1 /*
2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include <openssl/rand.h>
36 #include <crypto/ml_kem.h>
37 #include "testutil.h"
38 #include "internal/nelem.h"
39 #include "internal/sizes.h"
40 #include "crypto/evp.h"
41 #include "fake_rsaprov.h"
42 #include "fake_pipelineprov.h"
43
44 #ifdef STATIC_LEGACY
45 OSSL_provider_init_fn ossl_legacy_provider_init;
46 #endif
47
48 static OSSL_LIB_CTX *testctx = NULL;
49 static char *testpropq = NULL;
50
51 static OSSL_PROVIDER *nullprov = NULL;
52 static OSSL_PROVIDER *deflprov = NULL;
53 static OSSL_PROVIDER *lgcyprov = NULL;
54
55 /*
56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
57 * should never use this key anywhere but in an example.
58 */
59 static const unsigned char kExampleRSAKeyDER[] = {
60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf
111 };
112
113 /* An invalid key whose prime factors exceed modulus n. */
114 static const unsigned char kInvalidRSAKeyDER[] = {
115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
289 0xe2, 0x80
290 };
291
292 /*
293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
294 * should never use this key anywhere but in an example.
295 */
296 #ifndef OPENSSL_NO_DSA
297 static const unsigned char kExampleDSAKeyDER[] = {
298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
335 0x40, 0x48
336 };
337 #endif
338
339 /*
340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
341 * components are not correct.
342 */
343 static const unsigned char kExampleBadRSAKeyDER[] = {
344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce
433 };
434
435 /*
436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
437 * values are 0.
438 */
439 static const unsigned char kExampleBad2RSAKeyDER[] = {
440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
442 0x01, 0x00, 0x02, 0x01, 0x00
443 };
444
445 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
446
447 static const unsigned char kSignature[] = {
448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42
459 };
460
461 /*
462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1
463 * PrivateKeyInfo.
464 */
465 static const unsigned char kExampleRSAKeyPKCS8[] = {
466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf
519 };
520
521 /*
522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2
523 * PrivateKeyInfo (with an optional public key).
524 */
525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = {
526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
579 /* Implicit optional Public key BIT STRING */
580 0x81,
581 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8,
582 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
583 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
584 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
585 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
586 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
587 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
588 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
589 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
590 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
591 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
592 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01
593 };
594
595 #ifndef OPENSSL_NO_EC
596 /*
597 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
598 * structure.
599 */
600 static const unsigned char kExampleECKeyDER[] = {
601 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
602 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
603 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
604 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
605 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
606 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
607 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
608 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
609 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
610 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
611 0xc1
612 };
613
614 static const unsigned char kExampleECKeyPKCS8_v2[] = {
615 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
616 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
617 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
618 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9,
619 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e,
620 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42,
621 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f,
622 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d,
623 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7,
624 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2,
625 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94,
626 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1,
627 /* Optional implicit public key BIT STRING */
628 0x81,
629 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97,
630 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9,
631 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a,
632 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e,
633 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e,
634 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1
635 };
636
637 /*
638 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
639 * structure. The private key is equal to the order and will fail to import
640 */
641 static const unsigned char kExampleBadECKeyDER[] = {
642 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
643 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
644 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
645 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
646 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
647 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
648 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
649 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
650 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
651 };
652
653 /* prime256v1 */
654 static const unsigned char kExampleECPubKeyDER[] = {
655 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
656 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
657 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
658 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
659 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
660 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
661 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
662 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
663 };
664
665 /*
666 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
667 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
668 */
669 static const unsigned char kExampleBadECPubKeyDER[] = {
670 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
671 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
672 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
673 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
674 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
675 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
676 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
677 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
678 };
679
680 static const unsigned char pExampleECParamDER[] = {
681 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
682 };
683
684 #ifndef OPENSSL_NO_ECX
685 static const unsigned char kExampleED25519KeyDER[] = {
686 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
687 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
688 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
689 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
690 };
691
692 static const unsigned char kExampleED25519PubKeyDER[] = {
693 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
694 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
695 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
696 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
697 };
698
699 #ifndef OPENSSL_NO_DEPRECATED_3_0
700 static const unsigned char kExampleX25519KeyDER[] = {
701 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
702 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
703 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
704 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
705 };
706 #endif
707 #endif
708 #endif
709
710 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
711 #ifndef OPENSSL_NO_DEPRECATED_3_0
712 #ifndef OPENSSL_NO_DH
713 static const unsigned char kExampleDHKeyDER[] = {
714 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
715 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
716 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
717 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
718 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
719 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
720 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
721 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
722 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
723 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
724 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
725 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
726 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
727 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
728 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
729 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
730 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
731 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
732 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
733 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
734 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
735 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
736 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
737 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
738 0x2e, 0x87, 0x2a, 0x0b, 0x7a
739 };
740 #endif
741 #endif
742
743 static const unsigned char kCFBDefaultKey[] = {
744 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
745 0x09, 0xCF, 0x4F, 0x3C
746 };
747
748 static const unsigned char kGCMDefaultKey[32] = { 0 };
749
750 static const unsigned char kGCMResetKey[] = {
751 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
752 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
753 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
754 };
755
756 static const unsigned char iCFBIV[] = {
757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
758 0x0C, 0x0D, 0x0E, 0x0F
759 };
760
761 static const unsigned char iGCMDefaultIV[12] = { 0 };
762
763 static const unsigned char iGCMResetIV1[] = {
764 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
765 };
766
767 static const unsigned char iGCMResetIV2[] = {
768 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
769 };
770
771 static const unsigned char cfbPlaintext[] = {
772 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
773 0x73, 0x93, 0x17, 0x2A
774 };
775 static const unsigned char cfbPlaintext_partial[] = {
776 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
777 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96
778 };
779
780 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
781
782 static const unsigned char gcmResetPlaintext[] = {
783 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
784 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
785 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
786 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
787 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
788 };
789
790 static const unsigned char cfbCiphertext[] = {
791 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
792 0xE8, 0x3C, 0xFB, 0x4A
793 };
794
795 static const unsigned char cfbCiphertext_partial[] = {
796 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
797 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
798 };
799
800 static const unsigned char ofbCiphertext_partial[] = {
801 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
802 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
803 };
804
805 static const unsigned char gcmDefaultCiphertext[] = {
806 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
807 0xba, 0xf3, 0x9d, 0x18
808 };
809
810 static const unsigned char gcmResetCiphertext1[] = {
811 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
812 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
813 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
814 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
815 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
816 };
817
818 static const unsigned char gcmResetCiphertext2[] = {
819 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
820 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
821 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
822 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
823 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
824 };
825
826 static const unsigned char gcmAAD[] = {
827 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
828 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
829 };
830
831 static const unsigned char gcmDefaultTag[] = {
832 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
833 0xd4, 0x8a, 0xb9, 0x19
834 };
835
836 static const unsigned char gcmResetTag1[] = {
837 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
838 0xfe, 0x2e, 0xa8, 0xf2
839 };
840
841 static const unsigned char gcmResetTag2[] = {
842 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
843 0xbb, 0x2d, 0x55, 0x1b
844 };
845
846 typedef struct APK_DATA_st {
847 const unsigned char *kder;
848 size_t size;
849 const char *keytype;
850 int evptype;
851 int check;
852 int pub_check;
853 int param_check;
854 int type; /* 0 for private, 1 for public, 2 for params */
855 } APK_DATA;
856
857 static APK_DATA keydata[] = {
858 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA },
859 { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA },
860 #ifndef OPENSSL_NO_EC
861 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC }
862 #endif
863 };
864
865 static APK_DATA keydata_v2[] = {
866 { kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA },
867 #ifndef OPENSSL_NO_EC
868 { kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC }
869 #endif
870 };
871
872 static APK_DATA keycheckdata[] = {
873 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
874 0 },
875 { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
876 0, 1, 1, 0 },
877 { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
878 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 },
879 #ifndef OPENSSL_NO_EC
880 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 },
881 /* group is also associated in our pub key */
882 { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
883 1, 1 },
884 { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
885 2 },
886 #ifndef OPENSSL_NO_ECX
887 { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
888 EVP_PKEY_ED25519, 1, 1, 1, 0 },
889 { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
890 EVP_PKEY_ED25519, 0, 1, 1, 1 },
891 #endif
892 #endif
893 };
894
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)895 static EVP_PKEY *load_example_key(const char *keytype,
896 const unsigned char *data, size_t data_len)
897 {
898 const unsigned char **pdata = &data;
899 EVP_PKEY *pkey = NULL;
900 OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
901 testctx, testpropq);
902
903 /* |pkey| will be NULL on error */
904 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
905 OSSL_DECODER_CTX_free(dctx);
906 return pkey;
907 }
908
load_example_rsa_key(void)909 static EVP_PKEY *load_example_rsa_key(void)
910 {
911 return load_example_key("RSA", kExampleRSAKeyDER,
912 sizeof(kExampleRSAKeyDER));
913 }
914
915 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)916 static EVP_PKEY *load_example_dsa_key(void)
917 {
918 return load_example_key("DSA", kExampleDSAKeyDER,
919 sizeof(kExampleDSAKeyDER));
920 }
921 #endif
922
923 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)924 static EVP_PKEY *load_example_ec_key(void)
925 {
926 return load_example_key("EC", kExampleECKeyDER,
927 sizeof(kExampleECKeyDER));
928 }
929 #endif
930
931 #ifndef OPENSSL_NO_DEPRECATED_3_0
932 #ifndef OPENSSL_NO_DH
load_example_dh_key(void)933 static EVP_PKEY *load_example_dh_key(void)
934 {
935 return load_example_key("DH", kExampleDHKeyDER,
936 sizeof(kExampleDHKeyDER));
937 }
938 #endif
939
940 #ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)941 static EVP_PKEY *load_example_ed25519_key(void)
942 {
943 return load_example_key("ED25519", kExampleED25519KeyDER,
944 sizeof(kExampleED25519KeyDER));
945 }
946
load_example_x25519_key(void)947 static EVP_PKEY *load_example_x25519_key(void)
948 {
949 return load_example_key("X25519", kExampleX25519KeyDER,
950 sizeof(kExampleX25519KeyDER));
951 }
952 #endif
953 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
954
load_example_hmac_key(void)955 static EVP_PKEY *load_example_hmac_key(void)
956 {
957 EVP_PKEY *pkey = NULL;
958 unsigned char key[] = {
959 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
960 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
961 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
962 };
963
964 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
965 NULL, key, sizeof(key));
966 if (!TEST_ptr(pkey))
967 return NULL;
968
969 return pkey;
970 }
971
test_EVP_set_config_properties(void)972 static int test_EVP_set_config_properties(void)
973 {
974 char *fetched_properties = NULL;
975 const char test_propq[] = "test.fizzbuzz=buzzfizz";
976 int res = 0;
977
978 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
979 if (!TEST_ptr(fetched_properties)
980 || !TEST_str_eq(fetched_properties, test_propq))
981 goto err;
982 OPENSSL_free(fetched_properties);
983 fetched_properties = NULL;
984
985 res = 1;
986 err:
987 OPENSSL_free(fetched_properties);
988 return res;
989 }
990
test_EVP_set_default_properties(void)991 static int test_EVP_set_default_properties(void)
992 {
993 OSSL_LIB_CTX *ctx;
994 EVP_MD *md = NULL;
995 int res = 0;
996 char *fetched_properties = NULL;
997 const char test_propq[] = "provider=fizzbang";
998 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
999
1000 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
1001 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1002 goto err;
1003 EVP_MD_free(md);
1004 md = NULL;
1005
1006 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
1007 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
1008 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
1009 goto err;
1010 EVP_MD_free(md);
1011 md = NULL;
1012
1013 fetched_properties = EVP_get1_default_properties(ctx);
1014 if (!TEST_ptr(fetched_properties)
1015 || !TEST_str_eq(fetched_properties, test_propq))
1016 goto err;
1017 OPENSSL_free(fetched_properties);
1018 fetched_properties = NULL;
1019
1020 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
1021 goto err;
1022 fetched_properties = EVP_get1_default_properties(ctx);
1023 if (!TEST_ptr(fetched_properties)
1024 || !TEST_str_eq(fetched_properties, test_fips_propq))
1025 goto err;
1026 OPENSSL_free(fetched_properties);
1027 fetched_properties = NULL;
1028
1029 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
1030 goto err;
1031
1032 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
1033 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1034 goto err;
1035 res = 1;
1036 err:
1037 OPENSSL_free(fetched_properties);
1038 EVP_MD_free(md);
1039 OSSL_LIB_CTX_free(ctx);
1040 return res;
1041 }
1042
1043 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)1044 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
1045 {
1046 EVP_PKEY_CTX *pctx = NULL;
1047 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
1048
1049 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
1050 goto err;
1051 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
1052 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
1053 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1054 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
1055 params),
1056 0))
1057 goto err;
1058
1059 if (!TEST_ptr(tmp_pkey))
1060 goto err;
1061
1062 pkey = tmp_pkey;
1063 tmp_pkey = NULL;
1064 err:
1065 EVP_PKEY_free(tmp_pkey);
1066 EVP_PKEY_CTX_free(pctx);
1067 return pkey;
1068 }
1069
test_selection(EVP_PKEY * pkey,int selection)1070 static int test_selection(EVP_PKEY *pkey, int selection)
1071 {
1072 int testresult = 0;
1073 int ret;
1074 BIO *bio = BIO_new(BIO_s_mem());
1075
1076 ret = PEM_write_bio_PUBKEY(bio, pkey);
1077 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
1078 if (!TEST_true(ret))
1079 goto err;
1080 } else {
1081 if (!TEST_false(ret))
1082 goto err;
1083 }
1084 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
1085 testctx, NULL);
1086 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
1087 if (!TEST_true(ret))
1088 goto err;
1089 } else {
1090 if (!TEST_false(ret))
1091 goto err;
1092 }
1093
1094 testresult = 1;
1095 err:
1096 BIO_free(bio);
1097
1098 return testresult;
1099 }
1100 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
1101
1102 /*
1103 * Test combinations of private, public, missing and private + public key
1104 * params to ensure they are all accepted
1105 */
1106 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)1107 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1108 {
1109 OSSL_PARAM_BLD *bld = NULL;
1110 OSSL_PARAM *params = NULL;
1111 EVP_PKEY *just_params = NULL;
1112 EVP_PKEY *params_and_priv = NULL;
1113 EVP_PKEY *params_and_pub = NULL;
1114 EVP_PKEY *params_and_keypair = NULL;
1115 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1116 int ret = 0;
1117
1118 /*
1119 * Setup the parameters for our pkey object. For our purposes they don't
1120 * have to actually be *valid* parameters. We just need to set something.
1121 */
1122 if (!TEST_ptr(p = BN_new())
1123 || !TEST_ptr(q = BN_new())
1124 || !TEST_ptr(g = BN_new())
1125 || !TEST_ptr(pub = BN_new())
1126 || !TEST_ptr(priv = BN_new()))
1127 goto err;
1128
1129 /* Test !priv and !pub */
1130 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1132 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1133 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1134 goto err;
1135 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1136 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1137 goto err;
1138
1139 OSSL_PARAM_free(params);
1140 OSSL_PARAM_BLD_free(bld);
1141 params = NULL;
1142 bld = NULL;
1143
1144 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1145 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1146 goto err;
1147
1148 /* Test priv and !pub */
1149 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1152 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1153 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1154 priv)))
1155 goto err;
1156 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1157 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1158 goto err;
1159
1160 OSSL_PARAM_free(params);
1161 OSSL_PARAM_BLD_free(bld);
1162 params = NULL;
1163 bld = NULL;
1164
1165 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1166 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1167 goto err;
1168
1169 /* Test !priv and pub */
1170 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1173 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1174 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1175 pub)))
1176 goto err;
1177 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1178 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1179 goto err;
1180
1181 OSSL_PARAM_free(params);
1182 OSSL_PARAM_BLD_free(bld);
1183 params = NULL;
1184 bld = NULL;
1185
1186 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1187 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1188 goto err;
1189
1190 /* Test priv and pub */
1191 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1194 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1196 pub))
1197 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1198 priv)))
1199 goto err;
1200 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1201 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1202 goto err;
1203
1204 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1205 goto err;
1206
1207 ret = 1;
1208 err:
1209 OSSL_PARAM_free(params);
1210 OSSL_PARAM_BLD_free(bld);
1211 EVP_PKEY_free(just_params);
1212 EVP_PKEY_free(params_and_priv);
1213 EVP_PKEY_free(params_and_pub);
1214 EVP_PKEY_free(params_and_keypair);
1215 BN_free(p);
1216 BN_free(q);
1217 BN_free(g);
1218 BN_free(pub);
1219 BN_free(priv);
1220
1221 return ret;
1222 }
1223 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1224
1225 /*
1226 * Test combinations of private, public, missing and private + public key
1227 * params to ensure they are all accepted for EC keys
1228 */
1229 #ifndef OPENSSL_NO_EC
1230 static unsigned char ec_priv[] = {
1231 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1232 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1233 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1234 };
1235 static unsigned char ec_pub[] = {
1236 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1237 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1238 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1239 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1240 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1241 0x08, 0x09, 0xb8, 0xdb, 0x03
1242 };
1243
test_EC_priv_pub(void)1244 static int test_EC_priv_pub(void)
1245 {
1246 OSSL_PARAM_BLD *bld = NULL;
1247 OSSL_PARAM *params = NULL;
1248 EVP_PKEY *just_params = NULL;
1249 EVP_PKEY *params_and_priv = NULL;
1250 EVP_PKEY *params_and_pub = NULL;
1251 EVP_PKEY *params_and_keypair = NULL;
1252 BIGNUM *priv = NULL;
1253 int ret = 0;
1254 unsigned char *encoded = NULL;
1255 size_t len = 0;
1256 unsigned char buffer[128];
1257
1258 /*
1259 * Setup the parameters for our pkey object. For our purposes they don't
1260 * have to actually be *valid* parameters. We just need to set something.
