051 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
6052 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
6053
6054 #ifndef OPENSSL_NO_ECX
6055 static int ecxnids[] = {
6056 NID_X25519,
6057 NID_X448,
6058 NID_ED25519,
6059 NID_ED448
6060 };
6061
6062 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)6063 static int test_ecx_short_keys(int tst)
6064 {
6065 unsigned char ecxkeydata = 1;
6066 EVP_PKEY *pkey;
6067
6068
6069 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
6070 NULL, &ecxkeydata, 1);
6071 if (!TEST_ptr_null(pkey)) {
6072 EVP_PKEY_free(pkey);
6073 return 0;
6074 }
6075
6076 return 1;
6077 }
6078 #endif
6079
6080 typedef enum OPTION_choice {
6081 OPT_ERR = -1,
6082 OPT_EOF = 0,
6083 OPT_CONTEXT,
6084 OPT_CONFIG_FILE,
6085 OPT_TEST_ENUM
6086 } OPTION_CHOICE;
6087
test_get_options(void)6088 const OPTIONS *test_get_options(void)
6089 {
6090 static const OPTIONS options[] = {
6091 OPT_TEST_OPTIONS_DEFAULT_USAGE,
6092 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
6093 { "config", OPT_CONFIG_FILE, '<',
6094 "The configuration file to use for the libctx" },
6095 { NULL }
6096 };
6097 return options;
6098 }
6099
6100 #ifndef OPENSSL_NO_ECX
6101 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)6102 static int test_ecx_not_private_key(int tst)
6103 {
6104 EVP_PKEY *pkey = NULL;
6105
6106 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6107 int testresult = 0;
6108 EVP_MD_CTX *ctx = NULL;
6109 unsigned char *mac = NULL;
6110 size_t maclen = 0;
6111 const uint8_t *pubkey;
6112 size_t pubkeylen;
6113
6114 switch (keys[tst].type) {
6115 case NID_X25519:
6116 case NID_X448:
6117 case NID_undef:
6118 return TEST_skip("signing not supported for X25519/X448/ML-KEM");
6119 }
6120
6121 /* Check if this algorithm supports public keys */
6122 if (keys[tst].pub == NULL)
6123 return TEST_skip("no public key present");
6124
6125 pubkey = keys[tst].pub;
6126 pubkeylen = keys[tst].publen;
6127
6128 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
6129 NULL, pubkey, pubkeylen);
6130 if (!TEST_ptr(pkey))
6131 goto err;
6132
6133 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6134 goto err;
6135
6136 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
6137 goto check_err;
6138
6139 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
6140 goto check_err;
6141
6142 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6143 goto err;
6144
6145 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
6146 goto err;
6147
6148 check_err:
6149 /*
6150 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
6151 * but we relax the check to allow error also thrown by
6152 * EVP_DigestSignInit and EVP_DigestSign.
6153 */
6154 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
6155 testresult = 1;
6156 ERR_clear_error();
6157 }
6158
6159 err:
6160 EVP_MD_CTX_free(ctx);
6161 OPENSSL_free(mac);
6162 EVP_PKEY_free(pkey);
6163
6164 return testresult;
6165 }
6166 #endif /* OPENSSL_NO_ECX */
6167
test_sign_continuation(void)6168 static int test_sign_continuation(void)
6169 {
6170 OSSL_PROVIDER *fake_rsa = NULL;
6171 int testresult = 0;
6172 EVP_PKEY *pkey = NULL;
6173 EVP_PKEY_CTX *pctx = NULL;
6174 EVP_MD_CTX *mctx = NULL;
6175 const char sigbuf[] = "To Be Signed";
6176 unsigned char signature[256];
6177 size_t siglen = 256;
6178 static int nodupnum = 1;
6179 static const OSSL_PARAM nodup_params[] = {
6180 OSSL_PARAM_int("NO_DUP", &nodupnum),
6181 OSSL_PARAM_END
6182 };
6183
6184 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
6185 return 0;
6186
6187 /* Construct a pkey using precise propq to use our provider */
6188 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
6189 "provider=fake-rsa"))
6190 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
6191 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
6192 || !TEST_ptr(pkey))
6193 goto end;
6194
6195 /* First test it continues (classic behavior) */
6196 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6197 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6198 NULL, pkey, NULL))
6199 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6200 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6201 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6202 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
6203 goto end;
6204
6205 EVP_MD_CTX_free(mctx);
6206
6207 /* try again but failing the continuation */
6208 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6209 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6210 NULL, pkey, nodup_params))
