1 /* 2 * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include <openssl/rand.h> 36 #include <crypto/ml_kem.h> 37 #include "testutil.h" 38 #include "internal/nelem.h" 39 #include "internal/sizes.h" 40 #include "crypto/evp.h" 41 #include "fake_rsaprov.h" 42 #include "fake_pipelineprov.h" 43 44 #ifdef STATIC_LEGACY 45 OSSL_provider_init_fn ossl_legacy_provider_init; 46 #endif 47 48 static OSSL_LIB_CTX *testctx = NULL; 49 static char *testpropq = NULL; 50 51 static OSSL_PROVIDER *nullprov = NULL; 52 static OSSL_PROVIDER *deflprov = NULL; 53 static OSSL_PROVIDER *lgcyprov = NULL; 54 55 /* 56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 57 * should never use this key anywhere but in an example. 58 */ 59 static const unsigned char kExampleRSAKeyDER[] = { 60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 111 }; 112 113 /* An invalid key whose prime factors exceed modulus n. */ 114 static const unsigned char kInvalidRSAKeyDER[] = { 115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, 166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, 174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, 176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, 177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, 183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, 185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, 186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, 187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, 191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, 195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, 196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, 200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, 201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, 203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, 204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, 212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, 218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, 233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, 240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, 245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, 249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, 250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, 256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, 258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, 260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, 261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, 266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, 267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, 269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, 270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, 272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, 273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, 274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, 275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, 276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, 277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, 280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, 288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 289 0xe2, 0x80 290 }; 291 292 /* 293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 294 * should never use this key anywhere but in an example. 295 */ 296 #ifndef OPENSSL_NO_DSA 297 static const unsigned char kExampleDSAKeyDER[] = { 298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 335 0x40, 0x48 336 }; 337 #endif 338 339 /* 340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 341 * components are not correct. 342 */ 343 static const unsigned char kExampleBadRSAKeyDER[] = { 344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce 433 }; 434 435 /* 436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 437 * values are 0. 438 */ 439 static const unsigned char kExampleBad2RSAKeyDER[] = { 440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 442 0x01, 0x00, 0x02, 0x01, 0x00 443 }; 444 445 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 446 447 static const unsigned char kSignature[] = { 448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42 459 }; 460 461 /* 462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 463 * PrivateKeyInfo. 464 */ 465 static const unsigned char kExampleRSAKeyPKCS8[] = { 466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 519 }; 520 521 /* 522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 523 * PrivateKeyInfo (with an optional public key). 524 */ 525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = { 526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 579 /* Implicit optional Public key BIT STRING */ 580 0x81, 581 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 582 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 583 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 584 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 585 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 586 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 587 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 588 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 589 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 590 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 591 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 592 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 593 }; 594 595 #ifndef OPENSSL_NO_EC 596 /* 597 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 598 * structure. 599 */ 600 static const unsigned char kExampleECKeyDER[] = { 601 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 602 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 603 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 604 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 605 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 606 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 607 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 608 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 609 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 610 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 611 0xc1 612 }; 613 614 static const unsigned char kExampleECKeyPKCS8_v2[] = { 615 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 616 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 617 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 618 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 619 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 620 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, 621 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 622 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 623 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 624 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 625 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 626 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, 627 /* Optional implicit public key BIT STRING */ 628 0x81, 629 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 630 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 631 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 632 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 633 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 634 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 635 }; 636 637 /* 638 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 639 * structure. The private key is equal to the order and will fail to import 640 */ 641 static const unsigned char kExampleBadECKeyDER[] = { 642 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 643 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 644 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 645 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 646 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 647 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 648 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 649 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 650 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 651 }; 652 653 /* prime256v1 */ 654 static const unsigned char kExampleECPubKeyDER[] = { 655 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 656 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 657 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 658 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 659 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 660 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 661 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 662 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 663 }; 664 665 /* 666 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 667 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 668 */ 669 static const unsigned char kExampleBadECPubKeyDER[] = { 670 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 671 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 672 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 673 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 674 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 675 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 676 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 677 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 678 }; 679 680 static const unsigned char pExampleECParamDER[] = { 681 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 682 }; 683 684 #ifndef OPENSSL_NO_ECX 685 static const unsigned char kExampleED25519KeyDER[] = { 686 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 687 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 688 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 689 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 690 }; 691 692 static const unsigned char kExampleED25519PubKeyDER[] = { 693 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 694 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 695 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 696 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 697 }; 698 699 #ifndef OPENSSL_NO_DEPRECATED_3_0 700 static const unsigned char kExampleX25519KeyDER[] = { 701 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 702 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 703 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 704 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 705 }; 706 #endif 707 #endif 708 #endif 709 710 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 711 #ifndef OPENSSL_NO_DEPRECATED_3_0 712 #ifndef OPENSSL_NO_DH 713 static const unsigned char kExampleDHKeyDER[] = { 714 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 715 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 716 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 717 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 718 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 719 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 720 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 721 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 722 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 723 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 724 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 725 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 726 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 727 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 728 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 729 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 730 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 731 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 732 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 733 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 734 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 735 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 736 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 737 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 738 0x2e, 0x87, 0x2a, 0x0b, 0x7a 739 }; 740 #endif 741 #endif 742 743 static const unsigned char kCFBDefaultKey[] = { 744 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 745 0x09, 0xCF, 0x4F, 0x3C 746 }; 747 748 static const unsigned char kGCMDefaultKey[32] = { 0 }; 749 750 static const unsigned char kGCMResetKey[] = { 751 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 752 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 753 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 754 }; 755 756 static const unsigned char iCFBIV[] = { 757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 758 0x0C, 0x0D, 0x0E, 0x0F 759 }; 760 761 static const unsigned char iGCMDefaultIV[12] = { 0 }; 762 763 static const unsigned char iGCMResetIV1[] = { 764 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 765 }; 766 767 static const unsigned char iGCMResetIV2[] = { 768 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 769 }; 770 771 static const unsigned char cfbPlaintext[] = { 772 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 773 0x73, 0x93, 0x17, 0x2A 774 }; 775 static const unsigned char cfbPlaintext_partial[] = { 776 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 777 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96 778 }; 779 780 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 781 782 static const unsigned char gcmResetPlaintext[] = { 783 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 784 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 785 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 786 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 787 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 788 }; 789 790 static const unsigned char cfbCiphertext[] = { 791 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 792 0xE8, 0x3C, 0xFB, 0x4A 793 }; 794 795 static const unsigned char cfbCiphertext_partial[] = { 796 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 797 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 798 }; 799 800 static const unsigned char ofbCiphertext_partial[] = { 801 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 802 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 803 }; 804 805 static const unsigned char gcmDefaultCiphertext[] = { 806 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 807 0xba, 0xf3, 0x9d, 0x18 808 }; 809 810 static const unsigned char gcmResetCiphertext1[] = { 811 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 812 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 813 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 814 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 815 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 816 }; 817 818 static const unsigned char gcmResetCiphertext2[] = { 819 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 820 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 821 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 822 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 823 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 824 }; 825 826 static const unsigned char gcmAAD[] = { 827 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 828 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 829 }; 830 831 static const unsigned char gcmDefaultTag[] = { 832 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 833 0xd4, 0x8a, 0xb9, 0x19 834 }; 835 836 static const unsigned char gcmResetTag1[] = { 837 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 838 0xfe, 0x2e, 0xa8, 0xf2 839 }; 840 841 static const unsigned char gcmResetTag2[] = { 842 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 843 0xbb, 0x2d, 0x55, 0x1b 844 }; 845 846 typedef struct APK_DATA_st { 847 const unsigned char *kder; 848 size_t size; 849 const char *keytype; 850 int evptype; 851 int check; 852 int pub_check; 853 int param_check; 854 int type; /* 0 for private, 1 for public, 2 for params */ 855 } APK_DATA; 856 857 static APK_DATA keydata[] = { 858 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA }, 859 { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA }, 860 #ifndef OPENSSL_NO_EC 861 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC } 862 #endif 863 }; 864 865 static APK_DATA keydata_v2[] = { 866 { kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA }, 867 #ifndef OPENSSL_NO_EC 868 { kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC } 869 #endif 870 }; 871 872 static APK_DATA keycheckdata[] = { 873 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 874 0 }, 875 { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 876 0, 1, 1, 0 }, 877 { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 878 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 }, 879 #ifndef OPENSSL_NO_EC 880 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 }, 881 /* group is also associated in our pub key */ 882 { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 883 1, 1 }, 884 { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 885 2 }, 886 #ifndef OPENSSL_NO_ECX 887 { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 888 EVP_PKEY_ED25519, 1, 1, 1, 0 }, 889 { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 890 EVP_PKEY_ED25519, 0, 1, 1, 1 }, 891 #endif 892 #endif 893 }; 894 895 static EVP_PKEY *load_example_key(const char *keytype, 896 const unsigned char *data, size_t data_len) 897 { 898 const unsigned char **pdata = &data; 899 EVP_PKEY *pkey = NULL; 900 OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 901 testctx, testpropq); 902 903 /* |pkey| will be NULL on error */ 904 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 905 OSSL_DECODER_CTX_free(dctx); 906 return pkey; 907 } 908 909 static EVP_PKEY *load_example_rsa_key(void) 910 { 911 return load_example_key("RSA", kExampleRSAKeyDER, 912 sizeof(kExampleRSAKeyDER)); 913 } 914 915 #ifndef OPENSSL_NO_DSA 916 static EVP_PKEY *load_example_dsa_key(void) 917 { 918 return load_example_key("DSA", kExampleDSAKeyDER, 919 sizeof(kExampleDSAKeyDER)); 920 } 921 #endif 922 923 #ifndef OPENSSL_NO_EC 924 static EVP_PKEY *load_example_ec_key(void) 925 { 926 return load_example_key("EC", kExampleECKeyDER, 927 sizeof(kExampleECKeyDER)); 928 } 929 #endif 930 931 #ifndef OPENSSL_NO_DEPRECATED_3_0 932 933 static EVP_PKEY *make_bad_rsa_pubkey(void) 934 { 935 RSA *rsa = NULL; 936 BIGNUM *n = NULL, *e = NULL; 937 EVP_PKEY *pkey = NULL; 938 939 /* Deliberately invalid public key: n = 17, e = 17 */ 940 if (!TEST_ptr(pkey = EVP_PKEY_new()) 941 || !TEST_ptr(rsa = RSA_new()) 942 || !TEST_ptr(n = BN_new()) 943 || !TEST_ptr(e = BN_new()) 944 || !TEST_true(BN_set_word(n, 17)) 945 || !TEST_true(BN_set_word(e, 17)) 946 || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) 947 || !EVP_PKEY_assign_RSA(pkey, rsa)) 948 goto err; 949 950 return pkey; 951 err: 952 BN_free(n); 953 BN_free(e); 954 RSA_free(rsa); 955 return NULL; 956 } 957 958 #ifndef OPENSSL_NO_DH 959 static EVP_PKEY *load_example_dh_key(void) 960 { 961 return load_example_key("DH", kExampleDHKeyDER, 962 sizeof(kExampleDHKeyDER)); 963 } 964 #endif 965 966 #ifndef OPENSSL_NO_ECX 967 static EVP_PKEY *load_example_ed25519_key(void) 968 { 969 return load_example_key("ED25519", kExampleED25519KeyDER, 970 sizeof(kExampleED25519KeyDER)); 971 } 972 973 static EVP_PKEY *load_example_x25519_key(void) 974 { 975 return load_example_key("X25519", kExampleX25519KeyDER, 976 sizeof(kExampleX25519KeyDER)); 977 } 978 #endif 979 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 980 981 static EVP_PKEY *load_example_hmac_key(void) 982 { 983 EVP_PKEY *pkey = NULL; 984 unsigned char key[] = { 985 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 986 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 987 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 988 }; 989 990 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 991 NULL, key, sizeof(key)); 992 if (!TEST_ptr(pkey)) 993 return NULL; 994 995 return pkey; 996 } 997 998 static int test_EVP_set_config_properties(void) 999 { 1000 char *fetched_properties = NULL; 1001 const char test_propq[] = "test.fizzbuzz=buzzfizz"; 1002 int res = 0; 1003 1004 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); 1005 if (!TEST_ptr(fetched_properties) 1006 || !TEST_str_eq(fetched_properties, test_propq)) 1007 goto err; 1008 OPENSSL_free(fetched_properties); 1009 fetched_properties = NULL; 1010 1011 res = 1; 1012 err: 1013 OPENSSL_free(fetched_properties); 1014 return res; 1015 } 1016 1017 static int test_EVP_set_default_properties(void) 1018 { 1019 OSSL_LIB_CTX *ctx; 1020 EVP_MD *md = NULL; 1021 int res = 0; 1022 char *fetched_properties = NULL; 1023 const char test_propq[] = "provider=fizzbang"; 1024 const char test_fips_propq[] = "fips=yes,provider=fizzbang"; 1025 1026 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 1027 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1028 goto err; 1029 EVP_MD_free(md); 1030 md = NULL; 1031 1032 if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) 1033 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 1034 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 1035 goto err; 1036 EVP_MD_free(md); 1037 md = NULL; 1038 1039 fetched_properties = EVP_get1_default_properties(ctx); 1040 if (!TEST_ptr(fetched_properties) 1041 || !TEST_str_eq(fetched_properties, test_propq)) 1042 goto err; 1043 OPENSSL_free(fetched_properties); 1044 fetched_properties = NULL; 1045 1046 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) 1047 goto err; 1048 fetched_properties = EVP_get1_default_properties(ctx); 1049 if (!TEST_ptr(fetched_properties) 1050 || !TEST_str_eq(fetched_properties, test_fips_propq)) 1051 goto err; 1052 OPENSSL_free(fetched_properties); 1053 fetched_properties = NULL; 1054 1055 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) 1056 goto err; 1057 1058 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 1059 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1060 goto err; 1061 res = 1; 1062 err: 1063 OPENSSL_free(fetched_properties); 1064 EVP_MD_free(md); 1065 OSSL_LIB_CTX_free(ctx); 1066 return res; 1067 } 1068 1069 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1070 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 1071 { 1072 EVP_PKEY_CTX *pctx = NULL; 1073 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 1074 1075 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 1076 goto err; 1077 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ 1078 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) 1079 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 1080 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 1081 params), 1082 0)) 1083 goto err; 1084 1085 if (!TEST_ptr(tmp_pkey)) 1086 goto err; 1087 1088 pkey = tmp_pkey; 1089 tmp_pkey = NULL; 1090 err: 1091 EVP_PKEY_free(tmp_pkey); 1092 EVP_PKEY_CTX_free(pctx); 1093 return pkey; 1094 } 1095 1096 static int test_selection(EVP_PKEY *pkey, int selection) 1097 { 1098 int testresult = 0; 1099 int ret; 1100 BIO *bio = BIO_new(BIO_s_mem()); 1101 1102 ret = PEM_write_bio_PUBKEY(bio, pkey); 1103 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 1104 if (!TEST_true(ret)) 1105 goto err; 1106 } else { 1107 if (!TEST_false(ret)) 1108 goto err; 1109 } 1110 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 1111 testctx, NULL); 1112 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 1113 if (!TEST_true(ret)) 1114 goto err; 1115 } else { 1116 if (!TEST_false(ret)) 1117 goto err; 1118 } 1119 1120 testresult = 1; 1121 err: 1122 BIO_free(bio); 1123 1124 return testresult; 1125 } 1126 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 1127 1128 /* 1129 * Test combinations of private, public, missing and private + public key 1130 * params to ensure they are all accepted 1131 */ 1132 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 1133 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 1134 { 1135 OSSL_PARAM_BLD *bld = NULL; 1136 OSSL_PARAM *params = NULL; 1137 EVP_PKEY *just_params = NULL; 1138 EVP_PKEY *params_and_priv = NULL; 1139 EVP_PKEY *params_and_pub = NULL; 1140 EVP_PKEY *params_and_keypair = NULL; 1141 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 1142 int ret = 0; 1143 1144 /* 1145 * Setup the parameters for our pkey object. For our purposes they don't 1146 * have to actually be *valid* parameters. We just need to set something. 1147 */ 1148 if (!TEST_ptr(p = BN_new()) 1149 || !TEST_ptr(q = BN_new()) 1150 || !TEST_ptr(g = BN_new()) 1151 || !TEST_ptr(pub = BN_new()) 1152 || !TEST_ptr(priv = BN_new())) 1153 goto err; 1154 1155 /* Test !priv and !pub */ 1156 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1157 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1158 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1159 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 1160 goto err; 1161 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1162 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 1163 goto err; 1164 1165 OSSL_PARAM_free(params); 1166 OSSL_PARAM_BLD_free(bld); 1167 params = NULL; 1168 bld = NULL; 1169 1170 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1171 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1172 goto err; 1173 1174 /* Test priv and !pub */ 1175 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1176 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1177 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1178 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1179 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1180 priv))) 1181 goto err; 1182 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1183 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 1184 goto err; 1185 1186 OSSL_PARAM_free(params); 1187 OSSL_PARAM_BLD_free(bld); 1188 params = NULL; 1189 bld = NULL; 1190 1191 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 1192 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1193 goto err; 1194 1195 /* Test !priv and pub */ 1196 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1197 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1198 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1199 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1200 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1201 pub))) 1202 goto err; 1203 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1204 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 1205 goto err; 1206 1207 OSSL_PARAM_free(params); 1208 OSSL_PARAM_BLD_free(bld); 1209 params = NULL; 1210 bld = NULL; 1211 1212 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1213 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1214 goto err; 1215 1216 /* Test priv and pub */ 1217 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1218 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1219 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1220 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1221 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1222 pub)) 1223 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1224 priv))) 1225 goto err; 1226 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1227 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 1228 goto err; 1229 1230 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1231 goto err; 1232 1233 ret = 1; 1234 err: 1235 OSSL_PARAM_free(params); 1236 OSSL_PARAM_BLD_free(bld); 1237 EVP_PKEY_free(just_params); 1238 EVP_PKEY_free(params_and_priv); 1239 EVP_PKEY_free(params_and_pub); 1240 EVP_PKEY_free(params_and_keypair); 1241 BN_free(p); 1242 BN_free(q); 1243 BN_free(g); 1244 BN_free(pub); 1245 BN_free(priv); 1246 1247 return ret; 1248 } 1249 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 1250 1251 /* 1252 * Test combinations of private, public, missing and private + public key 1253 * params to ensure they are all accepted for EC keys 1254 */ 1255 #ifndef OPENSSL_NO_EC 1256 static unsigned char ec_priv[] = { 1257 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 1258 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 1259 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 1260 }; 1261 static unsigned char ec_pub[] = { 1262 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 1263 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 1264 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 1265 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 1266 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 1267 0x08, 0x09, 0xb8, 0xdb, 0x03 1268 }; 1269 1270 static int test_EC_priv_pub(void) 1271 { 1272 OSSL_PARAM_BLD *bld = NULL; 1273 OSSL_PARAM *params = NULL; 1274 EVP_PKEY *just_params = NULL; 1275 EVP_PKEY *params_and_priv = NULL; 1276 EVP_PKEY *params_and_pub = NULL; 1277 EVP_PKEY *params_and_keypair = NULL; 1278 BIGNUM *priv = NULL; 1279 int ret = 0; 1280 unsigned char *encoded = NULL; 1281 size_t len = 0; 1282 unsigned char buffer[128]; 1283 1284 /* 1285 * Setup the parameters for our pkey object. For our purposes they don't 1286 * have to actually be *valid* parameters. We just need to set something. 