1261 */
1262 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1263 goto err;
1264
1265 /* Test !priv and !pub */
1266 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1267 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1268 OSSL_PKEY_PARAM_GROUP_NAME,
1269 "P-256", 0)))
1270 goto err;
1271 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1272 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1273 goto err;
1274
1275 OSSL_PARAM_free(params);
1276 OSSL_PARAM_BLD_free(bld);
1277 params = NULL;
1278 bld = NULL;
1279
1280 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1281 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1282 goto err;
1283
1284 /* Test priv and !pub */
1285 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1286 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1287 OSSL_PKEY_PARAM_GROUP_NAME,
1288 "P-256", 0))
1289 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1290 priv)))
1291 goto err;
1292 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1293 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1294 goto err;
1295
1296 OSSL_PARAM_free(params);
1297 OSSL_PARAM_BLD_free(bld);
1298 params = NULL;
1299 bld = NULL;
1300
1301 /*
1302 * We indicate only parameters here, in spite of having built a key that
1303 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1304 * expected to fail because it does not support exporting a private EC
1305 * key without a corresponding public key
1306 */
1307 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1308 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1309 goto err;
1310
1311 /* Test !priv and pub */
1312 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1313 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1314 OSSL_PKEY_PARAM_GROUP_NAME,
1315 "P-256", 0))
1316 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1317 OSSL_PKEY_PARAM_PUB_KEY,
1318 ec_pub, sizeof(ec_pub))))
1319 goto err;
1320 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1321 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1322 goto err;
1323
1324 OSSL_PARAM_free(params);
1325 OSSL_PARAM_BLD_free(bld);
1326 params = NULL;
1327 bld = NULL;
1328
1329 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1330 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1331 goto err;
1332
1333 /* Test priv and pub */
1334 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1335 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1336 OSSL_PKEY_PARAM_GROUP_NAME,
1337 "P-256", 0))
1338 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1339 OSSL_PKEY_PARAM_PUB_KEY,
1340 ec_pub, sizeof(ec_pub)))
1341 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1342 priv)))
1343 goto err;
1344 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1345 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1346 goto err;
1347
1348 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1349 goto err;
1350
1351 /* Try key equality */
1352 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1354 0)
1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1356 0)
1357 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1358 0)
1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1361 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1362 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1363 goto err;
1364
1365 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1366 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1367 goto err;
1368 OPENSSL_free(encoded);
1369 encoded = NULL;
1370 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1371 OPENSSL_free(encoded);
1372 encoded = NULL;
1373 goto err;
1374 }
1375
1376 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1377 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1378 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1379 buffer, sizeof(buffer), &len),
1380 1)
1381 || !TEST_int_eq(len, 65))
1382 goto err;
1383
1384 len = 0;
1385 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1386 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1387 NULL, 0, &len),
1388 1)
1389 || !TEST_int_eq(len, 65))
1390 goto err;
1391
1392 /* too-short buffer len*/
1393 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1394 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1395 buffer, 10, &len),
1396 0))
1397 goto err;
1398
1399 ret = 1;
1400 err:
1401 OSSL_PARAM_free(params);
1402 OSSL_PARAM_BLD_free(bld);
1403 EVP_PKEY_free(just_params);
1404 EVP_PKEY_free(params_and_priv);
1405 EVP_PKEY_free(params_and_pub);
1406 EVP_PKEY_free(params_and_keypair);
1407 BN_free(priv);
1408
1409 return ret;
1410 }
1411
1412 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1413 static int test_evp_get_ec_pub(void)
1414 {
1415 OSSL_PARAM_BLD *bld = NULL;
1416 OSSL_PARAM *params = NULL;
1417 unsigned char *pad = NULL;
1418 EVP_PKEY *keypair = NULL;
1419 BIGNUM *priv = NULL;
1420 BIGNUM *x = NULL;
1421 BIGNUM *y = NULL;
1422 int ret = 0;
1423
1424 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1425 goto err;
1426
1427 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1428 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1429 OSSL_PKEY_PARAM_GROUP_NAME,
1430 "P-256", 0))
1431 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1432 OSSL_PKEY_PARAM_PUB_KEY,
1433 ec_pub, sizeof(ec_pub)))
1434 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1435 priv)))
1436 goto err;
1437
1438 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1439 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1440 goto err;
1441
1442 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1443 goto err;
1444
1445 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1446 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1447 goto err;
1448
1449 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1450 goto err;
1451
1452 pad[0] = ec_pub[0];
1453 BN_bn2bin(x, &pad[1]);
1454 BN_bn2bin(y, &pad[33]);
1455 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1456 goto err;
1457
1458 ret = 1;
1459
1460 err:
1461 OSSL_PARAM_free(params);
1462 OSSL_PARAM_BLD_free(bld);
1463 EVP_PKEY_free(keypair);
1464 OPENSSL_free(pad);
1465 BN_free(priv);
1466 BN_free(x);
1467 BN_free(y);
1468 return ret;
1469 }
1470
1471 /* Test that using a legacy EC key with only a private key in it works */
1472 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1473 static int test_EC_priv_only_legacy(void)
1474 {
1475 BIGNUM *priv = NULL;
1476 int ret = 0;
1477 EC_KEY *eckey = NULL;
1478 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1479 EVP_MD_CTX *ctx = NULL;
1480
1481 /* Create the low level EC_KEY */
1482 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1483 goto err;
1484
1485 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1486 if (!TEST_ptr(eckey))
1487 goto err;
1488
1489 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1490 goto err;
1491
1492 pkey = EVP_PKEY_new();
1493 if (!TEST_ptr(pkey))
1494 goto err;
1495
1496 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1497 goto err;
1498 eckey = NULL;
1499
1500 for (;;) {
1501 ret = 0;
1502 ctx = EVP_MD_CTX_new();
1503 if (!TEST_ptr(ctx))
1504 goto err;
1505
1506 /*
1507 * The EVP_DigestSignInit function should create the key on the
1508 * provider side which is sufficient for this test.
1509 */
1510 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1511 testpropq, pkey, NULL)))
1512 goto err;
1513 EVP_MD_CTX_free(ctx);
1514 ctx = NULL;
1515
1516 if (dup_pk != NULL)
1517 break;
1518
1519 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1520 goto err;
1521 /* EVP_PKEY_eq() returns -2 with missing public keys */
1522 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1523 EVP_PKEY_free(pkey);
1524 pkey = dup_pk;
1525 if (!ret)
1526 goto err;
1527 }
1528 ret = 1;
1529
1530 err:
1531 EVP_MD_CTX_free(ctx);
1532 EVP_PKEY_free(pkey);
1533 EC_KEY_free(eckey);
1534 BN_free(priv);
1535
1536 return ret;
1537 }
1538
test_evp_get_ec_pub_legacy(void)1539 static int test_evp_get_ec_pub_legacy(void)
1540 {
1541 OSSL_LIB_CTX *libctx = NULL;
1542 unsigned char *pad = NULL;
1543 EVP_PKEY *pkey = NULL;
1544 EC_KEY *eckey = NULL;
1545 BIGNUM *priv = NULL;
1546 BIGNUM *x = NULL;
1547 BIGNUM *y = NULL;
1548 int ret = 0;
1549
1550 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1551 goto err;
1552
1553 /* Create the legacy key */
1554 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1555 NID_X9_62_prime256v1)))
1556 goto err;
1557
1558 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1559 goto err;
1560
1561 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1562 goto err;
1563
1564 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1565 goto err;
1566
1567 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1568 goto err;
1569
1570 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1571 goto err;
1572
1573 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1574 goto err;
1575
1576 /* Transfer the legacy key */
1577 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1578 goto err;
1579 eckey = NULL;
1580
1581 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1582 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1583 goto err;
1584
1585 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1586 goto err;
1587
1588 pad[0] = ec_pub[0];
1589 BN_bn2bin(x, &pad[1]);
1590 BN_bn2bin(y, &pad[33]);
1591
1592 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1593 goto err;
1594
1595 ret = 1;
1596
1597 err:
1598 OSSL_LIB_CTX_free(libctx);
1599 EVP_PKEY_free(pkey);
1600 EC_KEY_free(eckey);
1601 OPENSSL_free(pad);
1602 BN_free(priv);
1603 BN_free(x);
1604 BN_free(y);
1605
1606 return ret;
1607 }
1608 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
1609 #endif /* OPENSSL_NO_EC */
1610
test_EVP_PKEY_sign(int tst)1611 static int test_EVP_PKEY_sign(int tst)
1612 {
1613 int ret = 0;
1614 EVP_PKEY *pkey = NULL;
1615 unsigned char *sig = NULL;
1616 size_t sig_len = 0, shortsig_len = 1;
1617 EVP_PKEY_CTX *ctx = NULL;
1618 unsigned char tbs[] = {
1619 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1620 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1621 };
1622
1623 if (tst == 0) {
1624 if (!TEST_ptr(pkey = load_example_rsa_key()))
1625 goto out;
1626 } else if (tst == 1) {
1627 #ifndef OPENSSL_NO_DSA
1628 if (!TEST_ptr(pkey = load_example_dsa_key()))
1629 goto out;
1630 #else
1631 ret = 1;
1632 goto out;
1633 #endif
1634 } else {
1635 #ifndef OPENSSL_NO_EC
1636 if (!TEST_ptr(pkey = load_example_ec_key()))
1637 goto out;
1638 #else
1639 ret = 1;
1640 goto out;
1641 #endif
1642 }
1643
1644 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1645 if (!TEST_ptr(ctx)
1646 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1647 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1648 sizeof(tbs)),
1649 0))
1650 goto out;
1651 sig = OPENSSL_malloc(sig_len);
1652 if (!TEST_ptr(sig)
1653 /* Test sending a signature buffer that is too short is rejected */
1654 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1655 sizeof(tbs)),
1656 0)
1657 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1658 0)
1659 /* Test the signature round-trips */
1660 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1661 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1662 0))
1663 goto out;
1664
1665 ret = 1;
1666 out:
1667 EVP_PKEY_CTX_free(ctx);
1668 OPENSSL_free(sig);
1669 EVP_PKEY_free(pkey);
1670 return ret;
1671 }
1672
1673 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1674 static int test_EVP_PKEY_sign_with_app_method(int tst)
1675 {
1676 int ret = 0;
1677 EVP_PKEY *pkey = NULL;
1678 RSA *rsa = NULL;
1679 RSA_METHOD *rsa_meth = NULL;
1680 #ifndef OPENSSL_NO_DSA
1681 DSA *dsa = NULL;
1682 DSA_METHOD *dsa_meth = NULL;
1683 #endif
1684 unsigned char *sig = NULL;
1685 size_t sig_len = 0, shortsig_len = 1;
1686 EVP_PKEY_CTX *ctx = NULL;
1687 unsigned char tbs[] = {
1688 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1689 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1690 };
1691
1692 if (tst == 0) {
1693 if (!TEST_ptr(pkey = load_example_rsa_key()))
1694 goto out;
1695 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1696 goto out;
1697
1698 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1699 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1700 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1701 goto out;
1702 rsa = NULL; /* now owned by the pkey */
1703 } else {
1704 #ifndef OPENSSL_NO_DSA
1705 if (!TEST_ptr(pkey = load_example_dsa_key()))
1706 goto out;
1707 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1708 goto out;
1709
1710 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1711 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1712 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1713 goto out;
1714 dsa = NULL; /* now owned by the pkey */
1715 #else
1716 ret = 1;
1717 goto out;
1718 #endif
1719 }
1720
1721 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1722 if (!TEST_ptr(ctx)
1723 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1724 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1725 sizeof(tbs)),
1726 0))
1727 goto out;
1728 sig = OPENSSL_malloc(sig_len);
1729 if (!TEST_ptr(sig)
1730 /* Test sending a signature buffer that is too short is rejected */
1731 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1732 sizeof(tbs)),
1733 0)
1734 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1735 0)
1736 /* Test the signature round-trips */
1737 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1738 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1739 0))
1740 goto out;
1741
1742 ret = 1;
1743 out:
1744 EVP_PKEY_CTX_free(ctx);
1745 OPENSSL_free(sig);
1746 EVP_PKEY_free(pkey);
1747 RSA_free(rsa);
1748 RSA_meth_free(rsa_meth);
1749 #ifndef OPENSSL_NO_DSA
1750 DSA_free(dsa);
1751 DSA_meth_free(dsa_meth);
1752 #endif
1753 return ret;
1754 }
1755 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1756
1757 /*
1758 * n = 0 => test using legacy cipher
1759 * n = 1 => test using fetched cipher
1760 */
test_EVP_Enveloped(int n)1761 static int test_EVP_Enveloped(int n)
1762 {
1763 int ret = 0;
1764 EVP_CIPHER_CTX *ctx = NULL;
1765 EVP_PKEY *keypair = NULL;
1766 unsigned char *kek = NULL;
1767 unsigned char iv[EVP_MAX_IV_LENGTH];
1768 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1769 int len, kek_len, ciphertext_len, plaintext_len;
1770 unsigned char ciphertext[32], plaintext[16];
1771 EVP_CIPHER *type = NULL;
1772
1773 if (nullprov != NULL)
1774 return TEST_skip("Test does not support a non-default library context");
1775
1776 if (n == 0)
1777 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1778 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1779 testpropq)))
1780 goto err;
1781
1782 if (!TEST_ptr(keypair = load_example_rsa_key())
1783 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1784 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1785 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1786 &keypair, 1))
1787 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1788 msg, sizeof(msg)))
1789 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1790 &len)))
1791 goto err;
1792
1793 ciphertext_len += len;
1794
1795 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1796 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1797 ciphertext, ciphertext_len))
1798 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1799 goto err;
1800
1801 plaintext_len += len;
1802 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1803 goto err;
1804
1805 ret = 1;
1806 err:
1807 if (n != 0)
1808 EVP_CIPHER_free(type);
1809 OPENSSL_free(kek);
1810 EVP_PKEY_free(keypair);
1811 EVP_CIPHER_CTX_free(ctx);
1812 return ret;
1813 }
1814
1815 /*
1816 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1817 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1818 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1819 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1820 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1821 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1822 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1823 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1824 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1825 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1826 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1827 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1828 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1829 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1830 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1831 * Test 15-29: Same as above with reinitialization
1832 */
test_EVP_DigestSignInit(int tst)1833 static int test_EVP_DigestSignInit(int tst)
1834 {
1835 int ret = 0;
1836 EVP_PKEY *pkey = NULL;
1837 unsigned char *sig = NULL, *sig2 = NULL;
1838 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1839 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1840 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1841 BIO *mdbio = NULL, *membio = NULL;
1842 size_t written;
1843 const EVP_MD *md;
1844 EVP_MD *mdexp = NULL;
1845 int reinit = 0;
1846
1847 if (nullprov != NULL)
1848 return TEST_skip("Test does not support a non-default library context");
1849
1850 if (tst >= 15) {
1851 reinit = 1;
1852 tst -= 15;
1853 }
1854
1855 if (tst >= 6 && tst <= 8) {
1856 membio = BIO_new(BIO_s_mem());
1857 mdbio = BIO_new(BIO_f_md());
1858 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1859 goto out;
1860 BIO_push(mdbio, membio);
1861 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1862 goto out;
1863 } else {
1864 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1865 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1866 goto out;
1867 }
1868
1869 if (tst % 3 == 0) {
1870 if (!TEST_ptr(pkey = load_example_rsa_key()))
1871 goto out;
1872 } else if (tst % 3 == 1) {
1873 #ifndef OPENSSL_NO_DSA
1874 if (!TEST_ptr(pkey = load_example_dsa_key()))
1875 goto out;
1876 #else
1877 ret = 1;
1878 goto out;
1879 #endif
1880 } else {
1881 if (!TEST_ptr(pkey = load_example_hmac_key()))
1882 goto out;
1883 }
1884
1885 if (tst >= 3 && tst <= 5)
1886 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1887 else
1888 md = EVP_sha256();
1889
1890 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1891 goto out;
1892
1893 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1894 goto out;
1895
1896 if (tst >= 6 && tst <= 8) {
1897 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1898 goto out;
1899 } else if (tst < 6) {
1900 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1901 goto out;
1902 }
1903
1904 if (tst >= 9) {
1905 /* Determine the size of the signature. */
1906 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1907 sizeof(kMsg)))
1908 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1909 goto out;
1910 if (tst <= 11) {
1911 /* Test that supply a short sig buffer fails */
1912 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1913 sizeof(kMsg))))
1914 goto out;
1915 /*
1916 * We end here because once EVP_DigestSign() has failed you should
1917 * not call it again without re-initing the ctx
1918 */
1919 ret = 1;
1920 goto out;
1921 }
1922 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1923 sizeof(kMsg))))
1924 goto out;
1925 } else {
1926 /* Determine the size of the signature. */
1927 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1928 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1929 /*
1930 * Trying to create a signature with a deliberately short
1931 * buffer should fail.
1932 */
1933 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1934 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1935 goto out;
1936 }
1937
1938 /*
1939 * Ensure that the signature round-trips (Verification isn't supported for
1940 * HMAC via EVP_DigestVerify*)
1941 */
1942 if (tst % 3 != 2) {
1943 if (tst >= 6 && tst <= 8) {
1944 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1945 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1946 goto out;
1947 }
1948
1949 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1950 NULL, pkey)))
1951 goto out;
1952
1953 if (tst >= 6 && tst <= 8) {
1954 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1955 goto out;
1956 } else {
1957 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1958 sizeof(kMsg))))
1959 goto out;
1960 }
1961 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1962 goto out;
1963
1964 /* Multiple calls to EVP_DigestVerifyFinal should work */
1965 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1966 goto out;
1967 } else {
1968 /*
1969 * For HMAC a doubled call to DigestSignFinal should produce the same
1970 * value as finalization should not happen.
1971 */
1972 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1973 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1974 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1975 goto out;
1976
1977 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1978 goto out;
1979 }
1980
1981 ret = 1;
1982
1983 out:
1984 BIO_free(membio);
1985 BIO_free(mdbio);
1986 EVP_MD_CTX_free(a_md_ctx);
1987 EVP_MD_CTX_free(a_md_ctx_verify);
1988 EVP_PKEY_free(pkey);
1989 OPENSSL_free(sig);
1990 OPENSSL_free(sig2);
1991 EVP_MD_free(mdexp);
1992
1993 return ret;
1994 }
1995
test_EVP_DigestVerifyInit(void)1996 static int test_EVP_DigestVerifyInit(void)
1997 {
1998 int ret = 0;
1999 EVP_PKEY *pkey = NULL;
2000 EVP_MD_CTX *md_ctx = NULL;
2001
2002 if (nullprov != NULL)
2003 return TEST_skip("Test does not support a non-default library context");
2004
2005 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
2006 || !TEST_ptr(pkey = load_example_rsa_key()))
2007 goto out;
2008
2009 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
2010 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2011 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2012 sizeof(kSignature)),
2013 0))
2014 goto out;
2015
2016 /* test with reinitialization */
2017 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
2018 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2019 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2020 sizeof(kSignature)),
2021 0))
2022 goto out;
2023 ret = 1;
2024
2025 out:
2026 EVP_MD_CTX_free(md_ctx);
2027 EVP_PKEY_free(pkey);
2028 return ret;
2029 }
2030
2031 #ifndef OPENSSL_NO_EC
test_ecdsa_digestsign_keccak(void)2032 static int test_ecdsa_digestsign_keccak(void)
2033 {
2034 int ret = 0;
2035 EVP_PKEY *pkey = NULL;
2036 EVP_MD_CTX *ctx = NULL;
2037 EVP_MD *md = NULL;
2038
2039 if (nullprov != NULL)
2040 return TEST_skip("Test does not support a non-default library context");
2041
2042 pkey = load_example_ec_key();
2043 if (!TEST_ptr(pkey))
2044 goto err;
2045
2046 /* This would not work with FIPS provider so just use NULL libctx */
2047 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL);
2048 if (!TEST_ptr(md))
2049 goto err;
2050
2051 ctx = EVP_MD_CTX_new();
2052 if (!TEST_ptr(ctx))
2053 goto err;
2054
2055 /*
2056 * Just check EVP_DigestSignInit_ex() works.
2057 */
2058 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
2059 goto err;
2060
2061 ret = 1;
2062 err:
2063 EVP_MD_CTX_free(ctx);
2064 EVP_PKEY_free(pkey);
2065 EVP_MD_free(md);
2066
2067 return ret;
2068 }
2069 #endif
2070
2071 #ifndef OPENSSL_NO_SIPHASH
2072 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)2073 static int test_siphash_digestsign(void)
2074 {
2075 unsigned char key[16];
2076 unsigned char buf[8], digest[8];
2077 unsigned char expected[8] = {
2078 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
2079 };
2080 EVP_PKEY *pkey = NULL;
2081 EVP_MD_CTX *mdctx = NULL;
2082 EVP_PKEY_CTX *ctx = NULL;
2083 int ret = 0;
2084 size_t len = 8;
2085
2086 if (nullprov != NULL)
2087 return TEST_skip("Test does not support a non-default library context");
2088
2089 memset(buf, 0, 8);
2090 memset(key, 1, 16);
2091 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
2092 key, 16)))
2093 goto out;
2094
2095 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
2096 goto out;
2097
2098 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
2099 goto out;
2100 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
2101 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
2102 8, NULL),
2103 1))
2104 goto out;
2105 /* reinitialize */
2106 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
2107 goto out;
2108 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
2109 goto out;
2110 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
2111 goto out;
2112 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
2113 goto out;
2114
2115 ret = 1;
2116 out:
2117 EVP_PKEY_free(pkey);
2118 EVP_MD_CTX_free(mdctx);
2119 return ret;
2120 }
2121 #endif
2122
2123 /*
2124 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
2125 */
test_EVP_Digest(void)2126 static int test_EVP_Digest(void)
2127 {
2128 int ret = 0;
2129 EVP_MD_CTX *md_ctx = NULL;
2130 unsigned char md[EVP_MAX_MD_SIZE];
2131 EVP_MD *sha256 = NULL;
2132 EVP_MD *shake256 = NULL;
2133
2134 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2135 goto out;
2136
2137 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
2138 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
2139 goto out;
2140
2141 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2142 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2143 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
2144 /* EVP_DigestFinal resets the EVP_MD_CTX. */
2145 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
2146 goto out;
2147
2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2150 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
2151 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2153 /*
2154 * EVP_DigestInit_ex with NULL type should work on
2155 * pre-initialized context.