6211 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6212 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6213 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6214 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
6215 goto end;
6216
6217 testresult = 1;
6218
6219 end:
6220 EVP_MD_CTX_free(mctx);
6221 EVP_PKEY_free(pkey);
6222 EVP_PKEY_CTX_free(pctx);
6223 fake_rsa_finish(fake_rsa);
6224 return testresult;
6225 }
6226
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6227 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6228 const unsigned char *gcm_iv, size_t gcm_ivlen,
6229 const unsigned char *gcm_pt, size_t gcm_pt_s,
6230 const unsigned char *gcm_aad, size_t gcm_aad_s,
6231 const unsigned char *gcm_ct, size_t gcm_ct_s,
6232 const unsigned char *gcm_tag, size_t gcm_tag_s)
6233 {
6234 int ret = 0;
6235 EVP_CIPHER_CTX *ctx;
6236 EVP_CIPHER *cipher = NULL;
6237 int outlen, tmplen;
6238 unsigned char outbuf[1024];
6239 unsigned char outtag[16];
6240 OSSL_PARAM params[2] = {
6241 OSSL_PARAM_END, OSSL_PARAM_END
6242 };
6243
6244 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6245 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
6246 goto err;
6247
6248 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6249 &gcm_ivlen);
6250
6251 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6252 || (gcm_aad != NULL
6253 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6254 gcm_aad, gcm_aad_s)))
6255 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6256 gcm_pt, gcm_pt_s))
6257 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6258 goto err;
6259
6260 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6261 outtag, sizeof(outtag));
6262
6263 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
6264 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
6265 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
6266 goto err;
6267
6268 ret = 1;
6269 err:
6270 EVP_CIPHER_free(cipher);
6271 EVP_CIPHER_CTX_free(ctx);
6272
6273 return ret;
6274 }
6275
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6276 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6277 const unsigned char *gcm_iv, size_t gcm_ivlen,
6278 const unsigned char *gcm_pt, size_t gcm_pt_s,
6279 const unsigned char *gcm_aad, size_t gcm_aad_s,
6280 const unsigned char *gcm_ct, size_t gcm_ct_s,
6281 const unsigned char *gcm_tag, size_t gcm_tag_s)
6282 {
6283 int ret = 0;
6284 EVP_CIPHER_CTX *ctx;
6285 EVP_CIPHER *cipher = NULL;
6286 int outlen;
6287 unsigned char outbuf[1024];
6288 OSSL_PARAM params[2] = {
6289 OSSL_PARAM_END, OSSL_PARAM_END
6290 };
6291
6292 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6293 goto err;
6294
6295 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
6296 goto err;
6297
6298 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6299 &gcm_ivlen);
6300
6301 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6302 || (gcm_aad != NULL
6303 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
6304 gcm_aad, gcm_aad_s)))
6305 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6306 gcm_ct, gcm_ct_s))
6307 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
6308 goto err;
6309
6310 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6311 (void*)gcm_tag, gcm_tag_s);
6312
6313 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6314 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
6315 goto err;
6316
6317 ret = 1;
6318 err:
6319 EVP_CIPHER_free(cipher);
6320 EVP_CIPHER_CTX_free(ctx);
6321
6322 return ret;
6323 }
6324
test_aes_gcm_ivlen_change_cve_2023_5363(void)6325 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
6326 {
6327 /* AES-GCM test data obtained from NIST public test vectors */
6328 static const unsigned char gcm_key[] = {
6329 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
6330 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
6331 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
6332 };
6333 static const unsigned char gcm_iv[] = {
6334 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
6335 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
6336 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
6337 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
6338 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
6339 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
6340 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
6341 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
6342 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
6343 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
6344 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
