1 /*
2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include <openssl/rand.h>
36 # include <crypto/ml_kem.h>
37 #include "testutil.h"
38 #include "internal/nelem.h"
39 #include "internal/sizes.h"
40 #include "crypto/evp.h"
41 #include "fake_rsaprov.h"
42 #include "fake_pipelineprov.h"
43
44 #ifdef STATIC_LEGACY
45 OSSL_provider_init_fn ossl_legacy_provider_init;
46 #endif
47
48 static OSSL_LIB_CTX *testctx = NULL;
49 static char *testpropq = NULL;
50
51 static OSSL_PROVIDER *nullprov = NULL;
52 static OSSL_PROVIDER *deflprov = NULL;
53 static OSSL_PROVIDER *lgcyprov = NULL;
54
55 /*
56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
57 * should never use this key anywhere but in an example.
58 */
59 static const unsigned char kExampleRSAKeyDER[] = {
60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
111 };
112
113 /* An invalid key whose prime factors exceed modulus n. */
114 static const unsigned char kInvalidRSAKeyDER[] = {
115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
289 0xe2, 0x80,
290 };
291
292 /*
293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
294 * should never use this key anywhere but in an example.
295 */
296 #ifndef OPENSSL_NO_DSA
297 static const unsigned char kExampleDSAKeyDER[] = {
298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
335 0x40, 0x48
336 };
337 #endif
338
339 /*
340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
341 * components are not correct.
342 */
343 static const unsigned char kExampleBadRSAKeyDER[] = {
344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
433 };
434
435 /*
436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
437 * values are 0.
438 */
439 static const unsigned char kExampleBad2RSAKeyDER[] = {
440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
442 0x01, 0x00, 0x02, 0x01, 0x00
443 };
444
445 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
446
447 static const unsigned char kSignature[] = {
448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
459 };
460
461 /*
462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1
463 * PrivateKeyInfo.
464 */
465 static const unsigned char kExampleRSAKeyPKCS8[] = {
466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
519 };
520
521 /*
522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2
523 * PrivateKeyInfo (with an optional public key).
524 */
525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = {
526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
579 /* Implicit optional Public key BIT STRING */
580 0x81, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8,
581 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
582 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
583 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
584 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
585 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
586 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
587 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
588 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
589 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
590 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
591 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01
592 };
593
594 #ifndef OPENSSL_NO_EC
595 /*
596 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
597 * structure.
598 */
599 static const unsigned char kExampleECKeyDER[] = {
600 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
601 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
602 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
603 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
604 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
605 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
606 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
607 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
608 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
609 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
610 0xc1,
611 };
612
613 static const unsigned char kExampleECKeyPKCS8_v2[] = {
614 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
615 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
616 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
617 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9,
618 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e,
619 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42,
620 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f,
621 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d,
622 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7,
623 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2,
624 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94,
625 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1,
626 /* Optional implicit public key BIT STRING */
627 0x81, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97,
628 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9,
629 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a,
630 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e,
631 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e,
632 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1
633 };
634
635 /*
636 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
637 * structure. The private key is equal to the order and will fail to import
638 */
639 static const unsigned char kExampleBadECKeyDER[] = {
640 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
641 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
642 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
643 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
644 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
645 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
646 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
647 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
648 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
649 };
650
651 /* prime256v1 */
652 static const unsigned char kExampleECPubKeyDER[] = {
653 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
654 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
655 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
656 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
657 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
658 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
659 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
660 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
661 };
662
663 /*