2156 */
2157 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2158 goto out;
2159
2160 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2161 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2162 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2163 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2164 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2165 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2166 goto out;
2167 ret = 1;
2168
2169 out:
2170 EVP_MD_CTX_free(md_ctx);
2171 EVP_MD_free(sha256);
2172 EVP_MD_free(shake256);
2173 return ret;
2174 }
2175
test_EVP_md_null(void)2176 static int test_EVP_md_null(void)
2177 {
2178 int ret = 0;
2179 EVP_MD_CTX *md_ctx = NULL;
2180 const EVP_MD *md_null = EVP_md_null();
2181 unsigned char md_value[EVP_MAX_MD_SIZE];
2182 unsigned int md_len = sizeof(md_value);
2183
2184 if (nullprov != NULL)
2185 return TEST_skip("Test does not support a non-default library context");
2186
2187 if (!TEST_ptr(md_null)
2188 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2189 goto out;
2190
2191 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2192 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2193 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2194 goto out;
2195
2196 if (!TEST_uint_eq(md_len, 0))
2197 goto out;
2198
2199 ret = 1;
2200 out:
2201 EVP_MD_CTX_free(md_ctx);
2202 return ret;
2203 }
2204
test_d2i_AutoPrivateKey(int i)2205 static int test_d2i_AutoPrivateKey(int i)
2206 {
2207 int ret = 0;
2208 const unsigned char *p;
2209 EVP_PKEY *pkey = NULL;
2210 const APK_DATA *ak = &keydata[i];
2211 const unsigned char *input = ak->kder;
2212 size_t input_len = ak->size;
2213 int expected_id = ak->evptype;
2214
2215 p = input;
2216 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2217 || !TEST_ptr_eq(p, input + input_len)
2218 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2219 goto done;
2220
2221 ret = 1;
2222
2223 done:
2224 EVP_PKEY_free(pkey);
2225 return ret;
2226 }
2227
2228 #ifndef OPENSSL_NO_EC
2229
2230 static const unsigned char ec_public_sect163k1_validxy[] = {
2231 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2232 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2233 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2234 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2235 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2236 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2237 };
2238
2239 static const unsigned char ec_public_sect163k1_badx[] = {
2240 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2241 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2242 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2243 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2244 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2245 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2246 };
2247
2248 static const unsigned char ec_public_sect163k1_bady[] = {
2249 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2250 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2251 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2252 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2253 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2254 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2255 };
2256
2257 static struct ec_der_pub_keys_st {
2258 const unsigned char *der;
2259 size_t len;
2260 int valid;
2261 } ec_der_pub_keys[] = {
2262 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2263 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2264 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2265 };
2266
2267 /*
2268 * Tests the range of the decoded EC char2 public point.
2269 * See ec_GF2m_simple_oct2point().
2270 */
test_invalide_ec_char2_pub_range_decode(int id)2271 static int test_invalide_ec_char2_pub_range_decode(int id)
2272 {
2273 int ret = 0;
2274 EVP_PKEY *pkey;
2275
2276 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2277 ec_der_pub_keys[id].len);
2278
2279 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2280 || TEST_ptr_null(pkey);
2281 EVP_PKEY_free(pkey);
2282 return ret;
2283 }
2284
test_EVP_PKCS82PKEY(void)2285 static int test_EVP_PKCS82PKEY(void)
2286 {
2287 int ret = 0;
2288 const unsigned char *derp = kExampleBadECKeyDER;
2289 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2290 EVP_PKEY *pkey = NULL;
2291
2292 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2293 sizeof(kExampleBadECKeyDER))))
2294 goto done;
2295
2296 if (!TEST_ptr_eq(derp,
2297 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2298 goto done;
2299
2300 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2301 goto done;
2302
2303 ret = 1;
2304
2305 done:
2306 PKCS8_PRIV_KEY_INFO_free(p8inf);
2307 EVP_PKEY_free(pkey);
2308
2309 return ret;
2310 }
2311
2312 #endif
2313
test_EVP_PKCS82PKEY_v2(int i)2314 static int test_EVP_PKCS82PKEY_v2(int i)
2315 {
2316 int ret = 0;
2317 const unsigned char *p;
2318 const APK_DATA *ak = &keydata_v2[i];
2319 const unsigned char *input = ak->kder;
2320 size_t input_len = ak->size;
2321 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2322
2323 /* Can we parse PKCS#8 v2, ignoring the public key for now? */
2324 p = input;
2325 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len);
2326 if (!TEST_ptr(p8inf)
2327 || !TEST_true(p == input + input_len))
2328 goto done;
2329
2330 ret = 1;
2331 done:
2332 PKCS8_PRIV_KEY_INFO_free(p8inf);
2333 return ret;
2334 }
2335
2336 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY_wrong_tag(void)2337 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2338 {
2339 EVP_PKEY *pkey = NULL;
2340 EVP_PKEY *pkey2 = NULL;
2341 BIO *membio = NULL;
2342 char *membuf = NULL;
2343 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2344 int ok = 0;
2345
2346 if (testctx != NULL)
2347 /* test not supported with non-default context */
2348 return 1;
2349
2350 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2351 || !TEST_ptr(pkey = load_example_rsa_key())
2352 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2353 NULL, 0, NULL, NULL),
2354 0)
2355 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2356 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2357 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2358 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2359 goto done;
2360 }
2361
2362 ok = 1;
2363 done:
2364 EVP_PKEY_free(pkey);
2365 EVP_PKEY_free(pkey2);
2366 PKCS8_PRIV_KEY_INFO_free(p8inf);
2367 BIO_free_all(membio);
2368 return ok;
2369 }
2370
2371 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2372 static int test_privatekey_to_pkcs8(void)
2373 {
2374 EVP_PKEY *pkey = NULL;
2375 BIO *membio = NULL;
2376 char *membuf = NULL;
2377 long membuf_len = 0;
2378 int ok = 0;
2379
2380 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2381 || !TEST_ptr(pkey = load_example_rsa_key())
2382 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2383 NULL, 0, NULL, NULL),
2384 0)
2385 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2386 || !TEST_ptr(membuf)
2387 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2388 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2389 /*
2390 * We try to write PEM as well, just to see that it doesn't err, but
2391 * assume that the result is correct.
2392 */
2393 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2394 NULL, 0, NULL, NULL),
2395 0))
2396 goto done;
2397
2398 ok = 1;
2399 done:
2400 EVP_PKEY_free(pkey);
2401 BIO_free_all(membio);
2402 return ok;
2403 }
2404
2405 #ifndef OPENSSL_NO_EC
2406 static const struct {
2407 int encoding;
2408 const char *encoding_name;
2409 } ec_encodings[] = {
2410 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2411 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2412 };
2413
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2414 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2415 {
2416 const OSSL_PARAM *p;
2417 const char *enc_name = NULL;
2418 int *enc = arg;
2419 size_t i;
2420
2421 *enc = -1;
2422
2423 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2424 OSSL_PKEY_PARAM_EC_ENCODING))
2425 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2426 return 0;
2427
2428 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2429 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2430 *enc = ec_encodings[i].encoding;
2431 break;
2432 }
2433 }
2434
2435 return (*enc != -1);
2436 }
2437
test_EC_keygen_with_enc(int idx)2438 static int test_EC_keygen_with_enc(int idx)
2439 {
2440 EVP_PKEY *params = NULL, *key = NULL;
2441 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2442 int enc;
2443 int ret = 0;
2444
2445 enc = ec_encodings[idx].encoding;
2446
2447 /* Create key parameters */
2448 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2449 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2450 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2451 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2452 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2453 || !TEST_ptr(params))
2454 goto done;
2455
2456 /* Create key */
2457 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2458 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2459 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2460 || !TEST_ptr(key))
2461 goto done;
2462
2463 /* Check that the encoding got all the way into the key */
2464 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2465 ec_export_get_encoding_cb, &enc))
2466 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2467 goto done;
2468
2469 ret = 1;
2470 done:
2471 EVP_PKEY_free(key);
2472 EVP_PKEY_free(params);
2473 EVP_PKEY_CTX_free(kctx);
2474 EVP_PKEY_CTX_free(pctx);
2475 return ret;
2476 }
2477 #endif
2478
2479 #if !defined(OPENSSL_NO_SM2)
2480
test_EVP_SM2_verify(void)2481 static int test_EVP_SM2_verify(void)
2482 {
2483 const char *pubkey = "-----BEGIN PUBLIC KEY-----\n"
2484 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2485 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2486 "-----END PUBLIC KEY-----\n";
2487
2488 const char *msg = "message digest";
2489 const char *id = "ALICE123@YAHOO.COM";
2490
2491 const uint8_t signature[] = {
2492 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2493 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2494 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2495 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2496 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2497 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2498 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2499 };
2500
2501 int rc = 0;
2502 BIO *bio = NULL;
2503 EVP_PKEY *pkey = NULL;
2504 EVP_MD_CTX *mctx = NULL;
2505 EVP_PKEY_CTX *pctx = NULL;
2506 EVP_MD *sm3 = NULL;
2507
2508 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2509 if (!TEST_true(bio != NULL))
2510 goto done;
2511
2512 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2513 if (!TEST_true(pkey != NULL))
2514 goto done;
2515
2516 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2517 goto done;
2518
2519 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2520 goto done;
2521
2522 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2523 goto done;
2524
2525 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2526
2527 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2528 goto done;
2529
2530 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2531 goto done;
2532
2533 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2534 goto done;
2535
2536 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2537 goto done;
2538
2539 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2540 goto done;
2541 rc = 1;
2542
2543 done:
2544 BIO_free(bio);
2545 EVP_PKEY_free(pkey);
2546 EVP_PKEY_CTX_free(pctx);
2547 EVP_MD_CTX_free(mctx);
2548 EVP_MD_free(sm3);
2549 return rc;
2550 }
2551
test_EVP_SM2(void)2552 static int test_EVP_SM2(void)
2553 {
2554 int ret = 0;
2555 EVP_PKEY *pkey = NULL;
2556 EVP_PKEY *pkeyparams = NULL;
2557 EVP_PKEY_CTX *pctx = NULL;
2558 EVP_PKEY_CTX *kctx = NULL;
2559 EVP_PKEY_CTX *sctx = NULL;
2560 size_t sig_len = 0;
2561 unsigned char *sig = NULL;
2562 EVP_MD_CTX *md_ctx = NULL;
2563 EVP_MD_CTX *md_ctx_verify = NULL;
2564 EVP_PKEY_CTX *cctx = NULL;
2565 EVP_MD *check_md = NULL;
2566
2567 uint8_t ciphertext[128];
2568 size_t ctext_len = sizeof(ciphertext);
2569
2570 uint8_t plaintext[8];
2571 size_t ptext_len = sizeof(plaintext);
2572
2573 uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
2574
2575 OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2576 OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2577 int i;
2578 char mdname[OSSL_MAX_NAME_SIZE];
2579
2580 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2581 "SM2", testpropq)))
2582 goto done;
2583
2584 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2585 goto done;
2586
2587 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2588 goto done;
2589
2590 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2591 goto done;
2592
2593 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2594 pkeyparams, testpropq)))
2595 goto done;
2596
2597 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2598 goto done;
2599
2600 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2601 goto done;
2602
2603 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2604 goto done;
2605
2606 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2607 goto done;
2608
2609 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2610 goto done;
2611
2612 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2613 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2614
2615 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2616 goto done;
2617
2618 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2619 goto done;
2620
2621 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2622 goto done;
2623
2624 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2625 goto done;
2626
2627 /* Determine the size of the signature. */
2628 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2629 goto done;
2630
2631 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2632 goto done;
2633
2634 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2635 goto done;
2636
2637 /* Ensure that the signature round-trips. */
2638
2639 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2640 pkey)))
2641 goto done;
2642
2643 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2644 goto done;
2645
2646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2647 goto done;
2648
2649 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2650 goto done;
2651
2652 /*
2653 * Try verify again with non-matching 0 length id but ensure that it can
2654 * be set on the context and overrides the previous value.
2655 */
2656
2657 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2658 pkey)))
2659 goto done;
2660
2661 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2662 goto done;
2663
2664 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2665 goto done;
2666
2667 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2668 goto done;
2669
2670 /* now check encryption/decryption */
2671
2672 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2673 mdname, sizeof(mdname));
2674 for (i = 0; i < 2; i++) {
2675 const char *mdnames[] = {
2676 #ifndef OPENSSL_NO_SM3
2677 "SM3",
2678 #else
2679 NULL,
2680 #endif
2681 "SHA2-256"
2682 };
2683 EVP_PKEY_CTX_free(cctx);
2684
2685 if (mdnames[i] == NULL)
2686 continue;
2687
2688 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2689 (char *)mdnames[i], 0);
2690
2691 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2692 pkey, testpropq)))
2693 goto done;
2694
2695 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2696 goto done;
2697
2698 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2699 goto done;
2700
2701 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2702 sizeof(kMsg))))
2703 goto done;
2704
2705 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2706 goto done;
2707
2708 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2709 goto done;
2710
2711 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2712 ctext_len),
2713 0))
2714 goto done;
2715
2716 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2717 goto done;
2718
2719 /*
2720 * Test we're still using the digest we think we are.
2721 * Because of aliases, the easiest is to fetch the digest and
2722 * check the name with EVP_MD_is_a().
2723 */
2724 EVP_MD_free(check_md);
2725 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2726 goto done;
2727 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2728 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2729 goto done;
2730 }
2731
2732 if (!TEST_true(ptext_len == sizeof(kMsg)))
2733 goto done;
2734
2735 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2736 goto done;
2737 }
2738
2739 ret = 1;
2740 done:
2741 EVP_PKEY_CTX_free(pctx);
2742 EVP_PKEY_CTX_free(kctx);
2743 EVP_PKEY_CTX_free(sctx);
2744 EVP_PKEY_CTX_free(cctx);
2745 EVP_PKEY_free(pkey);
2746 EVP_PKEY_free(pkeyparams);
2747 EVP_MD_CTX_free(md_ctx);
2748 EVP_MD_CTX_free(md_ctx_verify);
2749 EVP_MD_free(check_md);
2750 OPENSSL_free(sig);
2751 return ret;
2752 }
2753
2754 #endif
2755
2756 #ifndef OPENSSL_NO_ML_KEM
2757 static const uint8_t ml_kem_seed[] = {
2758 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4,
2759 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
2760 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79,
2761 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
2762 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b,
2763 0x87, 0x2b, 0xfb, 0x8f
2764 };
2765 static const uint8_t ml_kem_512_pubkey[] = {
2766 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
2767 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
2768 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26,
2769 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
2770 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19,
2771 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
2772 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36,
2773 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
2774 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb,
2775 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
2776 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3,
2777 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
2778 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8,
2779 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
2780 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82,
2781 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
2782 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b,
2783 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
2784 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74,
2785 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
2786 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07,
2787 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
2788 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92,
2789 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
2790 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55,
2791 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
2792 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a,
2793 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
2794 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f,
2795 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
2796 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3,
2797 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
2798 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b,
2799 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
2800 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a,
2801 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
2802 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50,
2803 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
2804 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6,
2805 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
2806 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13,
2807 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
2808 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22,
2809 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
2810 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27,
2811 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
2812 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06,
2813 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
2814 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f,
2815 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
2816 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a,
2817 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
2818 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a,
2819 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
2820 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a,
2821 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
2822 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d,
2823 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
2824 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77,
2825 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
2826 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e,
2827 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
2828 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8,
2829 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
2830 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae,
2831 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
2832 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
2833 };
2834 static const uint8_t ml_kem_768_pubkey[] = {
2835 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
2836 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
2837 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13,
2838 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
2839 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25,
2840 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
2841 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce,
2842 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
2843 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e,
2844 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
2845 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56,
2846 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
2847 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba,
2848 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
2849 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74,
2850 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
2851 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49,
2852 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
2853 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74,
2854 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
2855 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0,
2856 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
2857 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b,
2858 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
2859 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf,
2860 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
2861 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53,
2862 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
2863 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc,
2864 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
2865 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19,
2866 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
2867 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a,
2868 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
2869 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7,
2870 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
2871 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5,
2872 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
2873 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51,
2874 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
2875 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf,
2876 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
2877 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48,
2878 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
2879 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a,
2880 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
2881 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7,
2882 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
2883 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28,
2884 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
2885 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11,
2886 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
2887 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0,
2888 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
2889 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f,
2890 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
2891 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7,
2892 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
2893 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e,
2894 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
2895 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68,
2896 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
2897 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82,
2898 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
2899 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d,
2900 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
2901 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e,
2902 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
2903 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce,
2904 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
2905 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d,
2906 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
2907 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48,
2908 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
2909 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b,
2910 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
2911 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97,
2912 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
2913 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac,
2914 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
2915 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1,
2916 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
2917 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62,
2918 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
2919 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f,
2920 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
2921 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd,
2922 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
2923 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd,
2924 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
2925 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63,
2926 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
2927 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82,
2928 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
2929 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e,
2930 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
2931 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb,
2932 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
2933 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
2934 };
2935 static const uint8_t ml_kem_1024_pubkey[] = {
2936 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
2937 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
2938 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18,
2939 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
2940 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33,
2941 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
2942 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45,
2943 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
2944 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45,
2945 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
2946 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06,
2947 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
2948 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d,
2949 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
2950 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97,
2951 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