6345 };
6346 static const unsigned char gcm_pt[] = {
6347 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
6348 0x4f, 0xe3, 0x6f, 0x81,
6349 };
6350 static const unsigned char gcm_ct[] = {
6351 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
6352 0xe2, 0xd0, 0xec, 0xed,
6353 };
6354 static const unsigned char gcm_tag[] = {
6355 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
6356 0xdb, 0x99, 0x6c, 0x21,
6357 };
6358
6359 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6360 gcm_pt, sizeof(gcm_pt), NULL, 0,
6361 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
6362 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6363 gcm_pt, sizeof(gcm_pt), NULL, 0,
6364 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
6365 }
6366
6367 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6368 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6369 const unsigned char *rc4_pt, size_t rc4_pt_s,
6370 const unsigned char *rc4_ct, size_t rc4_ct_s)
6371 {
6372 int ret = 0;
6373 EVP_CIPHER_CTX *ctx;
6374 EVP_CIPHER *cipher = NULL;
6375 int outlen, tmplen;
6376 unsigned char outbuf[1024];
6377 OSSL_PARAM params[2] = {
6378 OSSL_PARAM_END, OSSL_PARAM_END
6379 };
6380
6381 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6382 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
6383 goto err;
6384
6385 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6386 &rc4_key_s);
6387
6388 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6389 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6390 rc4_pt, rc4_pt_s))
6391 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6392 goto err;
6393
6394 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
6395 goto err;
6396
6397 ret = 1;
6398 err:
6399 EVP_CIPHER_free(cipher);
6400 EVP_CIPHER_CTX_free(ctx);
6401
6402 return ret;
6403 }
6404
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6405 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6406 const unsigned char *rc4_pt, size_t rc4_pt_s,
6407 const unsigned char *rc4_ct, size_t rc4_ct_s)
6408 {
6409 int ret = 0;
6410 EVP_CIPHER_CTX *ctx;
6411 EVP_CIPHER *cipher = NULL;
6412 int outlen;
6413 unsigned char outbuf[1024];
6414 OSSL_PARAM params[2] = {
6415 OSSL_PARAM_END, OSSL_PARAM_END
6416 };
6417
6418 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6419 goto err;
6420
6421 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
6422 goto err;
6423
6424 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6425 &rc4_key_s);
6426
6427 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6428 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6429 rc4_ct, rc4_ct_s))
6430 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
6431 goto err;
6432
6433 ret = 1;
6434 err:
6435 EVP_CIPHER_free(cipher);
6436 EVP_CIPHER_CTX_free(ctx);
6437
6438 return ret;
6439 }
6440
test_aes_rc4_keylen_change_cve_2023_5363(void)6441 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
6442 {
6443 /* RC4 test data obtained from RFC 6229 */
6444 static const struct {
6445 unsigned char key[5];
6446 unsigned char padding[11];
6447 } rc4_key = {
6448 { /* Five bytes of key material */
6449 0x83, 0x32, 0x22, 0x77, 0x2a,
6450 },
6451 { /* Random padding to 16 bytes */
6452 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
6453 }
6454 };
6455 static const unsigned char rc4_pt[] = {
6456 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6458 };
6459 static const unsigned char rc4_ct[] = {
6460 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
6461 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
6462 };
6463
6464 if (lgcyprov == NULL)
6465 return TEST_skip("Test requires legacy provider to be loaded");
6466
6467 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
6468 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
6469 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
6470 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
6471 }
6472 #endif
6473
test_invalid_ctx_for_digest(void)6474 static int test_invalid_ctx_for_digest(void)
6475 {
6476 int ret;
6477 EVP_MD_CTX *mdctx;
6478
6479 mdctx = EVP_MD_CTX_new();
6480 if (!TEST_ptr(mdctx))
6481 return 0;
6482
6483 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
6484 ret = 0;
6485 else
6486 ret = 1;
6487
6488 EVP_MD_CTX_free(mdctx);
6489
6490 return ret;
6491 }
6492
test_evp_cipher_pipeline(void)6493 static int test_evp_cipher_pipeline(void)
6494 {
6495 OSSL_PROVIDER *fake_pipeline = NULL;
6496 int testresult = 0;
6497 EVP_CIPHER *cipher = NULL;
6498 EVP_CIPHER *pipeline_cipher = NULL;
6499 EVP_CIPHER_CTX *ctx = NULL;