664 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
665 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
666 */
667 static const unsigned char kExampleBadECPubKeyDER[] = {
668 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
669 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
670 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
671 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
672 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
673 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
674 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
675 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
676 };
677
678 static const unsigned char pExampleECParamDER[] = {
679 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
680 };
681
682 # ifndef OPENSSL_NO_ECX
683 static const unsigned char kExampleED25519KeyDER[] = {
684 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
685 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
686 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
687 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
688 };
689
690 static const unsigned char kExampleED25519PubKeyDER[] = {
691 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
692 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
693 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
694 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
695 };
696
697 # ifndef OPENSSL_NO_DEPRECATED_3_0
698 static const unsigned char kExampleX25519KeyDER[] = {
699 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
700 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
701 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
702 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
703 };
704 # endif
705 # endif
706 #endif
707
708 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
709 #ifndef OPENSSL_NO_DEPRECATED_3_0
710 # ifndef OPENSSL_NO_DH
711 static const unsigned char kExampleDHKeyDER[] = {
712 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
713 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
714 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
715 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
716 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
717 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
718 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
719 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
720 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
721 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
722 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
723 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
724 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
725 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
726 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
727 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
728 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
729 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
730 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
731 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
732 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
733 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
734 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
735 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
736 0x2e, 0x87, 0x2a, 0x0b, 0x7a
737 };
738 # endif
739 #endif
740
741 static const unsigned char kCFBDefaultKey[] = {
742 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
743 0x09, 0xCF, 0x4F, 0x3C
744 };
745
746 static const unsigned char kGCMDefaultKey[32] = { 0 };
747
748 static const unsigned char kGCMResetKey[] = {
749 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
750 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
751 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
752 };
753
754 static const unsigned char iCFBIV[] = {
755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
756 0x0C, 0x0D, 0x0E, 0x0F
757 };
758
759 static const unsigned char iGCMDefaultIV[12] = { 0 };
760
761 static const unsigned char iGCMResetIV1[] = {
762 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
763 };
764
765 static const unsigned char iGCMResetIV2[] = {
766 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
767 };
768
769 static const unsigned char cfbPlaintext[] = {
770 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
771 0x73, 0x93, 0x17, 0x2A
772 };
773 static const unsigned char cfbPlaintext_partial[] = {
774 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
775 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
776 };
777
778 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
779
780 static const unsigned char gcmResetPlaintext[] = {
781 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
782 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
783 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
784 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
785 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
786 };
787
788 static const unsigned char cfbCiphertext[] = {
789 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
790 0xE8, 0x3C, 0xFB, 0x4A
791 };
792
793 static const unsigned char cfbCiphertext_partial[] = {
794 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
795 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
796 };
797
798 static const unsigned char ofbCiphertext_partial[] = {
799 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
800 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
801 };
802
803 static const unsigned char gcmDefaultCiphertext[] = {
804 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
805 0xba, 0xf3, 0x9d, 0x18
806 };
807
808 static const unsigned char gcmResetCiphertext1[] = {
809 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
810 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
811 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
812 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
813 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
814 };
815
816 static const unsigned char gcmResetCiphertext2[] = {
817 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
818 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
819 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
820 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
821 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
822 };
823
824 static const unsigned char gcmAAD[] = {
825 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