2952 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80,
2953 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
2954 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d,
2955 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
2956 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7,
2957 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
2958 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7,
2959 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
2960 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc,
2961 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
2962 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39,
2963 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
2964 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5,
2965 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
2966 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89,
2967 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
2968 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1,
2969 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
2970 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca,
2971 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
2972 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b,
2973 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
2974 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50,
2975 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
2976 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86,
2977 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
2978 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c,
2979 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
2980 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44,
2981 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
2982 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f,
2983 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
2984 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65,
2985 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
2986 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7,
2987 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
2988 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d,
2989 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
2990 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e,
2991 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
2992 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94,
2993 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
2994 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d,
2995 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
2996 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f,
2997 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
2998 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e,
2999 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
3000 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b,
3001 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
3002 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe,
3003 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
3004 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98,
3005 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
3006 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f,
3007 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
3008 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4,
3009 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
3010 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0,
3011 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
3012 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a,
3013 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
3014 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a,
3015 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
3016 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24,
3017 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
3018 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f,
3019 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
3020 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33,
3021 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
3022 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89,
3023 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
3024 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32,
3025 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
3026 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37,
3027 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
3028 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84,
3029 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
3030 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50,
3031 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
3032 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25,
3033 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
3034 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6,
3035 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
3036 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e,
3037 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
3038 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b,
3039 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
3040 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf,
3041 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
3042 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2,
3043 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
3044 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03,
3045 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
3046 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66,
3047 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
3048 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55,
3049 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
3050 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e,
3051 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
3052 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76,
3053 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
3054 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a,
3055 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
3056 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86,
3057 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
3058 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44,
3059 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
3060 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34,
3061 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
3062 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d,
3063 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
3064 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf,
3065 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
3066 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
3067 };
3068 #endif
3069
3070 static struct keys_st {
3071 int type;
3072 const uint8_t *priv;
3073 const uint8_t *pub;
3074 /* If "name" is non-NULL, create via non-legacy _ex() API */
3075 char *name;
3076 int privlen;
3077 int publen;
3078 } keys[] = {
3079 { EVP_PKEY_HMAC,
3080 (const uint8_t *)"0123456789",
3081 NULL,
3082 NULL, 10, 0 },
3083 { EVP_PKEY_HMAC, (const uint8_t *)"", NULL,
3084 NULL, 0, 0
3085 #ifndef OPENSSL_NO_POLY1305
3086 },
3087 { EVP_PKEY_POLY1305,
3088 (const uint8_t *)"01234567890123456789012345678901",
3089 NULL,
3090 NULL, 32, 0
3091 #endif
3092 #ifndef OPENSSL_NO_SIPHASH
3093 },
3094 { EVP_PKEY_SIPHASH,
3095 (const uint8_t *)"0123456789012345",
3096 NULL,
3097 NULL, 16, 0
3098 #endif
3099 },
3100 #ifndef OPENSSL_NO_ECX
3101 { EVP_PKEY_X25519,
3102 (const uint8_t *)"01234567890123456789012345678901",
3103 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef",
3104 NULL, 32, 32 },
3105 { EVP_PKEY_ED25519,
3106 (const uint8_t *)"01234567890123456789012345678901",
3107 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef",
3108 NULL, 32, 32 },
3109 { EVP_PKEY_X448,
3110 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345",
3111 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd",
3112 NULL, 56, 56 },
3113 { EVP_PKEY_ED448,
3114 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456",
3115 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde",
3116 NULL, 57, 57 },
3117 #endif
3118 #ifndef OPENSSL_NO_ML_KEM
3119 { NID_undef, ml_kem_seed, ml_kem_512_pubkey,
3120 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) },
3121 { NID_undef, ml_kem_seed, ml_kem_768_pubkey,
3122 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) },
3123 { NID_undef, ml_kem_seed, ml_kem_1024_pubkey,
3124 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) },
3125 #endif
3126 };
3127
3128 #ifndef OPENSSL_NO_ML_KEM
3129 static int
ml_kem_seed_to_priv(const char * alg,const unsigned char * seed,int seedlen,unsigned char ** ret,size_t * retlen)3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen,
3131 unsigned char **ret, size_t *retlen)
3132 {
3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3134 EVP_PKEY_CTX *ctx = NULL;
3135 EVP_PKEY *pkey = NULL;
3136 const OSSL_PARAM *p;
3137 OSSL_PARAM *params = NULL;
3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
3139 int ok = 0;
3140
3141 /* Import the seed to generate a key */
3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL);
3143 if (!TEST_ptr(ctx)
3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0))
3145 goto done;
3146 parr[0] = OSSL_PARAM_construct_octet_string(
3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen);
3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0))
3149 goto done;
3150
3151 /* Export the key to get the encoded form */
3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms)))
3153 goto done;
3154
3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
3156 if (!TEST_ptr(p)
3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen)))
3158 goto done;
3159 ok = 1;
3160
3161 done:
3162 EVP_PKEY_free(pkey);
3163 OSSL_PARAM_free(params);
3164 EVP_PKEY_CTX_free(ctx);
3165 return ok;
3166 }
3167 #endif
3168
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
3170 {
3171 int ret = 0;
3172 uint8_t *buf = NULL;
3173 const uint8_t *in;
3174 uint8_t shortbuf[1];
3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf);
3176 EVP_PKEY *pkey = NULL;
3177 unsigned char *privalloc = NULL;
3178 const char *name;
3179
3180 /* Check if this algorithm supports public keys */
3181 if (pub && keys[tst].pub == NULL)
3182 return 1;
3183
3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type);
3185
3186 if (pub) {
3187 #ifndef OPENSSL_NO_EC
3188 inlen = keys[tst].publen;
3189 in = keys[tst].pub;
3190 if (uselibctx || keys[tst].name != NULL) {
3191 pkey = EVP_PKEY_new_raw_public_key_ex(
3192 testctx,
3193 name,
3194 NULL,
3195 in,
3196 inlen);
3197 } else {
3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
3199 NULL,
3200 in,
3201 inlen);
3202 }
3203 #else
3204 return 1;
3205 #endif
3206 } else {
3207 inlen = keys[tst].privlen;
3208 in = keys[tst].priv;
3209 #ifndef OPENSSL_NO_ML_KEM
3210 if (in == ml_kem_seed) {
3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen,
3212 &privalloc, &inlen)))
3213 goto done;
3214 in = privalloc;
3215 }
3216 #endif
3217 if (uselibctx || keys[tst].name != NULL) {
3218 pkey = EVP_PKEY_new_raw_private_key_ex(
3219 testctx,
3220 name,
3221 NULL,
3222 in,
3223 inlen);
3224 } else {
3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
3226 NULL,
3227 in,
3228 inlen);
3229 }
3230 }
3231
3232 if (!TEST_ptr(pkey)
3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
3236 || !TEST_true(len == inlen))
3237 goto done;
3238 if (tst != 1) {
3239 /*
3240 * Test that supplying a buffer that is too small fails. Doesn't apply
3241 * to HMAC with a zero length key
3242 */
3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen)))
3244 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen))))
3245 goto done;
3246 }
3247 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len)))
3248 goto done;
3249 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
3250 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
3251 || !TEST_mem_eq(in, inlen, buf, len))
3252 goto done;
3253
3254 ret = 1;
3255 done:
3256 OPENSSL_free(privalloc);
3257 OPENSSL_free(buf);
3258 EVP_PKEY_free(pkey);
3259 return ret;
3260 }
3261
test_set_get_raw_keys(int tst)3262 static int test_set_get_raw_keys(int tst)
3263 {
3264 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
3265 && test_set_get_raw_keys_int(tst, 0, 1)
3266 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
3267 && test_set_get_raw_keys_int(tst, 1, 1);
3268 }
3269
3270 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)3271 static int pkey_custom_check(EVP_PKEY *pkey)
3272 {
3273 return 0xbeef;
3274 }
3275
pkey_custom_pub_check(EVP_PKEY * pkey)3276 static int pkey_custom_pub_check(EVP_PKEY *pkey)
3277 {
3278 return 0xbeef;
3279 }
3280
pkey_custom_param_check(EVP_PKEY * pkey)3281 static int pkey_custom_param_check(EVP_PKEY *pkey)
3282 {
3283 return 0xbeef;
3284 }
3285
3286 static EVP_PKEY_METHOD *custom_pmeth;
3287 #endif
3288
test_EVP_PKEY_check(int i)3289 static int test_EVP_PKEY_check(int i)
3290 {
3291 int ret = 0;
3292 EVP_PKEY *pkey = NULL;
3293 EVP_PKEY_CTX *ctx = NULL;
3294 #ifndef OPENSSL_NO_DEPRECATED_3_0
3295 EVP_PKEY_CTX *ctx2 = NULL;
3296 #endif
3297 const APK_DATA *ak = &keycheckdata[i];
3298 const unsigned char *input = ak->kder;
3299 size_t input_len = ak->size;
3300 int expected_id = ak->evptype;
3301 int expected_check = ak->check;
3302 int expected_pub_check = ak->pub_check;
3303 int expected_param_check = ak->param_check;
3304 int type = ak->type;
3305
3306 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
3307 goto done;
3308 if (type == 0
3309 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
3310 goto done;
3311
3312 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
3313 goto done;
3314
3315 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
3316 goto done;
3317
3318 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
3319 goto done;
3320
3321 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
3322 goto done;
3323
3324 #ifndef OPENSSL_NO_DEPRECATED_3_0
3325 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
3326 /* assign the pkey directly, as an internal test */
3327 if (!EVP_PKEY_up_ref(pkey))
3328 goto done;
3329
3330 ctx2->pkey = pkey;
3331
3332 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
3333 goto done;
3334
3335 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
3336 goto done;
3337
3338 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
3339 goto done;
3340 #endif
3341
3342 ret = 1;
3343
3344 done:
3345 EVP_PKEY_CTX_free(ctx);
3346 #ifndef OPENSSL_NO_DEPRECATED_3_0
3347 EVP_PKEY_CTX_free(ctx2);
3348 #endif
3349 EVP_PKEY_free(pkey);
3350 return ret;
3351 }
3352
3353 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)3354 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
3355 {
3356 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
3357 const char msg[] = "Hello World";
3358 size_t maclen = AES_BLOCK_SIZE;
3359 int ret = 1;
3360
3361 if (!TEST_ptr(mdctx)
3362 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
3363 testpropq, pkey, NULL))
3364 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
3365 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
3366 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
3367 ret = 0;
3368
3369 EVP_MD_CTX_free(mdctx);
3370
3371 return ret;
3372 }
test_CMAC_keygen(void)3373 static int test_CMAC_keygen(void)
3374 {
3375 static unsigned char key[] = {
3376 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3377 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3378 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3379 };
3380 EVP_PKEY_CTX *kctx = NULL;
3381 int ret = 0;
3382 EVP_PKEY *pkey = NULL;
3383 unsigned char mac[AES_BLOCK_SIZE];
3384 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3385 unsigned char mac2[AES_BLOCK_SIZE];
3386 #endif
3387
3388 if (nullprov != NULL)
3389 return TEST_skip("Test does not support a non-default library context");
3390
3391 /*
3392 * This is a legacy method for CMACs, but should still work.
3393 * This verifies that it works without an ENGINE.
3394 */
3395 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
3396
3397 /* Test a CMAC key created using the "generated" method */
3398 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
3399 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3400 EVP_PKEY_CTRL_CIPHER,
3401 0, (void *)EVP_aes_256_cbc()),
3402 0)
3403 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3404 EVP_PKEY_CTRL_SET_MAC_KEY,
3405 sizeof(key), (void *)key),
3406 0)
3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
3408 || !TEST_ptr(pkey)
3409 || !TEST_true(get_cmac_val(pkey, mac)))
3410 goto done;
3411
3412 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3413 EVP_PKEY_free(pkey);
3414
3415 /*
3416 * Test a CMAC key using the direct method, and compare with the mac
3417 * created above.
3418 */
3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
3420 if (!TEST_ptr(pkey)
3421 || !TEST_true(get_cmac_val(pkey, mac2))
3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
3423 goto done;
3424 #endif
3425
3426 ret = 1;
3427
3428 done:
3429 EVP_PKEY_free(pkey);
3430 EVP_PKEY_CTX_free(kctx);
3431 return ret;
3432 }
3433 #endif
3434
test_HKDF(void)3435 static int test_HKDF(void)
3436 {
3437 EVP_PKEY_CTX *pctx;
3438 unsigned char out[20];
3439 size_t outlen;
3440 int i, ret = 0;
3441 unsigned char salt[] = "0123456789";
3442 unsigned char key[] = "012345678901234567890123456789";
3443 unsigned char info[] = "infostring";
3444 const unsigned char expected[] = {
3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
3447 };
3448 size_t expectedlen = sizeof(expected);
3449
3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3451 goto done;
3452
3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */
3454 for (i = 0; i < 2; i++) {
3455 outlen = sizeof(out);
3456 memset(out, 0, outlen);
3457
3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3461 sizeof(salt) - 1),
3462 0)
3463 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3464 sizeof(key) - 1),
3465 0)
3466 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3467 sizeof(info) - 1),
3468 0)
3469 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3470 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3471 goto done;
3472 }
3473
3474 ret = 1;
3475
3476 done:
3477 EVP_PKEY_CTX_free(pctx);
3478
3479 return ret;
3480 }
3481
test_emptyikm_HKDF(void)3482 static int test_emptyikm_HKDF(void)
3483 {
3484 EVP_PKEY_CTX *pctx;
3485 unsigned char out[20];
3486 size_t outlen;
3487 int ret = 0;
3488 unsigned char salt[] = "9876543210";
3489 unsigned char key[] = "";
3490 unsigned char info[] = "stringinfo";
3491 const unsigned char expected[] = {
3492 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
3493 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
3494 };
3495 size_t expectedlen = sizeof(expected);
3496
3497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3498 goto done;
3499
3500 outlen = sizeof(out);
3501 memset(out, 0, outlen);
3502
3503 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3504 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3505 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3506 sizeof(salt) - 1),
3507 0)
3508 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3509 sizeof(key) - 1),
3510 0)
3511 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3512 sizeof(info) - 1),
3513 0)
3514 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3515 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3516 goto done;
3517
3518 ret = 1;
3519
3520 done:
3521 EVP_PKEY_CTX_free(pctx);
3522
3523 return ret;
3524 }
3525
test_empty_salt_info_HKDF(void)3526 static int test_empty_salt_info_HKDF(void)
3527 {
3528 EVP_PKEY_CTX *pctx;
3529 unsigned char out[20];
3530 size_t outlen;
3531 int ret = 0;
3532 unsigned char salt[] = "";
3533 unsigned char fake[] = "0123456789";
3534 unsigned char key[] = "012345678901234567890123456789";
3535 unsigned char info[] = "";
3536 const unsigned char expected[] = {
3537 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
3538 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06
3539 };
3540 size_t expectedlen = sizeof(expected);
3541
3542 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3543 goto done;
3544
3545 outlen = sizeof(out);
3546 memset(out, 0, outlen);
3547
3548 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3549 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3550 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
3551 sizeof(fake) - 1),
3552 0)
3553 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3554 sizeof(salt) - 1),
3555 0)
3556 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3557 sizeof(key) - 1),
3558 0)
3559 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3560 sizeof(info) - 1),
3561 0)
3562 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3563 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3564 goto done;
3565
3566 ret = 1;
3567
3568 done:
3569 EVP_PKEY_CTX_free(pctx);
3570
3571 return ret;
3572 }
3573
3574 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)3575 static int test_X509_PUBKEY_inplace(void)
3576 {
3577 int ret = 0;
3578 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
3579 const unsigned char *p = kExampleECPubKeyDER;
3580 size_t input_len = sizeof(kExampleECPubKeyDER);
3581
3582 if (!TEST_ptr(xp))
3583 goto done;
3584 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
3585 goto done;
3586
3587 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3588 goto done;
3589
3590 p = kExampleBadECPubKeyDER;
3591 input_len = sizeof(kExampleBadECPubKeyDER);
3592
3593 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3594 goto done;
3595
3596 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3597 goto done;
3598
3599 ret = 1;
3600
3601 done:
3602 X509_PUBKEY_free(xp);
3603 return ret;
3604 }
3605
test_X509_PUBKEY_dup(void)3606 static int test_X509_PUBKEY_dup(void)
3607 {
3608 int ret = 0;
3609 X509_PUBKEY *xp = NULL, *xq = NULL;
3610 const unsigned char *p = kExampleECPubKeyDER;
3611 size_t input_len = sizeof(kExampleECPubKeyDER);
3612
3613 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3614 if (!TEST_ptr(xp)
3615 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3616 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3617 || !TEST_ptr_ne(xp, xq))
3618 goto done;
3619
3620 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3621 || !TEST_ptr(X509_PUBKEY_get0(xp))
3622 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3623 goto done;
3624
3625 X509_PUBKEY_free(xq);
3626 xq = NULL;
3627 p = kExampleBadECPubKeyDER;
3628 input_len = sizeof(kExampleBadECPubKeyDER);
3629
3630 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3631 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3632 goto done;
3633
3634 X509_PUBKEY_free(xp);
3635 xp = NULL;
3636 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3637 goto done;
3638
3639 ret = 1;
3640
3641 done:
3642 X509_PUBKEY_free(xp);
3643 X509_PUBKEY_free(xq);
3644 return ret;
3645 }
3646 #endif /* OPENSSL_NO_EC */
3647
3648 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3649 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3650 {
3651 EVP_MD_CTX *mdctx = NULL;
3652 EVP_PKEY_CTX *ctx = NULL;
3653 const OSSL_PARAM *params;
3654 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3655 int ret = 0;
3656 const EVP_MD *md;
3657 char mdname[OSSL_MAX_NAME_SIZE];
3658 char ssl3ms[48];
3659
3660 /* Initialise a sign operation */
3661 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3662 if (!TEST_ptr(ctx)
3663 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3664 goto err;
3665
3666 /*
3667 * We should be able to query the parameters now.
3668 */
3669 params = EVP_PKEY_CTX_settable_params(ctx);
3670 if (!TEST_ptr(params)
3671 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3672 OSSL_SIGNATURE_PARAM_DIGEST)))
3673 goto err;
3674
3675 params = EVP_PKEY_CTX_gettable_params(ctx);
3676 if (!TEST_ptr(params)
3677 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3678 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3679 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3680 OSSL_SIGNATURE_PARAM_DIGEST)))
3681 goto err;
3682
3683 /*
3684 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3685 * EVP_PKEY_CTX_get_params()
3686 */
3687 strcpy(mdname, "SHA512");
3688 param_md = param;
3689 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3690 mdname, 0);
3691 *param++ = OSSL_PARAM_construct_end();
3692
3693 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3694 goto err;
3695
3696 mdname[0] = '\0';
3697 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3698 mdname, sizeof(mdname));
3699 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3700 || !TEST_str_eq(mdname, "SHA512"))
3701 goto err;
3702
3703 /*
3704 * Test the TEST_PKEY_CTX_set_signature_md() and
3705 * TEST_PKEY_CTX_get_signature_md() functions
3706 */
3707 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3708 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3709 || !TEST_ptr_eq(md, EVP_sha256()))
3710 goto err;
3711
3712 /*
3713 * Test getting MD parameters via an associated EVP_PKEY_CTX
3714 */
3715 mdctx = EVP_MD_CTX_new();
3716 if (!TEST_ptr(mdctx)
3717 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3718 pkey, NULL)))
3719 goto err;
3720
3721 /*
3722 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3723 * able to obtain the digest's settable parameters from the provider.
3724 */
3725 params = EVP_MD_CTX_settable_params(mdctx);
3726 if (!TEST_ptr(params)
3727 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3728 /* The final key should be NULL */
3729 || !TEST_ptr_null(params[1].key))
3730 goto err;
3731
3732 param = ourparams;
3733 memset(ssl3ms, 0, sizeof(ssl3ms));
3734 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3735 ssl3ms, sizeof(ssl3ms));
3736 *param++ = OSSL_PARAM_construct_end();
3737
3738 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3739 goto err;
3740
3741 ret = 1;
3742
3743 err:
3744 EVP_MD_CTX_free(mdctx);
3745 EVP_PKEY_CTX_free(ctx);
3746
3747 return ret;
3748 }
3749
3750 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3751 static int test_DSA_get_set_params(void)
3752 {
3753 OSSL_PARAM_BLD *bld = NULL;
3754 OSSL_PARAM *params = NULL;
3755 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3756 EVP_PKEY_CTX *pctx = NULL;
3757 EVP_PKEY *pkey = NULL;
3758 int ret = 0;
3759
3760 /*
3761 * Setup the parameters for our DSA object. For our purposes they don't
3762 * have to actually be *valid* parameters. We just need to set something.
3763 */
3764 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3765 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3766 || !TEST_ptr(p = BN_new())
3767 || !TEST_ptr(q = BN_new())
3768 || !TEST_ptr(g = BN_new())
3769 || !TEST_ptr(pub = BN_new())
3770 || !TEST_ptr(priv = BN_new()))
3771 goto err;
3772 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3773 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3774 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3775 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3776 pub))
3777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3778 priv)))
3779 goto err;
3780 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3781 goto err;
3782
3783 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3784 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3785 params),
3786 0))
3787 goto err;
3788
3789 if (!TEST_ptr(pkey))
3790 goto err;
3791
3792 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3793
3794 err:
3795 EVP_PKEY_free(pkey);
3796 EVP_PKEY_CTX_free(pctx);
3797 OSSL_PARAM_free(params);
3798 OSSL_PARAM_BLD_free(bld);
3799 BN_free(p);
3800 BN_free(q);
3801 BN_free(g);
3802 BN_free(pub);
3803 BN_free(priv);
3804
3805 return ret;
3806 }
3807
3808 /*
3809 * Test combinations of private, public, missing and private + public key
3810 * params to ensure they are all accepted
3811 */
test_DSA_priv_pub(void)3812 static int test_DSA_priv_pub(void)
3813 {
3814 return test_EVP_PKEY_ffc_priv_pub("DSA");
3815 }
3816
3817 #endif /* !OPENSSL_NO_DSA */
3818
test_RSA_get_set_params(void)3819 static int test_RSA_get_set_params(void)
3820 {
3821 OSSL_PARAM_BLD *bld = NULL;
3822 OSSL_PARAM *params = NULL;
3823 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3824 EVP_PKEY_CTX *pctx = NULL;
3825 EVP_PKEY *pkey = NULL;
3826 int ret = 0;
3827
3828 /*
3829 * Setup the parameters for our RSA object. For our purposes they don't
3830 * have to actually be *valid* parameters. We just need to set something.