1287 */ 1288 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1289 goto err; 1290 1291 /* Test !priv and !pub */ 1292 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1293 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1294 OSSL_PKEY_PARAM_GROUP_NAME, 1295 "P-256", 0))) 1296 goto err; 1297 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1298 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 1299 goto err; 1300 1301 OSSL_PARAM_free(params); 1302 OSSL_PARAM_BLD_free(bld); 1303 params = NULL; 1304 bld = NULL; 1305 1306 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1307 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1308 goto err; 1309 1310 /* Test priv and !pub */ 1311 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1312 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1313 OSSL_PKEY_PARAM_GROUP_NAME, 1314 "P-256", 0)) 1315 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1316 priv))) 1317 goto err; 1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1319 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 1320 goto err; 1321 1322 OSSL_PARAM_free(params); 1323 OSSL_PARAM_BLD_free(bld); 1324 params = NULL; 1325 bld = NULL; 1326 1327 /* 1328 * We indicate only parameters here, in spite of having built a key that 1329 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 1330 * expected to fail because it does not support exporting a private EC 1331 * key without a corresponding public key 1332 */ 1333 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1334 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1335 goto err; 1336 1337 /* Test !priv and pub */ 1338 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1339 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1340 OSSL_PKEY_PARAM_GROUP_NAME, 1341 "P-256", 0)) 1342 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1343 OSSL_PKEY_PARAM_PUB_KEY, 1344 ec_pub, sizeof(ec_pub)))) 1345 goto err; 1346 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1347 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 1348 goto err; 1349 1350 OSSL_PARAM_free(params); 1351 OSSL_PARAM_BLD_free(bld); 1352 params = NULL; 1353 bld = NULL; 1354 1355 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1356 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1357 goto err; 1358 1359 /* Test priv and pub */ 1360 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1361 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1362 OSSL_PKEY_PARAM_GROUP_NAME, 1363 "P-256", 0)) 1364 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1365 OSSL_PKEY_PARAM_PUB_KEY, 1366 ec_pub, sizeof(ec_pub))) 1367 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1368 priv))) 1369 goto err; 1370 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1371 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1372 goto err; 1373 1374 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1375 goto err; 1376 1377 /* Try key equality */ 1378 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1379 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1380 0) 1381 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1382 0) 1383 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1384 0) 1385 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1386 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1387 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1388 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1389 goto err; 1390 1391 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1392 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1393 goto err; 1394 OPENSSL_free(encoded); 1395 encoded = NULL; 1396 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1397 OPENSSL_free(encoded); 1398 encoded = NULL; 1399 goto err; 1400 } 1401 1402 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1403 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1404 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1405 buffer, sizeof(buffer), &len), 1406 1) 1407 || !TEST_int_eq(len, 65)) 1408 goto err; 1409 1410 len = 0; 1411 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1412 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1413 NULL, 0, &len), 1414 1) 1415 || !TEST_int_eq(len, 65)) 1416 goto err; 1417 1418 /* too-short buffer len*/ 1419 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1420 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1421 buffer, 10, &len), 1422 0)) 1423 goto err; 1424 1425 ret = 1; 1426 err: 1427 OSSL_PARAM_free(params); 1428 OSSL_PARAM_BLD_free(bld); 1429 EVP_PKEY_free(just_params); 1430 EVP_PKEY_free(params_and_priv); 1431 EVP_PKEY_free(params_and_pub); 1432 EVP_PKEY_free(params_and_keypair); 1433 BN_free(priv); 1434 1435 return ret; 1436 } 1437 1438 /* Also test that we can read the EC PUB affine coordinates */ 1439 static int test_evp_get_ec_pub(void) 1440 { 1441 OSSL_PARAM_BLD *bld = NULL; 1442 OSSL_PARAM *params = NULL; 1443 unsigned char *pad = NULL; 1444 EVP_PKEY *keypair = NULL; 1445 BIGNUM *priv = NULL; 1446 BIGNUM *x = NULL; 1447 BIGNUM *y = NULL; 1448 int ret = 0; 1449 1450 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1451 goto err; 1452 1453 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1454 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1455 OSSL_PKEY_PARAM_GROUP_NAME, 1456 "P-256", 0)) 1457 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1458 OSSL_PKEY_PARAM_PUB_KEY, 1459 ec_pub, sizeof(ec_pub))) 1460 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1461 priv))) 1462 goto err; 1463 1464 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1465 || !TEST_ptr(keypair = make_key_fromdata("EC", params))) 1466 goto err; 1467 1468 if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) 1469 goto err; 1470 1471 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) 1472 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) 1473 goto err; 1474 1475 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1476 goto err; 1477 1478 pad[0] = ec_pub[0]; 1479 BN_bn2bin(x, &pad[1]); 1480 BN_bn2bin(y, &pad[33]); 1481 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1482 goto err; 1483 1484 ret = 1; 1485 1486 err: 1487 OSSL_PARAM_free(params); 1488 OSSL_PARAM_BLD_free(bld); 1489 EVP_PKEY_free(keypair); 1490 OPENSSL_free(pad); 1491 BN_free(priv); 1492 BN_free(x); 1493 BN_free(y); 1494 return ret; 1495 } 1496 1497 /* Test that using a legacy EC key with only a private key in it works */ 1498 #ifndef OPENSSL_NO_DEPRECATED_3_0 1499 static int test_EC_priv_only_legacy(void) 1500 { 1501 BIGNUM *priv = NULL; 1502 int ret = 0; 1503 EC_KEY *eckey = NULL; 1504 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1505 EVP_MD_CTX *ctx = NULL; 1506 1507 /* Create the low level EC_KEY */ 1508 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1509 goto err; 1510 1511 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1512 if (!TEST_ptr(eckey)) 1513 goto err; 1514 1515 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1516 goto err; 1517 1518 pkey = EVP_PKEY_new(); 1519 if (!TEST_ptr(pkey)) 1520 goto err; 1521 1522 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1523 goto err; 1524 eckey = NULL; 1525 1526 for (;;) { 1527 ret = 0; 1528 ctx = EVP_MD_CTX_new(); 1529 if (!TEST_ptr(ctx)) 1530 goto err; 1531 1532 /* 1533 * The EVP_DigestSignInit function should create the key on the 1534 * provider side which is sufficient for this test. 1535 */ 1536 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1537 testpropq, pkey, NULL))) 1538 goto err; 1539 EVP_MD_CTX_free(ctx); 1540 ctx = NULL; 1541 1542 if (dup_pk != NULL) 1543 break; 1544 1545 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1546 goto err; 1547 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1548 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1549 EVP_PKEY_free(pkey); 1550 pkey = dup_pk; 1551 if (!ret) 1552 goto err; 1553 } 1554 ret = 1; 1555 1556 err: 1557 EVP_MD_CTX_free(ctx); 1558 EVP_PKEY_free(pkey); 1559 EC_KEY_free(eckey); 1560 BN_free(priv); 1561 1562 return ret; 1563 } 1564 1565 static int test_evp_get_ec_pub_legacy(void) 1566 { 1567 OSSL_LIB_CTX *libctx = NULL; 1568 unsigned char *pad = NULL; 1569 EVP_PKEY *pkey = NULL; 1570 EC_KEY *eckey = NULL; 1571 BIGNUM *priv = NULL; 1572 BIGNUM *x = NULL; 1573 BIGNUM *y = NULL; 1574 int ret = 0; 1575 1576 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 1577 goto err; 1578 1579 /* Create the legacy key */ 1580 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, 1581 NID_X9_62_prime256v1))) 1582 goto err; 1583 1584 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1585 goto err; 1586 1587 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1588 goto err; 1589 1590 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) 1591 goto err; 1592 1593 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) 1594 goto err; 1595 1596 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) 1597 goto err; 1598 1599 if (!TEST_ptr(pkey = EVP_PKEY_new())) 1600 goto err; 1601 1602 /* Transfer the legacy key */ 1603 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1604 goto err; 1605 eckey = NULL; 1606 1607 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) 1608 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) 1609 goto err; 1610 1611 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1612 goto err; 1613 1614 pad[0] = ec_pub[0]; 1615 BN_bn2bin(x, &pad[1]); 1616 BN_bn2bin(y, &pad[33]); 1617 1618 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1619 goto err; 1620 1621 ret = 1; 1622 1623 err: 1624 OSSL_LIB_CTX_free(libctx); 1625 EVP_PKEY_free(pkey); 1626 EC_KEY_free(eckey); 1627 OPENSSL_free(pad); 1628 BN_free(priv); 1629 BN_free(x); 1630 BN_free(y); 1631 1632 return ret; 1633 } 1634 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1635 #endif /* OPENSSL_NO_EC */ 1636 1637 static int test_EVP_PKEY_sign(int tst) 1638 { 1639 int ret = 0; 1640 EVP_PKEY *pkey = NULL; 1641 unsigned char *sig = NULL; 1642 size_t sig_len = 0, shortsig_len = 1; 1643 EVP_PKEY_CTX *ctx = NULL; 1644 unsigned char tbs[] = { 1645 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1646 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1647 }; 1648 1649 if (tst == 0) { 1650 if (!TEST_ptr(pkey = load_example_rsa_key())) 1651 goto out; 1652 } else if (tst == 1) { 1653 #ifndef OPENSSL_NO_DSA 1654 if (!TEST_ptr(pkey = load_example_dsa_key())) 1655 goto out; 1656 #else 1657 ret = 1; 1658 goto out; 1659 #endif 1660 } else { 1661 #ifndef OPENSSL_NO_EC 1662 if (!TEST_ptr(pkey = load_example_ec_key())) 1663 goto out; 1664 #else 1665 ret = 1; 1666 goto out; 1667 #endif 1668 } 1669 1670 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1671 if (!TEST_ptr(ctx) 1672 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1673 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1674 sizeof(tbs)), 1675 0)) 1676 goto out; 1677 sig = OPENSSL_malloc(sig_len); 1678 if (!TEST_ptr(sig) 1679 /* Test sending a signature buffer that is too short is rejected */ 1680 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1681 sizeof(tbs)), 1682 0) 1683 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1684 0) 1685 /* Test the signature round-trips */ 1686 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1687 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1688 0)) 1689 goto out; 1690 1691 ret = 1; 1692 out: 1693 EVP_PKEY_CTX_free(ctx); 1694 OPENSSL_free(sig); 1695 EVP_PKEY_free(pkey); 1696 return ret; 1697 } 1698 1699 #ifndef OPENSSL_NO_DEPRECATED_3_0 1700 static int test_EVP_PKEY_sign_with_app_method(int tst) 1701 { 1702 int ret = 0; 1703 EVP_PKEY *pkey = NULL; 1704 RSA *rsa = NULL; 1705 RSA_METHOD *rsa_meth = NULL; 1706 #ifndef OPENSSL_NO_DSA 1707 DSA *dsa = NULL; 1708 DSA_METHOD *dsa_meth = NULL; 1709 #endif 1710 unsigned char *sig = NULL; 1711 size_t sig_len = 0, shortsig_len = 1; 1712 EVP_PKEY_CTX *ctx = NULL; 1713 unsigned char tbs[] = { 1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1716 }; 1717 1718 if (tst == 0) { 1719 if (!TEST_ptr(pkey = load_example_rsa_key())) 1720 goto out; 1721 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1722 goto out; 1723 1724 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1725 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1726 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1727 goto out; 1728 rsa = NULL; /* now owned by the pkey */ 1729 } else { 1730 #ifndef OPENSSL_NO_DSA 1731 if (!TEST_ptr(pkey = load_example_dsa_key())) 1732 goto out; 1733 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1734 goto out; 1735 1736 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1737 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1738 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1739 goto out; 1740 dsa = NULL; /* now owned by the pkey */ 1741 #else 1742 ret = 1; 1743 goto out; 1744 #endif 1745 } 1746 1747 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1748 if (!TEST_ptr(ctx) 1749 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1750 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1751 sizeof(tbs)), 1752 0)) 1753 goto out; 1754 sig = OPENSSL_malloc(sig_len); 1755 if (!TEST_ptr(sig) 1756 /* Test sending a signature buffer that is too short is rejected */ 1757 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1758 sizeof(tbs)), 1759 0) 1760 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1761 0) 1762 /* Test the signature round-trips */ 1763 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1764 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1765 0)) 1766 goto out; 1767 1768 ret = 1; 1769 out: 1770 EVP_PKEY_CTX_free(ctx); 1771 OPENSSL_free(sig); 1772 EVP_PKEY_free(pkey); 1773 RSA_free(rsa); 1774 RSA_meth_free(rsa_meth); 1775 #ifndef OPENSSL_NO_DSA 1776 DSA_free(dsa); 1777 DSA_meth_free(dsa_meth); 1778 #endif 1779 return ret; 1780 } 1781 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1782 1783 /* 1784 * n = 0 => test using legacy cipher 1785 * n = 1 => test using fetched cipher 1786 */ 1787 static int test_EVP_Enveloped(int n) 1788 { 1789 int ret = 0; 1790 EVP_CIPHER_CTX *ctx = NULL; 1791 EVP_PKEY *keypair = NULL; 1792 unsigned char *kek = NULL; 1793 unsigned char iv[EVP_MAX_IV_LENGTH]; 1794 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1795 int len, kek_len, ciphertext_len, plaintext_len; 1796 unsigned char ciphertext[32], plaintext[16]; 1797 EVP_CIPHER *type = NULL; 1798 1799 if (nullprov != NULL) 1800 return TEST_skip("Test does not support a non-default library context"); 1801 1802 if (n == 0) 1803 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1804 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1805 testpropq))) 1806 goto err; 1807 1808 if (!TEST_ptr(keypair = load_example_rsa_key()) 1809 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1810 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1811 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1812 &keypair, 1)) 1813 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1814 msg, sizeof(msg))) 1815 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1816 &len))) 1817 goto err; 1818 1819 ciphertext_len += len; 1820 1821 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1822 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1823 ciphertext, ciphertext_len)) 1824 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1825 goto err; 1826 1827 plaintext_len += len; 1828 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1829 goto err; 1830 1831 ret = 1; 1832 err: 1833 if (n != 0) 1834 EVP_CIPHER_free(type); 1835 OPENSSL_free(kek); 1836 EVP_PKEY_free(keypair); 1837 EVP_CIPHER_CTX_free(ctx); 1838 return ret; 1839 } 1840 1841 /* 1842 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1843 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1844 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1845 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1846 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1847 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1848 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1849 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1850 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1851 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1852 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1853 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1854 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1855 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1856 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1857 * Test 15-29: Same as above with reinitialization 1858 */ 1859 static int test_EVP_DigestSignInit(int tst) 1860 { 1861 int ret = 0; 1862 EVP_PKEY *pkey = NULL; 1863 unsigned char *sig = NULL, *sig2 = NULL; 1864 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1865 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1866 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1867 BIO *mdbio = NULL, *membio = NULL; 1868 size_t written; 1869 const EVP_MD *md; 1870 EVP_MD *mdexp = NULL; 1871 int reinit = 0; 1872 1873 if (nullprov != NULL) 1874 return TEST_skip("Test does not support a non-default library context"); 1875 1876 if (tst >= 15) { 1877 reinit = 1; 1878 tst -= 15; 1879 } 1880 1881 if (tst >= 6 && tst <= 8) { 1882 membio = BIO_new(BIO_s_mem()); 1883 mdbio = BIO_new(BIO_f_md()); 1884 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1885 goto out; 1886 BIO_push(mdbio, membio); 1887 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1888 goto out; 1889 } else { 1890 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1891 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1892 goto out; 1893 } 1894 1895 if (tst % 3 == 0) { 1896 if (!TEST_ptr(pkey = load_example_rsa_key())) 1897 goto out; 1898 } else if (tst % 3 == 1) { 1899 #ifndef OPENSSL_NO_DSA 1900 if (!TEST_ptr(pkey = load_example_dsa_key())) 1901 goto out; 1902 #else 1903 ret = 1; 1904 goto out; 1905 #endif 1906 } else { 1907 if (!TEST_ptr(pkey = load_example_hmac_key())) 1908 goto out; 1909 } 1910 1911 if (tst >= 3 && tst <= 5) 1912 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1913 else 1914 md = EVP_sha256(); 1915 1916 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1917 goto out; 1918 1919 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1920 goto out; 1921 1922 if (tst >= 6 && tst <= 8) { 1923 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1924 goto out; 1925 } else if (tst < 6) { 1926 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1927 goto out; 1928 } 1929 1930 if (tst >= 9) { 1931 /* Determine the size of the signature. */ 1932 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1933 sizeof(kMsg))) 1934 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1935 goto out; 1936 if (tst <= 11) { 1937 /* Test that supply a short sig buffer fails */ 1938 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1939 sizeof(kMsg)))) 1940 goto out; 1941 /* 1942 * We end here because once EVP_DigestSign() has failed you should 1943 * not call it again without re-initing the ctx 1944 */ 1945 ret = 1; 1946 goto out; 1947 } 1948 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1949 sizeof(kMsg)))) 1950 goto out; 1951 } else { 1952 /* Determine the size of the signature. */ 1953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1954 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1955 /* 1956 * Trying to create a signature with a deliberately short 1957 * buffer should fail. 1958 */ 1959 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1960 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1961 goto out; 1962 } 1963 1964 /* 1965 * Ensure that the signature round-trips (Verification isn't supported for 1966 * HMAC via EVP_DigestVerify*) 1967 */ 1968 if (tst % 3 != 2) { 1969 if (tst >= 6 && tst <= 8) { 1970 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1971 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1972 goto out; 1973 } 1974 1975 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1976 NULL, pkey))) 1977 goto out; 1978 1979 if (tst >= 6 && tst <= 8) { 1980 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1981 goto out; 1982 } else { 1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1984 sizeof(kMsg)))) 1985 goto out; 1986 } 1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1988 goto out; 1989 1990 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1991 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1992 goto out; 1993 } else { 1994 /* 1995 * For HMAC a doubled call to DigestSignFinal should produce the same 1996 * value as finalization should not happen. 1997 */ 1998 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1999 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 2000 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 2001 goto out; 2002 2003 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 2004 goto out; 2005 } 2006 2007 ret = 1; 2008 2009 out: 2010 BIO_free(membio); 2011 BIO_free(mdbio); 2012 EVP_MD_CTX_free(a_md_ctx); 2013 EVP_MD_CTX_free(a_md_ctx_verify); 2014 EVP_PKEY_free(pkey); 2015 OPENSSL_free(sig); 2016 OPENSSL_free(sig2); 2017 EVP_MD_free(mdexp); 2018 2019 return ret; 2020 } 2021 2022 static int test_EVP_DigestVerifyInit(void) 2023 { 2024 int ret = 0; 2025 EVP_PKEY *pkey = NULL; 2026 EVP_MD_CTX *md_ctx = NULL; 2027 2028 if (nullprov != NULL) 2029 return TEST_skip("Test does not support a non-default library context"); 2030 2031 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 2032 || !TEST_ptr(pkey = load_example_rsa_key())) 2033 goto out; 2034 2035 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 2036 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2037 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2038 sizeof(kSignature)), 2039 0)) 2040 goto out; 2041 2042 /* test with reinitialization */ 2043 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 2044 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2045 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2046 sizeof(kSignature)), 2047 0)) 2048 goto out; 2049 ret = 1; 2050 2051 out: 2052 EVP_MD_CTX_free(md_ctx); 2053 EVP_PKEY_free(pkey); 2054 return ret; 2055 } 2056 2057 #ifndef OPENSSL_NO_EC 2058 static int test_ecdsa_digestsign_keccak(void) 2059 { 2060 int ret = 0; 2061 EVP_PKEY *pkey = NULL; 2062 EVP_MD_CTX *ctx = NULL; 2063 EVP_MD *md = NULL; 2064 2065 if (nullprov != NULL) 2066 return TEST_skip("Test does not support a non-default library context"); 2067 2068 pkey = load_example_ec_key(); 2069 if (!TEST_ptr(pkey)) 2070 goto err; 2071 2072 /* This would not work with FIPS provider so just use NULL libctx */ 2073 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); 2074 if (!TEST_ptr(md)) 2075 goto err; 2076 2077 ctx = EVP_MD_CTX_new(); 2078 if (!TEST_ptr(ctx)) 2079 goto err; 2080 2081 /* 2082 * Just check EVP_DigestSignInit_ex() works. 2083 */ 2084 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 2085 goto err; 2086 2087 ret = 1; 2088 err: 2089 EVP_MD_CTX_free(ctx); 2090 EVP_PKEY_free(pkey); 2091 EVP_MD_free(md); 2092 2093 return ret; 2094 } 2095 #endif 2096 2097 #ifndef OPENSSL_NO_SIPHASH 2098 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 2099 static int test_siphash_digestsign(void) 2100 { 2101 unsigned char key[16]; 2102 unsigned char buf[8], digest[8]; 2103 unsigned char expected[8] = { 2104 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 2105 }; 2106 EVP_PKEY *pkey = NULL; 2107 EVP_MD_CTX *mdctx = NULL; 2108 EVP_PKEY_CTX *ctx = NULL; 2109 int ret = 0; 2110 size_t len = 8; 2111 2112 if (nullprov != NULL) 2113 return TEST_skip("Test does not support a non-default library context"); 2114 2115 memset(buf, 0, 8); 2116 memset(key, 1, 16); 2117 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 2118 key, 16))) 2119 goto out; 2120 2121 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 2122 goto out; 2123 2124 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 2125 goto out; 2126 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 2127 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 2128 8, NULL), 2129 1)) 2130 goto out; 2131 /* reinitialize */ 2132 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 2133 goto out; 2134 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 2135 goto out; 2136 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 2137 goto out; 2138 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 2139 goto out; 2140 2141 ret = 1; 2142 out: 2143 EVP_PKEY_free(pkey); 2144 EVP_MD_CTX_free(mdctx); 2145 return ret; 2146 } 2147 #endif 2148 2149 /* 2150 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 2151 */ 2152 static int test_EVP_Digest(void) 2153 { 2154 int ret = 0; 2155 EVP_MD_CTX *md_ctx = NULL; 2156 unsigned char md[EVP_MAX_MD_SIZE]; 2157 EVP_MD *sha256 = NULL; 2158 EVP_MD *shake256 = NULL; 2159 2160 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2161 goto out; 2162 2163 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 2164 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 2165 goto out; 2166 2167 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2168 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2169 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 2170 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 2171 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 2172 goto out; 2173 2174 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2175 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2176 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 2177 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 2178 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2179 /* 2180 * EVP_DigestInit_ex with NULL type should work on 2181 * pre-initialized context. 