6500 unsigned char key[32];
6501 size_t keylen = 32;
6502 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
6503 size_t taglen = EVP_GCM_TLS_TAG_LEN;
6504 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
6505 unsigned char *plaintext_array[EVP_MAX_PIPES];
6506 unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
6507 void **aead_tags = (void **)&tag_array;
6508 unsigned char *temp[EVP_MAX_PIPES];
6509 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
6510 size_t ciphertextlen_array[EVP_MAX_PIPES];
6511 size_t inlen_array[EVP_MAX_PIPES];
6512 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
6513 unsigned char *ciphertext, *exp_plaintext, *tag;
6514 size_t numpipes, plaintextlen, i;
6515
6516 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
6517 return 0;
6518 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6519 "provider=fake-pipeline"))
6520 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6521 "provider!=fake-pipeline"))
6522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
6523 goto end;
6524 memset(key, 0x01, sizeof(key));
6525
6526 /* Negative tests */
6527 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
6528 goto end;
6529 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
6530 goto end;
6531 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6532 key, keylen,
6533 EVP_MAX_PIPES + 1, NULL, 0)))
6534 goto end;
6535
6536 /* Positive tests */
6537 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
6538 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
6539 size_t ciphertextlen = 0;
6540 int outlen = 0;
6541
6542 /* Cleanup to be able to error out */
6543 memset(iv_array, 0, sizeof(iv_array));
6544 memset(plaintext_array, 0, sizeof(plaintext_array));
6545 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
6546 memset(tag_array, 0, sizeof(tag_array));
6547 ciphertext = NULL;
6548 exp_plaintext = NULL;
6549 tag = NULL;
6550
6551 /* Allocate fresh buffers with exact size to catch buffer overwrites */
6552 for (i = 0; i < numpipes; i++) {
6553 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
6554 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
6555 || !TEST_ptr(ciphertext_array_p[i] =
6556 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6557 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
6558 goto err;
6559
6560 memset(iv_array[i], i + 33, ivlen);
6561 memset(plaintext_array[i], i + 1, plaintextlen);
6562 inlen_array[i] = plaintextlen;
6563 outlen_array[i] = 0;
6564 ciphertextlen_array[i] = 0;
6565 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
6566 }
6567 if (!TEST_ptr(ciphertext =
6568 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6569 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
6570 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
6571 goto err;
6572
6573 /* Encrypt using pipeline API */
6574 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6575 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
6576 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6577 key, keylen, numpipes,
6578 (const unsigned char **)iv_array,
6579 ivlen))
6580 /* reuse plaintext for AAD as it won't affect test */
6581 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6582 (const unsigned char **)plaintext_array,
6583 inlen_array))
6584 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6585 outlen_array, outsize_array,
6586 (const unsigned char **)plaintext_array,
6587 inlen_array)))
6588 goto err;
6589
6590 for (i = 0; i < numpipes; i++) {
6591 ciphertextlen_array[i] = outlen_array[i];
6592 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6593 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6594 }
6595
6596 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6597 goto err;
6598
6599 for (i = 0; i < numpipes; i++)
6600 ciphertextlen_array[i] += outlen_array[i];
6601
6602 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6603 (void **)&aead_tags, taglen);
6604 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6605 goto err;
6606
6607 /* Encrypt using non-pipeline API and compare */
6608 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6609 goto err;
6610
6611 for (i = 0; i < numpipes; i++) {
6612 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6613 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6614 plaintext_array[i],
6615 plaintextlen))
6616 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6617 plaintext_array[i],
6618 plaintextlen)))
6619 goto err;
6620 ciphertextlen = outlen;
6621
6622 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6623 goto err;