3831 */
3832 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3833 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3834 || !TEST_ptr(n = BN_new())
3835 || !TEST_ptr(e = BN_new())
3836 || !TEST_ptr(d = BN_new()))
3837 goto err;
3838 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3841 goto err;
3842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3843 goto err;
3844
3845 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3846 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3847 params),
3848 0))
3849 goto err;
3850
3851 if (!TEST_ptr(pkey))
3852 goto err;
3853
3854 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3855
3856 err:
3857 EVP_PKEY_free(pkey);
3858 EVP_PKEY_CTX_free(pctx);
3859 OSSL_PARAM_free(params);
3860 OSSL_PARAM_BLD_free(bld);
3861 BN_free(n);
3862 BN_free(e);
3863 BN_free(d);
3864
3865 return ret;
3866 }
3867
test_RSA_OAEP_set_get_params(void)3868 static int test_RSA_OAEP_set_get_params(void)
3869 {
3870 int ret = 0;
3871 EVP_PKEY *key = NULL;
3872 EVP_PKEY_CTX *key_ctx = NULL;
3873
3874 if (nullprov != NULL)
3875 return TEST_skip("Test does not support a non-default library context");
3876
3877 if (!TEST_ptr(key = load_example_rsa_key())
3878 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3879 goto err;
3880
3881 {
3882 int padding = RSA_PKCS1_OAEP_PADDING;
3883 OSSL_PARAM params[4];
3884
3885 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3886 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3887 OSSL_DIGEST_NAME_SHA2_256, 0);
3888 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3889 OSSL_DIGEST_NAME_SHA1, 0);
3890 params[3] = OSSL_PARAM_construct_end();
3891
3892 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0))
3893 goto err;
3894 }
3895 {
3896 OSSL_PARAM params[3];
3897 char oaepmd[30] = { '\0' };
3898 char mgf1md[30] = { '\0' };
3899
3900 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3901 oaepmd, sizeof(oaepmd));
3902 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3903 mgf1md, sizeof(mgf1md));
3904 params[2] = OSSL_PARAM_construct_end();
3905
3906 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3907 goto err;
3908
3909 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3910 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3911 goto err;
3912 }
3913
3914 ret = 1;
3915
3916 err:
3917 EVP_PKEY_free(key);
3918 EVP_PKEY_CTX_free(key_ctx);
3919
3920 return ret;
3921 }
3922
3923 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3924 static int test_RSA_OAEP_set_null_label(void)
3925 {
3926 int ret = 0;
3927 EVP_PKEY *key = NULL;
3928 EVP_PKEY_CTX *key_ctx = NULL;
3929
3930 if (!TEST_ptr(key = load_example_rsa_key())
3931 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3932 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3933 goto err;
3934
3935 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3936 goto err;
3937
3938 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3939 goto err;
3940
3941 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3942 goto err;
3943
3944 ret = 1;
3945
3946 err:
3947 EVP_PKEY_free(key);
3948 EVP_PKEY_CTX_free(key_ctx);
3949
3950 return ret;
3951 }
3952
test_RSA_encrypt(void)3953 static int test_RSA_encrypt(void)
3954 {
3955 int ret = 0;
3956 EVP_PKEY *pkey = NULL;
3957 EVP_PKEY_CTX *pctx = NULL;
3958 unsigned char *cbuf = NULL, *pbuf = NULL;
3959 size_t clen = 0, plen = 0;
3960
3961 if (!TEST_ptr(pkey = load_example_rsa_key())
3962 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx,
3963 pkey, testpropq))
3964 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)
3965 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)
3966 || !TEST_ptr(cbuf = OPENSSL_malloc(clen))
3967 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0))
3968 goto done;
3969
3970 /* Require failure when the output buffer is too small */
3971 plen = clen - 1;
3972 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0))
3973 goto done;
3974 /* flush error stack */
3975 TEST_openssl_errors();
3976
3977 /* Check decryption of encrypted result */
3978 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0)
3979 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
3980 || !TEST_ptr(pbuf = OPENSSL_malloc(plen))
3981 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
3982 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg))
3983 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0))
3984 goto done;
3985
3986 ret = 1;
3987 done:
3988 EVP_PKEY_CTX_free(pctx);
3989 EVP_PKEY_free(pkey);
3990 OPENSSL_free(cbuf);
3991 OPENSSL_free(pbuf);
3992 return ret;
3993 }
3994
3995 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3996 static int test_RSA_legacy(void)
3997 {
3998 int ret = 0;
3999 BIGNUM *p = NULL;
4000 BIGNUM *q = NULL;
4001 BIGNUM *n = NULL;
4002 BIGNUM *e = NULL;
4003 BIGNUM *d = NULL;
4004 const EVP_MD *md = EVP_sha256();
4005 EVP_MD_CTX *ctx = NULL;
4006 EVP_PKEY *pkey = NULL;
4007 RSA *rsa = NULL;
4008
4009 if (nullprov != NULL)
4010 return TEST_skip("Test does not support a non-default library context");
4011
4012 if (!TEST_ptr(p = BN_dup(BN_value_one()))
4013 || !TEST_ptr(q = BN_dup(BN_value_one()))
4014 || !TEST_ptr(n = BN_dup(BN_value_one()))
4015 || !TEST_ptr(e = BN_dup(BN_value_one()))
4016 || !TEST_ptr(d = BN_dup(BN_value_one())))
4017 goto err;
4018
4019 if (!TEST_ptr(rsa = RSA_new())
4020 || !TEST_ptr(pkey = EVP_PKEY_new())
4021 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
4022 goto err;
4023
4024 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
4025 goto err;
4026 p = NULL;
4027 q = NULL;
4028
4029 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
4030 goto err;
4031 n = NULL;
4032 e = NULL;
4033 d = NULL;
4034
4035 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
4036 goto err;
4037
4038 rsa = NULL;
4039
4040 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
4041 goto err;
4042
4043 ret = 1;
4044
4045 err:
4046 RSA_free(rsa);
4047 EVP_MD_CTX_free(ctx);
4048 EVP_PKEY_free(pkey);
4049 BN_free(p);
4050 BN_free(q);
4051 BN_free(n);
4052 BN_free(e);
4053 BN_free(d);
4054
4055 return ret;
4056 }
4057 #endif
4058
4059 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)4060 static int test_decrypt_null_chunks(void)
4061 {
4062 EVP_CIPHER_CTX *ctx = NULL;
4063 EVP_CIPHER *cipher = NULL;
4064 const unsigned char key[32] = {
4065 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4066 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4067 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
4068 };
4069 unsigned char iv[12] = {
4070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
4071 };
4072 unsigned char msg[] = "It was the best of times, it was the worst of times";
4073 unsigned char ciphertext[80];
4074 unsigned char plaintext[80];
4075 /* We initialise tmp to a non zero value on purpose */
4076 int ctlen, ptlen, tmp = 99;
4077 int ret = 0;
4078 const int enc_offset = 10, dec_offset = 20;
4079
4080 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
4081 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4082 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
4083 key, iv))
4084 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
4085 enc_offset))
4086 /* Deliberate add a zero length update */
4087 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
4088 0))
4089 || !TEST_int_eq(tmp, 0)
4090 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
4091 msg + enc_offset,
4092 sizeof(msg) - enc_offset))
4093 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
4094 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
4095 || !TEST_int_eq(tmp, 0))
4096 goto err;
4097
4098 /* Deliberately initialise tmp to a non zero value */
4099 tmp = 99;
4100 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
4101 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
4102 dec_offset))
4103 /*
4104 * Deliberately add a zero length update. We also deliberately do
4105 * this at a different offset than for encryption.
4106 */
4107 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
4108 0))
4109 || !TEST_int_eq(tmp, 0)
4110 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
4111 ciphertext + dec_offset,
4112 ctlen - dec_offset))
4113 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
4114 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
4115 || !TEST_int_eq(tmp, 0)
4116 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
4117 goto err;
4118
4119 ret = 1;
4120 err:
4121 EVP_CIPHER_CTX_free(ctx);
4122 EVP_CIPHER_free(cipher);
4123 return ret;
4124 }
4125 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
4126
4127 #ifndef OPENSSL_NO_DH
4128 /*
4129 * Test combinations of private, public, missing and private + public key
4130 * params to ensure they are all accepted
4131 */
test_DH_priv_pub(void)4132 static int test_DH_priv_pub(void)
4133 {
4134 return test_EVP_PKEY_ffc_priv_pub("DH");
4135 }
4136
4137 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)4138 static int test_EVP_PKEY_set1_DH(void)
4139 {
4140 DH *x942dh = NULL, *noqdh = NULL;
4141 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
4142 int ret = 0;
4143 BIGNUM *p, *g = NULL;
4144 BIGNUM *pubkey = NULL;
4145 unsigned char pub[2048 / 8];
4146 size_t len = 0;
4147
4148 if (!TEST_ptr(p = BN_new())
4149 || !TEST_ptr(g = BN_new())
4150 || !TEST_ptr(pubkey = BN_new())
4151 || !TEST_true(BN_set_word(p, 9999))
4152 || !TEST_true(BN_set_word(g, 2))
4153 || !TEST_true(BN_set_word(pubkey, 4321))
4154 || !TEST_ptr(noqdh = DH_new())
4155 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
4156 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
4157 || !TEST_ptr(pubkey = BN_new())
4158 || !TEST_true(BN_set_word(pubkey, 4321)))
4159 goto err;
4160 p = g = NULL;
4161
4162 x942dh = DH_get_2048_256();
4163 pkey1 = EVP_PKEY_new();
4164 pkey2 = EVP_PKEY_new();
4165 if (!TEST_ptr(x942dh)
4166 || !TEST_ptr(noqdh)
4167 || !TEST_ptr(pkey1)
4168 || !TEST_ptr(pkey2)
4169 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
4170 goto err;
4171 pubkey = NULL;
4172
4173 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
4174 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
4175 goto err;
4176
4177 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
4178 &pubkey))
4179 || !TEST_ptr(pubkey))
4180 goto err;
4181
4182 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
4183 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
4184 goto err;
4185
4186 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
4187 OSSL_PKEY_PARAM_PUB_KEY,
4188 pub, sizeof(pub), &len))
4189 || !TEST_size_t_ne(len, 0))
4190 goto err;
4191
4192 ret = 1;
4193 err:
4194 BN_free(p);
4195 BN_free(g);
4196 BN_free(pubkey);
4197 EVP_PKEY_free(pkey1);
4198 EVP_PKEY_free(pkey2);
4199 DH_free(x942dh);
4200 DH_free(noqdh);
4201
4202 return ret;
4203 }
4204 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4205 #endif /* !OPENSSL_NO_DH */
4206
4207 /*
4208 * We test what happens with an empty template. For the sake of this test,
4209 * the template must be ignored, and we know that's the case for RSA keys
4210 * (this might arguably be a misfeature, but that's what we currently do,
4211 * even in provider code, since that's how the legacy RSA implementation
4212 * does things)
4213 */
test_keygen_with_empty_template(int n)4214 static int test_keygen_with_empty_template(int n)
4215 {
4216 EVP_PKEY_CTX *ctx = NULL;
4217 EVP_PKEY *pkey = NULL;
4218 EVP_PKEY *tkey = NULL;
4219 int ret = 0;
4220
4221 if (nullprov != NULL)
4222 return TEST_skip("Test does not support a non-default library context");
4223
4224 switch (n) {
4225 case 0:
4226 /* We do test with no template at all as well */
4227 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
4228 goto err;
4229 break;
4230 case 1:
4231 /* Here we create an empty RSA key that serves as our template */
4232 if (!TEST_ptr(tkey = EVP_PKEY_new())
4233 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
4234 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
4235 goto err;
4236 break;
4237 }
4238
4239 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4240 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
4241 goto err;
4242
4243 ret = 1;
4244 err:
4245 EVP_PKEY_CTX_free(ctx);
4246 EVP_PKEY_free(pkey);
4247 EVP_PKEY_free(tkey);
4248 return ret;
4249 }
4250
4251 /*
4252 * Test that we fail if we attempt to use an algorithm that is not available
4253 * in the current library context (unless we are using an algorithm that
4254 * should be made available via legacy codepaths).
4255 *
4256 * 0: RSA
4257 * 1: SM2
4258 */
test_pkey_ctx_fail_without_provider(int tst)4259 static int test_pkey_ctx_fail_without_provider(int tst)
4260 {
4261 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
4262 OSSL_PROVIDER *tmpnullprov = NULL;
4263 EVP_PKEY_CTX *pctx = NULL;
4264 const char *keytype = NULL;
4265 int expect_null = 0;
4266 int ret = 0;
4267
4268 if (!TEST_ptr(tmpctx))
4269 goto err;
4270
4271 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
4272 if (!TEST_ptr(tmpnullprov))
4273 goto err;
4274
4275 /*
4276 * We check for certain algos in the null provider.
4277 * If an algo is expected to have a provider keymgmt, constructing an
4278 * EVP_PKEY_CTX is expected to fail (return NULL).
4279 * Otherwise, if it's expected to have legacy support, constructing an
4280 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
4281 */
4282 switch (tst) {
4283 case 0:
4284 keytype = "RSA";
4285 expect_null = 1;
4286 break;
4287 case 1:
4288 keytype = "SM2";
4289 expect_null = 1;
4290 #ifdef OPENSSL_NO_EC
4291 TEST_info("EC disable, skipping SM2 check...");
4292 goto end;
4293 #endif
4294 #ifdef OPENSSL_NO_SM2
4295 TEST_info("SM2 disable, skipping SM2 check...");
4296 goto end;
4297 #endif
4298 break;
4299 default:
4300 TEST_error("No test for case %d", tst);
4301 goto err;
4302 }
4303
4304 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
4305 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
4306 goto err;
4307
4308 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
4309 end:
4310 #endif
4311 ret = 1;
4312
4313 err:
4314 EVP_PKEY_CTX_free(pctx);
4315 OSSL_PROVIDER_unload(tmpnullprov);
4316 OSSL_LIB_CTX_free(tmpctx);
4317 return ret;
4318 }
4319
test_rand_agglomeration(void)4320 static int test_rand_agglomeration(void)
4321 {
4322 EVP_RAND *rand;
4323 EVP_RAND_CTX *ctx;
4324 OSSL_PARAM params[3], *p = params;
4325 int res;
4326 unsigned int step = 7;
4327 static unsigned char seed[] = "It does not matter how slowly you go "
4328 "as long as you do not stop.";
4329 unsigned char out[sizeof(seed)];
4330
4331 if (!TEST_int_ne(sizeof(seed) % step, 0)
4332 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
4333 return 0;
4334 ctx = EVP_RAND_CTX_new(rand, NULL);
4335 EVP_RAND_free(rand);
4336 if (!TEST_ptr(ctx))
4337 return 0;
4338
4339 memset(out, 0, sizeof(out));
4340 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
4341 seed, sizeof(seed));
4342 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
4343 *p = OSSL_PARAM_construct_end();
4344 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
4345 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
4346 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
4347 EVP_RAND_CTX_free(ctx);
4348 return res;
4349 }
4350
4351 /*
4352 * Test that we correctly return the original or "running" IV after
4353 * an encryption operation.
4354 * Run multiple times for some different relevant algorithms/modes.
4355 */
test_evp_iv_aes(int idx)4356 static int test_evp_iv_aes(int idx)
4357 {
4358 int ret = 0;
4359 EVP_CIPHER_CTX *ctx = NULL;
4360 unsigned char key[16] = {
4361 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
4362 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
4363 };
4364 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
4365 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4366 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4367 };
4368 static const unsigned char msg[] = {
4369 1, 2, 3, 4, 5, 6, 7, 8,
4370 9, 10, 11, 12, 13, 14, 15, 16
4371 };
4372 unsigned char ciphertext[32], oiv[16], iv[16];
4373 unsigned char *ref_iv;
4374 unsigned char cbc_state[16] = {
4375 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
4376 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
4377 };
4378
4379 unsigned char ofb_state[16] = {
4380 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
4381 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
4382 };
4383 unsigned char cfb_state[16] = {
4384 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
4385 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
4386 };
4387 unsigned char gcm_state[12] = {
4388 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4389 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4390 };
4391 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
4392 #ifndef OPENSSL_NO_OCB
4393 unsigned char ocb_state[12] = {
4394 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4395 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4396 };
4397 #endif
4398 int len = sizeof(ciphertext);
4399 size_t ivlen, ref_len;
4400 const EVP_CIPHER *type = NULL;
4401 int iv_reset = 0;
4402
4403 if (nullprov != NULL && idx < 6)
4404 return TEST_skip("Test does not support a non-default library context");
4405
4406 switch (idx) {
4407 case 0:
4408 type = EVP_aes_128_cbc();
4409 /* FALLTHROUGH */
4410 case 6:
4411 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
4412 ref_iv = cbc_state;
4413 ref_len = sizeof(cbc_state);
4414 iv_reset = 1;
4415 break;
4416 case 1:
4417 type = EVP_aes_128_ofb();
4418 /* FALLTHROUGH */
4419 case 7:
4420 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
4421 ref_iv = ofb_state;
4422 ref_len = sizeof(ofb_state);
4423 iv_reset = 1;
4424 break;
4425 case 2:
4426 type = EVP_aes_128_cfb();
4427 /* FALLTHROUGH */
4428 case 8:
4429 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
4430 ref_iv = cfb_state;
4431 ref_len = sizeof(cfb_state);
4432 iv_reset = 1;
4433 break;
4434 case 3:
4435 type = EVP_aes_128_gcm();
4436 /* FALLTHROUGH */
4437 case 9:
4438 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
4439 ref_iv = gcm_state;
4440 ref_len = sizeof(gcm_state);
4441 break;
4442 case 4:
4443 type = EVP_aes_128_ccm();
4444 /* FALLTHROUGH */
4445 case 10:
4446 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
4447 ref_iv = ccm_state;
4448 ref_len = sizeof(ccm_state);
4449 break;
4450 #ifdef OPENSSL_NO_OCB
4451 case 5:
4452 case 11:
4453 return 1;
4454 #else
4455 case 5:
4456 type = EVP_aes_128_ocb();
4457 /* FALLTHROUGH */
4458 case 11:
4459 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
4460 ref_iv = ocb_state;
4461 ref_len = sizeof(ocb_state);
4462 break;
4463 #endif
4464 default:
4465 return 0;
4466 }
4467
4468 if (!TEST_ptr(type)
4469 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4470 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4471 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4472 (int)sizeof(msg)))
4473 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4474 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4475 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4476 goto err;
4477 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4478
4479 if (!TEST_int_gt(ivlen, 0))
4480 goto err;
4481
4482 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4483 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4484 goto err;
4485
4486 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
4487 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4488 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4489 goto err;
4490 if (iv_reset) {
4491 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4492 goto err;
4493 } else {
4494 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
4495 goto err;
4496 }
4497
4498 ret = 1;
4499 err:
4500 EVP_CIPHER_CTX_free(ctx);
4501 if (idx >= 6)
4502 EVP_CIPHER_free((EVP_CIPHER *)type);
4503 return ret;
4504 }
4505
4506 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)4507 static int test_evp_iv_des(int idx)
4508 {
4509 int ret = 0;
4510 EVP_CIPHER_CTX *ctx = NULL;
4511 static const unsigned char key[24] = {
4512 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
4513 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
4514 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4515 };
4516 static const unsigned char init_iv[8] = {
4517 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4518 };
4519 static const unsigned char msg[] = {
4520 1, 2, 3, 4, 5, 6, 7, 8,
4521 9, 10, 11, 12, 13, 14, 15, 16
4522 };
4523 unsigned char ciphertext[32], oiv[8], iv[8];
4524 unsigned const char *ref_iv;
4525 static const unsigned char cbc_state_des[8] = {
4526 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
4527 };
4528 static const unsigned char cbc_state_3des[8] = {
4529 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
4530 };
4531 static const unsigned char ofb_state_des[8] = {
4532 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
4533 };
4534 static const unsigned char ofb_state_3des[8] = {
4535 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
4536 };
4537 static const unsigned char cfb_state_des[8] = {
4538 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
4539 };
4540 static const unsigned char cfb_state_3des[8] = {
4541 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
4542 };
4543 int len = sizeof(ciphertext);
4544 size_t ivlen, ref_len;
4545 EVP_CIPHER *type = NULL;
4546
4547 if (lgcyprov == NULL && idx < 3)
4548 return TEST_skip("Test requires legacy provider to be loaded");
4549
4550 switch (idx) {
4551 case 0:
4552 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
4553 ref_iv = cbc_state_des;
4554 ref_len = sizeof(cbc_state_des);
4555 break;
4556 case 1:
4557 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
4558 ref_iv = ofb_state_des;
4559 ref_len = sizeof(ofb_state_des);
4560 break;
4561 case 2:
4562 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
4563 ref_iv = cfb_state_des;
4564 ref_len = sizeof(cfb_state_des);
4565 break;
4566 case 3:
4567 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
4568 ref_iv = cbc_state_3des;
4569 ref_len = sizeof(cbc_state_3des);
4570 break;
4571 case 4:
4572 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
4573 ref_iv = ofb_state_3des;
4574 ref_len = sizeof(ofb_state_3des);
4575 break;
4576 case 5:
4577 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
4578 ref_iv = cfb_state_3des;
4579 ref_len = sizeof(cfb_state_3des);
4580 break;
4581 default:
4582 return 0;
4583 }
4584
4585 if (!TEST_ptr(type)
4586 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4587 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4588 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4589 (int)sizeof(msg)))
4590 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4591 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4592 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4593 goto err;
4594 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4595
4596 if (!TEST_int_gt(ivlen, 0))
4597 goto err;
4598
4599 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4600 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4601 goto err;
4602
4603 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4604 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4605 goto err;
4606 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4607 goto err;
4608
4609 ret = 1;
4610 err:
4611 EVP_CIPHER_CTX_free(ctx);
4612 EVP_CIPHER_free(type);
4613 return ret;
4614 }
4615 #endif
4616
4617 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)4618 static int test_evp_bf_default_keylen(int idx)
4619 {
4620 int ret = 0;
4621 static const char *algos[4] = {
4622 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
4623 };
4624 int ivlen[4] = { 0, 8, 8, 8 };
4625 EVP_CIPHER *cipher = NULL;
4626
4627 if (lgcyprov == NULL)
4628 return TEST_skip("Test requires legacy provider to be loaded");
4629
4630 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4631 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4632 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4633 goto err;
4634
4635 ret = 1;
4636 err:
4637 EVP_CIPHER_free(cipher);
4638 return ret;
4639 }
4640 #endif
4641
4642 #ifndef OPENSSL_NO_EC
4643 static int ecpub_nids[] = {
4644 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4645 NID_secp384r1, NID_secp521r1,
4646 #ifndef OPENSSL_NO_EC2M
4647 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4648 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4649 #endif
4650 NID_brainpoolP384r1, NID_brainpoolP512r1
4651 };
4652
test_ecpub(int idx)4653 static int test_ecpub(int idx)
4654 {
4655 int ret = 0, len, savelen;
4656 int nid;
4657 unsigned char buf[1024];
4658 unsigned char *p;
4659 EVP_PKEY *pkey = NULL;
4660 EVP_PKEY_CTX *ctx = NULL;
4661 #ifndef OPENSSL_NO_DEPRECATED_3_0
4662 const unsigned char *q;
4663 EVP_PKEY *pkey2 = NULL;
4664 EC_KEY *ec = NULL;
4665 #endif
4666
4667 if (nullprov != NULL)
4668 return TEST_skip("Test does not support a non-default library context");
4669
4670 nid = ecpub_nids[idx];
4671
4672 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4673 if (!TEST_ptr(ctx)
4674 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4675 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4676 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4677 goto done;
4678 len = i2d_PublicKey(pkey, NULL);
4679 savelen = len;
4680 if (!TEST_int_ge(len, 1)
4681 || !TEST_int_lt(len, 1024))
4682 goto done;
4683 p = buf;
4684 len = i2d_PublicKey(pkey, &p);
4685 if (!TEST_int_ge(len, 1)
4686 || !TEST_int_eq(len, savelen))
4687 goto done;
4688
4689 #ifndef OPENSSL_NO_DEPRECATED_3_0
4690 /* Now try to decode the just-created DER. */
4691 q = buf;
4692 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4693 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4694 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4695 goto done;
4696 /* EC_KEY ownership transferred */
4697 ec = NULL;
4698 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4699 goto done;
4700 /* The keys should match. */
4701 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4702 goto done;
4703 #endif
4704
4705 ret = 1;
4706
4707 done:
4708 EVP_PKEY_CTX_free(ctx);
4709 EVP_PKEY_free(pkey);
4710 #ifndef OPENSSL_NO_DEPRECATED_3_0
4711 EVP_PKEY_free(pkey2);
4712 EC_KEY_free(ec);
4713 #endif
4714 return ret;
4715 }
4716 #endif
4717
test_EVP_rsa_pss_with_keygen_bits(void)4718 static int test_EVP_rsa_pss_with_keygen_bits(void)
4719 {
4720 int ret = 0;
4721 EVP_PKEY_CTX *ctx = NULL;
4722 EVP_PKEY *pkey = NULL;
4723 EVP_MD *md;
4724
4725 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4726 ret = TEST_ptr(md)
4727 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4728 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4729 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4730 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4731 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4732
4733 EVP_MD_free(md);
4734 EVP_PKEY_free(pkey);
4735 EVP_PKEY_CTX_free(ctx);
4736 return ret;
4737 }
4738
test_EVP_rsa_pss_set_saltlen(void)4739 static int test_EVP_rsa_pss_set_saltlen(void)
4740 {
4741 int ret = 0;
4742 EVP_PKEY *pkey = NULL;
4743 EVP_PKEY_CTX *pkey_ctx = NULL;
4744 EVP_MD *sha256 = NULL;
4745 EVP_MD_CTX *sha256_ctx = NULL;
4746 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4747 const int test_value = 32;
4748
4749 ret = TEST_ptr(pkey = load_example_rsa_key())
4750 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4751 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4752 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4753 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4754 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4755 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4756 && TEST_int_eq(saltlen, test_value);
4757
4758 EVP_MD_CTX_free(sha256_ctx);
4759 EVP_PKEY_free(pkey);
4760 EVP_MD_free(sha256);
4761
4762 return ret;
4763 }
4764
test_EVP_rsa_invalid_key(void)4765 static int test_EVP_rsa_invalid_key(void)
4766 {
4767 int ret = 0;
4768 EVP_PKEY *pkey = NULL;
4769
4770 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4771 /* we expect to fail to load bogus key */
4772 ret = !TEST_ptr(pkey);
4773 EVP_PKEY_free(pkey);
4774
4775 return ret;
4776 }
4777
4778 static int success = 1;
md_names(const char * name,void * vctx)4779 static void md_names(const char *name, void *vctx)
4780 {
4781 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4782 /* Force a namemap update */
4783 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4784
4785 if (!TEST_ptr(aes128))
4786 success = 0;
4787
4788 EVP_CIPHER_free(aes128);
4789 }
4790
4791 /*
4792 * Test that changing the namemap in a user callback works in a names_do_all
4793 * function.