2182 */ 2183 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2184 goto out; 2185 2186 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 2187 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2188 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 2189 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 2190 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2191 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2192 goto out; 2193 ret = 1; 2194 2195 out: 2196 EVP_MD_CTX_free(md_ctx); 2197 EVP_MD_free(sha256); 2198 EVP_MD_free(shake256); 2199 return ret; 2200 } 2201 2202 static int test_EVP_md_null(void) 2203 { 2204 int ret = 0; 2205 EVP_MD_CTX *md_ctx = NULL; 2206 const EVP_MD *md_null = EVP_md_null(); 2207 unsigned char md_value[EVP_MAX_MD_SIZE]; 2208 unsigned int md_len = sizeof(md_value); 2209 2210 if (nullprov != NULL) 2211 return TEST_skip("Test does not support a non-default library context"); 2212 2213 if (!TEST_ptr(md_null) 2214 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2215 goto out; 2216 2217 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 2218 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 2219 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 2220 goto out; 2221 2222 if (!TEST_uint_eq(md_len, 0)) 2223 goto out; 2224 2225 ret = 1; 2226 out: 2227 EVP_MD_CTX_free(md_ctx); 2228 return ret; 2229 } 2230 2231 #ifndef OPENSSL_NO_POLY1305 2232 /* Test that EVP_MAC_final fails for Poly1305 when no key was set */ 2233 static int test_evp_mac_poly1305_no_key(void) 2234 { 2235 int ret = 0; 2236 EVP_MAC *mac = NULL; 2237 EVP_MAC_CTX *ctx = NULL; 2238 unsigned char out[16]; 2239 size_t outl = 0; 2240 2241 if (!TEST_ptr(mac = EVP_MAC_fetch(testctx, "Poly1305", testpropq)) 2242 || !TEST_ptr(ctx = EVP_MAC_CTX_new(mac)) 2243 || !TEST_int_eq(EVP_MAC_init(ctx, NULL, 0, NULL), 1) 2244 || !TEST_int_eq(EVP_MAC_final(ctx, out, &outl, sizeof(out)), 0)) 2245 goto err; 2246 ret = 1; 2247 err: 2248 EVP_MAC_CTX_free(ctx); 2249 EVP_MAC_free(mac); 2250 return ret; 2251 } 2252 #endif 2253 2254 static int test_d2i_AutoPrivateKey(int i) 2255 { 2256 int ret = 0; 2257 const unsigned char *p; 2258 EVP_PKEY *pkey = NULL; 2259 const APK_DATA *ak = &keydata[i]; 2260 const unsigned char *input = ak->kder; 2261 size_t input_len = ak->size; 2262 int expected_id = ak->evptype; 2263 2264 p = input; 2265 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 2266 || !TEST_ptr_eq(p, input + input_len) 2267 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2268 goto done; 2269 2270 ret = 1; 2271 2272 done: 2273 EVP_PKEY_free(pkey); 2274 return ret; 2275 } 2276 2277 #ifndef OPENSSL_NO_EC 2278 2279 static const unsigned char ec_public_sect163k1_validxy[] = { 2280 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2281 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2282 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2283 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 2284 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2285 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2286 }; 2287 2288 static const unsigned char ec_public_sect163k1_badx[] = { 2289 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2290 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2291 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2292 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 2293 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2294 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2295 }; 2296 2297 static const unsigned char ec_public_sect163k1_bady[] = { 2298 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2299 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2300 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2301 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 2302 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2303 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 2304 }; 2305 2306 static struct ec_der_pub_keys_st { 2307 const unsigned char *der; 2308 size_t len; 2309 int valid; 2310 } ec_der_pub_keys[] = { 2311 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 2312 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 2313 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 2314 }; 2315 2316 /* 2317 * Tests the range of the decoded EC char2 public point. 2318 * See ec_GF2m_simple_oct2point(). 2319 */ 2320 static int test_invalide_ec_char2_pub_range_decode(int id) 2321 { 2322 int ret = 0; 2323 EVP_PKEY *pkey; 2324 2325 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 2326 ec_der_pub_keys[id].len); 2327 2328 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 2329 || TEST_ptr_null(pkey); 2330 EVP_PKEY_free(pkey); 2331 return ret; 2332 } 2333 2334 static int test_EVP_PKCS82PKEY(void) 2335 { 2336 int ret = 0; 2337 const unsigned char *derp = kExampleBadECKeyDER; 2338 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2339 EVP_PKEY *pkey = NULL; 2340 2341 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 2342 sizeof(kExampleBadECKeyDER)))) 2343 goto done; 2344 2345 if (!TEST_ptr_eq(derp, 2346 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 2347 goto done; 2348 2349 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 2350 goto done; 2351 2352 ret = 1; 2353 2354 done: 2355 PKCS8_PRIV_KEY_INFO_free(p8inf); 2356 EVP_PKEY_free(pkey); 2357 2358 return ret; 2359 } 2360 2361 #endif 2362 2363 static int test_EVP_PKCS82PKEY_v2(int i) 2364 { 2365 int ret = 0; 2366 const unsigned char *p; 2367 const APK_DATA *ak = &keydata_v2[i]; 2368 const unsigned char *input = ak->kder; 2369 size_t input_len = ak->size; 2370 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2371 2372 /* Can we parse PKCS#8 v2, ignoring the public key for now? */ 2373 p = input; 2374 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); 2375 if (!TEST_ptr(p8inf) 2376 || !TEST_true(p == input + input_len)) 2377 goto done; 2378 2379 ret = 1; 2380 done: 2381 PKCS8_PRIV_KEY_INFO_free(p8inf); 2382 return ret; 2383 } 2384 2385 /* Tests loading a bad key in PKCS8 format */ 2386 static int test_EVP_PKCS82PKEY_wrong_tag(void) 2387 { 2388 EVP_PKEY *pkey = NULL; 2389 EVP_PKEY *pkey2 = NULL; 2390 BIO *membio = NULL; 2391 char *membuf = NULL; 2392 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2393 int ok = 0; 2394 2395 if (testctx != NULL) 2396 /* test not supported with non-default context */ 2397 return 1; 2398 2399 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2400 || !TEST_ptr(pkey = load_example_rsa_key()) 2401 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2402 NULL, 0, NULL, NULL), 2403 0) 2404 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 2405 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 2406 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 2407 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 2408 goto done; 2409 } 2410 2411 ok = 1; 2412 done: 2413 EVP_PKEY_free(pkey); 2414 EVP_PKEY_free(pkey2); 2415 PKCS8_PRIV_KEY_INFO_free(p8inf); 2416 BIO_free_all(membio); 2417 return ok; 2418 } 2419 2420 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 2421 static int test_privatekey_to_pkcs8(void) 2422 { 2423 EVP_PKEY *pkey = NULL; 2424 BIO *membio = NULL; 2425 char *membuf = NULL; 2426 long membuf_len = 0; 2427 int ok = 0; 2428 2429 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2430 || !TEST_ptr(pkey = load_example_rsa_key()) 2431 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2432 NULL, 0, NULL, NULL), 2433 0) 2434 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 2435 || !TEST_ptr(membuf) 2436 || !TEST_mem_eq(membuf, (size_t)membuf_len, 2437 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 2438 /* 2439 * We try to write PEM as well, just to see that it doesn't err, but 2440 * assume that the result is correct. 2441 */ 2442 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 2443 NULL, 0, NULL, NULL), 2444 0)) 2445 goto done; 2446 2447 ok = 1; 2448 done: 2449 EVP_PKEY_free(pkey); 2450 BIO_free_all(membio); 2451 return ok; 2452 } 2453 2454 #ifndef OPENSSL_NO_EC 2455 static const struct { 2456 int encoding; 2457 const char *encoding_name; 2458 } ec_encodings[] = { 2459 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 2460 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 2461 }; 2462 2463 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 2464 { 2465 const OSSL_PARAM *p; 2466 const char *enc_name = NULL; 2467 int *enc = arg; 2468 size_t i; 2469 2470 *enc = -1; 2471 2472 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 2473 OSSL_PKEY_PARAM_EC_ENCODING)) 2474 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 2475 return 0; 2476 2477 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 2478 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 2479 *enc = ec_encodings[i].encoding; 2480 break; 2481 } 2482 } 2483 2484 return (*enc != -1); 2485 } 2486 2487 static int test_EC_keygen_with_enc(int idx) 2488 { 2489 EVP_PKEY *params = NULL, *key = NULL; 2490 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 2491 int enc; 2492 int ret = 0; 2493 2494 enc = ec_encodings[idx].encoding; 2495 2496 /* Create key parameters */ 2497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 2498 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 2499 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 2500 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 2501 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 2502 || !TEST_ptr(params)) 2503 goto done; 2504 2505 /* Create key */ 2506 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 2507 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2508 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 2509 || !TEST_ptr(key)) 2510 goto done; 2511 2512 /* Check that the encoding got all the way into the key */ 2513 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 2514 ec_export_get_encoding_cb, &enc)) 2515 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 2516 goto done; 2517 2518 ret = 1; 2519 done: 2520 EVP_PKEY_free(key); 2521 EVP_PKEY_free(params); 2522 EVP_PKEY_CTX_free(kctx); 2523 EVP_PKEY_CTX_free(pctx); 2524 return ret; 2525 } 2526 #endif 2527 2528 #if !defined(OPENSSL_NO_SM2) 2529 2530 static int test_EVP_SM2_verify(void) 2531 { 2532 const char *pubkey = "-----BEGIN PUBLIC KEY-----\n" 2533 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 2534 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 2535 "-----END PUBLIC KEY-----\n"; 2536 2537 const char *msg = "message digest"; 2538 const char *id = "ALICE123@YAHOO.COM"; 2539 2540 const uint8_t signature[] = { 2541 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 2542 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 2543 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 2544 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 2545 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 2546 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 2547 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 2548 }; 2549 2550 int rc = 0; 2551 BIO *bio = NULL; 2552 EVP_PKEY *pkey = NULL; 2553 EVP_MD_CTX *mctx = NULL; 2554 EVP_PKEY_CTX *pctx = NULL; 2555 EVP_MD *sm3 = NULL; 2556 2557 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 2558 if (!TEST_true(bio != NULL)) 2559 goto done; 2560 2561 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 2562 if (!TEST_true(pkey != NULL)) 2563 goto done; 2564 2565 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 2566 goto done; 2567 2568 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 2569 goto done; 2570 2571 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2572 goto done; 2573 2574 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 2575 2576 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 2577 goto done; 2578 2579 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 2580 goto done; 2581 2582 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 2583 goto done; 2584 2585 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2586 goto done; 2587 2588 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2589 goto done; 2590 rc = 1; 2591 2592 done: 2593 BIO_free(bio); 2594 EVP_PKEY_free(pkey); 2595 EVP_PKEY_CTX_free(pctx); 2596 EVP_MD_CTX_free(mctx); 2597 EVP_MD_free(sm3); 2598 return rc; 2599 } 2600 2601 static int test_EVP_SM2(void) 2602 { 2603 int ret = 0; 2604 EVP_PKEY *pkey = NULL; 2605 EVP_PKEY *pkeyparams = NULL; 2606 EVP_PKEY_CTX *pctx = NULL; 2607 EVP_PKEY_CTX *kctx = NULL; 2608 EVP_PKEY_CTX *sctx = NULL; 2609 size_t sig_len = 0; 2610 unsigned char *sig = NULL; 2611 EVP_MD_CTX *md_ctx = NULL; 2612 EVP_MD_CTX *md_ctx_verify = NULL; 2613 EVP_PKEY_CTX *cctx = NULL; 2614 EVP_MD *check_md = NULL; 2615 2616 uint8_t ciphertext[128]; 2617 size_t ctext_len = sizeof(ciphertext); 2618 size_t ctext_len_param = 0; 2619 uint8_t plaintext[8]; 2620 size_t ptext_len = sizeof(plaintext); 2621 size_t ptext_len_param = 0; 2622 2623 uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; 2624 2625 OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2626 OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2627 int i; 2628 char mdname[OSSL_MAX_NAME_SIZE]; 2629 2630 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2631 "SM2", testpropq))) 2632 goto done; 2633 2634 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2635 goto done; 2636 2637 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2638 goto done; 2639 2640 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2641 goto done; 2642 2643 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2644 pkeyparams, testpropq))) 2645 goto done; 2646 2647 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2648 goto done; 2649 2650 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2651 goto done; 2652 2653 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2654 goto done; 2655 2656 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2657 goto done; 2658 2659 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2660 goto done; 2661 2662 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2663 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2664 2665 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2666 goto done; 2667 2668 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2669 goto done; 2670 2671 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2672 goto done; 2673 2674 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2675 goto done; 2676 2677 /* Determine the size of the signature. */ 2678 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2679 goto done; 2680 2681 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2682 goto done; 2683 2684 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2685 goto done; 2686 2687 /* Ensure that the signature round-trips. */ 2688 2689 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2690 pkey))) 2691 goto done; 2692 2693 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2694 goto done; 2695 2696 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2697 goto done; 2698 2699 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2700 goto done; 2701 2702 /* 2703 * Try verify again with non-matching 0 length id but ensure that it can 2704 * be set on the context and overrides the previous value. 2705 */ 2706 2707 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2708 pkey))) 2709 goto done; 2710 2711 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2712 goto done; 2713 2714 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2715 goto done; 2716 2717 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2718 goto done; 2719 2720 /* now check encryption/decryption */ 2721 2722 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2723 mdname, sizeof(mdname)); 2724 for (i = 0; i < 2; i++) { 2725 const char *mdnames[] = { 2726 #ifndef OPENSSL_NO_SM3 2727 "SM3", 2728 #else 2729 NULL, 2730 #endif 2731 "SHA2-256" 2732 }; 2733 EVP_PKEY_CTX_free(cctx); 2734 2735 if (mdnames[i] == NULL) 2736 continue; 2737 2738 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2739 (char *)mdnames[i], 0); 2740 2741 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2742 pkey, testpropq))) 2743 goto done; 2744 2745 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2746 goto done; 2747 2748 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2749 goto done; 2750 2751 ctext_len_param = ctext_len; 2752 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len_param, kMsg, 2753 sizeof(kMsg)))) 2754 goto done; 2755 2756 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2757 goto done; 2758 2759 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2760 goto done; 2761 2762 ptext_len_param = ptext_len; 2763 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len_param, ciphertext, 2764 ctext_len_param), 2765 0)) 2766 goto done; 2767 2768 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2769 goto done; 2770 2771 /* 2772 * Test we're still using the digest we think we are. 2773 * Because of aliases, the easiest is to fetch the digest and 2774 * check the name with EVP_MD_is_a(). 2775 */ 2776 EVP_MD_free(check_md); 2777 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2778 goto done; 2779 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2780 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2781 goto done; 2782 } 2783 2784 if (!TEST_true(ptext_len_param == sizeof(kMsg))) 2785 goto done; 2786 2787 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2788 goto done; 2789 } 2790 2791 ret = 1; 2792 done: 2793 EVP_PKEY_CTX_free(pctx); 2794 EVP_PKEY_CTX_free(kctx); 2795 EVP_PKEY_CTX_free(sctx); 2796 EVP_PKEY_CTX_free(cctx); 2797 EVP_PKEY_free(pkey); 2798 EVP_PKEY_free(pkeyparams); 2799 EVP_MD_CTX_free(md_ctx); 2800 EVP_MD_CTX_free(md_ctx_verify); 2801 EVP_MD_free(check_md); 2802 OPENSSL_free(sig); 2803 return ret; 2804 } 2805 2806 #endif 2807 2808 #ifndef OPENSSL_NO_ML_KEM 2809 static const uint8_t ml_kem_seed[] = { 2810 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 2811 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, 2812 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, 2813 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 2814 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 2815 0x87, 0x2b, 0xfb, 0x8f 2816 }; 2817 static const uint8_t ml_kem_512_pubkey[] = { 2818 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 2819 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, 2820 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, 2821 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, 2822 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, 2823 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, 2824 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, 2825 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, 2826 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, 2827 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, 2828 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, 2829 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, 2830 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, 2831 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, 2832 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, 2833 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, 2834 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, 2835 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, 2836 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, 2837 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, 2838 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, 2839 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, 2840 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, 2841 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, 2842 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, 2843 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, 2844 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, 2845 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, 2846 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, 2847 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, 2848 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, 2849 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, 2850 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, 2851 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, 2852 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, 2853 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, 2854 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, 2855 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, 2856 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, 2857 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, 2858 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, 2859 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, 2860 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, 2861 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, 2862 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, 2863 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, 2864 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, 2865 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, 2866 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, 2867 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, 2868 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, 2869 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, 2870 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, 2871 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, 2872 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, 2873 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, 2874 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, 2875 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, 2876 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, 2877 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, 2878 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, 2879 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, 2880 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, 2881 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, 2882 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, 2883 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 2884 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 2885 }; 2886 static const uint8_t ml_kem_768_pubkey[] = { 2887 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 2888 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, 2889 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, 2890 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, 2891 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, 2892 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, 2893 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, 2894 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, 2895 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, 2896 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, 2897 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, 2898 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, 2899 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, 2900 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, 2901 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, 2902 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, 2903 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, 2904 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, 2905 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, 2906 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, 2907 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, 2908 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, 2909 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, 2910 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, 2911 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, 2912 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, 2913 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, 2914 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, 2915 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, 2916 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, 2917 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, 2918 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, 2919 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, 2920 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, 2921 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, 2922 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, 2923 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, 2924 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, 2925 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, 2926 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, 2927 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, 2928 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, 2929 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, 2930 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, 2931 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, 2932 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, 2933 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, 2934 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, 2935 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, 2936 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, 2937 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, 2938 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, 2939 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, 2940 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, 2941 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, 2942 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, 2943 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, 2944 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, 2945 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, 2946 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, 2947 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, 2948 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, 2949 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, 2950 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, 2951 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, 2952 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, 2953 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, 2954 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, 2955 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, 2956 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, 2957 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, 2958 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, 2959 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, 2960 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, 2961 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, 2962 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, 2963 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, 2964 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, 2965 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, 2966 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, 2967 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, 2968 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, 2969 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, 2970 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, 2971 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, 2972 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, 2973 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, 2974 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, 2975 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, 2976 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, 2977 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, 2978 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, 2979 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, 2980 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, 2981 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, 2982 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, 2983 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, 2984 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 2985 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 2986 }; 2987 static const uint8_t ml_kem_1024_pubkey[] = { 2988 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 2989 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, 2990 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, 2991 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, 2992 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, 2993 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, 2994 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, 2995 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, 2996 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, 2997 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, 2998 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, 2999 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, 3000 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, 3001 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, 3002 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, 3003 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, 3004 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, 3005 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, 3006 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, 3007 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, 3008 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, 3009 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, 3010 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, 3011 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, 3012 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, 3013 