826 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
827 };
828
829 static const unsigned char gcmDefaultTag[] = {
830 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
831 0xd4, 0x8a, 0xb9, 0x19
832 };
833
834 static const unsigned char gcmResetTag1[] = {
835 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
836 0xfe, 0x2e, 0xa8, 0xf2
837 };
838
839 static const unsigned char gcmResetTag2[] = {
840 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
841 0xbb, 0x2d, 0x55, 0x1b
842 };
843
844 typedef struct APK_DATA_st {
845 const unsigned char *kder;
846 size_t size;
847 const char *keytype;
848 int evptype;
849 int check;
850 int pub_check;
851 int param_check;
852 int type; /* 0 for private, 1 for public, 2 for params */
853 } APK_DATA;
854
855 static APK_DATA keydata[] = {
856 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
857 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
858 #ifndef OPENSSL_NO_EC
859 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
860 #endif
861 };
862
863 static APK_DATA keydata_v2[] = {
864 {kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA},
865 #ifndef OPENSSL_NO_EC
866 {kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC}
867 #endif
868 };
869
870 static APK_DATA keycheckdata[] = {
871 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
872 0},
873 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
874 0, 1, 1, 0},
875 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
876 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
877 #ifndef OPENSSL_NO_EC
878 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
879 /* group is also associated in our pub key */
880 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
881 1, 1},
882 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
883 2},
884 # ifndef OPENSSL_NO_ECX
885 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
886 EVP_PKEY_ED25519, 1, 1, 1, 0},
887 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
888 EVP_PKEY_ED25519, 0, 1, 1, 1},
889 # endif
890 #endif
891 };
892
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)893 static EVP_PKEY *load_example_key(const char *keytype,
894 const unsigned char *data, size_t data_len)
895 {
896 const unsigned char **pdata = &data;
897 EVP_PKEY *pkey = NULL;
898 OSSL_DECODER_CTX *dctx =
899 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
900 testctx, testpropq);
901
902 /* |pkey| will be NULL on error */
903 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
904 OSSL_DECODER_CTX_free(dctx);
905 return pkey;
906 }
907
load_example_rsa_key(void)908 static EVP_PKEY *load_example_rsa_key(void)
909 {
910 return load_example_key("RSA", kExampleRSAKeyDER,
911 sizeof(kExampleRSAKeyDER));
912 }
913
914 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)915 static EVP_PKEY *load_example_dsa_key(void)
916 {
917 return load_example_key("DSA", kExampleDSAKeyDER,
918 sizeof(kExampleDSAKeyDER));
919 }
920 #endif
921
922 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)923 static EVP_PKEY *load_example_ec_key(void)
924 {
925 return load_example_key("EC", kExampleECKeyDER,
926 sizeof(kExampleECKeyDER));
927 }
928 #endif
929
930 #ifndef OPENSSL_NO_DEPRECATED_3_0
931 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)932 static EVP_PKEY *load_example_dh_key(void)
933 {
934 return load_example_key("DH", kExampleDHKeyDER,
935 sizeof(kExampleDHKeyDER));
936 }
937 # endif
938
939 # ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)940 static EVP_PKEY *load_example_ed25519_key(void)
941 {
942 return load_example_key("ED25519", kExampleED25519KeyDER,
943 sizeof(kExampleED25519KeyDER));
944 }
945
load_example_x25519_key(void)946 static EVP_PKEY *load_example_x25519_key(void)
947 {
948 return load_example_key("X25519", kExampleX25519KeyDER,
949 sizeof(kExampleX25519KeyDER));
950 }
951 # endif
952 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
953
load_example_hmac_key(void)954 static EVP_PKEY *load_example_hmac_key(void)
955 {
956 EVP_PKEY *pkey = NULL;
957 unsigned char key[] = {
958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
959 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
960 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
961 };
962
963 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
964 NULL, key, sizeof(key));
965 if (!TEST_ptr(pkey))
966 return NULL;
967
968 return pkey;
969 }
970
test_EVP_set_config_properties(void)971 static int test_EVP_set_config_properties(void)
972 {
973 char *fetched_properties = NULL;
974 const char test_propq[] = "test.fizzbuzz=buzzfizz";
975 int res = 0;
976
977 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
978 if (!TEST_ptr(fetched_properties)
979 || !TEST_str_eq(fetched_properties, test_propq))
980 goto err;
981 OPENSSL_free(fetched_properties);
982 fetched_properties = NULL;
983
984 res = 1;
985 err:
986 OPENSSL_free(fetched_properties);
987 return res;
988 }
989
test_EVP_set_default_properties(void)990 static int test_EVP_set_default_properties(void)
991 {
992 OSSL_LIB_CTX *ctx;
993 EVP_MD *md = NULL;
994 int res = 0;
995 char *fetched_properties = NULL;
996 const char test_propq[] = "provider=fizzbang";
997 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
998
999 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
1000 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1001 goto err;
1002 EVP_MD_free(md);
1003 md = NULL;
1004
1005 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
1006 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
1007 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
1008 goto err;
1009 EVP_MD_free(md);
1010 md = NULL;
1011
1012 fetched_properties = EVP_get1_default_properties(ctx);
1013 if (!TEST_ptr(fetched_properties)
1014 || !TEST_str_eq(fetched_properties, test_propq))
1015 goto err;
1016 OPENSSL_free(fetched_properties);
1017 fetched_properties = NULL;
1018
1019 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
1020 goto err;
1021 fetched_properties = EVP_get1_default_properties(ctx);
1022 if (!TEST_ptr(fetched_properties)
1023 || !TEST_str_eq(fetched_properties, test_fips_propq))
1024 goto err;
1025 OPENSSL_free(fetched_properties);
1026 fetched_properties = NULL;
1027
1028 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
1029 goto err;
1030
1031 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
1032 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1033 goto err;
1034 res = 1;
1035 err:
1036 OPENSSL_free(fetched_properties);
1037 EVP_MD_free(md);