4794 */
test_names_do_all(void)4795 static int test_names_do_all(void)
4796 {
4797 /* We use a custom libctx so that we know the state of the namemap */
4798 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4799 EVP_MD *sha256 = NULL;
4800 int testresult = 0;
4801
4802 if (!TEST_ptr(ctx))
4803 goto err;
4804
4805 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4806 if (!TEST_ptr(sha256))
4807 goto err;
4808
4809 /*
4810 * We loop through all the names for a given digest. This should still work
4811 * even if the namemap changes part way through.
4812 */
4813 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4814 goto err;
4815
4816 if (!TEST_true(success))
4817 goto err;
4818
4819 testresult = 1;
4820 err:
4821 EVP_MD_free(sha256);
4822 OSSL_LIB_CTX_free(ctx);
4823 return testresult;
4824 }
4825
4826 typedef struct {
4827 const char *cipher;
4828 const unsigned char *key;
4829 const unsigned char *iv;
4830 const unsigned char *input;
4831 const unsigned char *expected;
4832 const unsigned char *tag;
4833 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4834 size_t inlen;
4835 size_t expectedlen;
4836 size_t taglen;
4837 int keyfirst;
4838 int initenc;
4839 int finalenc;
4840 } EVP_INIT_TEST_st;
4841
4842 static const EVP_INIT_TEST_st evp_init_tests[] = {
4843 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4844 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4845 0, 1, 0, 1 },
4846 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4847 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4848 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4849 sizeof(gcmDefaultTag), 1, 0, 1 },
4850 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4851 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4852 0, 0, 0, 1 },
4853 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4854 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4855 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4856 sizeof(gcmDefaultTag), 0, 0, 1 },
4857 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4858 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4859 0, 1, 1, 0 },
4860 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4861 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4862 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4863 sizeof(gcmDefaultTag), 1, 1, 0 },
4864 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4865 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4866 0, 0, 1, 0 },
4867 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4868 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4869 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4870 sizeof(gcmDefaultTag), 0, 1, 0 }
4871 };
4872
4873 /* use same key, iv and plaintext for cfb and ofb */
4874 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4875 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4876 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4877 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 },
4878 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4879 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4880 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 },
4881 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4882 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4883 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 },
4884 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4885 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4886 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 },
4887 };
4888
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4889 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4890 {
4891 int res = 0;
4892
4893 if (t->ivlen != 0) {
4894 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4895 goto err;
4896 }
4897 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4898 goto err;
4899 res = 1;
4900 err:
4901 return res;
4902 }
4903
4904 /*
4905 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4906 * arguments are given one at a time and a final adjustment to the enc
4907 * parameter sets the correct operation.
4908 */
test_evp_init_seq(int idx)4909 static int test_evp_init_seq(int idx)
4910 {
4911 int outlen1, outlen2;
4912 int testresult = 0;
4913 unsigned char outbuf[1024];
4914 unsigned char tag[16];
4915 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4916 EVP_CIPHER_CTX *ctx = NULL;
4917 EVP_CIPHER *type = NULL;
4918 size_t taglen = sizeof(tag);
4919 char *errmsg = NULL;
4920
4921 ctx = EVP_CIPHER_CTX_new();
4922 if (ctx == NULL) {
4923 errmsg = "CTX_ALLOC";
4924 goto err;
4925 }
4926 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4927 errmsg = "CIPHER_FETCH";
4928 goto err;
4929 }
4930 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4931 errmsg = "EMPTY_ENC_INIT";
4932 goto err;
4933 }
4934 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4935 errmsg = "PADDING";
4936 goto err;
4937 }
4938 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4939 errmsg = "KEY_INIT (before iv)";
4940 goto err;
4941 }
4942 if (!evp_init_seq_set_iv(ctx, t)) {
4943 errmsg = "IV_INIT";
4944 goto err;
4945 }
4946 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4947 errmsg = "KEY_INIT (after iv)";
4948 goto err;
4949 }
4950 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4951 errmsg = "FINAL_ENC_INIT";
4952 goto err;
4953 }
4954 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4955 errmsg = "CIPHER_UPDATE";
4956 goto err;
4957 }
4958 if (t->finalenc == 0 && t->tag != NULL) {
4959 /* Set expected tag */
4960 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4961 t->taglen, (void *)t->tag),
4962 0)) {
4963 errmsg = "SET_TAG";
4964 goto err;
4965 }
4966 }
4967 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4968 errmsg = "CIPHER_FINAL";
4969 goto err;
4970 }
4971 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4972 errmsg = "WRONG_RESULT";
4973 goto err;
4974 }
4975 if (t->finalenc != 0 && t->tag != NULL) {
4976 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4977 errmsg = "GET_TAG";
4978 goto err;
4979 }
4980 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4981 errmsg = "TAG_ERROR";
4982 goto err;
4983 }
4984 }
4985 testresult = 1;
4986 err:
4987 if (errmsg != NULL)
4988 TEST_info("evp_init_test %d: %s", idx, errmsg);
4989 EVP_CIPHER_CTX_free(ctx);
4990 EVP_CIPHER_free(type);
4991 return testresult;
4992 }
4993
4994 /*
4995 * Test re-initialization of cipher context without changing key or iv.
4996 * The result of both iteration should be the same.
4997 */
test_evp_reinit_seq(int idx)4998 static int test_evp_reinit_seq(int idx)
4999 {
5000 int outlen1, outlen2, outlen_final;
5001 int testresult = 0;
5002 unsigned char outbuf1[1024];
5003 unsigned char outbuf2[1024];
5004 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
5005 EVP_CIPHER_CTX *ctx = NULL;
5006 EVP_CIPHER *type = NULL;
5007
5008 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5009 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
5010 /* setup cipher context */
5011 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
5012 /* first iteration */
5013 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
5014 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
5015 /* check test results iteration 1 */
5016 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
5017 /* now re-init the context (same cipher, key and iv) */
5018 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
5019 /* second iteration */
5020 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
5021 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
5022 /* check test results iteration 2 */
5023 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
5024 goto err;
5025 testresult = 1;
5026 err:
5027 EVP_CIPHER_CTX_free(ctx);
5028 EVP_CIPHER_free(type);
5029 return testresult;
5030 }
5031
5032 typedef struct {
5033 const unsigned char *input;
5034 const unsigned char *expected;
5035 size_t inlen;
5036 size_t expectedlen;
5037 int enc;
5038 } EVP_RESET_TEST_st;
5039
5040 static const EVP_RESET_TEST_st evp_reset_tests[] = {
5041 { cfbPlaintext, cfbCiphertext,
5042 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 },
5043 { cfbCiphertext, cfbPlaintext,
5044 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 }
5045 };
5046
5047 /*
5048 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
5049 * been used.
5050 */
test_evp_reset(int idx)5051 static int test_evp_reset(int idx)
5052 {
5053 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
5054 int outlen1, outlen2;
5055 int testresult = 0;
5056 unsigned char outbuf[1024];
5057 EVP_CIPHER_CTX *ctx = NULL;
5058 EVP_CIPHER *type = NULL;
5059 char *errmsg = NULL;
5060
5061 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5062 errmsg = "CTX_ALLOC";
5063 goto err;
5064 }
5065 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
5066 errmsg = "CIPHER_FETCH";
5067 goto err;
5068 }
5069 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5070 errmsg = "CIPHER_INIT";
5071 goto err;
5072 }
5073 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5074 errmsg = "PADDING";
5075 goto err;
5076 }
5077 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5078 errmsg = "CIPHER_UPDATE";
5079 goto err;
5080 }
5081 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5082 errmsg = "CIPHER_FINAL";
5083 goto err;
5084 }
5085 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5086 errmsg = "WRONG_RESULT";
5087 goto err;
5088 }
5089 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
5090 errmsg = "CIPHER_REINIT";
5091 goto err;
5092 }
5093 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5094 errmsg = "CIPHER_UPDATE (reinit)";
5095 goto err;
5096 }
5097 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5098 errmsg = "CIPHER_FINAL (reinit)";
5099 goto err;
5100 }
5101 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5102 errmsg = "WRONG_RESULT (reinit)";
5103 goto err;
5104 }
5105 testresult = 1;
5106 err:
5107 if (errmsg != NULL)
5108 TEST_info("test_evp_reset %d: %s", idx, errmsg);
5109 EVP_CIPHER_CTX_free(ctx);
5110 EVP_CIPHER_free(type);
5111 return testresult;
5112 }
5113
5114 typedef struct {
5115 const char *cipher;
5116 int enc;
5117 } EVP_UPDATED_IV_TEST_st;
5118
5119 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
5120 { "aes-128-cfb", 1 },
5121 { "aes-128-cfb", 0 },
5122 { "aes-128-cfb1", 1 },
5123 { "aes-128-cfb1", 0 },
5124 { "aes-128-cfb8", 1 },
5125 { "aes-128-cfb8", 0 },
5126 { "aes-128-ofb", 1 },
5127 { "aes-128-ofb", 0 },
5128 { "aes-128-ctr", 1 },
5129 { "aes-128-ctr", 0 },
5130 { "aes-128-cbc", 1 },
5131 { "aes-128-cbc", 0 }
5132 };
5133
5134 /*
5135 * Test that the IV in the context is updated during a crypto operation for CFB
5136 * and OFB.
5137 */
test_evp_updated_iv(int idx)5138 static int test_evp_updated_iv(int idx)
5139 {
5140 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
5141 int outlen1, outlen2;
5142 int testresult = 0;
5143 unsigned char outbuf[1024];
5144 EVP_CIPHER_CTX *ctx = NULL;
5145 EVP_CIPHER *type = NULL;
5146 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
5147 int iv_len;
5148 char *errmsg = NULL;
5149
5150 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5151 errmsg = "CTX_ALLOC";
5152 goto err;
5153 }
5154 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
5155 TEST_info("cipher %s not supported, skipping", t->cipher);
5156 goto ok;
5157 }
5158
5159 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5160 errmsg = "CIPHER_INIT";
5161 goto err;
5162 }
5163 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5164 errmsg = "PADDING";
5165 goto err;
5166 }
5167 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
5168 errmsg = "CIPHER_UPDATE";
5169 goto err;
5170 }
5171 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
5172 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
5173 goto err;
5174 }
5175 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
5176 if (!TEST_int_ge(iv_len, 0)) {
5177 errmsg = "CIPHER_CTX_GET_IV_LEN";
5178 goto err;
5179 }
5180 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
5181 errmsg = "IV_NOT_UPDATED";
5182 goto err;
5183 }
5184 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5185 errmsg = "CIPHER_FINAL";
5186 goto err;
5187 }
5188 ok:
5189 testresult = 1;
5190 err:
5191 if (errmsg != NULL)
5192 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
5193 EVP_CIPHER_CTX_free(ctx);
5194 EVP_CIPHER_free(type);
5195 return testresult;
5196 }
5197
5198 typedef struct {
5199 const unsigned char *iv1;
5200 const unsigned char *iv2;
5201 const unsigned char *expected1;
5202 const unsigned char *expected2;
5203 const unsigned char *tag1;
5204 const unsigned char *tag2;
5205 size_t ivlen1;
5206 size_t ivlen2;
5207 size_t expectedlen1;
5208 size_t expectedlen2;
5209 } TEST_GCM_IV_REINIT_st;
5210
5211 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
5212 { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
5213 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
5214 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) },
5215 { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
5216 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
5217 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) }
5218 };
5219
test_gcm_reinit(int idx)5220 static int test_gcm_reinit(int idx)
5221 {
5222 int outlen1, outlen2, outlen3;
5223 int testresult = 0;
5224 unsigned char outbuf[1024];
5225 unsigned char tag[16];
5226 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
5227 EVP_CIPHER_CTX *ctx = NULL;
5228 EVP_CIPHER *type = NULL;
5229 size_t taglen = sizeof(tag);
5230 char *errmsg = NULL;
5231
5232 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5233 errmsg = "CTX_ALLOC";
5234 goto err;
5235 }
5236 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
5237 errmsg = "CIPHER_FETCH";
5238 goto err;
5239 }
5240 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
5241 errmsg = "ENC_INIT";
5242 goto err;
5243 }
5244 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
5245 errmsg = "SET_IVLEN1";
5246 goto err;
5247 }
5248 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
5249 errmsg = "SET_IV1";
5250 goto err;
5251 }
5252 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5253 errmsg = "AAD1";
5254 goto err;
5255 }
5256 EVP_CIPHER_CTX_set_padding(ctx, 0);
5257 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5258 sizeof(gcmResetPlaintext)))) {
5259 errmsg = "CIPHER_UPDATE1";
5260 goto err;
5261 }
5262 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5263 errmsg = "CIPHER_FINAL1";
5264 goto err;
5265 }
5266 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
5267 errmsg = "WRONG_RESULT1";
5268 goto err;
5269 }
5270 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5271 errmsg = "GET_TAG1";
5272 goto err;
5273 }
5274 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
5275 errmsg = "TAG_ERROR1";
5276 goto err;
5277 }
5278 /* Now reinit */
5279 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
5280 errmsg = "SET_IVLEN2";
5281 goto err;
5282 }
5283 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
5284 errmsg = "SET_IV2";
5285 goto err;
5286 }
5287 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5288 errmsg = "AAD2";
5289 goto err;
5290 }
5291 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5292 sizeof(gcmResetPlaintext)))) {
5293 errmsg = "CIPHER_UPDATE2";
5294 goto err;
5295 }
5296 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5297 errmsg = "CIPHER_FINAL2";
5298 goto err;
5299 }
5300 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
5301 errmsg = "WRONG_RESULT2";
5302 goto err;
5303 }
5304 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5305 errmsg = "GET_TAG2";
5306 goto err;
5307 }
5308 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
5309 errmsg = "TAG_ERROR2";
5310 goto err;
5311 }
5312 testresult = 1;
5313 err:
5314 if (errmsg != NULL)
5315 TEST_info("evp_init_test %d: %s", idx, errmsg);
5316 EVP_CIPHER_CTX_free(ctx);
5317 EVP_CIPHER_free(type);
5318 return testresult;
5319 }
5320
5321 static const char *ivlen_change_ciphers[] = {
5322 "AES-256-GCM",
5323 #ifndef OPENSSL_NO_OCB
5324 "AES-256-OCB",
5325 #endif
5326 "AES-256-CCM"
5327 };
5328
5329 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)5330 static int test_ivlen_change(int idx)
5331 {
5332 int outlen;
5333 int res = 0;
5334 unsigned char outbuf[1024];
5335 static const unsigned char iv[] = {
5336 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5337 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5338 };
5339 EVP_CIPHER_CTX *ctx = NULL;
5340 EVP_CIPHER *ciph = NULL;
5341 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5342 size_t ivlen = 13; /* non-default IV length */
5343
5344 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5345 goto err;
5346
5347 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
5348 testpropq)))
5349 goto err;
5350
5351 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
5352 goto err;
5353
5354 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5355 sizeof(gcmDefaultPlaintext))))
5356 goto err;
5357
5358 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5359 &ivlen);
5360 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5361 goto err;
5362
5363 ERR_set_mark();
5364 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5365 sizeof(gcmDefaultPlaintext)))) {
5366 ERR_clear_last_mark();
5367 goto err;
5368 }
5369 ERR_pop_to_mark();
5370
5371 res = 1;
5372 err:
5373 EVP_CIPHER_CTX_free(ctx);
5374 EVP_CIPHER_free(ciph);
5375 return res;
5376 }
5377
5378 static const char *keylen_change_ciphers[] = {
5379 #ifndef OPENSSL_NO_BF
5380 "BF-ECB",
5381 #endif
5382 #ifndef OPENSSL_NO_CAST
5383 "CAST5-ECB",
5384 #endif
5385 #ifndef OPENSSL_NO_RC2
5386 "RC2-ECB",
5387 #endif
5388 #ifndef OPENSSL_NO_RC4
5389 "RC4",
5390 #endif
5391 #ifndef OPENSSL_NO_RC5
5392 "RC5-ECB",
5393 #endif
5394 NULL
5395 };
5396
5397 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)5398 static int test_keylen_change(int idx)
5399 {
5400 int outlen;
5401 int res = 0;
5402 unsigned char outbuf[1024];
5403 static const unsigned char key[] = {
5404 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5405 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5406 };
5407 EVP_CIPHER_CTX *ctx = NULL;
5408 EVP_CIPHER *ciph = NULL;
5409 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5410 size_t keylen = 12; /* non-default key length */
5411
5412 if (lgcyprov == NULL)
5413 return TEST_skip("Test requires legacy provider to be loaded");
5414
5415 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5416 goto err;
5417
5418 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
5419 testpropq)))
5420 goto err;
5421
5422 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
5423 goto err;
5424
5425 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5426 sizeof(gcmDefaultPlaintext))))
5427 goto err;
5428
5429 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5430 &keylen);
5431 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5432 goto err;
5433
5434 ERR_set_mark();
5435 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5436 sizeof(gcmDefaultPlaintext)))) {
5437 ERR_clear_last_mark();
5438 goto err;
5439 }
5440 ERR_pop_to_mark();
5441
5442 res = 1;
5443 err:
5444 EVP_CIPHER_CTX_free(ctx);
5445 EVP_CIPHER_free(ciph);
5446 return res;
5447 }
5448
5449 #ifndef OPENSSL_NO_DEPRECATED_3_0
5450 static EVP_PKEY_METHOD *custom_pmeth = NULL;