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, 3014 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, 3015 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, 3016 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, 3017 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, 3018 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, 3019 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, 3020 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, 3021 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, 3022 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, 3023 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, 3024 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, 3025 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, 3026 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, 3027 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, 3028 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, 3029 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, 3030 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, 3031 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, 3032 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, 3033 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, 3034 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, 3035 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, 3036 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, 3037 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, 3038 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, 3039 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, 3040 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, 3041 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, 3042 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, 3043 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, 3044 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, 3045 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, 3046 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, 3047 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, 3048 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, 3049 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, 3050 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, 3051 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, 3052 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, 3053 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, 3054 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, 3055 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, 3056 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, 3057 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, 3058 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, 3059 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, 3060 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, 3061 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, 3062 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, 3063 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, 3064 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, 3065 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, 3066 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, 3067 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, 3068 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, 3069 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, 3070 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, 3071 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, 3072 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, 3073 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, 3074 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, 3075 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, 3076 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, 3077 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, 3078 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, 3079 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, 3080 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, 3081 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, 3082 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, 3083 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, 3084 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, 3085 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, 3086 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, 3087 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, 3088 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, 3089 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, 3090 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, 3091 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, 3092 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, 3093 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, 3094 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, 3095 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, 3096 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, 3097 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, 3098 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, 3099 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, 3100 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, 3101 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, 3102 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, 3103 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, 3104 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, 3105 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, 3106 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, 3107 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, 3108 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, 3109 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, 3110 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, 3111 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, 3112 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, 3113 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, 3114 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, 3115 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, 3116 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, 3117 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 3118 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb 3119 }; 3120 #endif 3121 3122 static struct keys_st { 3123 int type; 3124 const uint8_t *priv; 3125 const uint8_t *pub; 3126 /* If "name" is non-NULL, create via non-legacy _ex() API */ 3127 char *name; 3128 int privlen; 3129 int publen; 3130 } keys[] = { 3131 { EVP_PKEY_HMAC, 3132 (const uint8_t *)"0123456789", 3133 NULL, 3134 NULL, 10, 0 }, 3135 { EVP_PKEY_HMAC, (const uint8_t *)"", NULL, 3136 NULL, 0, 0 3137 #ifndef OPENSSL_NO_POLY1305 3138 }, 3139 { EVP_PKEY_POLY1305, 3140 (const uint8_t *)"01234567890123456789012345678901", 3141 NULL, 3142 NULL, 32, 0 3143 #endif 3144 #ifndef OPENSSL_NO_SIPHASH 3145 }, 3146 { EVP_PKEY_SIPHASH, 3147 (const uint8_t *)"0123456789012345", 3148 NULL, 3149 NULL, 16, 0 3150 #endif 3151 }, 3152 #ifndef OPENSSL_NO_ECX 3153 { EVP_PKEY_X25519, 3154 (const uint8_t *)"01234567890123456789012345678901", 3155 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", 3156 NULL, 32, 32 }, 3157 { EVP_PKEY_ED25519, 3158 (const uint8_t *)"01234567890123456789012345678901", 3159 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", 3160 NULL, 32, 32 }, 3161 { EVP_PKEY_X448, 3162 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", 3163 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", 3164 NULL, 56, 56 }, 3165 { EVP_PKEY_ED448, 3166 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", 3167 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", 3168 NULL, 57, 57 }, 3169 #endif 3170 #ifndef OPENSSL_NO_ML_KEM 3171 { NID_undef, ml_kem_seed, ml_kem_512_pubkey, 3172 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) }, 3173 { NID_undef, ml_kem_seed, ml_kem_768_pubkey, 3174 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) }, 3175 { NID_undef, ml_kem_seed, ml_kem_1024_pubkey, 3176 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) }, 3177 #endif 3178 }; 3179 3180 #ifndef OPENSSL_NO_ML_KEM 3181 static int 3182 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, 3183 unsigned char **ret, size_t *retlen) 3184 { 3185 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3186 EVP_PKEY_CTX *ctx = NULL; 3187 EVP_PKEY *pkey = NULL; 3188 const OSSL_PARAM *p; 3189 OSSL_PARAM *params = NULL; 3190 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 3191 int ok = 0; 3192 3193 /* Import the seed to generate a key */ 3194 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); 3195 if (!TEST_ptr(ctx) 3196 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) 3197 goto done; 3198 parr[0] = OSSL_PARAM_construct_octet_string( 3199 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); 3200 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) 3201 goto done; 3202 3203 /* Export the key to get the encoded form */ 3204 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) 3205 goto done; 3206 3207 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 3208 if (!TEST_ptr(p) 3209 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) 3210 goto done; 3211 ok = 1; 3212 3213 done: 3214 EVP_PKEY_free(pkey); 3215 OSSL_PARAM_free(params); 3216 EVP_PKEY_CTX_free(ctx); 3217 return ok; 3218 } 3219 #endif 3220 3221 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 3222 { 3223 int ret = 0; 3224 uint8_t *buf = NULL; 3225 const uint8_t *in; 3226 uint8_t shortbuf[1]; 3227 size_t inlen, len = 0, shortlen = sizeof(shortbuf); 3228 EVP_PKEY *pkey = NULL; 3229 unsigned char *privalloc = NULL; 3230 const char *name; 3231 3232 /* Check if this algorithm supports public keys */ 3233 if (pub && keys[tst].pub == NULL) 3234 return 1; 3235 3236 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); 3237 3238 if (pub) { 3239 #ifndef OPENSSL_NO_EC 3240 inlen = keys[tst].publen; 3241 in = keys[tst].pub; 3242 if (uselibctx || keys[tst].name != NULL) { 3243 pkey = EVP_PKEY_new_raw_public_key_ex( 3244 testctx, 3245 name, 3246 NULL, 3247 in, 3248 inlen); 3249 } else { 3250 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 3251 NULL, 3252 in, 3253 inlen); 3254 } 3255 #else 3256 return 1; 3257 #endif 3258 } else { 3259 inlen = keys[tst].privlen; 3260 in = keys[tst].priv; 3261 #ifndef OPENSSL_NO_ML_KEM 3262 if (in == ml_kem_seed) { 3263 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, 3264 &privalloc, &inlen))) 3265 goto done; 3266 in = privalloc; 3267 } 3268 #endif 3269 if (uselibctx || keys[tst].name != NULL) { 3270 pkey = EVP_PKEY_new_raw_private_key_ex( 3271 testctx, 3272 name, 3273 NULL, 3274 in, 3275 inlen); 3276 } else { 3277 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 3278 NULL, 3279 in, 3280 inlen); 3281 } 3282 } 3283 3284 if (!TEST_ptr(pkey) 3285 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 3286 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 3287 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 3288 || !TEST_true(len == inlen)) 3289 goto done; 3290 if (tst != 1) { 3291 /* 3292 * Test that supplying a buffer that is too small fails. Doesn't apply 3293 * to HMAC with a zero length key 3294 */ 3295 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen))) 3296 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen)))) 3297 goto done; 3298 } 3299 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) 3300 goto done; 3301 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 3302 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 3303 || !TEST_mem_eq(in, inlen, buf, len)) 3304 goto done; 3305 3306 ret = 1; 3307 done: 3308 OPENSSL_free(privalloc); 3309 OPENSSL_free(buf); 3310 EVP_PKEY_free(pkey); 3311 return ret; 3312 } 3313 3314 static int test_set_get_raw_keys(int tst) 3315 { 3316 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 3317 && test_set_get_raw_keys_int(tst, 0, 1) 3318 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 3319 && test_set_get_raw_keys_int(tst, 1, 1); 3320 } 3321 3322 #ifndef OPENSSL_NO_DEPRECATED_3_0 3323 static int pkey_custom_check(EVP_PKEY *pkey) 3324 { 3325 return 0xbeef; 3326 } 3327 3328 static int pkey_custom_pub_check(EVP_PKEY *pkey) 3329 { 3330 return 0xbeef; 3331 } 3332 3333 static int pkey_custom_param_check(EVP_PKEY *pkey) 3334 { 3335 return 0xbeef; 3336 } 3337 3338 static EVP_PKEY_METHOD *custom_pmeth; 3339 #endif 3340 3341 static int test_EVP_PKEY_check(int i) 3342 { 3343 int ret = 0; 3344 EVP_PKEY *pkey = NULL; 3345 EVP_PKEY_CTX *ctx = NULL; 3346 #ifndef OPENSSL_NO_DEPRECATED_3_0 3347 EVP_PKEY_CTX *ctx2 = NULL; 3348 #endif 3349 const APK_DATA *ak = &keycheckdata[i]; 3350 const unsigned char *input = ak->kder; 3351 size_t input_len = ak->size; 3352 int expected_id = ak->evptype; 3353 int expected_check = ak->check; 3354 int expected_pub_check = ak->pub_check; 3355 int expected_param_check = ak->param_check; 3356 int type = ak->type; 3357 3358 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 3359 goto done; 3360 if (type == 0 3361 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 3362 goto done; 3363 3364 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 3365 goto done; 3366 3367 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 3368 goto done; 3369 3370 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 3371 goto done; 3372 3373 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 3374 goto done; 3375 3376 #ifndef OPENSSL_NO_DEPRECATED_3_0 3377 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 3378 /* assign the pkey directly, as an internal test */ 3379 if (!EVP_PKEY_up_ref(pkey)) 3380 goto done; 3381 3382 ctx2->pkey = pkey; 3383 3384 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 3385 goto done; 3386 3387 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 3388 goto done; 3389 3390 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 3391 goto done; 3392 #endif 3393 3394 ret = 1; 3395 3396 done: 3397 EVP_PKEY_CTX_free(ctx); 3398 #ifndef OPENSSL_NO_DEPRECATED_3_0 3399 EVP_PKEY_CTX_free(ctx2); 3400 #endif 3401 EVP_PKEY_free(pkey); 3402 return ret; 3403 } 3404 3405 #ifndef OPENSSL_NO_CMAC 3406 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 3407 { 3408 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 3409 const char msg[] = "Hello World"; 3410 size_t maclen = AES_BLOCK_SIZE; 3411 int ret = 1; 3412 3413 if (!TEST_ptr(mdctx) 3414 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 3415 testpropq, pkey, NULL)) 3416 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 3417 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 3418 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 3419 ret = 0; 3420 3421 EVP_MD_CTX_free(mdctx); 3422 3423 return ret; 3424 } 3425 static int test_CMAC_keygen(void) 3426 { 3427 static unsigned char key[] = { 3428 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3429 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3430 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 3431 }; 3432 EVP_PKEY_CTX *kctx = NULL; 3433 int ret = 0; 3434 EVP_PKEY *pkey = NULL; 3435 unsigned char mac[AES_BLOCK_SIZE]; 3436 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3437 unsigned char mac2[AES_BLOCK_SIZE]; 3438 #endif 3439 3440 if (nullprov != NULL) 3441 return TEST_skip("Test does not support a non-default library context"); 3442 3443 /* 3444 * This is a legacy method for CMACs, but should still work. 3445 * This verifies that it works without an ENGINE. 3446 */ 3447 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 3448 3449 /* Test a CMAC key created using the "generated" method */ 3450 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 3451 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3452 EVP_PKEY_CTRL_CIPHER, 3453 0, (void *)EVP_aes_256_cbc()), 3454 0) 3455 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3456 EVP_PKEY_CTRL_SET_MAC_KEY, 3457 sizeof(key), (void *)key), 3458 0) 3459 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 3460 || !TEST_ptr(pkey) 3461 || !TEST_true(get_cmac_val(pkey, mac))) 3462 goto done; 3463 3464 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3465 EVP_PKEY_free(pkey); 3466 3467 /* 3468 * Test a CMAC key using the direct method, and compare with the mac 3469 * created above. 3470 */ 3471 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); 3472 if (!TEST_ptr(pkey) 3473 || !TEST_true(get_cmac_val(pkey, mac2)) 3474 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 3475 goto done; 3476 #endif 3477 3478 ret = 1; 3479 3480 done: 3481 EVP_PKEY_free(pkey); 3482 EVP_PKEY_CTX_free(kctx); 3483 return ret; 3484 } 3485 #endif 3486 3487 static int test_HKDF(void) 3488 { 3489 EVP_PKEY_CTX *pctx; 3490 unsigned char out[20]; 3491 size_t outlen; 3492 int i, ret = 0; 3493 unsigned char salt[] = "0123456789"; 3494 unsigned char key[] = "012345678901234567890123456789"; 3495 unsigned char info[] = "infostring"; 3496 const unsigned char expected[] = { 3497 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 3498 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 3499 }; 3500 size_t expectedlen = sizeof(expected); 3501 3502 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3503 goto done; 3504 3505 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 3506 for (i = 0; i < 2; i++) { 3507 outlen = sizeof(out); 3508 memset(out, 0, outlen); 3509 3510 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3511 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3512 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3513 sizeof(salt) - 1), 3514 0) 3515 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3516 sizeof(key) - 1), 3517 0) 3518 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3519 sizeof(info) - 1), 3520 0) 3521 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3522 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3523 goto done; 3524 } 3525 3526 ret = 1; 3527 3528 done: 3529 EVP_PKEY_CTX_free(pctx); 3530 3531 return ret; 3532 } 3533 3534 static int test_emptyikm_HKDF(void) 3535 { 3536 EVP_PKEY_CTX *pctx; 3537 unsigned char out[20]; 3538 size_t outlen; 3539 int ret = 0; 3540 unsigned char salt[] = "9876543210"; 3541 unsigned char key[] = ""; 3542 unsigned char info[] = "stringinfo"; 3543 const unsigned char expected[] = { 3544 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 3545 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 3546 }; 3547 size_t expectedlen = sizeof(expected); 3548 3549 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3550 goto done; 3551 3552 outlen = sizeof(out); 3553 memset(out, 0, outlen); 3554 3555 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3556 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3557 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3558 sizeof(salt) - 1), 3559 0) 3560 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3561 sizeof(key) - 1), 3562 0) 3563 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3564 sizeof(info) - 1), 3565 0) 3566 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3567 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3568 goto done; 3569 3570 ret = 1; 3571 3572 done: 3573 EVP_PKEY_CTX_free(pctx); 3574 3575 return ret; 3576 } 3577 3578 static int test_empty_salt_info_HKDF(void) 3579 { 3580 EVP_PKEY_CTX *pctx; 3581 unsigned char out[20]; 3582 size_t outlen; 3583 int ret = 0; 3584 unsigned char salt[] = ""; 3585 unsigned char fake[] = "0123456789"; 3586 unsigned char key[] = "012345678901234567890123456789"; 3587 unsigned char info[] = ""; 3588 const unsigned char expected[] = { 3589 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 3590 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06 3591 }; 3592 size_t expectedlen = sizeof(expected); 3593 3594 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3595 goto done; 3596 3597 outlen = sizeof(out); 3598 memset(out, 0, outlen); 3599 3600 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3601 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3602 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, 3603 sizeof(fake) - 1), 3604 0) 3605 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3606 sizeof(salt) - 1), 3607 0) 3608 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3609 sizeof(key) - 1), 3610 0) 3611 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3612 sizeof(info) - 1), 3613 0) 3614 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3615 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3616 goto done; 3617 3618 ret = 1; 3619 3620 done: 3621 EVP_PKEY_CTX_free(pctx); 3622 3623 return ret; 3624 } 3625 3626 #ifndef OPENSSL_NO_EC 3627 static int test_X509_PUBKEY_inplace(void) 3628 { 3629 int ret = 0; 3630 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 3631 const unsigned char *p = kExampleECPubKeyDER; 3632 size_t input_len = sizeof(kExampleECPubKeyDER); 3633 3634 if (!TEST_ptr(xp)) 3635 goto done; 3636 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 3637 goto done; 3638 3639 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 3640 goto done; 3641 3642 p = kExampleBadECPubKeyDER; 3643 input_len = sizeof(kExampleBadECPubKeyDER); 3644 3645 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 3646 goto done; 3647 3648 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 3649 goto done; 3650 3651 ret = 1; 3652 3653 done: 3654 X509_PUBKEY_free(xp); 3655 return ret; 3656 } 3657 3658 static int test_X509_PUBKEY_dup(void) 3659 { 3660 int ret = 0; 3661 X509_PUBKEY *xp = NULL, *xq = NULL; 3662 const unsigned char *p = kExampleECPubKeyDER; 3663 size_t input_len = sizeof(kExampleECPubKeyDER); 3664 3665 xp = X509_PUBKEY_new_ex(testctx, testpropq); 3666 if (!TEST_ptr(xp) 3667 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 3668 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 3669 || !TEST_ptr_ne(xp, xq)) 3670 goto done; 3671 3672 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 3673 || !TEST_ptr(X509_PUBKEY_get0(xp)) 3674 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 3675 goto done; 3676 3677 X509_PUBKEY_free(xq); 3678 xq = NULL; 3679 p = kExampleBadECPubKeyDER; 3680 input_len = sizeof(kExampleBadECPubKeyDER); 3681 3682 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 3683 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 3684 goto done; 3685 3686 X509_PUBKEY_free(xp); 3687 xp = NULL; 3688 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 3689 goto done; 3690 3691 ret = 1; 3692 3693 done: 3694 X509_PUBKEY_free(xp); 3695 X509_PUBKEY_free(xq); 3696 return ret; 3697 } 3698 #endif /* OPENSSL_NO_EC */ 3699 3700 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 3701 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 3702 { 3703 EVP_MD_CTX *mdctx = NULL; 3704 EVP_PKEY_CTX *ctx = NULL; 3705 const OSSL_PARAM *params; 3706 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 3707 int ret = 0; 3708 const EVP_MD *md; 3709 char mdname[OSSL_MAX_NAME_SIZE]; 3710 char ssl3ms[48]; 3711 3712 /* Initialise a sign operation */ 3713 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 3714 if (!TEST_ptr(ctx) 3715 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 3716 goto err; 3717 3718 /* 3719 * We should be able to query the parameters now. 3720 */ 3721 params = EVP_PKEY_CTX_settable_params(ctx); 3722 if (!TEST_ptr(params) 3723 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3724 OSSL_SIGNATURE_PARAM_DIGEST))) 3725 goto err; 3726 3727 params = EVP_PKEY_CTX_gettable_params(ctx); 3728 if (!TEST_ptr(params) 3729 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3730 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 3731 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3732 OSSL_SIGNATURE_PARAM_DIGEST))) 3733 goto err; 3734 3735 /* 3736 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 3737 * EVP_PKEY_CTX_get_params() 3738 */ 3739 strcpy(mdname, "SHA512"); 3740 param_md = param; 3741 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3742 mdname, 0); 3743 *param++ = OSSL_PARAM_construct_end(); 3744 3745 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 3746 goto err; 3747 3748 mdname[0] = '\0'; 3749 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3750 mdname, sizeof(mdname)); 3751 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 3752 || !TEST_str_eq(mdname, "SHA512")) 3753 goto err; 3754 3755 /* 3756 * Test the TEST_PKEY_CTX_set_signature_md() and 3757 * TEST_PKEY_CTX_get_signature_md() functions 3758 */ 3759 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 3760 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 3761 || !TEST_ptr_eq(md, EVP_sha256())) 3762 goto err; 3763 3764 /* 3765 * Test getting MD parameters via an associated EVP_PKEY_CTX 3766 */ 3767 mdctx = EVP_MD_CTX_new(); 3768 if (!TEST_ptr(mdctx) 3769 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 3770 pkey, NULL))) 3771 goto err; 3772 3773 /* 3774 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 3775 * able to obtain the digest's settable parameters from the provider. 3776 */ 3777 params = EVP_MD_CTX_settable_params(mdctx); 3778 if (!TEST_ptr(params) 3779 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 3780 /* The final key should be NULL */ 3781 || !TEST_ptr_null(params[1].key)) 3782 goto err; 3783 3784 param = ourparams; 3785 memset(ssl3ms, 0, sizeof(ssl3ms)); 3786 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 3787 ssl3ms, sizeof(ssl3ms)); 3788 *param++ = OSSL_PARAM_construct_end(); 3789 3790 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 3791 goto err; 3792 3793 ret = 1; 3794 3795 err: 3796 EVP_MD_CTX_free(mdctx); 3797 EVP_PKEY_CTX_free(ctx); 3798 3799 return ret; 3800 } 3801 3802 #ifndef OPENSSL_NO_DSA 3803 static int test_DSA_get_set_params(void) 3804 { 3805 OSSL_PARAM_BLD *bld = NULL; 3806 OSSL_PARAM *params = NULL; 3807 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 3808 EVP_PKEY_CTX *pctx = NULL; 3809 EVP_PKEY *pkey = NULL; 3810 int ret = 0; 3811 3812 /* 3813 * Setup the parameters for our DSA object. For our purposes they don't 3814 * have to actually be *valid* parameters. We just need to set something. 3815 */ 3816 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 3817 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3818 || !TEST_ptr(p = BN_new()) 3819 || !TEST_ptr(q = BN_new()) 3820 || !TEST_ptr(g = BN_new()) 3821 || !TEST_ptr(pub = BN_new()) 3822 || !TEST_ptr(priv = BN_new())) 3823 goto err; 3824 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 3825 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 3826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 3827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 3828 pub)) 3829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 3830 priv))) 3831 goto err; 3832 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3833 goto err; 3834 3835 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3836 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3837 params), 3838 0)) 3839 goto err; 3840 3841 if (!TEST_ptr(pkey)) 3842 goto err; 3843 3844 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3845 3846 err: 3847 EVP_PKEY_free(pkey); 3848 EVP_PKEY_CTX_free(pctx); 3849 OSSL_PARAM_free(params); 3850 OSSL_PARAM_BLD_free(bld); 3851 BN_free(p); 3852 BN_free(q); 3853 BN_free(g); 3854 BN_free(pub); 3855 BN_free(priv); 3856 3857 return ret; 3858 } 3859 3860 /* 3861 * Test combinations of private, public, missing and private + public key 3862 * params to ensure they are all accepted 3863 */ 3864 static int test_DSA_priv_pub(void) 3865 { 3866 return test_EVP_PKEY_ffc_priv_pub("DSA"); 3867 } 3868 3869 #endif /* !OPENSSL_NO_DSA */ 3870 3871 static int test_RSA_get_set_params(void) 3872 { 3873 OSSL_PARAM_BLD *bld = NULL; 3874 OSSL_PARAM *params = NULL; 3875 BIGNUM *n = NULL, *e = NULL, *d = NULL; 3876 EVP_PKEY_CTX *pctx = NULL; 3877 EVP_PKEY *pkey = NULL; 3878 int ret = 0; 3879 3880 /* 3881 * Setup the parameters for our RSA object. For our purposes they don't 3882 * have to actually be *valid* parameters. We just need to set something. 