6624 ciphertextlen += outlen;
6625
6626 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6627 (void *)tag, taglen);
6628 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6629 goto err;
6630
6631 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6632 ciphertext, ciphertextlen)
6633 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6634 goto err;
6635 }
6636
6637 for (i = 0; i < numpipes; i++)
6638 outsize_array[i] = plaintextlen;
6639
6640 /* Decrypt using pipeline API and compare */
6641 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6642 (void **)&aead_tags, taglen);
6643 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6644 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6645 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6646 key, keylen, numpipes,
6647 (const unsigned char **)iv_array,
6648 ivlen))
6649 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6650 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6651 (const unsigned char **)plaintext_array,
6652 inlen_array))
6653 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6654 outlen_array, outsize_array,
6655 (const unsigned char **)ciphertext_array_p,
6656 ciphertextlen_array)))
6657 goto err;
6658
6659 for (i = 0; i < numpipes; i++) {
6660 temp[i] = plaintext_array[i] + outlen_array[i];
6661 outsize_array[i] = outsize_array[i] - outlen_array[i];
6662 }
6663
6664 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6665 goto err;
6666
6667 for (i = 0; i < numpipes; i++) {
6668 memset(exp_plaintext, i + 1, plaintextlen);
6669 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6670 exp_plaintext, plaintextlen))
6671 goto err;
6672 }
6673
6674 for (i = 0; i < numpipes; i++) {
6675 OPENSSL_free(iv_array[i]);
6676 OPENSSL_free(plaintext_array[i]);
6677 OPENSSL_free(ciphertext_array_p[i]);
6678 OPENSSL_free(tag_array[i]);
6679 }
6680 OPENSSL_free(exp_plaintext);
6681 OPENSSL_free(ciphertext);
6682 OPENSSL_free(tag);
6683 }
6684 }
6685
6686 testresult = 1;
6687 goto end;
6688
6689 err:
6690 for (i = 0; i < numpipes; i++) {
6691 OPENSSL_free(iv_array[i]);
6692 OPENSSL_free(plaintext_array[i]);
6693 OPENSSL_free(ciphertext_array_p[i]);
6694 OPENSSL_free(tag_array[i]);
6695 }
6696 OPENSSL_free(exp_plaintext);
6697 OPENSSL_free(ciphertext);
6698 OPENSSL_free(tag);
6699 end:
6700 EVP_CIPHER_CTX_free(ctx);
6701 EVP_CIPHER_free(cipher);
6702 EVP_CIPHER_free(pipeline_cipher);
6703 fake_pipeline_finish(fake_pipeline);
6704 return testresult;
6705 }
6706
setup_tests(void)6707 int setup_tests(void)
6708 {
6709 char *config_file = NULL;
6710 OPTION_CHOICE o;
6711
6712 while ((o = opt_next()) != OPT_EOF) {
6713 switch (o) {
6714 case OPT_CONTEXT:
6715 /* Set up an alternate library context */
6716 testctx = OSSL_LIB_CTX_new();
6717 if (!TEST_ptr(testctx))
6718 return 0;
6719 #ifdef STATIC_LEGACY
6720 /*
6721 * This test is always statically linked against libcrypto. We must not
6722 * attempt to load legacy.so that might be dynamically linked against
6723 * libcrypto. Instead we use a built-in version of the legacy provider.
6724 */
6725 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6726 return 0;
6727 #endif
6728 /* Swap the libctx to test non-default context only */
6729 nullprov = OSSL_PROVIDER_load(NULL, "null");
6730 deflprov = OSSL_PROVIDER_load(testctx, "default");
6731 #ifndef OPENSSL_SYS_TANDEM
6732 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6733 #endif
6734 break;
6735 case OPT_CONFIG_FILE:
6736 config_file = opt_arg();
6737 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6738 return 0;
6739 break;
6740 case OPT_TEST_CASES:
6741 break;
6742 default:
6743 return 0;
6744 }
6745 }
6746
6747 if (config_file != NULL) {
6748 ADD_TEST(test_EVP_set_config_properties);
6749 return 1;
6750 }
6751
6752 ADD_TEST(test_EVP_set_default_properties);
6753 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6754 ADD_TEST(test_EVP_DigestVerifyInit);
6755 #ifndef OPENSSL_NO_EC
6756 ADD_TEST(test_ecdsa_digestsign_keccak);
6757 #endif
6758 #ifndef OPENSSL_NO_SIPHASH
6759 ADD_TEST(test_siphash_digestsign);
6760 #endif
6761 ADD_TEST(test_EVP_Digest);
6762 ADD_TEST(test_EVP_md_null);
6763 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6764 #ifndef OPENSSL_NO_DEPRECATED_3_0
6765 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6766 #endif
6767 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6768 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6769 ADD_TEST(test_privatekey_to_pkcs8);
6770 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6771 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2));