1038 OSSL_LIB_CTX_free(ctx);
1039 return res;
1040 }
1041
1042 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)1043 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
1044 {
1045 EVP_PKEY_CTX *pctx = NULL;
1046 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
1047
1048 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
1049 goto err;
1050 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
1051 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
1052 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1053 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
1054 params), 0))
1055 goto err;
1056
1057 if (!TEST_ptr(tmp_pkey))
1058 goto err;
1059
1060 pkey = tmp_pkey;
1061 tmp_pkey = NULL;
1062 err:
1063 EVP_PKEY_free(tmp_pkey);
1064 EVP_PKEY_CTX_free(pctx);
1065 return pkey;
1066 }
1067
test_selection(EVP_PKEY * pkey,int selection)1068 static int test_selection(EVP_PKEY *pkey, int selection)
1069 {
1070 int testresult = 0;
1071 int ret;
1072 BIO *bio = BIO_new(BIO_s_mem());
1073
1074 ret = PEM_write_bio_PUBKEY(bio, pkey);
1075 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
1076 if (!TEST_true(ret))
1077 goto err;
1078 } else {
1079 if (!TEST_false(ret))
1080 goto err;
1081 }
1082 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
1083 testctx, NULL);
1084 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
1085 if (!TEST_true(ret))
1086 goto err;
1087 } else {
1088 if (!TEST_false(ret))
1089 goto err;
1090 }
1091
1092 testresult = 1;
1093 err:
1094 BIO_free(bio);
1095
1096 return testresult;
1097 }
1098 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
1099
1100 /*
1101 * Test combinations of private, public, missing and private + public key
1102 * params to ensure they are all accepted
1103 */
1104 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)1105 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1106 {
1107 OSSL_PARAM_BLD *bld = NULL;
1108 OSSL_PARAM *params = NULL;
1109 EVP_PKEY *just_params = NULL;
1110 EVP_PKEY *params_and_priv = NULL;
1111 EVP_PKEY *params_and_pub = NULL;
1112 EVP_PKEY *params_and_keypair = NULL;
1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1114 int ret = 0;
1115
1116 /*
1117 * Setup the parameters for our pkey object. For our purposes they don't
1118 * have to actually be *valid* parameters. We just need to set something.
1119 */
1120 if (!TEST_ptr(p = BN_new())
1121 || !TEST_ptr(q = BN_new())
1122 || !TEST_ptr(g = BN_new())
1123 || !TEST_ptr(pub = BN_new())
1124 || !TEST_ptr(priv = BN_new()))
1125 goto err;
1126
1127 /* Test !priv and !pub */
1128 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1130 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1132 goto err;
1133 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1134 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1135 goto err;
1136
1137 OSSL_PARAM_free(params);
1138 OSSL_PARAM_BLD_free(bld);
1139 params = NULL;
1140 bld = NULL;
1141
1142 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1143 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1144 goto err;
1145
1146 /* Test priv and !pub */
1147 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1148 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1149 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1152 priv)))
1153 goto err;
1154 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1155 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1156 goto err;
1157
1158 OSSL_PARAM_free(params);
1159 OSSL_PARAM_BLD_free(bld);
1160 params = NULL;
1161 bld = NULL;
1162
1163 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1164 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1165 goto err;
1166
1167 /* Test !priv and pub */
1168 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1169 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1170 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1173 pub)))
1174 goto err;
1175 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1176 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1177 goto err;
1178
1179 OSSL_PARAM_free(params);
1180 OSSL_PARAM_BLD_free(bld);
1181 params = NULL;
1182 bld = NULL;
1183
1184 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1185 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1186 goto err;
1187
1188 /* Test priv and pub */
1189 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1191 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1194 pub))
1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1196 priv)))
1197 goto err;
1198 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1199 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1200 goto err;
1201
1202 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1203 goto err;
1204
1205 ret = 1;
1206 err:
1207 OSSL_PARAM_free(params);
1208 OSSL_PARAM_BLD_free(bld);
1209 EVP_PKEY_free(just_params);
1210 EVP_PKEY_free(params_and_priv);
1211 EVP_PKEY_free(params_and_pub);
1212 EVP_PKEY_free(params_and_keypair);
1213 BN_free(p);
1214 BN_free(q);
1215 BN_free(g);
1216 BN_free(pub);
1217 BN_free(priv);
1218
1219 return ret;
1220 }
1221 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1222
1223 /*
1224 * Test combinations of private, public, missing and private + public key
1225 * params to ensure they are all accepted for EC keys
1226 */
1227 #ifndef OPENSSL_NO_EC
1228 static unsigned char ec_priv[] = {
1229 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1230 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1231 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1232 };
1233 static unsigned char ec_pub[] = {
1234 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1235 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1236 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1237 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1238 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1239 0x08, 0x09, 0xb8, 0xdb, 0x03
1240 };
1241
test_EC_priv_pub(void)1242 static int test_EC_priv_pub(void)
1243 {
1244 OSSL_PARAM_BLD *bld = NULL;
1245 OSSL_PARAM *params = NULL;
1246 EVP_PKEY *just_params = NULL;
1247 EVP_PKEY *params_and_priv = NULL;
1248 EVP_PKEY *params_and_pub = NULL;
1249 EVP_PKEY *params_and_keypair = NULL;
1250 BIGNUM *priv = NULL;
1251 int ret = 0;
1252 unsigned char *encoded = NULL;
1253 size_t len = 0;
1254 unsigned char buffer[128];
1255
1256 /*
1257 * Setup the parameters for our pkey object. For our purposes they don't
1258 * have to actually be *valid* parameters. We just need to set something.