3883 */ 3884 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 3885 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3886 || !TEST_ptr(n = BN_new()) 3887 || !TEST_ptr(e = BN_new()) 3888 || !TEST_ptr(d = BN_new())) 3889 goto err; 3890 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 3891 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 3892 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 3893 goto err; 3894 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3895 goto err; 3896 3897 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3898 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3899 params), 3900 0)) 3901 goto err; 3902 3903 if (!TEST_ptr(pkey)) 3904 goto err; 3905 3906 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3907 3908 err: 3909 EVP_PKEY_free(pkey); 3910 EVP_PKEY_CTX_free(pctx); 3911 OSSL_PARAM_free(params); 3912 OSSL_PARAM_BLD_free(bld); 3913 BN_free(n); 3914 BN_free(e); 3915 BN_free(d); 3916 3917 return ret; 3918 } 3919 3920 static int test_RSA_OAEP_set_get_params(void) 3921 { 3922 int ret = 0; 3923 EVP_PKEY *key = NULL; 3924 EVP_PKEY_CTX *key_ctx = NULL; 3925 3926 if (nullprov != NULL) 3927 return TEST_skip("Test does not support a non-default library context"); 3928 3929 if (!TEST_ptr(key = load_example_rsa_key()) 3930 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 3931 goto err; 3932 3933 { 3934 int padding = RSA_PKCS1_OAEP_PADDING; 3935 OSSL_PARAM params[4]; 3936 3937 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 3938 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3939 OSSL_DIGEST_NAME_SHA2_256, 0); 3940 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3941 OSSL_DIGEST_NAME_SHA1, 0); 3942 params[3] = OSSL_PARAM_construct_end(); 3943 3944 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0)) 3945 goto err; 3946 } 3947 { 3948 OSSL_PARAM params[3]; 3949 char oaepmd[30] = { '\0' }; 3950 char mgf1md[30] = { '\0' }; 3951 3952 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3953 oaepmd, sizeof(oaepmd)); 3954 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3955 mgf1md, sizeof(mgf1md)); 3956 params[2] = OSSL_PARAM_construct_end(); 3957 3958 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 3959 goto err; 3960 3961 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 3962 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 3963 goto err; 3964 } 3965 3966 ret = 1; 3967 3968 err: 3969 EVP_PKEY_free(key); 3970 EVP_PKEY_CTX_free(key_ctx); 3971 3972 return ret; 3973 } 3974 3975 /* https://github.com/openssl/openssl/issues/21288 */ 3976 static int test_RSA_OAEP_set_null_label(void) 3977 { 3978 int ret = 0; 3979 EVP_PKEY *key = NULL; 3980 EVP_PKEY_CTX *key_ctx = NULL; 3981 3982 if (!TEST_ptr(key = load_example_rsa_key()) 3983 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 3984 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 3985 goto err; 3986 3987 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 3988 goto err; 3989 3990 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 3991 goto err; 3992 3993 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 3994 goto err; 3995 3996 ret = 1; 3997 3998 err: 3999 EVP_PKEY_free(key); 4000 EVP_PKEY_CTX_free(key_ctx); 4001 4002 return ret; 4003 } 4004 4005 static int test_RSA_verify_recover_rejects_short_buffer(void) 4006 { 4007 int ret = 0; 4008 int recovered_cap = 0; 4009 EVP_PKEY *pkey = NULL; 4010 EVP_PKEY_CTX *sign_ctx = NULL, *verify_ctx = NULL; 4011 unsigned char *sig = NULL, *recovered = NULL; 4012 size_t sig_len = 0, recovered_len = 0; 4013 unsigned long err = 0; 4014 unsigned char shortbuf[] = { 0xa5, 0x5a }; 4015 const unsigned char shortbuf_expected[] = { 0xa5, 0x5a }; 4016 unsigned char digest[32]; 4017 size_t i; 4018 4019 for (i = 0; i < sizeof(digest); i++) 4020 digest[i] = (unsigned char)i; 4021 4022 if (OSSL_PROVIDER_available(testctx, "fips")) 4023 return TEST_skip("Test skipped for FIPS provider"); 4024 4025 if (!TEST_ptr(pkey = load_example_rsa_key()) 4026 || !TEST_ptr(sign_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) 4027 || !TEST_int_gt(EVP_PKEY_sign_init(sign_ctx), 0) 4028 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(sign_ctx, 4029 RSA_PKCS1_PADDING), 4030 0) 4031 || !TEST_int_gt(EVP_PKEY_CTX_set_signature_md(sign_ctx, EVP_sha256()), 4032 0) 4033 || !TEST_int_gt(EVP_PKEY_sign(sign_ctx, NULL, &sig_len, digest, 4034 sizeof(digest)), 4035 0) 4036 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 4037 || !TEST_int_gt(EVP_PKEY_sign(sign_ctx, sig, &sig_len, digest, 4038 sizeof(digest)), 4039 0) 4040 || !TEST_int_gt(recovered_cap = EVP_PKEY_get_size(pkey), 0) 4041 || !TEST_ptr(recovered = OPENSSL_malloc(recovered_cap)) 4042 || !TEST_ptr(verify_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, 4043 NULL)) 4044 || !TEST_int_gt(EVP_PKEY_verify_recover_init(verify_ctx), 0) 4045 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(verify_ctx, 4046 RSA_PKCS1_PADDING), 4047 0) 4048 || !TEST_int_gt(EVP_PKEY_CTX_set_signature_md(verify_ctx, EVP_sha256()), 4049 0)) 4050 goto done; 4051 4052 recovered_len = (size_t)recovered_cap; 4053 if (!TEST_int_gt(EVP_PKEY_verify_recover(verify_ctx, recovered, 4054 &recovered_len, sig, sig_len), 4055 0) 4056 || !TEST_size_t_eq(recovered_len, sizeof(digest)) 4057 || !TEST_mem_eq(recovered, recovered_len, digest, sizeof(digest))) 4058 goto done; 4059 4060 ERR_clear_error(); 4061 recovered_len = 1; 4062 if (!TEST_int_le(EVP_PKEY_verify_recover(verify_ctx, shortbuf, 4063 &recovered_len, sig, sig_len), 4064 0)) 4065 goto done; 4066 4067 err = ERR_peek_error(); 4068 if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_PROV) 4069 || !TEST_int_eq(ERR_GET_REASON(err), PROV_R_OUTPUT_BUFFER_TOO_SMALL) 4070 || !TEST_mem_eq(shortbuf, sizeof(shortbuf), shortbuf_expected, 4071 sizeof(shortbuf_expected))) 4072 goto done; 4073 4074 ret = 1; 4075 done: 4076 EVP_PKEY_CTX_free(sign_ctx); 4077 EVP_PKEY_CTX_free(verify_ctx); 4078 EVP_PKEY_free(pkey); 4079 OPENSSL_free(sig); 4080 OPENSSL_free(recovered); 4081 return ret; 4082 } 4083 4084 static int test_RSA_encrypt(void) 4085 { 4086 int ret = 0; 4087 EVP_PKEY *pkey = NULL; 4088 EVP_PKEY_CTX *pctx = NULL; 4089 unsigned char *cbuf = NULL, *pbuf = NULL; 4090 size_t clen = 0, plen = 0; 4091 4092 if (!TEST_ptr(pkey = load_example_rsa_key()) 4093 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, 4094 pkey, testpropq)) 4095 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) 4096 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) 4097 || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) 4098 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) 4099 goto done; 4100 4101 /* Require failure when the output buffer is too small */ 4102 plen = clen - 1; 4103 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) 4104 goto done; 4105 /* flush error stack */ 4106 TEST_openssl_errors(); 4107 4108 /* Check decryption of encrypted result */ 4109 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) 4110 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 4111 || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) 4112 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 4113 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) 4114 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) 4115 goto done; 4116 4117 ret = 1; 4118 done: 4119 EVP_PKEY_CTX_free(pctx); 4120 EVP_PKEY_free(pkey); 4121 OPENSSL_free(cbuf); 4122 OPENSSL_free(pbuf); 4123 return ret; 4124 } 4125 4126 #ifndef OPENSSL_NO_DEPRECATED_3_0 4127 static int test_RSA_legacy(void) 4128 { 4129 int ret = 0; 4130 BIGNUM *p = NULL; 4131 BIGNUM *q = NULL; 4132 BIGNUM *n = NULL; 4133 BIGNUM *e = NULL; 4134 BIGNUM *d = NULL; 4135 const EVP_MD *md = EVP_sha256(); 4136 EVP_MD_CTX *ctx = NULL; 4137 EVP_PKEY *pkey = NULL; 4138 RSA *rsa = NULL; 4139 4140 if (nullprov != NULL) 4141 return TEST_skip("Test does not support a non-default library context"); 4142 4143 if (!TEST_ptr(p = BN_dup(BN_value_one())) 4144 || !TEST_ptr(q = BN_dup(BN_value_one())) 4145 || !TEST_ptr(n = BN_dup(BN_value_one())) 4146 || !TEST_ptr(e = BN_dup(BN_value_one())) 4147 || !TEST_ptr(d = BN_dup(BN_value_one()))) 4148 goto err; 4149 4150 if (!TEST_ptr(rsa = RSA_new()) 4151 || !TEST_ptr(pkey = EVP_PKEY_new()) 4152 || !TEST_ptr(ctx = EVP_MD_CTX_new())) 4153 goto err; 4154 4155 if (!TEST_true(RSA_set0_factors(rsa, p, q))) 4156 goto err; 4157 p = NULL; 4158 q = NULL; 4159 4160 if (!TEST_true(RSA_set0_key(rsa, n, e, d))) 4161 goto err; 4162 n = NULL; 4163 e = NULL; 4164 d = NULL; 4165 4166 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) 4167 goto err; 4168 4169 rsa = NULL; 4170 4171 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 4172 goto err; 4173 4174 ret = 1; 4175 4176 err: 4177 RSA_free(rsa); 4178 EVP_MD_CTX_free(ctx); 4179 EVP_PKEY_free(pkey); 4180 BN_free(p); 4181 BN_free(q); 4182 BN_free(n); 4183 BN_free(e); 4184 BN_free(d); 4185 4186 return ret; 4187 } 4188 #endif 4189 4190 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4191 static int test_decrypt_null_chunks(void) 4192 { 4193 EVP_CIPHER_CTX *ctx = NULL; 4194 EVP_CIPHER *cipher = NULL; 4195 const unsigned char key[32] = { 4196 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4197 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4198 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 4199 }; 4200 unsigned char iv[12] = { 4201 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 4202 }; 4203 unsigned char msg[] = "It was the best of times, it was the worst of times"; 4204 unsigned char ciphertext[80]; 4205 unsigned char plaintext[80]; 4206 /* We initialise tmp to a non zero value on purpose */ 4207 int ctlen, ptlen, tmp = 99; 4208 int ret = 0; 4209 const int enc_offset = 10, dec_offset = 20; 4210 4211 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 4212 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4213 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 4214 key, iv)) 4215 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 4216 enc_offset)) 4217 /* Deliberate add a zero length update */ 4218 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 4219 0)) 4220 || !TEST_int_eq(tmp, 0) 4221 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 4222 msg + enc_offset, 4223 sizeof(msg) - enc_offset)) 4224 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 4225 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 4226 || !TEST_int_eq(tmp, 0)) 4227 goto err; 4228 4229 /* Deliberately initialise tmp to a non zero value */ 4230 tmp = 99; 4231 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 4232 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 4233 dec_offset)) 4234 /* 4235 * Deliberately add a zero length update. We also deliberately do 4236 * this at a different offset than for encryption. 4237 */ 4238 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 4239 0)) 4240 || !TEST_int_eq(tmp, 0) 4241 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 4242 ciphertext + dec_offset, 4243 ctlen - dec_offset)) 4244 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 4245 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 4246 || !TEST_int_eq(tmp, 0) 4247 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 4248 goto err; 4249 4250 ret = 1; 4251 err: 4252 EVP_CIPHER_CTX_free(ctx); 4253 EVP_CIPHER_free(cipher); 4254 return ret; 4255 } 4256 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 4257 4258 #ifndef OPENSSL_NO_DH 4259 /* 4260 * Test combinations of private, public, missing and private + public key 4261 * params to ensure they are all accepted 4262 */ 4263 static int test_DH_priv_pub(void) 4264 { 4265 return test_EVP_PKEY_ffc_priv_pub("DH"); 4266 } 4267 4268 #ifndef OPENSSL_NO_DEPRECATED_3_0 4269 static int test_EVP_PKEY_set1_DH(void) 4270 { 4271 DH *x942dh = NULL, *noqdh = NULL; 4272 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 4273 int ret = 0; 4274 BIGNUM *p, *g = NULL; 4275 BIGNUM *pubkey = NULL; 4276 unsigned char pub[2048 / 8]; 4277 size_t len = 0; 4278 4279 if (!TEST_ptr(p = BN_new()) 4280 || !TEST_ptr(g = BN_new()) 4281 || !TEST_ptr(pubkey = BN_new()) 4282 || !TEST_true(BN_set_word(p, 9999)) 4283 || !TEST_true(BN_set_word(g, 2)) 4284 || !TEST_true(BN_set_word(pubkey, 4321)) 4285 || !TEST_ptr(noqdh = DH_new()) 4286 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 4287 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 4288 || !TEST_ptr(pubkey = BN_new()) 4289 || !TEST_true(BN_set_word(pubkey, 4321))) 4290 goto err; 4291 p = g = NULL; 4292 4293 x942dh = DH_get_2048_256(); 4294 pkey1 = EVP_PKEY_new(); 4295 pkey2 = EVP_PKEY_new(); 4296 if (!TEST_ptr(x942dh) 4297 || !TEST_ptr(noqdh) 4298 || !TEST_ptr(pkey1) 4299 || !TEST_ptr(pkey2) 4300 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 4301 goto err; 4302 pubkey = NULL; 4303 4304 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 4305 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 4306 goto err; 4307 4308 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 4309 &pubkey)) 4310 || !TEST_ptr(pubkey)) 4311 goto err; 4312 4313 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 4314 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 4315 goto err; 4316 4317 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 4318 OSSL_PKEY_PARAM_PUB_KEY, 4319 pub, sizeof(pub), &len)) 4320 || !TEST_size_t_ne(len, 0)) 4321 goto err; 4322 4323 ret = 1; 4324 err: 4325 BN_free(p); 4326 BN_free(g); 4327 BN_free(pubkey); 4328 EVP_PKEY_free(pkey1); 4329 EVP_PKEY_free(pkey2); 4330 DH_free(x942dh); 4331 DH_free(noqdh); 4332 4333 return ret; 4334 } 4335 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 4336 #endif /* !OPENSSL_NO_DH */ 4337 4338 /* 4339 * We test what happens with an empty template. For the sake of this test, 4340 * the template must be ignored, and we know that's the case for RSA keys 4341 * (this might arguably be a misfeature, but that's what we currently do, 4342 * even in provider code, since that's how the legacy RSA implementation 4343 * does things) 4344 */ 4345 static int test_keygen_with_empty_template(int n) 4346 { 4347 EVP_PKEY_CTX *ctx = NULL; 4348 EVP_PKEY *pkey = NULL; 4349 EVP_PKEY *tkey = NULL; 4350 int ret = 0; 4351 4352 if (nullprov != NULL) 4353 return TEST_skip("Test does not support a non-default library context"); 4354 4355 switch (n) { 4356 case 0: 4357 /* We do test with no template at all as well */ 4358 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 4359 goto err; 4360 break; 4361 case 1: 4362 /* Here we create an empty RSA key that serves as our template */ 4363 if (!TEST_ptr(tkey = EVP_PKEY_new()) 4364 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 4365 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 4366 goto err; 4367 break; 4368 } 4369 4370 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4371 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 4372 goto err; 4373 4374 ret = 1; 4375 err: 4376 EVP_PKEY_CTX_free(ctx); 4377 EVP_PKEY_free(pkey); 4378 EVP_PKEY_free(tkey); 4379 return ret; 4380 } 4381 4382 /* 4383 * Test that we fail if we attempt to use an algorithm that is not available 4384 * in the current library context (unless we are using an algorithm that 4385 * should be made available via legacy codepaths). 4386 * 4387 * 0: RSA 4388 * 1: SM2 4389 */ 4390 static int test_pkey_ctx_fail_without_provider(int tst) 4391 { 4392 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 4393 OSSL_PROVIDER *tmpnullprov = NULL; 4394 EVP_PKEY_CTX *pctx = NULL; 4395 const char *keytype = NULL; 4396 int expect_null = 0; 4397 int ret = 0; 4398 4399 if (!TEST_ptr(tmpctx)) 4400 goto err; 4401 4402 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 4403 if (!TEST_ptr(tmpnullprov)) 4404 goto err; 4405 4406 /* 4407 * We check for certain algos in the null provider. 4408 * If an algo is expected to have a provider keymgmt, constructing an 4409 * EVP_PKEY_CTX is expected to fail (return NULL). 4410 * Otherwise, if it's expected to have legacy support, constructing an 4411 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 4412 */ 4413 switch (tst) { 4414 case 0: 4415 keytype = "RSA"; 4416 expect_null = 1; 4417 break; 4418 case 1: 4419 keytype = "SM2"; 4420 expect_null = 1; 4421 #ifdef OPENSSL_NO_EC 4422 TEST_info("EC disable, skipping SM2 check..."); 4423 goto end; 4424 #endif 4425 #ifdef OPENSSL_NO_SM2 4426 TEST_info("SM2 disable, skipping SM2 check..."); 4427 goto end; 4428 #endif 4429 break; 4430 default: 4431 TEST_error("No test for case %d", tst); 4432 goto err; 4433 } 4434 4435 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 4436 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 4437 goto err; 4438 4439 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 4440 end: 4441 #endif 4442 ret = 1; 4443 4444 err: 4445 EVP_PKEY_CTX_free(pctx); 4446 OSSL_PROVIDER_unload(tmpnullprov); 4447 OSSL_LIB_CTX_free(tmpctx); 4448 return ret; 4449 } 4450 4451 static int test_rand_agglomeration(void) 4452 { 4453 EVP_RAND *rand; 4454 EVP_RAND_CTX *ctx; 4455 OSSL_PARAM params[3], *p = params; 4456 int res; 4457 unsigned int step = 7; 4458 static unsigned char seed[] = "It does not matter how slowly you go " 4459 "as long as you do not stop."; 4460 unsigned char out[sizeof(seed)]; 4461 4462 if (!TEST_int_ne(sizeof(seed) % step, 0) 4463 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 4464 return 0; 4465 ctx = EVP_RAND_CTX_new(rand, NULL); 4466 EVP_RAND_free(rand); 4467 if (!TEST_ptr(ctx)) 4468 return 0; 4469 4470 memset(out, 0, sizeof(out)); 4471 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 4472 seed, sizeof(seed)); 4473 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 4474 *p = OSSL_PARAM_construct_end(); 4475 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 4476 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 4477 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 4478 EVP_RAND_CTX_free(ctx); 4479 return res; 4480 } 4481 4482 /* 4483 * Test that we correctly return the original or "running" IV after 4484 * an encryption operation. 4485 * Run multiple times for some different relevant algorithms/modes. 4486 */ 4487 static int test_evp_iv_aes(int idx) 4488 { 4489 int ret = 0; 4490 EVP_CIPHER_CTX *ctx = NULL; 4491 unsigned char key[16] = { 4492 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 4493 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 4494 }; 4495 unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 4496 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4497 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4498 }; 4499 static const unsigned char msg[] = { 4500 1, 2, 3, 4, 5, 6, 7, 8, 4501 9, 10, 11, 12, 13, 14, 15, 16 4502 }; 4503 unsigned char ciphertext[32], oiv[16], iv[16]; 4504 unsigned char *ref_iv; 4505 unsigned char cbc_state[16] = { 4506 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 4507 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e 4508 }; 4509 4510 unsigned char ofb_state[16] = { 4511 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 4512 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd 4513 }; 4514 unsigned char cfb_state[16] = { 4515 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 4516 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed 4517 }; 4518 unsigned char gcm_state[12] = { 4519 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4520 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4521 }; 4522 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; 4523 #ifndef OPENSSL_NO_OCB 4524 unsigned char ocb_state[12] = { 4525 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4526 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4527 }; 4528 #endif 4529 int len = sizeof(ciphertext); 4530 size_t ivlen, ref_len; 4531 const EVP_CIPHER *type = NULL; 4532 int iv_reset = 0; 4533 4534 if (nullprov != NULL && idx < 6) 4535 return TEST_skip("Test does not support a non-default library context"); 4536 4537 switch (idx) { 4538 case 0: 4539 type = EVP_aes_128_cbc(); 4540 /* FALLTHROUGH */ 4541 case 6: 4542 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 4543 ref_iv = cbc_state; 4544 ref_len = sizeof(cbc_state); 4545 iv_reset = 1; 4546 break; 4547 case 1: 4548 type = EVP_aes_128_ofb(); 4549 /* FALLTHROUGH */ 4550 case 7: 4551 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 4552 ref_iv = ofb_state; 4553 ref_len = sizeof(ofb_state); 4554 iv_reset = 1; 4555 break; 4556 case 2: 4557 type = EVP_aes_128_cfb(); 4558 /* FALLTHROUGH */ 4559 case 8: 4560 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 4561 ref_iv = cfb_state; 4562 ref_len = sizeof(cfb_state); 4563 iv_reset = 1; 4564 break; 4565 case 3: 4566 type = EVP_aes_128_gcm(); 4567 /* FALLTHROUGH */ 4568 case 9: 4569 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 4570 ref_iv = gcm_state; 4571 ref_len = sizeof(gcm_state); 4572 break; 4573 case 4: 4574 type = EVP_aes_128_ccm(); 4575 /* FALLTHROUGH */ 4576 case 10: 4577 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 4578 ref_iv = ccm_state; 4579 ref_len = sizeof(ccm_state); 4580 break; 4581 #ifdef OPENSSL_NO_OCB 4582 case 5: 4583 case 11: 4584 return 1; 4585 #else 4586 case 5: 4587 type = EVP_aes_128_ocb(); 4588 /* FALLTHROUGH */ 4589 case 11: 4590 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 4591 ref_iv = ocb_state; 4592 ref_len = sizeof(ocb_state); 4593 break; 4594 #endif 4595 default: 4596 return 0; 4597 } 4598 4599 if (!TEST_ptr(type) 4600 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4601 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4602 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4603 (int)sizeof(msg))) 4604 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4605 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4606 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4607 goto err; 4608 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4609 4610 if (!TEST_int_gt(ivlen, 0)) 4611 goto err; 4612 4613 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4614 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4615 goto err; 4616 4617 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 4618 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4619 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4620 goto err; 4621 if (iv_reset) { 4622 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4623 goto err; 4624 } else { 4625 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 4626 goto err; 4627 } 4628 4629 ret = 1; 4630 err: 4631 EVP_CIPHER_CTX_free(ctx); 4632 if (idx >= 6) 4633 EVP_CIPHER_free((EVP_CIPHER *)type); 4634 return ret; 4635 } 4636 4637 #ifndef OPENSSL_NO_DES 4638 static int test_evp_iv_des(int idx) 4639 { 4640 int ret = 0; 4641 EVP_CIPHER_CTX *ctx = NULL; 4642 static const unsigned char key[24] = { 4643 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 4644 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 4645 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4646 }; 4647 static const unsigned char init_iv[8] = { 4648 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4649 }; 4650 static const unsigned char msg[] = { 4651 1, 2, 3, 4, 5, 6, 7, 8, 4652 9, 10, 11, 12, 13, 14, 15, 16 4653 }; 4654 unsigned char ciphertext[32], oiv[8], iv[8]; 4655 unsigned const char *ref_iv; 4656 static const unsigned char cbc_state_des[8] = { 4657 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 4658 }; 4659 static const unsigned char cbc_state_3des[8] = { 4660 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 4661 }; 4662 static const unsigned char ofb_state_des[8] = { 4663 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 4664 }; 4665 static const unsigned char ofb_state_3des[8] = { 4666 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 4667 }; 4668 static const unsigned char cfb_state_des[8] = { 4669 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 4670 }; 4671 static const unsigned char cfb_state_3des[8] = { 4672 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 4673 }; 4674 int len = sizeof(ciphertext); 4675 size_t ivlen, ref_len; 4676 EVP_CIPHER *type = NULL; 4677 4678 if (lgcyprov == NULL && idx < 3) 4679 return TEST_skip("Test requires legacy provider to be loaded"); 4680 4681 switch (idx) { 4682 case 0: 4683 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 4684 ref_iv = cbc_state_des; 4685 ref_len = sizeof(cbc_state_des); 4686 break; 4687 case 1: 4688 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 4689 ref_iv = ofb_state_des; 4690 ref_len = sizeof(ofb_state_des); 4691 break; 4692 case 2: 4693 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 4694 ref_iv = cfb_state_des; 4695 ref_len = sizeof(cfb_state_des); 4696 break; 4697 case 3: 4698 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 4699 ref_iv = cbc_state_3des; 4700 ref_len = sizeof(cbc_state_3des); 4701 break; 4702 case 4: 4703 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 4704 ref_iv = ofb_state_3des; 4705 ref_len = sizeof(ofb_state_3des); 4706 break; 4707 case 5: 4708 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 4709 ref_iv = cfb_state_3des; 4710 ref_len = sizeof(cfb_state_3des); 4711 break; 4712 default: 4713 return 0; 4714 } 4715 4716 if (!TEST_ptr(type) 4717 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4718 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4719 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4720 (int)sizeof(msg))) 4721 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4722 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4723 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4724 goto err; 4725 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4726 4727 if (!TEST_int_gt(ivlen, 0)) 4728 goto err; 4729 4730 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4731 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4732 goto err; 4733 4734 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4735 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4736 goto err; 4737 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4738 goto err; 4739 4740 ret = 1; 4741 err: 4742 EVP_CIPHER_CTX_free(ctx); 4743 EVP_CIPHER_free(type); 4744 return ret; 4745 } 4746 #endif 4747 4748 #ifndef OPENSSL_NO_BF 4749 static int test_evp_bf_default_keylen(int idx) 4750 { 4751 int ret = 0; 4752 static const char *algos[4] = { 4753 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 4754 }; 4755 int ivlen[4] = { 0, 8, 8, 8 }; 4756 EVP_CIPHER *cipher = NULL; 4757 4758 if (lgcyprov == NULL) 4759 return TEST_skip("Test requires legacy provider to be loaded"); 4760 4761 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 4762 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 4763 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 4764 goto err; 4765 4766 ret = 1; 4767 err: 4768 EVP_CIPHER_free(cipher); 4769 return ret; 4770 } 4771 #endif 4772 4773 #ifndef OPENSSL_NO_EC 4774 static int ecpub_nids[] = { 4775 NID_brainpoolP256r1, NID_X9_62_prime256v1, 4776 NID_secp384r1, NID_secp521r1, 4777 #ifndef OPENSSL_NO_EC2M 4778 NID_sect233k1, NID_sect233r1, NID_sect283r1, 4779 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 4780 #endif 4781 NID_brainpoolP384r1, NID_brainpoolP512r1 4782 }; 4783 4784 static int test_ecpub(int idx) 4785 { 4786 int ret = 0, len, savelen; 4787 int nid; 4788 unsigned char buf[1024]; 4789 unsigned char *p; 4790 EVP_PKEY *pkey = NULL; 4791 EVP_PKEY_CTX *ctx = NULL; 4792 #ifndef OPENSSL_NO_DEPRECATED_3_0 4793 const unsigned char *q; 4794 EVP_PKEY *pkey2 = NULL; 4795 EC_KEY *ec = NULL; 4796 #endif 4797 4798 if (nullprov != NULL) 4799 return TEST_skip("Test does not support a non-default library context"); 4800 4801 nid = ecpub_nids[idx]; 4802 4803 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 4804 if (!TEST_ptr(ctx) 4805 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4806 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 4807 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 4808 goto done; 4809 len = i2d_PublicKey(pkey, NULL); 4810 savelen = len; 4811 if (!TEST_int_ge(len, 1) 4812 || !TEST_int_lt(len, 1024)) 4813 goto done; 4814 p = buf; 4815 len = i2d_PublicKey(pkey, &p); 4816 if (!TEST_int_ge(len, 1) 4817 || !TEST_int_eq(len, savelen)) 4818 goto done; 4819 4820 #ifndef OPENSSL_NO_DEPRECATED_3_0 4821 /* Now try to decode the just-created DER. */ 4822 q = buf; 4823 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 4824 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 4825 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 4826 goto done; 4827 /* EC_KEY ownership transferred */ 4828 ec = NULL; 4829 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 4830 goto done; 4831 /* The keys should match. */ 4832 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 4833 goto done; 4834 #endif 4835 4836 ret = 1; 4837 4838 done: 4839 EVP_PKEY_CTX_free(ctx); 4840 EVP_PKEY_free(pkey); 4841 #ifndef OPENSSL_NO_DEPRECATED_3_0 4842 EVP_PKEY_free(pkey2); 4843 EC_KEY_free(ec); 4844 #endif 4845 return ret; 4846 } 4847 #endif 4848 4849 static int test_EVP_rsa_pss_with_keygen_bits(void) 4850 { 4851 int ret = 0; 4852 EVP_PKEY_CTX *ctx = NULL; 4853 EVP_PKEY *pkey = NULL; 4854 EVP_MD *md; 4855 4856 md = EVP_MD_fetch(testctx, "sha256", testpropq); 4857 ret = TEST_ptr(md) 4858 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 4859 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4860 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 4861 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 4862 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 4863 4864 EVP_MD_free(md); 4865 EVP_PKEY_free(pkey); 4866 EVP_PKEY_CTX_free(ctx); 4867 return ret; 4868 } 4869 4870 static int test_EVP_rsa_pss_set_saltlen(void) 4871 { 4872 int ret = 0; 4873 EVP_PKEY *pkey = NULL; 4874 EVP_PKEY_CTX *pkey_ctx = NULL; 4875 EVP_MD *sha256 = NULL; 4876 EVP_MD_CTX *sha256_ctx = NULL; 4877 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 4878 const int test_value = 32; 4879 4880 ret = TEST_ptr(pkey = load_example_rsa_key()) 4881 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 4882 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 4883 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 4884 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 4885 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 4886 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 4887 && TEST_int_eq(saltlen, test_value); 4888 4889 EVP_MD_CTX_free(sha256_ctx); 4890 EVP_PKEY_free(pkey); 4891 EVP_MD_free(sha256); 4892 4893 return ret; 4894 } 4895 4896 static int test_EVP_rsa_invalid_key(void) 4897 { 4898 int ret = 0; 4899 EVP_PKEY *pkey = NULL; 4900 4901 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); 4902 /* we expect to fail to load bogus key */ 4903 ret = !TEST_ptr(pkey); 4904 EVP_PKEY_free(pkey); 4905 4906 return ret; 4907 } 4908 4909 static int success = 1; 4910 static void md_names(const char *name, void *vctx) 4911 { 4912 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 4913 /* Force a namemap update */ 4914 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 4915 4916 if (!TEST_ptr(aes128)) 4917 success = 0; 4918 4919 EVP_CIPHER_free(aes128); 4920 } 4921 4922 /* 4923 * Test that changing the namemap in a user callback works in a names_do_all 4924 * function. 