5451 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
5452
5453 #define EVP_PKEY_CTRL_MY_COMMAND 9999
5454
custom_pmeth_init(EVP_PKEY_CTX * ctx)5455 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
5456 {
5457 int (*pinit)(EVP_PKEY_CTX *ctx);
5458
5459 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
5460 return pinit(ctx);
5461 }
5462
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)5463 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
5464 {
5465 void (*pcleanup)(EVP_PKEY_CTX *ctx);
5466
5467 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
5468 pcleanup(ctx);
5469 }
5470
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)5471 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
5472 size_t *outlen, const unsigned char *in,
5473 size_t inlen)
5474 {
5475 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
5476 const unsigned char *tbs, size_t tbslen);
5477
5478 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
5479 return psign(ctx, out, outlen, in, inlen);
5480 }
5481
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)5482 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
5483 size_t *siglen, const unsigned char *tbs,
5484 size_t tbslen)
5485 {
5486 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
5487 const unsigned char *tbs, size_t tbslen);
5488
5489 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
5490 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
5491 }
5492
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)5493 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
5494 size_t *keylen)
5495 {
5496 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
5497
5498 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
5499 return pderive(ctx, key, keylen);
5500 }
5501
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)5502 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
5503 {
5504 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
5505
5506 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
5507 return pcopy(dst, src);
5508 }
5509
5510 static int ctrl_called;
5511
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)5512 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
5513 {
5514 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
5515
5516 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
5517
5518 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
5519 ctrl_called = 1;
5520 return 1;
5521 }
5522
5523 return pctrl(ctx, type, p1, p2);
5524 }
5525
test_custom_pmeth(int idx)5526 static int test_custom_pmeth(int idx)
5527 {
5528 EVP_PKEY_CTX *pctx = NULL;
5529 EVP_MD_CTX *ctx = NULL;
5530 EVP_PKEY *pkey = NULL;
5531 int id, orig_id, orig_flags;
5532 int testresult = 0;
5533 size_t reslen;
5534 unsigned char *res = NULL;
5535 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
5536 const EVP_MD *md = EVP_sha256();
5537 int doderive = 0;
5538
5539 ctrl_called = 0;
5540
5541 /* We call deprecated APIs so this test doesn't support a custom libctx */
5542 if (testctx != NULL)
5543 return 1;
5544
5545 switch (idx) {
5546 case 0:
5547 case 6:
5548 id = EVP_PKEY_RSA;
5549 pkey = load_example_rsa_key();
5550 break;
5551 case 1:
5552 case 7:
5553 #ifndef OPENSSL_NO_DSA
5554 id = EVP_PKEY_DSA;
5555 pkey = load_example_dsa_key();
5556 break;
5557 #else
5558 return 1;
5559 #endif
5560 case 2:
5561 case 8:
5562 #ifndef OPENSSL_NO_EC
5563 id = EVP_PKEY_EC;
5564 pkey = load_example_ec_key();
5565 break;
5566 #else
5567 return 1;
5568 #endif
5569 case 3:
5570 case 9:
5571 #ifndef OPENSSL_NO_ECX
5572 id = EVP_PKEY_ED25519;
5573 md = NULL;
5574 pkey = load_example_ed25519_key();
5575 break;
5576 #else
5577 return 1;
5578 #endif
5579 case 4:
5580 case 10:
5581 #ifndef OPENSSL_NO_DH
5582 id = EVP_PKEY_DH;
5583 doderive = 1;
5584 pkey = load_example_dh_key();
5585 break;
5586 #else
5587 return 1;
5588 #endif
5589 case 5:
5590 case 11:
5591 #ifndef OPENSSL_NO_ECX
5592 id = EVP_PKEY_X25519;
5593 doderive = 1;
5594 pkey = load_example_x25519_key();
5595 break;
5596 #else
5597 return 1;
5598 #endif
5599 default:
5600 TEST_error("Should not happen");
5601 goto err;
5602 }
5603
5604 if (!TEST_ptr(pkey))
5605 goto err;
5606
5607 if (idx < 6) {
5608 if (!TEST_true(evp_pkey_is_provided(pkey)))
5609 goto err;
5610 } else {
5611 EVP_PKEY *tmp = pkey;
5612
5613 /* Convert to a legacy key */
5614 pkey = EVP_PKEY_new();
5615 if (!TEST_ptr(pkey)) {
5616 pkey = tmp;
5617 goto err;
5618 }
5619 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5620 EVP_PKEY_free(tmp);
5621 goto err;
5622 }
5623 EVP_PKEY_free(tmp);
5624 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5625 goto err;
5626 }
5627
5628 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5629 || !TEST_ptr(pkey))
5630 goto err;
5631
5632 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5633 if (!TEST_int_eq(orig_id, id)
5634 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5635 goto err;
5636
5637 if (id == EVP_PKEY_ED25519) {
5638 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5639 }
5640 if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5641 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5642 } else {
5643 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5644 }
5645 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5646 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5647 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5648 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5649 }
5650 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5651 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5652 goto err;
5653
5654 if (doderive) {
5655 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5656 if (!TEST_ptr(pctx)
5657 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5658 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5659 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5660 1)
5661 || !TEST_int_eq(ctrl_called, 1)
5662 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5663 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5664 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5665 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5666 goto err;
5667 } else {
5668 ctx = EVP_MD_CTX_new();
5669 reslen = EVP_PKEY_size(pkey);
5670 res = OPENSSL_malloc(reslen);
5671 if (!TEST_ptr(ctx)
5672 || !TEST_ptr(res)
5673 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5674 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5675 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5676 1)
5677 || !TEST_int_eq(ctrl_called, 1))
5678 goto err;
5679
5680 if (id == EVP_PKEY_ED25519) {
5681 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5682 goto err;
5683 } else {
5684 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5685 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5686 goto err;
5687 }
5688 }
5689
5690 testresult = 1;
5691 err:
5692 OPENSSL_free(res);
5693 EVP_MD_CTX_free(ctx);
5694 if (doderive)
5695 EVP_PKEY_CTX_free(pctx);
5696 EVP_PKEY_free(pkey);
5697 EVP_PKEY_meth_remove(custom_pmeth);
5698 EVP_PKEY_meth_free(custom_pmeth);
5699 custom_pmeth = NULL;
5700 return testresult;
5701 }
5702
test_evp_md_cipher_meth(void)5703 static int test_evp_md_cipher_meth(void)
5704 {
5705 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5706 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5707 int testresult = 0;
5708
5709 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5710 goto err;
5711
5712 testresult = 1;
5713
5714 err:
5715 EVP_MD_meth_free(md);
5716 EVP_CIPHER_meth_free(ciph);
5717
5718 return testresult;
5719 }
5720
5721 typedef struct {
5722 int data;
5723 } custom_dgst_ctx;
5724
5725 static int custom_md_init_called = 0;
5726 static int custom_md_cleanup_called = 0;
5727
custom_md_init(EVP_MD_CTX * ctx)5728 static int custom_md_init(EVP_MD_CTX *ctx)
5729 {
5730 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5731
5732 if (p == NULL)
5733 return 0;
5734
5735 custom_md_init_called++;
5736 return 1;
5737 }
5738
custom_md_cleanup(EVP_MD_CTX * ctx)5739 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5740 {
5741 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5742
5743 if (p == NULL)
5744 /* Nothing to do */
5745 return 1;
5746
5747 custom_md_cleanup_called++;
5748 return 1;
5749 }
5750
test_custom_md_meth(void)5751 static int test_custom_md_meth(void)
5752 {
5753 ASN1_OBJECT *o = NULL;
5754 EVP_MD_CTX *mdctx = NULL;
5755 EVP_MD *tmp = NULL;
5756 char mess[] = "Test Message\n";
5757 unsigned char md_value[EVP_MAX_MD_SIZE];
5758 unsigned int md_len;
5759 int testresult = 0;
5760 int nid;
5761
5762 /*
5763 * We are testing deprecated functions. We don't support a non-default
5764 * library context in this test.
5765 */
5766 if (testctx != NULL)
5767 return TEST_skip("Non-default libctx");
5768
5769 custom_md_init_called = custom_md_cleanup_called = 0;
5770
5771 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5772 if (!TEST_int_ne(nid, NID_undef))
5773 goto err;
5774 tmp = EVP_MD_meth_new(nid, NID_undef);
5775 if (!TEST_ptr(tmp))
5776 goto err;
5777
5778 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5779 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5780 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5781 sizeof(custom_dgst_ctx))))
5782 goto err;
5783
5784 mdctx = EVP_MD_CTX_new();
5785 if (!TEST_ptr(mdctx)
5786 /*
5787 * Initing our custom md and then initing another md should
5788 * result in the init and cleanup functions of the custom md
5789 * being called.
5790 */
5791 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5792 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5793 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5794 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5795 || !TEST_int_eq(custom_md_init_called, 1)
5796 || !TEST_int_eq(custom_md_cleanup_called, 1))
5797 goto err;
5798
5799 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5800 "custom-md", "custom-md"),
5801 NID_undef)
5802 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5803 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5804 goto err;
5805
5806 o = ASN1_OBJECT_create(nid, (unsigned char *)"\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5807 "custom-md", "custom-md");
5808 if (!TEST_int_eq(OBJ_add_object(o), nid))
5809 goto err;
5810
5811 testresult = 1;
5812 err:
5813 ASN1_OBJECT_free(o);
5814 EVP_MD_CTX_free(mdctx);
5815 EVP_MD_meth_free(tmp);
5816 return testresult;
5817 }
5818
5819 typedef struct {
5820 int data;
5821 } custom_ciph_ctx;
5822
5823 static int custom_ciph_init_called = 0;
5824 static int custom_ciph_cleanup_called = 0;
5825
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5826 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5827 const unsigned char *iv, int enc)
5828 {
5829 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5830
5831 if (p == NULL)
5832 return 0;
5833
5834 custom_ciph_init_called++;
5835 return 1;
5836 }
5837
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5838 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5839 {
5840 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5841
5842 if (p == NULL)
5843 /* Nothing to do */
5844 return 1;
5845
5846 custom_ciph_cleanup_called++;
5847 return 1;
5848 }
5849
test_custom_ciph_meth(void)5850 static int test_custom_ciph_meth(void)
5851 {
5852 EVP_CIPHER_CTX *ciphctx = NULL;
5853 EVP_CIPHER *tmp = NULL;
5854 int testresult = 0;
5855 int nid;
5856
5857 /*
5858 * We are testing deprecated functions. We don't support a non-default
5859 * library context in this test.
5860 */
5861 if (testctx != NULL)
5862 return TEST_skip("Non-default libctx");
5863
5864 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5865
5866 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5867 if (!TEST_int_ne(nid, NID_undef))
5868 goto err;
5869 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5870 if (!TEST_ptr(tmp))
5871 goto err;
5872
5873 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5874 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5875 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5876 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5877 sizeof(custom_ciph_ctx))))
5878 goto err;
5879
5880 ciphctx = EVP_CIPHER_CTX_new();
5881 if (!TEST_ptr(ciphctx)
5882 /*
5883 * Initing our custom cipher and then initing another cipher
5884 * should result in the init and cleanup functions of the custom
5885 * cipher being called.
5886 */
5887 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5888 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5889 NULL, NULL, 1))
5890 || !TEST_int_eq(custom_ciph_init_called, 1)
5891 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5892 goto err;
5893
5894 testresult = 1;
5895 err:
5896 EVP_CIPHER_CTX_free(ciphctx);
5897 EVP_CIPHER_meth_free(tmp);
5898 return testresult;
5899 }
5900
5901 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
5902 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5903 static int test_signatures_with_engine(int tst)
5904 {
5905 ENGINE *e;
5906 const char *engine_id = "dasync";
5907 EVP_PKEY *pkey = NULL;
5908 const unsigned char badcmackey[] = { 0x00, 0x01 };
5909 const unsigned char cmackey[] = {
5910 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5911 0x0c, 0x0d, 0x0e, 0x0f
5912 };
5913 const unsigned char ed25519key[] = {
5914 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5915 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5916 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5917 };
5918 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5919 int testresult = 0;
5920 EVP_MD_CTX *ctx = NULL;
5921 unsigned char *mac = NULL;
5922 size_t maclen = 0;
5923 int ret;
5924
5925 #ifdef OPENSSL_NO_CMAC
5926 /* Skip CMAC tests in a no-cmac build */
5927 if (tst <= 1)
5928 return 1;
5929 #endif
5930 #ifdef OPENSSL_NO_ECX
5931 /* Skip ECX tests in a no-ecx build */
5932 if (tst == 2)
5933 return 1;
5934 #endif
5935
5936 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5937 return 0;
5938
5939 if (!TEST_true(ENGINE_init(e))) {
5940 ENGINE_free(e);
5941 return 0;
5942 }
5943
5944 switch (tst) {
5945 case 0:
5946 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5947 EVP_aes_128_cbc());
5948 break;
5949 case 1:
5950 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5951 EVP_aes_128_cbc());
5952 break;
5953 case 2:
5954 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5955 sizeof(ed25519key));
5956 break;
5957 default:
5958 TEST_error("Invalid test case");
5959 goto err;
5960 }
5961 if (!TEST_ptr(pkey))
5962 goto err;
5963
5964 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5965 goto err;
5966
5967 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5968 pkey);
5969 if (tst == 0) {
5970 if (!TEST_true(ret))
5971 goto err;
5972
5973 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5974 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5975 goto err;
5976
5977 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5978 goto err;
5979
5980 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5981 goto err;
5982 } else {
5983 /* We used a bad key. We expect a failure here */
5984 if (!TEST_false(ret))
5985 goto err;
5986 }
5987
5988 testresult = 1;
5989 err:
5990 EVP_MD_CTX_free(ctx);
5991 OPENSSL_free(mac);
5992 EVP_PKEY_free(pkey);
5993 ENGINE_finish(e);
5994 ENGINE_free(e);
5995
5996 return testresult;
5997 }
5998
test_cipher_with_engine(void)5999 static int test_cipher_with_engine(void)
6000 {
6001 ENGINE *e;
6002 const char *engine_id = "dasync";
6003 const unsigned char keyiv[] = {
6004 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
6005 0x0c, 0x0d, 0x0e, 0x0f
6006 };
6007 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6008 int testresult = 0;
6009 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
6010 unsigned char buf[AES_BLOCK_SIZE];
6011 int len = 0;
6012
6013 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
6014 return 0;
6015
6016 if (!TEST_true(ENGINE_init(e))) {
6017 ENGINE_free(e);
6018 return 0;
6019 }
6020
6021 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6022 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
6023 goto err;
6024
6025 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
6026 goto err;
6027
6028 /* Copy the ctx, and complete the operation with the new ctx */
6029 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
6030 goto err;
6031
6032 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
6033 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
6034 goto err;
6035
6036 testresult = 1;
6037 err:
6038 EVP_CIPHER_CTX_free(ctx);
6039 EVP_CIPHER_CTX_free(ctx2);
6040 ENGINE_finish(e);
6041 ENGINE_free(e);
6042
6043 return testresult;
6044 }
6045 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
6046 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
6047
6048 #ifndef OPENSSL_NO_ECX
6049 static int ecxnids[] = {
6050 NID_X25519,
6051 NID_X448,
6052 NID_ED25519,
6053 NID_ED448
6054 };
6055
6056 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)6057 static int test_ecx_short_keys(int tst)
6058 {
6059 unsigned char ecxkeydata = 1;
6060 EVP_PKEY *pkey;
6061
6062 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
6063 NULL, &ecxkeydata, 1);
6064 if (!TEST_ptr_null(pkey)) {
6065 EVP_PKEY_free(pkey);
6066 return 0;
6067 }
6068
6069 return 1;
6070 }
6071 #endif
6072
6073 typedef enum OPTION_choice {
6074 OPT_ERR = -1,
6075 OPT_EOF = 0,
6076 OPT_CONTEXT,
6077 OPT_CONFIG_FILE,
6078 OPT_TEST_ENUM
6079 } OPTION_CHOICE;
6080
test_get_options(void)6081 const OPTIONS *test_get_options(void)
6082 {
6083 static const OPTIONS options[] = {
6084 OPT_TEST_OPTIONS_DEFAULT_USAGE,
6085 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
6086 { "config", OPT_CONFIG_FILE, '<',
6087 "The configuration file to use for the libctx" },
6088 { NULL }
6089 };
6090 return options;
6091 }
6092
6093 #ifndef OPENSSL_NO_ECX
6094 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)6095 static int test_ecx_not_private_key(int tst)
6096 {
6097 EVP_PKEY *pkey = NULL;
6098
6099 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6100 int testresult = 0;
6101 EVP_MD_CTX *ctx = NULL;
6102 unsigned char *mac = NULL;
6103 size_t maclen = 0;
6104 const uint8_t *pubkey;
6105 size_t pubkeylen;
6106
6107 switch (keys[tst].type) {
6108 case NID_X25519:
6109 case NID_X448:
6110 case NID_undef:
6111 return TEST_skip("signing not supported for X25519/X448/ML-KEM");
6112 }
6113
6114 /* Check if this algorithm supports public keys */
6115 if (keys[tst].pub == NULL)
6116 return TEST_skip("no public key present");
6117
6118 pubkey = keys[tst].pub;
6119 pubkeylen = keys[tst].publen;
6120
6121 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
6122 NULL, pubkey, pubkeylen);
6123 if (!TEST_ptr(pkey))
6124 goto err;
6125
6126 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6127 goto err;
6128
6129 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
6130 goto check_err;
6131
6132 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
6133 goto check_err;
6134
6135 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6136 goto err;
6137
6138 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
6139 goto err;
6140
6141 check_err:
6142 /*
6143 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
6144 * but we relax the check to allow error also thrown by
6145 * EVP_DigestSignInit and EVP_DigestSign.