1259 */
1260 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1261 goto err;
1262
1263 /* Test !priv and !pub */
1264 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1265 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1266 OSSL_PKEY_PARAM_GROUP_NAME,
1267 "P-256", 0)))
1268 goto err;
1269 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1270 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1271 goto err;
1272
1273 OSSL_PARAM_free(params);
1274 OSSL_PARAM_BLD_free(bld);
1275 params = NULL;
1276 bld = NULL;
1277
1278 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1279 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1280 goto err;
1281
1282 /* Test priv and !pub */
1283 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1284 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1285 OSSL_PKEY_PARAM_GROUP_NAME,
1286 "P-256", 0))
1287 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1288 priv)))
1289 goto err;
1290 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1291 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1292 goto err;
1293
1294 OSSL_PARAM_free(params);
1295 OSSL_PARAM_BLD_free(bld);
1296 params = NULL;
1297 bld = NULL;
1298
1299 /*
1300 * We indicate only parameters here, in spite of having built a key that
1301 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1302 * expected to fail because it does not support exporting a private EC
1303 * key without a corresponding public key
1304 */
1305 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1306 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1307 goto err;
1308
1309 /* Test !priv and pub */
1310 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1311 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1312 OSSL_PKEY_PARAM_GROUP_NAME,
1313 "P-256", 0))
1314 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1315 OSSL_PKEY_PARAM_PUB_KEY,
1316 ec_pub, sizeof(ec_pub))))
1317 goto err;
1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1319 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1320 goto err;
1321
1322 OSSL_PARAM_free(params);
1323 OSSL_PARAM_BLD_free(bld);
1324 params = NULL;
1325 bld = NULL;
1326
1327 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1328 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1329 goto err;
1330
1331 /* Test priv and pub */
1332 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1333 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1334 OSSL_PKEY_PARAM_GROUP_NAME,
1335 "P-256", 0))
1336 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1337 OSSL_PKEY_PARAM_PUB_KEY,
1338 ec_pub, sizeof(ec_pub)))
1339 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1340 priv)))
1341 goto err;
1342 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1343 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1344 goto err;
1345
1346 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1347 goto err;
1348
1349 /* Try key equality */
1350 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1351 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1352 0)
1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1354 0)
1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1356 0)
1357 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1358 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1361 goto err;
1362
1363 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1364 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1365 goto err;
1366 OPENSSL_free(encoded);
1367 encoded = NULL;
1368 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1369 OPENSSL_free(encoded);
1370 encoded = NULL;
1371 goto err;
1372 }
1373
1374 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1375 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1376 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1377 buffer, sizeof(buffer), &len), 1)
1378 || !TEST_int_eq(len, 65))
1379 goto err;
1380
1381 len = 0;
1382 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1383 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1384 NULL, 0, &len), 1)
1385 || !TEST_int_eq(len, 65))
1386 goto err;
1387
1388 /* too-short buffer len*/
1389 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1390 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1391 buffer, 10, &len), 0))
1392 goto err;
1393
1394 ret = 1;
1395 err:
1396 OSSL_PARAM_free(params);
1397 OSSL_PARAM_BLD_free(bld);
1398 EVP_PKEY_free(just_params);
1399 EVP_PKEY_free(params_and_priv);
1400 EVP_PKEY_free(params_and_pub);
1401 EVP_PKEY_free(params_and_keypair);
1402 BN_free(priv);