4925 */ 4926 static int test_names_do_all(void) 4927 { 4928 /* We use a custom libctx so that we know the state of the namemap */ 4929 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 4930 EVP_MD *sha256 = NULL; 4931 int testresult = 0; 4932 4933 if (!TEST_ptr(ctx)) 4934 goto err; 4935 4936 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 4937 if (!TEST_ptr(sha256)) 4938 goto err; 4939 4940 /* 4941 * We loop through all the names for a given digest. This should still work 4942 * even if the namemap changes part way through. 4943 */ 4944 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 4945 goto err; 4946 4947 if (!TEST_true(success)) 4948 goto err; 4949 4950 testresult = 1; 4951 err: 4952 EVP_MD_free(sha256); 4953 OSSL_LIB_CTX_free(ctx); 4954 return testresult; 4955 } 4956 4957 typedef struct { 4958 const char *cipher; 4959 const unsigned char *key; 4960 const unsigned char *iv; 4961 const unsigned char *input; 4962 const unsigned char *expected; 4963 const unsigned char *tag; 4964 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 4965 size_t inlen; 4966 size_t expectedlen; 4967 size_t taglen; 4968 int keyfirst; 4969 int initenc; 4970 int finalenc; 4971 } EVP_INIT_TEST_st; 4972 4973 static const EVP_INIT_TEST_st evp_init_tests[] = { 4974 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4975 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4976 0, 1, 0, 1 }, 4977 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4978 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4979 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4980 sizeof(gcmDefaultTag), 1, 0, 1 }, 4981 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4982 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4983 0, 0, 0, 1 }, 4984 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4985 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4986 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4987 sizeof(gcmDefaultTag), 0, 0, 1 }, 4988 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4989 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4990 0, 1, 1, 0 }, 4991 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4992 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4993 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4994 sizeof(gcmDefaultTag), 1, 1, 0 }, 4995 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4996 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4997 0, 0, 1, 0 }, 4998 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4999 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 5000 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 5001 sizeof(gcmDefaultTag), 0, 1, 0 } 5002 }; 5003 5004 /* use same key, iv and plaintext for cfb and ofb */ 5005 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 5006 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 5007 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 5008 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 }, 5009 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 5010 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 5011 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 5012 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 5013 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 5014 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 }, 5015 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 5016 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 5017 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 5018 }; 5019 5020 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 5021 { 5022 int res = 0; 5023 5024 if (t->ivlen != 0) { 5025 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 5026 goto err; 5027 } 5028 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 5029 goto err; 5030 res = 1; 5031 err: 5032 return res; 5033 } 5034 5035 /* 5036 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 5037 * arguments are given one at a time and a final adjustment to the enc 5038 * parameter sets the correct operation. 5039 */ 5040 static int test_evp_init_seq(int idx) 5041 { 5042 int outlen1, outlen2; 5043 int testresult = 0; 5044 unsigned char outbuf[1024]; 5045 unsigned char tag[16]; 5046 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 5047 EVP_CIPHER_CTX *ctx = NULL; 5048 EVP_CIPHER *type = NULL; 5049 size_t taglen = sizeof(tag); 5050 char *errmsg = NULL; 5051 5052 ctx = EVP_CIPHER_CTX_new(); 5053 if (ctx == NULL) { 5054 errmsg = "CTX_ALLOC"; 5055 goto err; 5056 } 5057 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 5058 errmsg = "CIPHER_FETCH"; 5059 goto err; 5060 } 5061 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 5062 errmsg = "EMPTY_ENC_INIT"; 5063 goto err; 5064 } 5065 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5066 errmsg = "PADDING"; 5067 goto err; 5068 } 5069 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 5070 errmsg = "KEY_INIT (before iv)"; 5071 goto err; 5072 } 5073 if (!evp_init_seq_set_iv(ctx, t)) { 5074 errmsg = "IV_INIT"; 5075 goto err; 5076 } 5077 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 5078 errmsg = "KEY_INIT (after iv)"; 5079 goto err; 5080 } 5081 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 5082 errmsg = "FINAL_ENC_INIT"; 5083 goto err; 5084 } 5085 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5086 errmsg = "CIPHER_UPDATE"; 5087 goto err; 5088 } 5089 if (t->finalenc == 0 && t->tag != NULL) { 5090 /* Set expected tag */ 5091 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 5092 t->taglen, (void *)t->tag), 5093 0)) { 5094 errmsg = "SET_TAG"; 5095 goto err; 5096 } 5097 } 5098 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5099 errmsg = "CIPHER_FINAL"; 5100 goto err; 5101 } 5102 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5103 errmsg = "WRONG_RESULT"; 5104 goto err; 5105 } 5106 if (t->finalenc != 0 && t->tag != NULL) { 5107 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5108 errmsg = "GET_TAG"; 5109 goto err; 5110 } 5111 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 5112 errmsg = "TAG_ERROR"; 5113 goto err; 5114 } 5115 } 5116 testresult = 1; 5117 err: 5118 if (errmsg != NULL) 5119 TEST_info("evp_init_test %d: %s", idx, errmsg); 5120 EVP_CIPHER_CTX_free(ctx); 5121 EVP_CIPHER_free(type); 5122 return testresult; 5123 } 5124 5125 /* 5126 * Test re-initialization of cipher context without changing key or iv. 5127 * The result of both iteration should be the same. 5128 */ 5129 static int test_evp_reinit_seq(int idx) 5130 { 5131 int outlen1, outlen2, outlen_final; 5132 int testresult = 0; 5133 unsigned char outbuf1[1024]; 5134 unsigned char outbuf2[1024]; 5135 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 5136 EVP_CIPHER_CTX *ctx = NULL; 5137 EVP_CIPHER *type = NULL; 5138 5139 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5140 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 5141 /* setup cipher context */ 5142 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 5143 /* first iteration */ 5144 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 5145 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 5146 /* check test results iteration 1 */ 5147 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 5148 /* now re-init the context (same cipher, key and iv) */ 5149 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 5150 /* second iteration */ 5151 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 5152 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 5153 /* check test results iteration 2 */ 5154 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 5155 goto err; 5156 testresult = 1; 5157 err: 5158 EVP_CIPHER_CTX_free(ctx); 5159 EVP_CIPHER_free(type); 5160 return testresult; 5161 } 5162 5163 typedef struct { 5164 const unsigned char *input; 5165 const unsigned char *expected; 5166 size_t inlen; 5167 size_t expectedlen; 5168 int enc; 5169 } EVP_RESET_TEST_st; 5170 5171 static const EVP_RESET_TEST_st evp_reset_tests[] = { 5172 { cfbPlaintext, cfbCiphertext, 5173 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 }, 5174 { cfbCiphertext, cfbPlaintext, 5175 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 } 5176 }; 5177 5178 /* 5179 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 5180 * been used. 5181 */ 5182 static int test_evp_reset(int idx) 5183 { 5184 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 5185 int outlen1, outlen2; 5186 int testresult = 0; 5187 unsigned char outbuf[1024]; 5188 EVP_CIPHER_CTX *ctx = NULL; 5189 EVP_CIPHER *type = NULL; 5190 char *errmsg = NULL; 5191 5192 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5193 errmsg = "CTX_ALLOC"; 5194 goto err; 5195 } 5196 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 5197 errmsg = "CIPHER_FETCH"; 5198 goto err; 5199 } 5200 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5201 errmsg = "CIPHER_INIT"; 5202 goto err; 5203 } 5204 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5205 errmsg = "PADDING"; 5206 goto err; 5207 } 5208 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5209 errmsg = "CIPHER_UPDATE"; 5210 goto err; 5211 } 5212 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5213 errmsg = "CIPHER_FINAL"; 5214 goto err; 5215 } 5216 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5217 errmsg = "WRONG_RESULT"; 5218 goto err; 5219 } 5220 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 5221 errmsg = "CIPHER_REINIT"; 5222 goto err; 5223 } 5224 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5225 errmsg = "CIPHER_UPDATE (reinit)"; 5226 goto err; 5227 } 5228 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5229 errmsg = "CIPHER_FINAL (reinit)"; 5230 goto err; 5231 } 5232 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5233 errmsg = "WRONG_RESULT (reinit)"; 5234 goto err; 5235 } 5236 testresult = 1; 5237 err: 5238 if (errmsg != NULL) 5239 TEST_info("test_evp_reset %d: %s", idx, errmsg); 5240 EVP_CIPHER_CTX_free(ctx); 5241 EVP_CIPHER_free(type); 5242 return testresult; 5243 } 5244 5245 typedef struct { 5246 const char *cipher; 5247 int enc; 5248 } EVP_UPDATED_IV_TEST_st; 5249 5250 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 5251 { "aes-128-cfb", 1 }, 5252 { "aes-128-cfb", 0 }, 5253 { "aes-128-cfb1", 1 }, 5254 { "aes-128-cfb1", 0 }, 5255 { "aes-128-cfb8", 1 }, 5256 { "aes-128-cfb8", 0 }, 5257 { "aes-128-ofb", 1 }, 5258 { "aes-128-ofb", 0 }, 5259 { "aes-128-ctr", 1 }, 5260 { "aes-128-ctr", 0 }, 5261 { "aes-128-cbc", 1 }, 5262 { "aes-128-cbc", 0 } 5263 }; 5264 5265 /* 5266 * Test that the IV in the context is updated during a crypto operation for CFB 5267 * and OFB. 5268 */ 5269 static int test_evp_updated_iv(int idx) 5270 { 5271 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 5272 int outlen1, outlen2; 5273 int testresult = 0; 5274 unsigned char outbuf[1024]; 5275 EVP_CIPHER_CTX *ctx = NULL; 5276 EVP_CIPHER *type = NULL; 5277 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 5278 int iv_len; 5279 char *errmsg = NULL; 5280 5281 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5282 errmsg = "CTX_ALLOC"; 5283 goto err; 5284 } 5285 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 5286 TEST_info("cipher %s not supported, skipping", t->cipher); 5287 goto ok; 5288 } 5289 5290 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5291 errmsg = "CIPHER_INIT"; 5292 goto err; 5293 } 5294 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5295 errmsg = "PADDING"; 5296 goto err; 5297 } 5298 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 5299 errmsg = "CIPHER_UPDATE"; 5300 goto err; 5301 } 5302 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 5303 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 5304 goto err; 5305 } 5306 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); 5307 if (!TEST_int_ge(iv_len, 0)) { 5308 errmsg = "CIPHER_CTX_GET_IV_LEN"; 5309 goto err; 5310 } 5311 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 5312 errmsg = "IV_NOT_UPDATED"; 5313 goto err; 5314 } 5315 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5316 errmsg = "CIPHER_FINAL"; 5317 goto err; 5318 } 5319 ok: 5320 testresult = 1; 5321 err: 5322 if (errmsg != NULL) 5323 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 5324 EVP_CIPHER_CTX_free(ctx); 5325 EVP_CIPHER_free(type); 5326 return testresult; 5327 } 5328 5329 typedef struct { 5330 const unsigned char *iv1; 5331 const unsigned char *iv2; 5332 const unsigned char *expected1; 5333 const unsigned char *expected2; 5334 const unsigned char *tag1; 5335 const unsigned char *tag2; 5336 size_t ivlen1; 5337 size_t ivlen2; 5338 size_t expectedlen1; 5339 size_t expectedlen2; 5340 } TEST_GCM_IV_REINIT_st; 5341 5342 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 5343 { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 5344 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 5345 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) }, 5346 { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 5347 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 5348 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) } 5349 }; 5350 5351 static int test_gcm_reinit(int idx) 5352 { 5353 int outlen1, outlen2, outlen3; 5354 int testresult = 0; 5355 unsigned char outbuf[1024]; 5356 unsigned char tag[16]; 5357 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 5358 EVP_CIPHER_CTX *ctx = NULL; 5359 EVP_CIPHER *type = NULL; 5360 size_t taglen = sizeof(tag); 5361 char *errmsg = NULL; 5362 5363 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5364 errmsg = "CTX_ALLOC"; 5365 goto err; 5366 } 5367 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 5368 errmsg = "CIPHER_FETCH"; 5369 goto err; 5370 } 5371 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 5372 errmsg = "ENC_INIT"; 5373 goto err; 5374 } 5375 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 5376 errmsg = "SET_IVLEN1"; 5377 goto err; 5378 } 5379 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 5380 errmsg = "SET_IV1"; 5381 goto err; 5382 } 5383 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5384 errmsg = "AAD1"; 5385 goto err; 5386 } 5387 EVP_CIPHER_CTX_set_padding(ctx, 0); 5388 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5389 sizeof(gcmResetPlaintext)))) { 5390 errmsg = "CIPHER_UPDATE1"; 5391 goto err; 5392 } 5393 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5394 errmsg = "CIPHER_FINAL1"; 5395 goto err; 5396 } 5397 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 5398 errmsg = "WRONG_RESULT1"; 5399 goto err; 5400 } 5401 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5402 errmsg = "GET_TAG1"; 5403 goto err; 5404 } 5405 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 5406 errmsg = "TAG_ERROR1"; 5407 goto err; 5408 } 5409 /* Now reinit */ 5410 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 5411 errmsg = "SET_IVLEN2"; 5412 goto err; 5413 } 5414 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 5415 errmsg = "SET_IV2"; 5416 goto err; 5417 } 5418 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5419 errmsg = "AAD2"; 5420 goto err; 5421 } 5422 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5423 sizeof(gcmResetPlaintext)))) { 5424 errmsg = "CIPHER_UPDATE2"; 5425 goto err; 5426 } 5427 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5428 errmsg = "CIPHER_FINAL2"; 5429 goto err; 5430 } 5431 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 5432 errmsg = "WRONG_RESULT2"; 5433 goto err; 5434 } 5435 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5436 errmsg = "GET_TAG2"; 5437 goto err; 5438 } 5439 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 5440 errmsg = "TAG_ERROR2"; 5441 goto err; 5442 } 5443 testresult = 1; 5444 err: 5445 if (errmsg != NULL) 5446 TEST_info("evp_init_test %d: %s", idx, errmsg); 5447 EVP_CIPHER_CTX_free(ctx); 5448 EVP_CIPHER_free(type); 5449 return testresult; 5450 } 5451 5452 static const char *ivlen_change_ciphers[] = { 5453 "AES-256-GCM", 5454 #ifndef OPENSSL_NO_OCB 5455 "AES-256-OCB", 5456 #endif 5457 "AES-256-CCM" 5458 }; 5459 5460 /* Negative test for ivlen change after iv being set */ 5461 static int test_ivlen_change(int idx) 5462 { 5463 int outlen; 5464 int res = 0; 5465 unsigned char outbuf[1024]; 5466 static const unsigned char iv[] = { 5467 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5468 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5469 }; 5470 EVP_CIPHER_CTX *ctx = NULL; 5471 EVP_CIPHER *ciph = NULL; 5472 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5473 size_t ivlen = 13; /* non-default IV length */ 5474 5475 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5476 goto err; 5477 5478 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 5479 testpropq))) 5480 goto err; 5481 5482 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 5483 goto err; 5484 5485 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5486 sizeof(gcmDefaultPlaintext)))) 5487 goto err; 5488 5489 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5490 &ivlen); 5491 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5492 goto err; 5493 5494 ERR_set_mark(); 5495 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5496 sizeof(gcmDefaultPlaintext)))) { 5497 ERR_clear_last_mark(); 5498 goto err; 5499 } 5500 ERR_pop_to_mark(); 5501 5502 res = 1; 5503 err: 5504 EVP_CIPHER_CTX_free(ctx); 5505 EVP_CIPHER_free(ciph); 5506 return res; 5507 } 5508 5509 static const char *keylen_change_ciphers[] = { 5510 #ifndef OPENSSL_NO_BF 5511 "BF-ECB", 5512 #endif 5513 #ifndef OPENSSL_NO_CAST 5514 "CAST5-ECB", 5515 #endif 5516 #ifndef OPENSSL_NO_RC2 5517 "RC2-ECB", 5518 #endif 5519 #ifndef OPENSSL_NO_RC4 5520 "RC4", 5521 #endif 5522 #ifndef OPENSSL_NO_RC5 5523 "RC5-ECB", 5524 #endif 5525 NULL 5526 }; 5527 5528 /* Negative test for keylen change after key was set */ 5529 static int test_keylen_change(int idx) 5530 { 5531 int outlen; 5532 int res = 0; 5533 unsigned char outbuf[1024]; 5534 static const unsigned char key[] = { 5535 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5536 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5537 }; 5538 EVP_CIPHER_CTX *ctx = NULL; 5539 EVP_CIPHER *ciph = NULL; 5540 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5541 size_t keylen = 12; /* non-default key length */ 5542 5543 if (lgcyprov == NULL) 5544 return TEST_skip("Test requires legacy provider to be loaded"); 5545 5546 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5547 goto err; 5548 5549 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 5550 testpropq))) 5551 goto err; 5552 5553 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 5554 goto err; 5555 5556 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5557 sizeof(gcmDefaultPlaintext)))) 5558 goto err; 5559 5560 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5561 &keylen); 5562 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5563 goto err; 5564 5565 ERR_set_mark(); 5566 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5567 sizeof(gcmDefaultPlaintext)))) { 5568 ERR_clear_last_mark(); 5569 goto err; 5570 } 5571 ERR_pop_to_mark(); 5572 5573 res = 1; 5574 err: 5575 EVP_CIPHER_CTX_free(ctx); 5576 EVP_CIPHER_free(ciph); 5577 return res; 5578 } 5579 5580 #ifndef OPENSSL_NO_DEPRECATED_3_0 5581 static EVP_PKEY_METHOD *custom_pmeth = NULL; 5582 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 5583 5584 #define EVP_PKEY_CTRL_MY_COMMAND 9999 5585 5586 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 5587 { 5588 int (*pinit)(EVP_PKEY_CTX *ctx); 5589 5590 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 5591 return pinit(ctx); 5592 } 5593 5594 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 5595 { 5596 void (*pcleanup)(EVP_PKEY_CTX *ctx); 5597 5598 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 5599 pcleanup(ctx); 5600 } 5601 5602 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 5603 size_t *outlen, const unsigned char *in, 5604 size_t inlen) 5605 { 5606 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 5607 const unsigned char *tbs, size_t tbslen); 5608 5609 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 5610 return psign(ctx, out, outlen, in, inlen); 5611 } 5612 5613 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 5614 size_t *siglen, const unsigned char *tbs, 5615 size_t tbslen) 5616 { 5617 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 5618 const unsigned char *tbs, size_t tbslen); 5619 5620 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 5621 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 5622 } 5623 5624 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 5625 size_t *keylen) 5626 { 5627 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 5628 5629 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 5630 return pderive(ctx, key, keylen); 5631 } 5632 5633 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 5634 { 5635 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 5636 5637 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 5638 return pcopy(dst, src); 5639 } 5640 5641 static int ctrl_called; 5642 5643 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 5644 { 5645 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 5646 5647 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 5648 5649 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 5650 ctrl_called = 1; 5651 return 1; 5652 } 5653 5654 return pctrl(ctx, type, p1, p2); 5655 } 5656 5657 static int test_custom_pmeth(int idx) 5658 { 5659 EVP_PKEY_CTX *pctx = NULL; 5660 EVP_MD_CTX *ctx = NULL; 5661 EVP_PKEY *pkey = NULL; 5662 int id, orig_id, orig_flags; 5663 int testresult = 0; 5664 size_t reslen; 5665 unsigned char *res = NULL; 5666 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 5667 const EVP_MD *md = EVP_sha256(); 5668 int doderive = 0; 5669 5670 ctrl_called = 0; 5671 5672 /* We call deprecated APIs so this test doesn't support a custom libctx */ 5673 if (testctx != NULL) 5674 return 1; 5675 5676 switch (idx) { 5677 case 0: 5678 case 6: 5679 id = EVP_PKEY_RSA; 5680 pkey = load_example_rsa_key(); 5681 break; 5682 case 1: 5683 case 7: 5684 #ifndef OPENSSL_NO_DSA 5685 id = EVP_PKEY_DSA; 5686 pkey = load_example_dsa_key(); 5687 break; 5688 #else 5689 return 1; 5690 #endif 5691 case 2: 5692 case 8: 5693 #ifndef OPENSSL_NO_EC 5694 id = EVP_PKEY_EC; 5695 pkey = load_example_ec_key(); 5696 break; 5697 #else 5698 return 1; 5699 #endif 5700 case 3: 5701 case 9: 5702 #ifndef OPENSSL_NO_ECX 5703 id = EVP_PKEY_ED25519; 5704 md = NULL; 5705 pkey = load_example_ed25519_key(); 5706 break; 5707 #else 5708 return 1; 5709 #endif 5710 case 4: 5711 case 10: 5712 #ifndef OPENSSL_NO_DH 5713 id = EVP_PKEY_DH; 5714 doderive = 1; 5715 pkey = load_example_dh_key(); 5716 break; 5717 #else 5718 return 1; 5719 #endif 5720 case 5: 5721 case 11: 5722 #ifndef OPENSSL_NO_ECX 5723 id = EVP_PKEY_X25519; 5724 doderive = 1; 5725 pkey = load_example_x25519_key(); 5726 break; 5727 #else 5728 return 1; 5729 #endif 5730 default: 5731 TEST_error("Should not happen"); 5732 goto err; 5733 } 5734 5735 if (!TEST_ptr(pkey)) 5736 goto err; 5737 5738 if (idx < 6) { 5739 if (!TEST_true(evp_pkey_is_provided(pkey))) 5740 goto err; 5741 } else { 5742 EVP_PKEY *tmp = pkey; 5743 5744 /* Convert to a legacy key */ 5745 pkey = EVP_PKEY_new(); 5746 if (!TEST_ptr(pkey)) { 5747 pkey = tmp; 5748 goto err; 5749 } 5750 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 5751 EVP_PKEY_free(tmp); 5752 goto err; 5753 } 5754 EVP_PKEY_free(tmp); 5755 if (!TEST_true(evp_pkey_is_legacy(pkey))) 5756 goto err; 5757 } 5758 5759 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 5760 || !TEST_ptr(pkey)) 5761 goto err; 5762 5763 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 5764 if (!TEST_int_eq(orig_id, id) 5765 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 5766 goto err; 5767 5768 if (id == EVP_PKEY_ED25519) { 5769 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 5770 } 5771 if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 5772 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 5773 } else { 5774 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 5775 } 5776 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 5777 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 5778 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 5779 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 5780 } 5781 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 5782 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 5783 goto err; 5784 5785 if (doderive) { 5786 pctx = EVP_PKEY_CTX_new(pkey, NULL); 5787 if (!TEST_ptr(pctx) 5788 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 5789 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5790 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5791 1) 5792 || !TEST_int_eq(ctrl_called, 1) 5793 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 5794 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 5795 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 5796 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 5797 goto err; 5798 } else { 5799 ctx = EVP_MD_CTX_new(); 5800 reslen = EVP_PKEY_size(pkey); 5801 res = OPENSSL_malloc(reslen); 5802 if (!TEST_ptr(ctx) 5803 || !TEST_ptr(res) 5804 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 5805 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5806 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5807 1) 5808 || !TEST_int_eq(ctrl_called, 1)) 5809 goto err; 5810 5811 if (id == EVP_PKEY_ED25519) { 5812 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 5813 goto err; 5814 } else { 5815 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 5816 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 5817 goto err; 5818 } 5819 } 5820 5821 testresult = 1; 5822 err: 5823 OPENSSL_free(res); 5824 EVP_MD_CTX_free(ctx); 5825 if (doderive) 5826 EVP_PKEY_CTX_free(pctx); 5827 EVP_PKEY_free(pkey); 5828 EVP_PKEY_meth_remove(custom_pmeth); 5829 EVP_PKEY_meth_free(custom_pmeth); 5830 custom_pmeth = NULL; 5831 return testresult; 5832 } 5833 5834 static int test_evp_md_cipher_meth(void) 5835 { 5836 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 5837 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 5838 int testresult = 0; 5839 5840 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 5841 goto err; 5842 5843 testresult = 1; 5844 5845 err: 5846 EVP_MD_meth_free(md); 5847 EVP_CIPHER_meth_free(ciph); 5848 5849 return testresult; 5850 } 5851 5852 typedef struct { 5853 int data; 5854 } custom_dgst_ctx; 5855 5856 static int custom_md_init_called = 0; 5857 static int custom_md_cleanup_called = 0; 5858 5859 static int custom_md_init(EVP_MD_CTX *ctx) 5860 { 5861 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5862 5863 if (p == NULL) 5864 return 0; 5865 5866 custom_md_init_called++; 5867 return 1; 5868 } 5869 5870 static int custom_md_cleanup(EVP_MD_CTX *ctx) 5871 { 5872 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5873 5874 if (p == NULL) 5875 /* Nothing to do */ 5876 return 1; 5877 5878 custom_md_cleanup_called++; 5879 return 1; 5880 } 5881 5882 static int test_custom_md_meth(void) 5883 { 5884 ASN1_OBJECT *o = NULL; 5885 EVP_MD_CTX *mdctx = NULL; 5886 EVP_MD *tmp = NULL; 5887 char mess[] = "Test Message\n"; 5888 unsigned char md_value[EVP_MAX_MD_SIZE]; 5889 unsigned int md_len; 5890 int testresult = 0; 5891 int nid; 5892 5893 /* 5894 * We are testing deprecated functions. We don't support a non-default 5895 * library context in this test. 5896 */ 5897 if (testctx != NULL) 5898 return TEST_skip("Non-default libctx"); 5899 5900 custom_md_init_called = custom_md_cleanup_called = 0; 5901 5902 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 5903 if (!TEST_int_ne(nid, NID_undef)) 5904 goto err; 5905 tmp = EVP_MD_meth_new(nid, NID_undef); 5906 if (!TEST_ptr(tmp)) 5907 goto err; 5908 5909 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 5910 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 5911 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 5912 sizeof(custom_dgst_ctx)))) 5913 goto err; 5914 5915 mdctx = EVP_MD_CTX_new(); 5916 if (!TEST_ptr(mdctx) 5917 /* 5918 * Initing our custom md and then initing another md should 5919 * result in the init and cleanup functions of the custom md 5920 * being called. 