6772 #ifndef OPENSSL_NO_EC
6773 ADD_TEST(test_EVP_PKCS82PKEY);
6774 #endif
6775 #ifndef OPENSSL_NO_EC
6776 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6777 #endif
6778 #if !defined(OPENSSL_NO_SM2)
6779 ADD_TEST(test_EVP_SM2);
6780 ADD_TEST(test_EVP_SM2_verify);
6781 #endif
6782 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6783 #ifndef OPENSSL_NO_DEPRECATED_3_0
6784 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6785 if (!TEST_ptr(custom_pmeth))
6786 return 0;
6787 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6788 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6789 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6790 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6791 return 0;
6792 #endif
6793 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6794 #ifndef OPENSSL_NO_CMAC
6795 ADD_TEST(test_CMAC_keygen);
6796 #endif
6797 ADD_TEST(test_HKDF);
6798 ADD_TEST(test_emptyikm_HKDF);
6799 ADD_TEST(test_empty_salt_info_HKDF);
6800 #ifndef OPENSSL_NO_EC
6801 ADD_TEST(test_X509_PUBKEY_inplace);
6802 ADD_TEST(test_X509_PUBKEY_dup);
6803 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6804 OSSL_NELEM(ec_der_pub_keys));
6805 #endif
6806 #ifndef OPENSSL_NO_DSA
6807 ADD_TEST(test_DSA_get_set_params);
6808 ADD_TEST(test_DSA_priv_pub);
6809 #endif
6810 ADD_TEST(test_RSA_get_set_params);
6811 ADD_TEST(test_RSA_OAEP_set_get_params);
6812 ADD_TEST(test_RSA_OAEP_set_null_label);
6813 #ifndef OPENSSL_NO_DEPRECATED_3_0
6814 ADD_TEST(test_RSA_legacy);
6815 #endif
6816 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6817 ADD_TEST(test_decrypt_null_chunks);
6818 #endif
6819 #ifndef OPENSSL_NO_DH
6820 ADD_TEST(test_DH_priv_pub);
6821 # ifndef OPENSSL_NO_DEPRECATED_3_0
6822 ADD_TEST(test_EVP_PKEY_set1_DH);
6823 # endif
6824 #endif
6825 #ifndef OPENSSL_NO_EC
6826 ADD_TEST(test_EC_priv_pub);
6827 ADD_TEST(test_evp_get_ec_pub);
6828 # ifndef OPENSSL_NO_DEPRECATED_3_0
6829 ADD_TEST(test_EC_priv_only_legacy);
6830 ADD_TEST(test_evp_get_ec_pub_legacy);
6831 # endif
6832 #endif
6833 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6834 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6835
6836 ADD_TEST(test_rand_agglomeration);
6837 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6838 #ifndef OPENSSL_NO_DES
6839 ADD_ALL_TESTS(test_evp_iv_des, 6);
6840 #endif
6841 #ifndef OPENSSL_NO_BF
6842 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6843 #endif
6844 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6845 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6846 ADD_TEST(test_EVP_rsa_invalid_key);
6847 #ifndef OPENSSL_NO_EC
6848 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6849 #endif
6850
6851 ADD_TEST(test_names_do_all);
6852
6853 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6854 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6855 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6856 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6857 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6858 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6859 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6860 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6861
6862 #ifndef OPENSSL_NO_DEPRECATED_3_0
6863 ADD_ALL_TESTS(test_custom_pmeth, 12);
6864 ADD_TEST(test_evp_md_cipher_meth);
6865 ADD_TEST(test_custom_md_meth);
6866 ADD_TEST(test_custom_ciph_meth);
6867
6868 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
6869 /* Tests only support the default libctx */
6870 if (testctx == NULL) {
6871 # ifndef OPENSSL_NO_EC
6872 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6873 # else
6874 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6875 # endif
6876 ADD_TEST(test_cipher_with_engine);
6877 }
6878 # endif
6879 #endif
6880
6881 #ifndef OPENSSL_NO_ECX
6882 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6883 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6884 #endif
6885
6886 ADD_TEST(test_sign_continuation);
6887
6888 /* Test cases for CVE-2023-5363 */
6889 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6890 #ifndef OPENSSL_NO_RC4
6891 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6892 #endif
6893
6894 ADD_TEST(test_invalid_ctx_for_digest);
6895
6896 ADD_TEST(test_evp_cipher_pipeline);
6897
6898 return 1;
6899 }
6900
cleanup_tests(void)6901 void cleanup_tests(void)
6902 {
6903 OSSL_PROVIDER_unload(nullprov);
6904 OSSL_PROVIDER_unload(deflprov);
6905 #ifndef OPENSSL_SYS_TANDEM
6906 OSSL_PROVIDER_unload(lgcyprov);
6907 #endif
6908 OSSL_LIB_CTX_free(testctx);
6909 }
6910