6146 */
6147 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
6148 testresult = 1;
6149 ERR_clear_error();
6150 }
6151
6152 err:
6153 EVP_MD_CTX_free(ctx);
6154 OPENSSL_free(mac);
6155 EVP_PKEY_free(pkey);
6156
6157 return testresult;
6158 }
6159 #endif /* OPENSSL_NO_ECX */
6160
test_sign_continuation(void)6161 static int test_sign_continuation(void)
6162 {
6163 OSSL_PROVIDER *fake_rsa = NULL;
6164 int testresult = 0;
6165 EVP_PKEY *pkey = NULL;
6166 EVP_PKEY_CTX *pctx = NULL;
6167 EVP_MD_CTX *mctx = NULL;
6168 const char sigbuf[] = "To Be Signed";
6169 unsigned char signature[256];
6170 size_t siglen = 256;
6171 static int nodupnum = 1;
6172 static const OSSL_PARAM nodup_params[] = {
6173 OSSL_PARAM_int("NO_DUP", &nodupnum),
6174 OSSL_PARAM_END
6175 };
6176
6177 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
6178 return 0;
6179
6180 /* Construct a pkey using precise propq to use our provider */
6181 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
6182 "provider=fake-rsa"))
6183 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
6184 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
6185 || !TEST_ptr(pkey))
6186 goto end;
6187
6188 /* First test it continues (classic behavior) */
6189 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6190 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6191 NULL, pkey, NULL))
6192 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6193 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6194 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6195 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
6196 goto end;
6197
6198 EVP_MD_CTX_free(mctx);
6199
6200 /* try again but failing the continuation */
6201 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6202 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6203 NULL, pkey, nodup_params))
6204 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6205 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6206 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6207 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
6208 goto end;
6209
6210 testresult = 1;
6211
6212 end:
6213 EVP_MD_CTX_free(mctx);
6214 EVP_PKEY_free(pkey);
6215 EVP_PKEY_CTX_free(pctx);
6216 fake_rsa_finish(fake_rsa);
6217 return testresult;
6218 }
6219
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6220 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6221 const unsigned char *gcm_iv, size_t gcm_ivlen,
6222 const unsigned char *gcm_pt, size_t gcm_pt_s,
6223 const unsigned char *gcm_aad, size_t gcm_aad_s,
6224 const unsigned char *gcm_ct, size_t gcm_ct_s,
6225 const unsigned char *gcm_tag, size_t gcm_tag_s)
6226 {
6227 int ret = 0;
6228 EVP_CIPHER_CTX *ctx;
6229 EVP_CIPHER *cipher = NULL;
6230 int outlen, tmplen;
6231 unsigned char outbuf[1024];
6232 unsigned char outtag[16];
6233 OSSL_PARAM params[2] = {
6234 OSSL_PARAM_END, OSSL_PARAM_END
6235 };
6236
6237 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6238 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
6239 goto err;
6240
6241 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6242 &gcm_ivlen);
6243
6244 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6245 || (gcm_aad != NULL
6246 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6247 gcm_aad, gcm_aad_s)))
6248 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6249 gcm_pt, gcm_pt_s))
6250 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6251 goto err;
6252
6253 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6254 outtag, sizeof(outtag));
6255
6256 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
6257 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
6258 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
6259 goto err;
6260
6261 ret = 1;
6262 err:
6263 EVP_CIPHER_free(cipher);
6264 EVP_CIPHER_CTX_free(ctx);
6265
6266 return ret;
6267 }
6268
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6269 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6270 const unsigned char *gcm_iv, size_t gcm_ivlen,
6271 const unsigned char *gcm_pt, size_t gcm_pt_s,
6272 const unsigned char *gcm_aad, size_t gcm_aad_s,
6273 const unsigned char *gcm_ct, size_t gcm_ct_s,
6274 const unsigned char *gcm_tag, size_t gcm_tag_s)
6275 {
6276 int ret = 0;
6277 EVP_CIPHER_CTX *ctx;
6278 EVP_CIPHER *cipher = NULL;
6279 int outlen;
6280 unsigned char outbuf[1024];
6281 OSSL_PARAM params[2] = {
6282 OSSL_PARAM_END, OSSL_PARAM_END
6283 };
6284
6285 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6286 goto err;
6287
6288 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
6289 goto err;
6290
6291 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6292 &gcm_ivlen);
6293
6294 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6295 || (gcm_aad != NULL
6296 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
6297 gcm_aad, gcm_aad_s)))
6298 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6299 gcm_ct, gcm_ct_s))
6300 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
6301 goto err;
6302
6303 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6304 (void *)gcm_tag, gcm_tag_s);
6305
6306 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6307 || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
6308 goto err;
6309
6310 ret = 1;
6311 err:
6312 EVP_CIPHER_free(cipher);
6313 EVP_CIPHER_CTX_free(ctx);
6314
6315 return ret;
6316 }
6317
test_aes_gcm_ivlen_change_cve_2023_5363(void)6318 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
6319 {
6320 /* AES-GCM test data obtained from NIST public test vectors */
6321 static const unsigned char gcm_key[] = {
6322 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
6323 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
6324 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b
6325 };
6326 static const unsigned char gcm_iv[] = {
6327 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
6328 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
6329 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
6330 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
6331 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
6332 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
6333 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
6334 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
6335 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
6336 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
6337 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d
6338 };
6339 static const unsigned char gcm_pt[] = {
6340 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
6341 0x4f, 0xe3, 0x6f, 0x81
6342 };
6343 static const unsigned char gcm_ct[] = {
6344 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
6345 0xe2, 0xd0, 0xec, 0xed
6346 };
6347 static const unsigned char gcm_tag[] = {
6348 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
6349 0xdb, 0x99, 0x6c, 0x21
6350 };
6351
6352 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6353 gcm_pt, sizeof(gcm_pt), NULL, 0,
6354 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
6355 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6356 gcm_pt, sizeof(gcm_pt), NULL, 0,
6357 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
6358 }
6359
6360 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6361 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6362 const unsigned char *rc4_pt, size_t rc4_pt_s,
6363 const unsigned char *rc4_ct, size_t rc4_ct_s)
6364 {
6365 int ret = 0;
6366 EVP_CIPHER_CTX *ctx;
6367 EVP_CIPHER *cipher = NULL;
6368 int outlen, tmplen;
6369 unsigned char outbuf[1024];
6370 OSSL_PARAM params[2] = {
6371 OSSL_PARAM_END, OSSL_PARAM_END
6372 };
6373
6374 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6375 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
6376 goto err;
6377
6378 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6379 &rc4_key_s);
6380
6381 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6382 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6383 rc4_pt, rc4_pt_s))
6384 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6385 goto err;
6386
6387 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
6388 goto err;
6389
6390 ret = 1;
6391 err:
6392 EVP_CIPHER_free(cipher);
6393 EVP_CIPHER_CTX_free(ctx);
6394
6395 return ret;
6396 }
6397
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6398 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6399 const unsigned char *rc4_pt, size_t rc4_pt_s,
6400 const unsigned char *rc4_ct, size_t rc4_ct_s)
6401 {
6402 int ret = 0;
6403 EVP_CIPHER_CTX *ctx;
6404 EVP_CIPHER *cipher = NULL;
6405 int outlen;
6406 unsigned char outbuf[1024];
6407 OSSL_PARAM params[2] = {
6408 OSSL_PARAM_END, OSSL_PARAM_END
6409 };
6410
6411 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6412 goto err;
6413
6414 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
6415 goto err;
6416
6417 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6418 &rc4_key_s);
6419
6420 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6421 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6422 rc4_ct, rc4_ct_s))
6423 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
6424 goto err;
6425
6426 ret = 1;
6427 err:
6428 EVP_CIPHER_free(cipher);
6429 EVP_CIPHER_CTX_free(ctx);
6430
6431 return ret;
6432 }
6433
test_aes_rc4_keylen_change_cve_2023_5363(void)6434 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
6435 {
6436 /* RC4 test data obtained from RFC 6229 */
6437 static const struct {
6438 unsigned char key[5];
6439 unsigned char padding[11];
6440 } rc4_key = {
6441 { /* Five bytes of key material */
6442 0x83, 0x32, 0x22, 0x77, 0x2a },
6443 { /* Random padding to 16 bytes */
6444 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 }
6445 };
6446 static const unsigned char rc4_pt[] = {
6447 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6448 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6449 };
6450 static const unsigned char rc4_ct[] = {
6451 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
6452 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
6453 };
6454
6455 if (lgcyprov == NULL)
6456 return TEST_skip("Test requires legacy provider to be loaded");
6457
6458 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
6459 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
6460 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
6461 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
6462 }
6463 #endif
6464
test_invalid_ctx_for_digest(void)6465 static int test_invalid_ctx_for_digest(void)
6466 {
6467 int ret;
6468 EVP_MD_CTX *mdctx;
6469
6470 mdctx = EVP_MD_CTX_new();
6471 if (!TEST_ptr(mdctx))
6472 return 0;
6473
6474 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
6475 ret = 0;
6476 else
6477 ret = 1;
6478
6479 EVP_MD_CTX_free(mdctx);
6480
6481 return ret;
6482 }
6483
test_evp_cipher_pipeline(void)6484 static int test_evp_cipher_pipeline(void)
6485 {
6486 OSSL_PROVIDER *fake_pipeline = NULL;
6487 int testresult = 0;
6488 EVP_CIPHER *cipher = NULL;
6489 EVP_CIPHER *pipeline_cipher = NULL;
6490 EVP_CIPHER_CTX *ctx = NULL;
6491 unsigned char key[32];
6492 size_t keylen = 32;
6493 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
6494 size_t taglen = EVP_GCM_TLS_TAG_LEN;
6495 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
6496 unsigned char *plaintext_array[EVP_MAX_PIPES];
6497 unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
6498 void **aead_tags = (void **)&tag_array;
6499 unsigned char *temp[EVP_MAX_PIPES];
6500 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
6501 size_t ciphertextlen_array[EVP_MAX_PIPES];
6502 size_t inlen_array[EVP_MAX_PIPES];
6503 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
6504 unsigned char *ciphertext, *exp_plaintext, *tag;
6505 size_t numpipes, plaintextlen, i;
6506
6507 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
6508 return 0;
6509 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6510 "provider=fake-pipeline"))
6511 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6512 "provider!=fake-pipeline"))
6513 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
6514 goto end;
6515 memset(key, 0x01, sizeof(key));
6516
6517 /* Negative tests */
6518 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
6519 goto end;
6520 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
6521 goto end;
6522 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6523 key, keylen,
6524 EVP_MAX_PIPES + 1, NULL, 0)))
6525 goto end;
6526
6527 /* Positive tests */
6528 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
6529 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
6530 size_t ciphertextlen = 0;
6531 int outlen = 0;
6532
6533 /* Cleanup to be able to error out */
6534 memset(iv_array, 0, sizeof(iv_array));
6535 memset(plaintext_array, 0, sizeof(plaintext_array));
6536 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
6537 memset(tag_array, 0, sizeof(tag_array));
6538 ciphertext = NULL;
6539 exp_plaintext = NULL;
6540 tag = NULL;
6541
6542 /* Allocate fresh buffers with exact size to catch buffer overwrites */
6543 for (i = 0; i < numpipes; i++) {
6544 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
6545 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
6546 || !TEST_ptr(ciphertext_array_p[i] = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6547 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
6548 goto err;
6549
6550 memset(iv_array[i], i + 33, ivlen);
6551 memset(plaintext_array[i], i + 1, plaintextlen);
6552 inlen_array[i] = plaintextlen;
6553 outlen_array[i] = 0;
6554 ciphertextlen_array[i] = 0;
6555 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
6556 }
6557 if (!TEST_ptr(ciphertext = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6558 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
6559 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
6560 goto err;
6561
6562 /* Encrypt using pipeline API */
6563 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6564 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
6565 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6566 key, keylen, numpipes,
6567 (const unsigned char **)iv_array,
6568 ivlen))
6569 /* reuse plaintext for AAD as it won't affect test */
6570 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6571 (const unsigned char **)plaintext_array,
6572 inlen_array))
6573 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6574 outlen_array, outsize_array,
6575 (const unsigned char **)plaintext_array,
6576 inlen_array)))
6577 goto err;
6578
6579 for (i = 0; i < numpipes; i++) {
6580 ciphertextlen_array[i] = outlen_array[i];
6581 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6582 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6583 }
6584
6585 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6586 goto err;
6587
6588 for (i = 0; i < numpipes; i++)
6589 ciphertextlen_array[i] += outlen_array[i];
6590
6591 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6592 (void **)&aead_tags, taglen);
6593 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6594 goto err;
6595
6596 /* Encrypt using non-pipeline API and compare */
6597 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6598 goto err;
6599
6600 for (i = 0; i < numpipes; i++) {
6601 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6602 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6603 plaintext_array[i],
6604 plaintextlen))
6605 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6606 plaintext_array[i],
6607 plaintextlen)))
6608 goto err;
6609 ciphertextlen = outlen;
6610
6611 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6612 goto err;
6613 ciphertextlen += outlen;
6614
6615 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6616 (void *)tag, taglen);
6617 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6618 goto err;
6619
6620 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6621 ciphertext, ciphertextlen)
6622 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6623 goto err;
6624 }
6625
6626 for (i = 0; i < numpipes; i++)
6627 outsize_array[i] = plaintextlen;
6628
6629 /* Decrypt using pipeline API and compare */
6630 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6631 (void **)&aead_tags, taglen);
6632 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6633 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6634 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6635 key, keylen, numpipes,
6636 (const unsigned char **)iv_array,
6637 ivlen))
6638 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6639 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6640 (const unsigned char **)plaintext_array,
6641 inlen_array))
6642 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6643 outlen_array, outsize_array,
6644 (const unsigned char **)ciphertext_array_p,
6645 ciphertextlen_array)))
6646 goto err;
6647
6648 for (i = 0; i < numpipes; i++) {
6649 temp[i] = plaintext_array[i] + outlen_array[i];
6650 outsize_array[i] = outsize_array[i] - outlen_array[i];
6651 }
6652
6653 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6654 goto err;
6655
6656 for (i = 0; i < numpipes; i++) {
6657 memset(exp_plaintext, i + 1, plaintextlen);
6658 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6659 exp_plaintext, plaintextlen))
6660 goto err;
6661 }
6662
6663 for (i = 0; i < numpipes; i++) {
6664 OPENSSL_free(iv_array[i]);
6665 OPENSSL_free(plaintext_array[i]);
6666 OPENSSL_free(ciphertext_array_p[i]);
6667 OPENSSL_free(tag_array[i]);
6668 }
6669 OPENSSL_free(exp_plaintext);
6670 OPENSSL_free(ciphertext);
6671 OPENSSL_free(tag);
6672 }
6673 }
6674
6675 testresult = 1;
6676 goto end;
6677
6678 err:
6679 for (i = 0; i < numpipes; i++) {
6680 OPENSSL_free(iv_array[i]);
6681 OPENSSL_free(plaintext_array[i]);
6682 OPENSSL_free(ciphertext_array_p[i]);
6683 OPENSSL_free(tag_array[i]);
6684 }
6685 OPENSSL_free(exp_plaintext);
6686 OPENSSL_free(ciphertext);
6687 OPENSSL_free(tag);
6688 end:
6689 EVP_CIPHER_CTX_free(ctx);
6690 EVP_CIPHER_free(cipher);
6691 EVP_CIPHER_free(pipeline_cipher);
6692 fake_pipeline_finish(fake_pipeline);
6693 return testresult;
6694 }
6695
setup_tests(void)6696 int setup_tests(void)
6697 {
6698 char *config_file = NULL;
6699 OPTION_CHOICE o;
6700
6701 while ((o = opt_next()) != OPT_EOF) {
6702 switch (o) {
6703 case OPT_CONTEXT:
6704 /* Set up an alternate library context */
6705 testctx = OSSL_LIB_CTX_new();
6706 if (!TEST_ptr(testctx))
6707 return 0;
6708 #ifdef STATIC_LEGACY
6709 /*
6710 * This test is always statically linked against libcrypto. We must not
6711 * attempt to load legacy.so that might be dynamically linked against
6712 * libcrypto. Instead we use a built-in version of the legacy provider.
6713 */
6714 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6715 return 0;
6716 #endif
6717 /* Swap the libctx to test non-default context only */
6718 nullprov = OSSL_PROVIDER_load(NULL, "null");
6719 deflprov = OSSL_PROVIDER_load(testctx, "default");
6720 #ifndef OPENSSL_SYS_TANDEM
6721 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6722 #endif
6723 break;
6724 case OPT_CONFIG_FILE:
6725 config_file = opt_arg();
6726 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6727 return 0;
6728 break;
6729 case OPT_TEST_CASES:
6730 break;
6731 default:
6732 return 0;
6733 }
6734 }
6735
6736 if (config_file != NULL) {
6737 ADD_TEST(test_EVP_set_config_properties);
6738 return 1;
6739 }
6740
6741 ADD_TEST(test_EVP_set_default_properties);
6742 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6743 ADD_TEST(test_EVP_DigestVerifyInit);
6744 #ifndef OPENSSL_NO_EC
6745 ADD_TEST(test_ecdsa_digestsign_keccak);
6746 #endif
6747 #ifndef OPENSSL_NO_SIPHASH
6748 ADD_TEST(test_siphash_digestsign);
6749 #endif
6750 ADD_TEST(test_EVP_Digest);
6751 ADD_TEST(test_EVP_md_null);
6752 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6753 #ifndef OPENSSL_NO_DEPRECATED_3_0
6754 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6755 #endif
6756 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6757 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6758 ADD_TEST(test_privatekey_to_pkcs8);
6759 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6760 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2));
6761 #ifndef OPENSSL_NO_EC
6762 ADD_TEST(test_EVP_PKCS82PKEY);
6763 #endif
6764 #ifndef OPENSSL_NO_EC
6765 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6766 #endif
6767 #if !defined(OPENSSL_NO_SM2)
6768 ADD_TEST(test_EVP_SM2);
6769 ADD_TEST(test_EVP_SM2_verify);
6770 #endif
6771 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6772 #ifndef OPENSSL_NO_DEPRECATED_3_0
6773 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6774 if (!TEST_ptr(custom_pmeth))
6775 return 0;
6776 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6777 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6778 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6779 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6780 return 0;
6781 #endif
6782 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6783 #ifndef OPENSSL_NO_CMAC
6784 ADD_TEST(test_CMAC_keygen);
6785 #endif
6786 ADD_TEST(test_HKDF);
6787 ADD_TEST(test_emptyikm_HKDF);
6788 ADD_TEST(test_empty_salt_info_HKDF);
6789 #ifndef OPENSSL_NO_EC
6790 ADD_TEST(test_X509_PUBKEY_inplace);
6791 ADD_TEST(test_X509_PUBKEY_dup);
6792 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6793 OSSL_NELEM(ec_der_pub_keys));
6794 #endif
6795 #ifndef OPENSSL_NO_DSA
6796 ADD_TEST(test_DSA_get_set_params);
6797 ADD_TEST(test_DSA_priv_pub);
6798 #endif
6799 ADD_TEST(test_RSA_get_set_params);
6800 ADD_TEST(test_RSA_OAEP_set_get_params);
6801 ADD_TEST(test_RSA_OAEP_set_null_label);
6802 ADD_TEST(test_RSA_encrypt);
6803 #ifndef OPENSSL_NO_DEPRECATED_3_0
6804 ADD_TEST(test_RSA_legacy);
6805 #endif
6806 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6807 ADD_TEST(test_decrypt_null_chunks);
6808 #endif
6809 #ifndef OPENSSL_NO_DH
6810 ADD_TEST(test_DH_priv_pub);
6811 #ifndef OPENSSL_NO_DEPRECATED_3_0
6812 ADD_TEST(test_EVP_PKEY_set1_DH);
6813 #endif
6814 #endif
6815 #ifndef OPENSSL_NO_EC
6816 ADD_TEST(test_EC_priv_pub);
6817 ADD_TEST(test_evp_get_ec_pub);
6818 #ifndef OPENSSL_NO_DEPRECATED_3_0
6819 ADD_TEST(test_EC_priv_only_legacy);
6820 ADD_TEST(test_evp_get_ec_pub_legacy);
6821 #endif
6822 #endif
6823 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6824 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6825
6826 ADD_TEST(test_rand_agglomeration);
6827 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6828 #ifndef OPENSSL_NO_DES
6829 ADD_ALL_TESTS(test_evp_iv_des, 6);
6830 #endif
6831 #ifndef OPENSSL_NO_BF
6832 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6833 #endif
6834 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6835 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6836 ADD_TEST(test_EVP_rsa_invalid_key);
6837 #ifndef OPENSSL_NO_EC
6838 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6839 #endif
6840
6841 ADD_TEST(test_names_do_all);
6842
6843 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6844 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6845 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6846 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6847 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6848 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6849 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6850 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6851
6852 #ifndef OPENSSL_NO_DEPRECATED_3_0
6853 ADD_ALL_TESTS(test_custom_pmeth, 12);
6854 ADD_TEST(test_evp_md_cipher_meth);
6855 ADD_TEST(test_custom_md_meth);
6856 ADD_TEST(test_custom_ciph_meth);
6857
6858 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
6859 /* Tests only support the default libctx */
6860 if (testctx == NULL) {
6861 #ifndef OPENSSL_NO_EC
6862 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6863 #else
6864 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6865 #endif
6866 ADD_TEST(test_cipher_with_engine);
6867 }
6868 #endif
6869 #endif
6870
6871 #ifndef OPENSSL_NO_ECX
6872 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6873 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6874 #endif
6875
6876 ADD_TEST(test_sign_continuation);
6877
6878 /* Test cases for CVE-2023-5363 */
6879 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6880 #ifndef OPENSSL_NO_RC4
6881 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6882 #endif
6883
6884 ADD_TEST(test_invalid_ctx_for_digest);
6885
6886 ADD_TEST(test_evp_cipher_pipeline);
6887
6888 return 1;
6889 }
6890
cleanup_tests(void)6891 void cleanup_tests(void)
6892 {
6893 OSSL_PROVIDER_unload(nullprov);
6894 OSSL_PROVIDER_unload(deflprov);
6895 #ifndef OPENSSL_SYS_TANDEM
6896 OSSL_PROVIDER_unload(lgcyprov);
6897 #endif
6898 OSSL_LIB_CTX_free(testctx);
6899 }
6900