5921 */ 5922 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 5923 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 5924 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 5925 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 5926 || !TEST_int_eq(custom_md_init_called, 1) 5927 || !TEST_int_eq(custom_md_cleanup_called, 1)) 5928 goto err; 5929 5930 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 5931 "custom-md", "custom-md"), 5932 NID_undef) 5933 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 5934 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 5935 goto err; 5936 5937 o = ASN1_OBJECT_create(nid, (unsigned char *)"\53\6\1\4\1\201\201\134\274\373\122\1", 12, 5938 "custom-md", "custom-md"); 5939 if (!TEST_int_eq(OBJ_add_object(o), nid)) 5940 goto err; 5941 5942 testresult = 1; 5943 err: 5944 ASN1_OBJECT_free(o); 5945 EVP_MD_CTX_free(mdctx); 5946 EVP_MD_meth_free(tmp); 5947 return testresult; 5948 } 5949 5950 typedef struct { 5951 int data; 5952 } custom_ciph_ctx; 5953 5954 static int custom_ciph_init_called = 0; 5955 static int custom_ciph_cleanup_called = 0; 5956 5957 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 5958 const unsigned char *iv, int enc) 5959 { 5960 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5961 5962 if (p == NULL) 5963 return 0; 5964 5965 custom_ciph_init_called++; 5966 return 1; 5967 } 5968 5969 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 5970 { 5971 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5972 5973 if (p == NULL) 5974 /* Nothing to do */ 5975 return 1; 5976 5977 custom_ciph_cleanup_called++; 5978 return 1; 5979 } 5980 5981 static int test_custom_ciph_meth(void) 5982 { 5983 EVP_CIPHER_CTX *ciphctx = NULL; 5984 EVP_CIPHER *tmp = NULL; 5985 int testresult = 0; 5986 int nid; 5987 5988 /* 5989 * We are testing deprecated functions. We don't support a non-default 5990 * library context in this test. 5991 */ 5992 if (testctx != NULL) 5993 return TEST_skip("Non-default libctx"); 5994 5995 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 5996 5997 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 5998 if (!TEST_int_ne(nid, NID_undef)) 5999 goto err; 6000 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 6001 if (!TEST_ptr(tmp)) 6002 goto err; 6003 6004 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 6005 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 6006 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 6007 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 6008 sizeof(custom_ciph_ctx)))) 6009 goto err; 6010 6011 ciphctx = EVP_CIPHER_CTX_new(); 6012 if (!TEST_ptr(ciphctx) 6013 /* 6014 * Initing our custom cipher and then initing another cipher 6015 * should result in the init and cleanup functions of the custom 6016 * cipher being called. 6017 */ 6018 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 6019 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 6020 NULL, NULL, 1)) 6021 || !TEST_int_eq(custom_ciph_init_called, 1) 6022 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 6023 goto err; 6024 6025 testresult = 1; 6026 err: 6027 EVP_CIPHER_CTX_free(ciphctx); 6028 EVP_CIPHER_meth_free(tmp); 6029 return testresult; 6030 } 6031 6032 static int test_rsasve_kem_with_invalid_pub_key(void) 6033 { 6034 RSA *rsa = NULL; 6035 EVP_PKEY *pkey = NULL; 6036 EVP_PKEY_CTX *ctx = NULL; 6037 unsigned char *ct = NULL; 6038 unsigned char *secret = NULL; 6039 size_t ctlen = 0, secretlen = 0; 6040 int testresult = 0; 6041 6042 if (nullprov != NULL) { 6043 testresult = TEST_skip("Test does not support a non-default library context"); 6044 goto err; 6045 } 6046 6047 if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) 6048 goto err; 6049 6050 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) 6051 || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) 6052 || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) 6053 || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) 6054 || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) 6055 || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) 6056 goto err; 6057 6058 if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) 6059 goto err; 6060 6061 testresult = 1; 6062 6063 err: 6064 OPENSSL_free(secret); 6065 OPENSSL_free(ct); 6066 EVP_PKEY_CTX_free(ctx); 6067 RSA_free(rsa); 6068 EVP_PKEY_free(pkey); 6069 return testresult; 6070 } 6071 6072 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 6073 /* Test we can create a signature keys with an associated ENGINE */ 6074 static int test_signatures_with_engine(int tst) 6075 { 6076 ENGINE *e; 6077 const char *engine_id = "dasync"; 6078 EVP_PKEY *pkey = NULL; 6079 const unsigned char badcmackey[] = { 0x00, 0x01 }; 6080 const unsigned char cmackey[] = { 6081 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6082 0x0c, 0x0d, 0x0e, 0x0f 6083 }; 6084 const unsigned char ed25519key[] = { 6085 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6086 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 6087 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 6088 }; 6089 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6090 int testresult = 0; 6091 EVP_MD_CTX *ctx = NULL; 6092 unsigned char *mac = NULL; 6093 size_t maclen = 0; 6094 int ret; 6095 6096 #ifdef OPENSSL_NO_CMAC 6097 /* Skip CMAC tests in a no-cmac build */ 6098 if (tst <= 1) 6099 return 1; 6100 #endif 6101 #ifdef OPENSSL_NO_ECX 6102 /* Skip ECX tests in a no-ecx build */ 6103 if (tst == 2) 6104 return 1; 6105 #endif 6106 6107 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6108 return 0; 6109 6110 if (!TEST_true(ENGINE_init(e))) { 6111 ENGINE_free(e); 6112 return 0; 6113 } 6114 6115 switch (tst) { 6116 case 0: 6117 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 6118 EVP_aes_128_cbc()); 6119 break; 6120 case 1: 6121 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 6122 EVP_aes_128_cbc()); 6123 break; 6124 case 2: 6125 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 6126 sizeof(ed25519key)); 6127 break; 6128 default: 6129 TEST_error("Invalid test case"); 6130 goto err; 6131 } 6132 if (!TEST_ptr(pkey)) 6133 goto err; 6134 6135 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6136 goto err; 6137 6138 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 6139 pkey); 6140 if (tst == 0) { 6141 if (!TEST_true(ret)) 6142 goto err; 6143 6144 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 6145 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 6146 goto err; 6147 6148 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6149 goto err; 6150 6151 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 6152 goto err; 6153 } else { 6154 /* We used a bad key. We expect a failure here */ 6155 if (!TEST_false(ret)) 6156 goto err; 6157 } 6158 6159 testresult = 1; 6160 err: 6161 EVP_MD_CTX_free(ctx); 6162 OPENSSL_free(mac); 6163 EVP_PKEY_free(pkey); 6164 ENGINE_finish(e); 6165 ENGINE_free(e); 6166 6167 return testresult; 6168 } 6169 6170 static int test_cipher_with_engine(void) 6171 { 6172 ENGINE *e; 6173 const char *engine_id = "dasync"; 6174 const unsigned char keyiv[] = { 6175 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6176 0x0c, 0x0d, 0x0e, 0x0f 6177 }; 6178 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6179 int testresult = 0; 6180 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 6181 unsigned char buf[AES_BLOCK_SIZE]; 6182 int len = 0; 6183 6184 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6185 return 0; 6186 6187 if (!TEST_true(ENGINE_init(e))) { 6188 ENGINE_free(e); 6189 return 0; 6190 } 6191 6192 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6193 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 6194 goto err; 6195 6196 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 6197 goto err; 6198 6199 /* Copy the ctx, and complete the operation with the new ctx */ 6200 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 6201 goto err; 6202 6203 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 6204 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 6205 goto err; 6206 6207 testresult = 1; 6208 err: 6209 EVP_CIPHER_CTX_free(ctx); 6210 EVP_CIPHER_CTX_free(ctx2); 6211 ENGINE_finish(e); 6212 ENGINE_free(e); 6213 6214 return testresult; 6215 } 6216 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 6217 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 6218 6219 #ifndef OPENSSL_NO_ECX 6220 static int ecxnids[] = { 6221 NID_X25519, 6222 NID_X448, 6223 NID_ED25519, 6224 NID_ED448 6225 }; 6226 6227 /* Test that creating ECX keys with a short private key fails as expected */ 6228 static int test_ecx_short_keys(int tst) 6229 { 6230 unsigned char ecxkeydata = 1; 6231 EVP_PKEY *pkey; 6232 6233 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 6234 NULL, &ecxkeydata, 1); 6235 if (!TEST_ptr_null(pkey)) { 6236 EVP_PKEY_free(pkey); 6237 return 0; 6238 } 6239 6240 return 1; 6241 } 6242 #endif 6243 6244 typedef enum OPTION_choice { 6245 OPT_ERR = -1, 6246 OPT_EOF = 0, 6247 OPT_CONTEXT, 6248 OPT_CONFIG_FILE, 6249 OPT_TEST_ENUM 6250 } OPTION_CHOICE; 6251 6252 const OPTIONS *test_get_options(void) 6253 { 6254 static const OPTIONS options[] = { 6255 OPT_TEST_OPTIONS_DEFAULT_USAGE, 6256 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 6257 { "config", OPT_CONFIG_FILE, '<', 6258 "The configuration file to use for the libctx" }, 6259 { NULL } 6260 }; 6261 return options; 6262 } 6263 6264 #ifndef OPENSSL_NO_ECX 6265 /* Test that trying to sign with a public key errors out gracefully */ 6266 static int test_ecx_not_private_key(int tst) 6267 { 6268 EVP_PKEY *pkey = NULL; 6269 6270 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6271 int testresult = 0; 6272 EVP_MD_CTX *ctx = NULL; 6273 unsigned char *mac = NULL; 6274 size_t maclen = 0; 6275 const uint8_t *pubkey; 6276 size_t pubkeylen; 6277 6278 switch (keys[tst].type) { 6279 case NID_X25519: 6280 case NID_X448: 6281 case NID_undef: 6282 return TEST_skip("signing not supported for X25519/X448/ML-KEM"); 6283 } 6284 6285 /* Check if this algorithm supports public keys */ 6286 if (keys[tst].pub == NULL) 6287 return TEST_skip("no public key present"); 6288 6289 pubkey = keys[tst].pub; 6290 pubkeylen = keys[tst].publen; 6291 6292 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 6293 NULL, pubkey, pubkeylen); 6294 if (!TEST_ptr(pkey)) 6295 goto err; 6296 6297 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6298 goto err; 6299 6300 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 6301 goto check_err; 6302 6303 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 6304 goto check_err; 6305 6306 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6307 goto err; 6308 6309 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 6310 goto err; 6311 6312 check_err: 6313 /* 6314 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 6315 * but we relax the check to allow error also thrown by 6316 * EVP_DigestSignInit and EVP_DigestSign. 6317 */ 6318 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 6319 testresult = 1; 6320 ERR_clear_error(); 6321 } 6322 6323 err: 6324 EVP_MD_CTX_free(ctx); 6325 OPENSSL_free(mac); 6326 EVP_PKEY_free(pkey); 6327 6328 return testresult; 6329 } 6330 #endif /* OPENSSL_NO_ECX */ 6331 6332 static int test_sign_continuation(void) 6333 { 6334 OSSL_PROVIDER *fake_rsa = NULL; 6335 int testresult = 0; 6336 EVP_PKEY *pkey = NULL; 6337 EVP_PKEY_CTX *pctx = NULL; 6338 EVP_MD_CTX *mctx = NULL; 6339 const char sigbuf[] = "To Be Signed"; 6340 unsigned char signature[256]; 6341 size_t siglen = 256; 6342 static int nodupnum = 1; 6343 static const OSSL_PARAM nodup_params[] = { 6344 OSSL_PARAM_int("NO_DUP", &nodupnum), 6345 OSSL_PARAM_END 6346 }; 6347 6348 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) 6349 return 0; 6350 6351 /* Construct a pkey using precise propq to use our provider */ 6352 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", 6353 "provider=fake-rsa")) 6354 || !TEST_true(EVP_PKEY_fromdata_init(pctx)) 6355 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) 6356 || !TEST_ptr(pkey)) 6357 goto end; 6358 6359 /* First test it continues (classic behavior) */ 6360 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6361 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6362 NULL, pkey, NULL)) 6363 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6364 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6365 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6366 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) 6367 goto end; 6368 6369 EVP_MD_CTX_free(mctx); 6370 6371 /* try again but failing the continuation */ 6372 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6373 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6374 NULL, pkey, nodup_params)) 6375 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6376 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6377 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6378 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) 6379 goto end; 6380 6381 testresult = 1; 6382 6383 end: 6384 EVP_MD_CTX_free(mctx); 6385 EVP_PKEY_free(pkey); 6386 EVP_PKEY_CTX_free(pctx); 6387 fake_rsa_finish(fake_rsa); 6388 return testresult; 6389 } 6390 6391 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6392 const unsigned char *gcm_iv, size_t gcm_ivlen, 6393 const unsigned char *gcm_pt, size_t gcm_pt_s, 6394 const unsigned char *gcm_aad, size_t gcm_aad_s, 6395 const unsigned char *gcm_ct, size_t gcm_ct_s, 6396 const unsigned char *gcm_tag, size_t gcm_tag_s) 6397 { 6398 int ret = 0; 6399 EVP_CIPHER_CTX *ctx; 6400 EVP_CIPHER *cipher = NULL; 6401 int outlen, tmplen; 6402 unsigned char outbuf[1024]; 6403 unsigned char outtag[16]; 6404 OSSL_PARAM params[2] = { 6405 OSSL_PARAM_END, OSSL_PARAM_END 6406 }; 6407 6408 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6409 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 6410 goto err; 6411 6412 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6413 &gcm_ivlen); 6414 6415 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6416 || (gcm_aad != NULL 6417 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6418 gcm_aad, gcm_aad_s))) 6419 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6420 gcm_pt, gcm_pt_s)) 6421 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6422 goto err; 6423 6424 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6425 outtag, sizeof(outtag)); 6426 6427 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 6428 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 6429 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 6430 goto err; 6431 6432 ret = 1; 6433 err: 6434 EVP_CIPHER_free(cipher); 6435 EVP_CIPHER_CTX_free(ctx); 6436 6437 return ret; 6438 } 6439 6440 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6441 const unsigned char *gcm_iv, size_t gcm_ivlen, 6442 const unsigned char *gcm_pt, size_t gcm_pt_s, 6443 const unsigned char *gcm_aad, size_t gcm_aad_s, 6444 const unsigned char *gcm_ct, size_t gcm_ct_s, 6445 const unsigned char *gcm_tag, size_t gcm_tag_s) 6446 { 6447 int ret = 0; 6448 EVP_CIPHER_CTX *ctx; 6449 EVP_CIPHER *cipher = NULL; 6450 int outlen; 6451 unsigned char outbuf[1024]; 6452 OSSL_PARAM params[2] = { 6453 OSSL_PARAM_END, OSSL_PARAM_END 6454 }; 6455 6456 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6457 goto err; 6458 6459 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 6460 goto err; 6461 6462 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6463 &gcm_ivlen); 6464 6465 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6466 || (gcm_aad != NULL 6467 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 6468 gcm_aad, gcm_aad_s))) 6469 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6470 gcm_ct, gcm_ct_s)) 6471 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 6472 goto err; 6473 6474 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6475 (void *)gcm_tag, gcm_tag_s); 6476 6477 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6478 || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 6479 goto err; 6480 6481 ret = 1; 6482 err: 6483 EVP_CIPHER_free(cipher); 6484 EVP_CIPHER_CTX_free(ctx); 6485 6486 return ret; 6487 } 6488 6489 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 6490 { 6491 /* AES-GCM test data obtained from NIST public test vectors */ 6492 static const unsigned char gcm_key[] = { 6493 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 6494 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 6495 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b 6496 }; 6497 static const unsigned char gcm_iv[] = { 6498 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 6499 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 6500 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 6501 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 6502 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 6503 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 6504 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 6505 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 6506 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 6507 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 6508 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d 6509 }; 6510 static const unsigned char gcm_pt[] = { 6511 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 6512 0x4f, 0xe3, 0x6f, 0x81 6513 }; 6514 static const unsigned char gcm_ct[] = { 6515 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 6516 0xe2, 0xd0, 0xec, 0xed 6517 }; 6518 static const unsigned char gcm_tag[] = { 6519 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 6520 0xdb, 0x99, 0x6c, 0x21 6521 }; 6522 6523 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6524 gcm_pt, sizeof(gcm_pt), NULL, 0, 6525 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 6526 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6527 gcm_pt, sizeof(gcm_pt), NULL, 0, 6528 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 6529 } 6530 6531 #ifndef OPENSSL_NO_RC4 6532 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6533 const unsigned char *rc4_pt, size_t rc4_pt_s, 6534 const unsigned char *rc4_ct, size_t rc4_ct_s) 6535 { 6536 int ret = 0; 6537 EVP_CIPHER_CTX *ctx; 6538 EVP_CIPHER *cipher = NULL; 6539 int outlen, tmplen; 6540 unsigned char outbuf[1024]; 6541 OSSL_PARAM params[2] = { 6542 OSSL_PARAM_END, OSSL_PARAM_END 6543 }; 6544 6545 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6546 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 6547 goto err; 6548 6549 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6550 &rc4_key_s); 6551 6552 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6553 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6554 rc4_pt, rc4_pt_s)) 6555 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6556 goto err; 6557 6558 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 6559 goto err; 6560 6561 ret = 1; 6562 err: 6563 EVP_CIPHER_free(cipher); 6564 EVP_CIPHER_CTX_free(ctx); 6565 6566 return ret; 6567 } 6568 6569 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6570 const unsigned char *rc4_pt, size_t rc4_pt_s, 6571 const unsigned char *rc4_ct, size_t rc4_ct_s) 6572 { 6573 int ret = 0; 6574 EVP_CIPHER_CTX *ctx; 6575 EVP_CIPHER *cipher = NULL; 6576 int outlen; 6577 unsigned char outbuf[1024]; 6578 OSSL_PARAM params[2] = { 6579 OSSL_PARAM_END, OSSL_PARAM_END 6580 }; 6581 6582 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6583 goto err; 6584 6585 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 6586 goto err; 6587 6588 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6589 &rc4_key_s); 6590 6591 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6592 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6593 rc4_ct, rc4_ct_s)) 6594 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 6595 goto err; 6596 6597 ret = 1; 6598 err: 6599 EVP_CIPHER_free(cipher); 6600 EVP_CIPHER_CTX_free(ctx); 6601 6602 return ret; 6603 } 6604 6605 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 6606 { 6607 /* RC4 test data obtained from RFC 6229 */ 6608 static const struct { 6609 unsigned char key[5]; 6610 unsigned char padding[11]; 6611 } rc4_key = { 6612 { /* Five bytes of key material */ 6613 0x83, 0x32, 0x22, 0x77, 0x2a }, 6614 { /* Random padding to 16 bytes */ 6615 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 } 6616 }; 6617 static const unsigned char rc4_pt[] = { 6618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6619 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 6620 }; 6621 static const unsigned char rc4_ct[] = { 6622 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 6623 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 6624 }; 6625 6626 if (lgcyprov == NULL) 6627 return TEST_skip("Test requires legacy provider to be loaded"); 6628 6629 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 6630 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 6631 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 6632 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 6633 } 6634 #endif 6635 6636 static int test_aes_gcm_siv_empty_data(void) 6637 { 6638 unsigned char key[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 6639 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 }; 6640 unsigned char nonce[12] = { 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 6641 0x22, 0x33, 0x44, 0x55 }; 6642 unsigned char aad[33] = "this AAD was never authenticated"; 6643 unsigned char zero_tag[16] = { 0 }; 6644 unsigned char real_tag[16]; 6645 unsigned char out[16]; 6646 int outl, ret = 0; 6647 EVP_CIPHER_CTX *ctx = NULL; 6648 EVP_CIPHER *c = EVP_CIPHER_fetch(NULL, "AES-128-GCM-SIV", NULL); 6649 6650 if (c == NULL) { 6651 return TEST_skip("AES-128-GCM-SIV cipher is not available"); 6652 } 6653 6654 /* Compute the CORRECT tag for (key,nonce,aad,pt="") via encrypt */ 6655 ctx = EVP_CIPHER_CTX_new(); 6656 if (!TEST_ptr(ctx) 6657 || !TEST_true(EVP_EncryptInit_ex2(ctx, c, key, nonce, NULL)) 6658 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) /* AAD */ 6659 || !TEST_true(EVP_EncryptUpdate(ctx, out, &outl, aad, 0)) /* empty PT, out!=NULL */ 6660 || !TEST_true(EVP_EncryptFinal_ex(ctx, out, &outl)) 6661 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, real_tag))) 6662 goto err; 6663 EVP_CIPHER_CTX_free(ctx); 6664 6665 /* SANITY: decrypt with CORRECT tag and an explicit empty-PT Update */ 6666 ctx = EVP_CIPHER_CTX_new(); 6667 if (!TEST_ptr(ctx) 6668 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6669 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, real_tag)) 6670 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) 6671 || !TEST_true(EVP_DecryptUpdate(ctx, out, &outl, aad, 0)) /* force aes_gcm_siv_decrypt(len=0) */ 6672 || !TEST_true(EVP_DecryptFinal_ex(ctx, out, &outl))) 6673 goto err; 6674 EVP_CIPHER_CTX_free(ctx); 6675 6676 /* FORGERY A: AAD only, NO ciphertext Update, ALL-ZERO tag */ 6677 ctx = EVP_CIPHER_CTX_new(); 6678 if (!TEST_ptr(ctx) 6679 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6680 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, zero_tag)) 6681 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) /* AAD only, out==NULL */ 6682 || !TEST_false(EVP_DecryptFinal_ex(ctx, out, &outl))) 6683 goto err; 6684 EVP_CIPHER_CTX_free(ctx); 6685 6686 /* FORGERY B: no AAD, no Update at all, ALL-ZERO tag */ 6687 ctx = EVP_CIPHER_CTX_new(); 6688 if (!TEST_ptr(ctx) 6689 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6690 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, zero_tag)) 6691 || !TEST_false(EVP_DecryptFinal_ex(ctx, out, &outl))) 6692 goto err; 6693 EVP_CIPHER_CTX_free(ctx); 6694 6695 /* CONTROL: AAD only, NO ciphertext Update, CORRECT tag */ 6696 ctx = EVP_CIPHER_CTX_new(); 6697 if (!TEST_ptr(ctx) 6698 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6699 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, real_tag)) 6700 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) 6701 || !TEST_true(EVP_DecryptFinal_ex(ctx, out, &outl))) 6702 goto err; 6703 EVP_CIPHER_CTX_free(ctx); 6704 ctx = NULL; 6705 6706 ret = 1; 6707 err: 6708 EVP_CIPHER_CTX_free(ctx); 6709 6710 EVP_CIPHER_free(c); 6711 return ret; 6712 } 6713 6714 /* 6715 * AES-SIV reuse-without-rekey: 6716 * msg1: legit non-empty CT, tag verifies, final_ret=0 6717 * msg2: no reinit (or reinit with key=NULL), set forged tag, 6718 * AAD only, DecryptFinal -> does stale final_ret leak through? 