1403
1404 return ret;
1405 }
1406
1407 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1408 static int test_evp_get_ec_pub(void)
1409 {
1410 OSSL_PARAM_BLD *bld = NULL;
1411 OSSL_PARAM *params = NULL;
1412 unsigned char *pad = NULL;
1413 EVP_PKEY *keypair = NULL;
1414 BIGNUM *priv = NULL;
1415 BIGNUM *x = NULL;
1416 BIGNUM *y = NULL;
1417 int ret = 0;
1418
1419 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1420 goto err;
1421
1422 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1423 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1424 OSSL_PKEY_PARAM_GROUP_NAME,
1425 "P-256", 0))
1426 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1427 OSSL_PKEY_PARAM_PUB_KEY,
1428 ec_pub, sizeof(ec_pub)))
1429 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1430 priv)))
1431 goto err;
1432
1433 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1434 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1435 goto err;
1436
1437 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1438 goto err;
1439
1440 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1441 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1442 goto err;
1443
1444 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1445 goto err;
1446
1447 pad[0] = ec_pub[0];
1448 BN_bn2bin(x, &pad[1]);
1449 BN_bn2bin(y, &pad[33]);
1450 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1451 goto err;
1452
1453 ret = 1;
1454
1455 err:
1456 OSSL_PARAM_free(params);
1457 OSSL_PARAM_BLD_free(bld);
1458 EVP_PKEY_free(keypair);
1459 OPENSSL_free(pad);
1460 BN_free(priv);
1461 BN_free(x);
1462 BN_free(y);
1463 return ret;
1464 }
1465
1466 /* Test that using a legacy EC key with only a private key in it works */
1467 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1468 static int test_EC_priv_only_legacy(void)
1469 {
1470 BIGNUM *priv = NULL;
1471 int ret = 0;
1472 EC_KEY *eckey = NULL;
1473 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1474 EVP_MD_CTX *ctx = NULL;
1475
1476 /* Create the low level EC_KEY */
1477 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1478 goto err;
1479
1480 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1481 if (!TEST_ptr(eckey))
1482 goto err;
1483
1484 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1485 goto err;
1486
1487 pkey = EVP_PKEY_new();
1488 if (!TEST_ptr(pkey))
1489 goto err;
1490
1491 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1492 goto err;
1493 eckey = NULL;
1494
1495 for (;;) {
1496 ret = 0;
1497 ctx = EVP_MD_CTX_new();
1498 if (!TEST_ptr(ctx))
1499 goto err;
1500
1501 /*
1502 * The EVP_DigestSignInit function should create the key on the
1503 * provider side which is sufficient for this test.
1504 */
1505 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1506 testpropq, pkey, NULL)))
1507 goto err;
1508 EVP_MD_CTX_free(ctx);
1509 ctx = NULL;
1510
1511 if (dup_pk != NULL)
1512 break;
1513
1514 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1515 goto err;
1516 /* EVP_PKEY_eq() returns -2 with missing public keys */
1517 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1518 EVP_PKEY_free(pkey);
1519 pkey = dup_pk;
1520 if (!ret)
1521 goto err;
1522 }
1523 ret = 1;
1524
1525 err:
1526 EVP_MD_CTX_free(ctx);
1527 EVP_PKEY_free(pkey);
1528 EC_KEY_free(eckey);
1529 BN_free(priv);
1530
1531 return ret;
1532 }
1533
test_evp_get_ec_pub_legacy(void)1534 static int test_evp_get_ec_pub_legacy(void)
1535 {
1536 OSSL_LIB_CTX *libctx = NULL;
1537 unsigned char *pad = NULL;
1538 EVP_PKEY *pkey = NULL;
1539 EC_KEY *eckey = NULL;
1540 BIGNUM *priv = NULL;
1541 BIGNUM *x = NULL;
1542 BIGNUM *y = NULL;
1543 int ret = 0;
1544
1545 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1546 goto err;
1547
1548 /* Create the legacy key */
1549 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1550 NID_X9_62_prime256v1)))
1551 goto err;
1552
1553 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1554 goto err;
1555
1556 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1557 goto err;
1558
1559 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1560 goto err;
1561
1562 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1563 goto err;
1564
1565 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1566 goto err;
1567
1568 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1569 goto err;
1570
1571 /* Transfer the legacy key */
1572 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1573 goto err;
1574 eckey = NULL;
1575
1576 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1577 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1578 goto err;