6719 */ 6720 static int test_aes_siv_ctx_reuse(void) 6721 { 6722 unsigned char key[32] = { 7 }; /* AES-128-SIV => 2*16 */ 6723 unsigned char pt[9] = "payload!"; 6724 unsigned char ct[9], tagbuf[16], out[16], zero16[16] = { 0 }; 6725 unsigned char aad[14] = "forged header"; 6726 int outl, ret = 0; 6727 EVP_CIPHER_CTX *e = NULL, *d = NULL; 6728 EVP_CIPHER *c = EVP_CIPHER_fetch(NULL, "AES-128-SIV", NULL); 6729 6730 if (c == NULL) { 6731 return TEST_skip("AES-128-SIV cipher is not available"); 6732 } 6733 6734 /* produce a valid (ct,tag) for msg1 */ 6735 e = EVP_CIPHER_CTX_new(); 6736 if (!TEST_ptr(e) 6737 || !TEST_true(EVP_EncryptInit_ex2(e, c, key, NULL, NULL)) 6738 || !TEST_true(EVP_EncryptUpdate(e, NULL, &outl, (unsigned char *)"hdr1", 4)) 6739 || !TEST_true(EVP_EncryptUpdate(e, ct, &outl, pt, sizeof(pt))) 6740 || !TEST_true(EVP_EncryptFinal_ex(e, out, &outl)) 6741 || !TEST_true(EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_AEAD_GET_TAG, 16, tagbuf))) { 6742 EVP_CIPHER_CTX_free(e); 6743 goto err; 6744 } 6745 EVP_CIPHER_CTX_free(e); 6746 6747 /* msg1 decrypt */ 6748 d = EVP_CIPHER_CTX_new(); 6749 if (!TEST_ptr(d) 6750 || !TEST_true(EVP_DecryptInit_ex2(d, c, key, NULL, NULL)) 6751 || !TEST_true(EVP_CIPHER_CTX_ctrl(d, EVP_CTRL_AEAD_SET_TAG, 16, tagbuf)) 6752 || !TEST_true(EVP_DecryptUpdate(d, NULL, &outl, (unsigned char *)"hdr1", 4)) 6753 || !TEST_true(EVP_DecryptUpdate(d, out, &outl, ct, sizeof(ct))) 6754 || !TEST_true(EVP_DecryptFinal_ex(d, out, &outl))) 6755 goto err; 6756 6757 /* msg2 on SAME ctx, reinit with key=NULL => initkey skipped, final_ret should be reset */ 6758 if (!TEST_true(EVP_DecryptInit_ex2(d, NULL, NULL, NULL, NULL)) 6759 || !TEST_true(EVP_CIPHER_CTX_ctrl(d, EVP_CTRL_AEAD_SET_TAG, 16, zero16)) 6760 || !TEST_true(EVP_DecryptUpdate(d, NULL, &outl, aad, sizeof(aad))) /* forged AAD */ 6761 || !TEST_false(EVP_DecryptFinal_ex(d, out, &outl))) 6762 goto err; 6763 6764 ret = 1; 6765 6766 err: 6767 EVP_CIPHER_CTX_free(d); 6768 EVP_CIPHER_free(c); 6769 return ret; 6770 } 6771 6772 static int test_invalid_ctx_for_digest(void) 6773 { 6774 int ret; 6775 EVP_MD_CTX *mdctx; 6776 6777 mdctx = EVP_MD_CTX_new(); 6778 if (!TEST_ptr(mdctx)) 6779 return 0; 6780 6781 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 6782 ret = 0; 6783 else 6784 ret = 1; 6785 6786 EVP_MD_CTX_free(mdctx); 6787 6788 return ret; 6789 } 6790 6791 static int test_evp_cipher_negative_length(void) 6792 { 6793 EVP_CIPHER_CTX *ctx = NULL; 6794 EVP_CIPHER *cipher = NULL; 6795 unsigned char key[16] = { 0 }; 6796 unsigned char iv[16] = { 0 }; 6797 unsigned char buffer[32] = { 0 }; 6798 int outl = 0; 6799 int ret = 0; 6800 6801 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6802 goto end; 6803 6804 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq))) 6805 goto end; 6806 6807 /* Initialize encryption context */ 6808 if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) 6809 goto end; 6810 6811 /* Test EVP_EncryptUpdate with negative length - should fail */ 6812 if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) 6813 goto end; 6814 6815 /* Reinitialize for decryption */ 6816 if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) 6817 goto end; 6818 6819 /* Test EVP_DecryptUpdate with negative length - should fail */ 6820 if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) 6821 goto end; 6822 6823 ret = 1; 6824 end: 6825 EVP_CIPHER_free(cipher); 6826 EVP_CIPHER_CTX_free(ctx); 6827 return ret; 6828 } 6829 6830 /* 6831 * Cross-driver round-trip test for AEAD one-shot vs streaming paths. 6832 * 6833 * The streaming path (EVP_CipherUpdate/Final, dispatched to 6834 * OSSL_FUNC_CIPHER_UPDATE/_FINAL) is treated as the oracle. For each 6835 * AEAD configuration we encrypt and decrypt the same (key, iv, aad, pt), 6836 * driving the body in two combinations: 6837 * 6838 * 1. body encrypt via EVP_Cipher() (one-shot, OSSL_FUNC_CIPHER_CIPHER), 6839 * body decrypt via EVP_CipherUpdate (streaming). 6840 * 2. body encrypt via EVP_CipherUpdate, body decrypt via EVP_Cipher(). 6841 * 6842 * Both combinations must recover the plaintext and verify the tag. AAD 6843 * is always fed via EVP_CipherUpdate(NULL, ...): OCB's one-shot is body 6844 * only and the asymmetric "AAD streaming, body one-shot" call shape is 6845 * the natural pattern a caller reaching for EVP_Cipher() for throughput 6846 * would write anyway. 6847 * 6848 * CVE-2026-45445 (AES-OCB EVP_Cipher() ignored IV) was a silent failure 6849 * in this matrix: the one-shot encrypt path produced ciphertext under 6850 * Offset_0 = 0 regardless of IV, which the streaming decrypt path then 6851 * could not verify. Adding this cross-check catches the same class of 6852 * bug for any future AEAD whose one-shot dispatch diverges from its 6853 * streaming dispatch. 6854 */ 6855 typedef struct { 6856 const char *name; /* EVP_CIPHER fetch name */ 6857 size_t keylen; 6858 size_t ivlen; 6859 size_t taglen; 6860 int is_ccm; /* needs length-up-front + tag-before-body dance */ 6861 } AEAD_ONESHOT_CFG; 6862 6863 static const AEAD_ONESHOT_CFG aead_oneshot_cfgs[] = { 6864 { "AES-128-GCM", 16, 12, 16, 0 }, 6865 { "AES-256-GCM", 32, 12, 16, 0 }, 6866 { "AES-128-CCM", 16, 12, 16, 1 }, 6867 { "AES-256-CCM", 32, 12, 16, 1 }, 6868 { "AES-128-OCB", 16, 12, 16, 0 }, 6869 { "AES-256-OCB", 32, 12, 16, 0 }, 6870 { "ChaCha20-Poly1305", 32, 12, 16, 0 } 6871 }; 6872 6873 /* 6874 * Drive an encrypt or decrypt operation. AAD always via EVP_CipherUpdate. 6875 * Body via EVP_Cipher() when oneshot_body is non-zero, EVP_CipherUpdate 6876 * otherwise. On encrypt, fills *out and the caller-provided tag buffer. 6877 * On decrypt, reads from in and verifies tag; returns 0 if verification 6878 * fails (the test asserts the expected outcome). 6879 */ 6880 static int aead_oneshot_op(const AEAD_ONESHOT_CFG *cfg, int enc, 6881 int oneshot_body, const unsigned char *key, 6882 const unsigned char *iv, const unsigned char *aad, 6883 size_t aad_len, const unsigned char *in, size_t in_len, 6884 unsigned char *out, unsigned char *tag, const char **why) 6885 { 6886 EVP_CIPHER_CTX *ctx = NULL; 6887 EVP_CIPHER *cipher = NULL; 6888 int outl = 0, tmpl = 0; 6889 int ok = 0; 6890 int body_rv; 6891 6892 *why = NULL; 6893 6894 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, cfg->name, testpropq))) { 6895 *why = "CIPHER_FETCH"; 6896 goto end; 6897 } 6898 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 6899 *why = "CTX_NEW"; 6900 goto end; 6901 } 6902 if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))) { 6903 *why = "INIT_CIPHER"; 6904 goto end; 6905 } 6906 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 6907 (int)cfg->ivlen, NULL), 6908 0)) { 6909 *why = "SET_IVLEN"; 6910 goto end; 6911 } 6912 if (cfg->is_ccm) { 6913 /* Placeholder taglen on encrypt, real tag on decrypt; both before key+iv. */ 6914 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 6915 (int)cfg->taglen, enc ? NULL : tag), 6916 0)) { 6917 *why = "CCM_SET_TAG"; 6918 goto end; 6919 } 6920 } 6921 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))) { 6922 *why = "INIT_KEY_IV"; 6923 goto end; 6924 } 6925 if (cfg->is_ccm) { 6926 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outl, NULL, (int)in_len))) { 6927 *why = "CCM_LEN_DECL"; 6928 goto end; 6929 } 6930 } 6931 if (aad_len > 0 6932 && !TEST_true(EVP_CipherUpdate(ctx, NULL, &outl, aad, (int)aad_len))) { 6933 *why = "AAD"; 6934 goto end; 6935 } 6936 if (!enc && !cfg->is_ccm 6937 && !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 6938 (int)cfg->taglen, tag), 6939 0)) { 6940 *why = "SET_TAG"; 6941 goto end; 6942 } 6943 6944 if (oneshot_body) { 6945 body_rv = EVP_Cipher(ctx, out, in, (unsigned int)in_len); 6946 if (cfg->is_ccm && !enc) { 6947 /* CCM decrypt: 0 means tag verify failed, < 0 means error. */ 6948 if (!TEST_int_gt(body_rv, 0)) { 6949 *why = "ONESHOT_DECRYPT"; 6950 goto end; 6951 } 6952 } else { 6953 if (!TEST_int_ge(body_rv, 0)) { 6954 *why = "ONESHOT_BODY"; 6955 goto end; 6956 } 6957 } 6958 outl = (int)in_len; 6959 } else { 6960 if (!TEST_true(EVP_CipherUpdate(ctx, out, &outl, in, (int)in_len))) { 6961 *why = enc ? "STREAM_BODY_ENC" : "STREAM_BODY_DEC"; 6962 goto end; 6963 } 6964 } 6965 6966 if (!cfg->is_ccm) { 6967 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + outl, &tmpl))) { 6968 *why = enc ? "FINAL_ENC" : "FINAL_DEC"; 6969 goto end; 6970 } 6971 } 6972 6973 if (enc) { 6974 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 6975 (int)cfg->taglen, tag), 6976 0)) { 6977 *why = "GET_TAG"; 6978 goto end; 6979 } 6980 } 6981 ok = 1; 6982 end: 6983 EVP_CIPHER_CTX_free(ctx); 6984 EVP_CIPHER_free(cipher); 6985 return ok; 6986 } 6987 6988 /* 6989 * For each AEAD row we run two AAD modes, and within each AAD mode two 6990 * cross-driver round trips: 6991 * 6992 * aad_mode 0: no AAD. Critical for catching the OCB-style bug: any 6993 * EVP_CipherUpdate(NULL, aad, ...) call before the body 6994 * would itself pass through the (correct) streaming 6995 * handler and apply the buffered IV, masking the one-shot 6996 * handler's failure to do so. With aad_len == 0 we make 6997 * EVP_Cipher() the very first cipher operation on the 6998 * context, which is the shape the bug requires. 6999 * 7000 * aad_mode 1: with AAD via streaming. Catches divergence between the 7001 * drivers when AAD is in play. 7002 * 7003 * leg 0: encrypt-oneshot + decrypt-streaming 7004 * leg 1: encrypt-streaming + decrypt-oneshot 7005 * 7006 * The test index encodes (cipher, aad_mode) so a failure points at both. 7007 */ 7008 static int test_aead_oneshot_roundtrip(int idx) 7009 { 7010 static const unsigned char fixed_key[32] = { 7011 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 7012 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 7013 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 7014 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 7015 }; 7016 static const unsigned char fixed_iv[12] = { 7017 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab 7018 }; 7019 static const unsigned char fixed_aad[] = "extra:context"; 7020 static const unsigned char fixed_pt[] = "THE QUICK BROWN FOX JUMPS OVER LAZY!!"; 7021 const AEAD_ONESHOT_CFG *cfg = &aead_oneshot_cfgs[idx / 2]; 7022 int with_aad = idx % 2; 7023 size_t aad_len = with_aad ? sizeof(fixed_aad) - 1 : 0; 7024 size_t pt_len = sizeof(fixed_pt) - 1; 7025 EVP_CIPHER *probe = NULL; 7026 unsigned char ct[64], pt[64]; 7027 unsigned char tag_oneshot[16], tag_stream[16]; 7028 const char *why = NULL; 7029 int leg, ok = 0; 7030 7031 /* 7032 * Probe for the cipher: a build with no-ocb / no-chacha / etc. will 7033 * not have it, and we treat that as a pass (nothing to test here). 7034 */ 7035 ERR_set_mark(); 7036 probe = EVP_CIPHER_fetch(testctx, cfg->name, testpropq); 7037 ERR_pop_to_mark(); 7038 if (probe == NULL) { 7039 TEST_info("skipping, '%s' is not available", cfg->name); 7040 return 1; 7041 } 7042 EVP_CIPHER_free(probe); 7043 7044 for (leg = 0; leg <= 1; leg++) { 7045 int enc_oneshot = (leg == 0); 7046 unsigned char *tag = enc_oneshot ? tag_oneshot : tag_stream; 7047 7048 memset(ct, 0, sizeof(ct)); 7049 memset(pt, 0, sizeof(pt)); 7050 memset(tag, 0, cfg->taglen); 7051 7052 if (!aead_oneshot_op(cfg, /*enc=*/1, /*oneshot_body=*/enc_oneshot, 7053 fixed_key, fixed_iv, fixed_aad, aad_len, 7054 fixed_pt, pt_len, ct, tag, &why)) { 7055 TEST_error("%s (%s): encrypt leg %d (%s body) failed at %s", 7056 cfg->name, with_aad ? "with AAD" : "no AAD", 7057 leg, enc_oneshot ? "oneshot" : "stream", 7058 why ? why : "?"); 7059 goto end; 7060 } 7061 if (!aead_oneshot_op(cfg, /*enc=*/0, /*oneshot_body=*/!enc_oneshot, 7062 fixed_key, fixed_iv, fixed_aad, aad_len, 7063 ct, pt_len, pt, tag, &why)) { 7064 TEST_error("%s (%s): decrypt leg %d (%s body) failed at %s", 7065 cfg->name, with_aad ? "with AAD" : "no AAD", 7066 leg, enc_oneshot ? "stream" : "oneshot", 7067 why ? why : "?"); 7068 goto end; 7069 } 7070 if (!TEST_mem_eq(pt, pt_len, fixed_pt, pt_len)) { 7071 TEST_error("%s (%s): leg %d: recovered plaintext differs", 7072 cfg->name, with_aad ? "with AAD" : "no AAD", leg); 7073 goto end; 7074 } 7075 } 7076 7077 /* 7078 * Both legs share the same (key, iv, aad, pt) and must therefore 7079 * agree on the tag bit-for-bit, regardless of which driver computed 7080 * it. This catches the OCB-style failure where the one-shot path 7081 * silently emits a different ciphertext/tag from the streaming path. 7082 */ 7083 if (!TEST_mem_eq(tag_oneshot, cfg->taglen, tag_stream, cfg->taglen)) { 7084 TEST_error("%s (%s): oneshot-encrypt tag != streaming-encrypt tag", 7085 cfg->name, with_aad ? "with AAD" : "no AAD"); 7086 goto end; 7087 } 7088 ok = 1; 7089 end: 7090 return ok; 7091 } 7092 7093 #ifndef OPENSSL_NO_DES 7094 static int test_EVP_CIPHER_get_type_des_ede3(void) 7095 { 7096 const EVP_CIPHER *cipher = NULL; 7097 int base_type, variant_type, nid; 7098 int ret = 0; 7099 7100 /* Get the base type from CFB64 (should be NID_des_ede3_cfb64) */ 7101 cipher = EVP_des_ede3_cfb64(); 7102 base_type = EVP_CIPHER_get_type(cipher); 7103 7104 /* Test CFB64 - should map to the same base_type */ 7105 variant_type = EVP_CIPHER_get_type(cipher); 7106 nid = EVP_CIPHER_get_nid(cipher); 7107 7108 /* Verify the returned type */ 7109 if (!TEST_int_eq(variant_type, base_type)) 7110 goto end; 7111 7112 /* Verify that variant_type and nid are same for 64-bit variants */ 7113 if (!TEST_int_eq(variant_type, nid)) 7114 goto end; 7115 7116 if (!TEST_int_eq(NID_des_ede3_cfb64, variant_type)) 7117 goto end; 7118 7119 /* Test CFB8 - should map to the same base_type */ 7120 cipher = EVP_des_ede3_cfb8(); 7121 variant_type = EVP_CIPHER_get_type(cipher); 7122 nid = EVP_CIPHER_get_nid(cipher); 7123 7124 /* Verify the returned type */ 7125 if (!TEST_int_eq(variant_type, base_type)) 7126 goto end; 7127 7128 /* Verify that variant_type and nid are different for variants */ 7129 if (!TEST_int_ne(variant_type, nid)) 7130 goto end; 7131 7132 if (!TEST_int_eq(NID_des_ede3_cfb64, variant_type)) 7133 goto end; 7134 7135 /* Test CFB1 - should map to the same base_type */ 7136 cipher = EVP_des_ede3_cfb1(); 7137 variant_type = EVP_CIPHER_get_type(cipher); 7138 nid = EVP_CIPHER_get_nid(cipher); 7139 7140 /* Verify the returned type */ 7141 if (!TEST_int_eq(variant_type, base_type)) 7142 goto end; 7143 7144 /* Verify that variant_type and nid are different for variants */ 7145 if (!TEST_int_ne(variant_type, nid)) 7146 goto end; 7147 7148 if (!TEST_int_eq(NID_des_ede3_cfb64, variant_type)) 7149 goto end; 7150 7151 ret = 1; 7152 end: 7153 return ret; 7154 } 7155 #endif /*OPENSSL_NO_DES */ 7156 7157 static int test_evp_cipher_pipeline(void) 7158 { 7159 OSSL_PROVIDER *fake_pipeline = NULL; 7160 int testresult = 0; 7161 EVP_CIPHER *cipher = NULL; 7162 EVP_CIPHER *pipeline_cipher = NULL; 7163 EVP_CIPHER_CTX *ctx = NULL; 7164 unsigned char key[32]; 7165 size_t keylen = 32; 7166 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; 7167 size_t taglen = EVP_GCM_TLS_TAG_LEN; 7168 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; 7169 unsigned char *plaintext_array[EVP_MAX_PIPES]; 7170 unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; 7171 void **aead_tags = (void **)&tag_array; 7172 unsigned char *temp[EVP_MAX_PIPES]; 7173 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; 7174 size_t ciphertextlen_array[EVP_MAX_PIPES]; 7175 size_t inlen_array[EVP_MAX_PIPES]; 7176 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 7177 unsigned char *ciphertext, *exp_plaintext, *tag; 7178 size_t numpipes, plaintextlen, i; 7179 7180 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) 7181 return 0; 7182 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 7183 "provider=fake-pipeline")) 7184 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 7185 "provider!=fake-pipeline")) 7186 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 7187 goto end; 7188 memset(key, 0x01, sizeof(key)); 7189 7190 /* Negative tests */ 7191 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) 7192 goto end; 7193 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) 7194 goto end; 7195 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 7196 key, keylen, 7197 EVP_MAX_PIPES + 1, NULL, 0))) 7198 goto end; 7199 7200 /* Positive tests */ 7201 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { 7202 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { 7203 size_t ciphertextlen = 0; 7204 int outlen = 0; 7205 7206 /* Cleanup to be able to error out */ 7207 memset(iv_array, 0, sizeof(iv_array)); 7208 memset(plaintext_array, 0, sizeof(plaintext_array)); 7209 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); 7210 memset(tag_array, 0, sizeof(tag_array)); 7211 ciphertext = NULL; 7212 exp_plaintext = NULL; 7213 tag = NULL; 7214 7215 /* Allocate fresh buffers with exact size to catch buffer overwrites */ 7216 for (i = 0; i < numpipes; i++) { 7217 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) 7218 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) 7219 || !TEST_ptr(ciphertext_array_p[i] = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 7220 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) 7221 goto err; 7222 7223 memset(iv_array[i], i + 33, ivlen); 7224 memset(plaintext_array[i], i + 1, plaintextlen); 7225 inlen_array[i] = plaintextlen; 7226 outlen_array[i] = 0; 7227 ciphertextlen_array[i] = 0; 7228 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; 7229 } 7230 if (!TEST_ptr(ciphertext = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 7231 || !TEST_ptr(tag = OPENSSL_malloc(taglen)) 7232 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) 7233 goto err; 7234 7235 /* Encrypt using pipeline API */ 7236 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 7237 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) 7238 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 7239 key, keylen, numpipes, 7240 (const unsigned char **)iv_array, 7241 ivlen)) 7242 /* reuse plaintext for AAD as it won't affect test */ 7243 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 7244 (const unsigned char **)plaintext_array, 7245 inlen_array)) 7246 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, 7247 outlen_array, outsize_array, 7248 (const unsigned char **)plaintext_array, 7249 inlen_array))) 7250 goto err; 7251 7252 for (i = 0; i < numpipes; i++) { 7253 ciphertextlen_array[i] = outlen_array[i]; 7254 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; 7255 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; 7256 } 7257 7258 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 7259 goto err; 7260 7261 for (i = 0; i < numpipes; i++) 7262 ciphertextlen_array[i] += outlen_array[i]; 7263 7264 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 7265 (void **)&aead_tags, taglen); 7266 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 7267 goto err; 7268 7269 /* Encrypt using non-pipeline API and compare */ 7270 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) 7271 goto err; 7272 7273 for (i = 0; i < numpipes; i++) { 7274 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) 7275 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 7276 plaintext_array[i], 7277 plaintextlen)) 7278 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, 7279 plaintext_array[i], 7280 plaintextlen))) 7281 goto err; 7282 ciphertextlen = outlen; 7283 7284 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) 7285 goto err; 7286 ciphertextlen += outlen; 7287 7288 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 7289 (void *)tag, taglen); 7290 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 7291 goto err; 7292 7293 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], 7294 ciphertext, ciphertextlen) 7295 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) 7296 goto err; 7297 } 7298 7299 for (i = 0; i < numpipes; i++) 7300 outsize_array[i] = plaintextlen; 7301 7302 /* Decrypt using pipeline API and compare */ 7303 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 7304 (void **)&aead_tags, taglen); 7305 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 7306 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) 7307 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, 7308 key, keylen, numpipes, 7309 (const unsigned char **)iv_array, 7310 ivlen)) 7311 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 7312 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 7313 (const unsigned char **)plaintext_array, 7314 inlen_array)) 7315 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, 7316 outlen_array, outsize_array, 7317 (const unsigned char **)ciphertext_array_p, 7318 ciphertextlen_array))) 7319 goto err; 7320 7321 for (i = 0; i < numpipes; i++) { 7322 temp[i] = plaintext_array[i] + outlen_array[i]; 7323 outsize_array[i] = outsize_array[i] - outlen_array[i]; 7324 } 7325 7326 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 7327 goto err; 7328 7329 for (i = 0; i < numpipes; i++) { 7330 memset(exp_plaintext, i + 1, plaintextlen); 7331 if (!TEST_mem_eq(plaintext_array[i], plaintextlen, 7332 exp_plaintext, plaintextlen)) 7333 goto err; 7334 } 7335 7336 for (i = 0; i < numpipes; i++) { 7337 OPENSSL_free(iv_array[i]); 7338 OPENSSL_free(plaintext_array[i]); 7339 OPENSSL_free(ciphertext_array_p[i]); 7340 OPENSSL_free(tag_array[i]); 7341 } 7342 OPENSSL_free(exp_plaintext); 7343 OPENSSL_free(ciphertext); 7344 OPENSSL_free(tag); 7345 } 7346 } 7347 7348 testresult = 1; 7349 goto end; 7350 7351 err: 7352 for (i = 0; i < numpipes; i++) { 7353 OPENSSL_free(iv_array[i]); 7354 OPENSSL_free(plaintext_array[i]); 7355 OPENSSL_free(ciphertext_array_p[i]); 7356 OPENSSL_free(tag_array[i]); 7357 } 7358 OPENSSL_free(exp_plaintext); 7359 OPENSSL_free(ciphertext); 7360 OPENSSL_free(tag); 7361 end: 7362 EVP_CIPHER_CTX_free(ctx); 7363 EVP_CIPHER_free(cipher); 7364 EVP_CIPHER_free(pipeline_cipher); 7365 fake_pipeline_finish(fake_pipeline); 7366 return testresult; 7367 } 7368 7369 int setup_tests(void) 7370 { 7371 char *config_file = NULL; 7372 OPTION_CHOICE o; 7373 7374 while ((o = opt_next()) != OPT_EOF) { 7375 switch (o) { 7376 case OPT_CONTEXT: 7377 /* Set up an alternate library context */ 7378 testctx = OSSL_LIB_CTX_new(); 7379 if (!TEST_ptr(testctx)) 7380 return 0; 7381 #ifdef STATIC_LEGACY 7382 /* 7383 * This test is always statically linked against libcrypto. We must not 7384 * attempt to load legacy.so that might be dynamically linked against 7385 * libcrypto. Instead we use a built-in version of the legacy provider. 7386 */ 7387 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 7388 return 0; 7389 #endif 7390 /* Swap the libctx to test non-default context only */ 7391 nullprov = OSSL_PROVIDER_load(NULL, "null"); 7392 deflprov = OSSL_PROVIDER_load(testctx, "default"); 7393 #ifndef OPENSSL_SYS_TANDEM 7394 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 7395 #endif 7396 break; 7397 case OPT_CONFIG_FILE: 7398 config_file = opt_arg(); 7399 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) 7400 return 0; 7401 break; 7402 case OPT_TEST_CASES: 7403 break; 7404 default: 7405 return 0; 7406 } 7407 } 7408 7409 if (config_file != NULL) { 7410 ADD_TEST(test_EVP_set_config_properties); 7411 return 1; 7412 } 7413 7414 ADD_TEST(test_EVP_set_default_properties); 7415 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 7416 ADD_TEST(test_EVP_DigestVerifyInit); 7417 #ifndef OPENSSL_NO_EC 7418 ADD_TEST(test_ecdsa_digestsign_keccak); 7419 #endif 7420 #ifndef OPENSSL_NO_SIPHASH 7421 ADD_TEST(test_siphash_digestsign); 7422 #endif 7423 ADD_TEST(test_EVP_Digest); 7424 ADD_TEST(test_EVP_md_null); 7425 #ifndef OPENSSL_NO_POLY1305 7426 ADD_TEST(test_evp_mac_poly1305_no_key); 7427 #endif 7428 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 7429 #ifndef OPENSSL_NO_DEPRECATED_3_0 7430 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 7431 #endif 7432 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 7433 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 7434 ADD_TEST(test_privatekey_to_pkcs8); 7435 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 7436 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); 7437 #ifndef OPENSSL_NO_EC 7438 ADD_TEST(test_EVP_PKCS82PKEY); 7439 #endif 7440 #ifndef OPENSSL_NO_EC 7441 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 7442 #endif 7443 #if !defined(OPENSSL_NO_SM2) 7444 ADD_TEST(test_EVP_SM2); 7445 ADD_TEST(test_EVP_SM2_verify); 7446 #endif 7447 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 7448 #ifndef OPENSSL_NO_DEPRECATED_3_0 7449 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 7450 if (!TEST_ptr(custom_pmeth)) 7451 return 0; 7452 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 7453 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 7454 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 7455 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 7456 return 0; 7457 #endif 7458 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 7459 #ifndef OPENSSL_NO_CMAC 7460 ADD_TEST(test_CMAC_keygen); 7461 #endif 7462 ADD_TEST(test_HKDF); 7463 ADD_TEST(test_emptyikm_HKDF); 7464 ADD_TEST(test_empty_salt_info_HKDF); 7465 #ifndef OPENSSL_NO_EC 7466 ADD_TEST(test_X509_PUBKEY_inplace); 7467 ADD_TEST(test_X509_PUBKEY_dup); 7468 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 7469 OSSL_NELEM(ec_der_pub_keys)); 7470 #endif 7471 #ifndef OPENSSL_NO_DSA 7472 ADD_TEST(test_DSA_get_set_params); 7473 ADD_TEST(test_DSA_priv_pub); 7474 #endif 7475 ADD_TEST(test_RSA_get_set_params); 7476 ADD_TEST(test_RSA_OAEP_set_get_params); 7477 ADD_TEST(test_RSA_OAEP_set_null_label); 7478 ADD_TEST(test_RSA_verify_recover_rejects_short_buffer); 7479 ADD_TEST(test_RSA_encrypt); 7480 #ifndef OPENSSL_NO_DEPRECATED_3_0 7481 ADD_TEST(test_RSA_legacy); 7482 #endif 7483 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 7484 ADD_TEST(test_decrypt_null_chunks); 7485 #endif 7486 #ifndef OPENSSL_NO_DH 7487 ADD_TEST(test_DH_priv_pub); 7488 #ifndef OPENSSL_NO_DEPRECATED_3_0 7489 ADD_TEST(test_EVP_PKEY_set1_DH); 7490 #endif 7491 #endif 7492 #ifndef OPENSSL_NO_EC 7493 ADD_TEST(test_EC_priv_pub); 7494 ADD_TEST(test_evp_get_ec_pub); 7495 #ifndef OPENSSL_NO_DEPRECATED_3_0 7496 ADD_TEST(test_EC_priv_only_legacy); 7497 ADD_TEST(test_evp_get_ec_pub_legacy); 7498 #endif 7499 #endif 7500 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 7501 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 7502 7503 ADD_TEST(test_rand_agglomeration); 7504 ADD_ALL_TESTS(test_evp_iv_aes, 12); 7505 #ifndef OPENSSL_NO_DES 7506 ADD_ALL_TESTS(test_evp_iv_des, 6); 7507 ADD_TEST(test_EVP_CIPHER_get_type_des_ede3); 7508 #endif /* OPENSSL_NO_DES */ 7509 #ifndef OPENSSL_NO_BF 7510 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 7511 #endif 7512 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 7513 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 7514 ADD_TEST(test_EVP_rsa_invalid_key); 7515 #ifndef OPENSSL_NO_EC 7516 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 7517 #endif 7518 7519 ADD_TEST(test_names_do_all); 7520 7521 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 7522 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 7523 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 7524 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 7525 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 7526 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 7527 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 7528 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 7529 7530 #ifndef OPENSSL_NO_DEPRECATED_3_0 7531 ADD_ALL_TESTS(test_custom_pmeth, 12); 7532 ADD_TEST(test_evp_md_cipher_meth); 7533 ADD_TEST(test_custom_md_meth); 7534 ADD_TEST(test_custom_ciph_meth); 7535 ADD_TEST(test_rsasve_kem_with_invalid_pub_key); 7536 7537 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 7538 /* Tests only support the default libctx */ 7539 if (testctx == NULL) { 7540 #ifndef OPENSSL_NO_EC 7541 ADD_ALL_TESTS(test_signatures_with_engine, 3); 7542 #else 7543 ADD_ALL_TESTS(test_signatures_with_engine, 2); 7544 #endif 7545 ADD_TEST(test_cipher_with_engine); 7546 } 7547 #endif 7548 #endif 7549 7550 #ifndef OPENSSL_NO_ECX 7551 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 7552 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 7553 #endif 7554 7555 ADD_TEST(test_sign_continuation); 7556 7557 /* Test cases for CVE-2023-5363 */ 7558 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 7559 #ifndef OPENSSL_NO_RC4 7560 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 7561 #endif 7562 7563 ADD_ALL_TESTS(test_aead_oneshot_roundtrip, 2 * OSSL_NELEM(aead_oneshot_cfgs)); 7564 7565 /* Test cases for CVE-2026-45446 */ 7566 ADD_TEST(test_aes_gcm_siv_empty_data); 7567 ADD_TEST(test_aes_siv_ctx_reuse); 7568 7569 ADD_TEST(test_invalid_ctx_for_digest); 7570 7571 ADD_TEST(test_evp_cipher_negative_length); 7572 7573 ADD_TEST(test_evp_cipher_pipeline); 7574 7575 return 1; 7576 } 7577 7578 void cleanup_tests(void) 7579 { 7580 OSSL_PROVIDER_unload(nullprov); 7581 OSSL_PROVIDER_unload(deflprov); 7582 #ifndef OPENSSL_SYS_TANDEM 7583 OSSL_PROVIDER_unload(lgcyprov); 7584 #endif 7585 OSSL_LIB_CTX_free(testctx); 7586 } 7587