1579
1580 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1581 goto err;
1582
1583 pad[0] = ec_pub[0];
1584 BN_bn2bin(x, &pad[1]);
1585 BN_bn2bin(y, &pad[33]);
1586
1587 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1588 goto err;
1589
1590 ret = 1;
1591
1592 err:
1593 OSSL_LIB_CTX_free(libctx);
1594 EVP_PKEY_free(pkey);
1595 EC_KEY_free(eckey);
1596 OPENSSL_free(pad);
1597 BN_free(priv);
1598 BN_free(x);
1599 BN_free(y);
1600
1601 return ret;
1602 }
1603 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1604 #endif /* OPENSSL_NO_EC */
1605
test_EVP_PKEY_sign(int tst)1606 static int test_EVP_PKEY_sign(int tst)
1607 {
1608 int ret = 0;
1609 EVP_PKEY *pkey = NULL;
1610 unsigned char *sig = NULL;
1611 size_t sig_len = 0, shortsig_len = 1;
1612 EVP_PKEY_CTX *ctx = NULL;
1613 unsigned char tbs[] = {
1614 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1615 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1616 };
1617
1618 if (tst == 0) {
1619 if (!TEST_ptr(pkey = load_example_rsa_key()))
1620 goto out;
1621 } else if (tst == 1) {
1622 #ifndef OPENSSL_NO_DSA
1623 if (!TEST_ptr(pkey = load_example_dsa_key()))
1624 goto out;
1625 #else
1626 ret = 1;
1627 goto out;
1628 #endif
1629 } else {
1630 #ifndef OPENSSL_NO_EC
1631 if (!TEST_ptr(pkey = load_example_ec_key()))
1632 goto out;
1633 #else
1634 ret = 1;
1635 goto out;
1636 #endif
1637 }
1638
1639 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1640 if (!TEST_ptr(ctx)
1641 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1642 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1643 sizeof(tbs)), 0))
1644 goto out;
1645 sig = OPENSSL_malloc(sig_len);
1646 if (!TEST_ptr(sig)
1647 /* Test sending a signature buffer that is too short is rejected */
1648 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1649 sizeof(tbs)), 0)
1650 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1651 0)
1652 /* Test the signature round-trips */
1653 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1654 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1655 0))
1656 goto out;
1657
1658 ret = 1;
1659 out:
1660 EVP_PKEY_CTX_free(ctx);
1661 OPENSSL_free(sig);
1662 EVP_PKEY_free(pkey);
1663 return ret;
1664 }
1665
1666 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1667 static int test_EVP_PKEY_sign_with_app_method(int tst)
1668 {
1669 int ret = 0;
1670 EVP_PKEY *pkey = NULL;
1671 RSA *rsa = NULL;
1672 RSA_METHOD *rsa_meth = NULL;
1673 #ifndef OPENSSL_NO_DSA
1674 DSA *dsa = NULL;
1675 DSA_METHOD *dsa_meth = NULL;
1676 #endif
1677 unsigned char *sig = NULL;
1678 size_t sig_len = 0, shortsig_len = 1;
1679 EVP_PKEY_CTX *ctx = NULL;
1680 unsigned char tbs[] = {
1681 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1682 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1683 };
1684
1685 if (tst == 0) {
1686 if (!TEST_ptr(pkey = load_example_rsa_key()))
1687 goto out;
1688 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1689 goto out;
1690
1691 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1692 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1693 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1694 goto out;
1695 rsa = NULL; /* now owned by the pkey */
1696 } else {
1697 #ifndef OPENSSL_NO_DSA
1698 if (!TEST_ptr(pkey = load_example_dsa_key()))
1699 goto out;
1700 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1701 goto out;
1702
1703 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1704 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1705 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1706 goto out;
1707 dsa = NULL; /* now owned by the pkey */
1708 #else
1709 ret = 1;
1710 goto out;
1711 #endif
1712 }
1713
1714 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1715 if (!TEST_ptr(ctx)
1716 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1717 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1718 sizeof(tbs)), 0))
1719 goto out;
1720 sig = OPENSSL_malloc(sig_len);
1721 if (!TEST_ptr(sig)
1722 /* Test sending a signature buffer that is too short is rejected */
1723 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1724 sizeof(tbs)), 0)
1725 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1726 0)
1727 /* Test the signature round-trips */
1728 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1729 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1730 0))
1731 goto out;
1732
1733 ret = 1;
1734 out:
1735 EVP_PKEY_CTX_free(ctx);
1736 OPENSSL_free(sig);
1737 EVP_PKEY_free(pkey);
1738 RSA_free(rsa);
1739 RSA_meth_free(rsa_meth);
1740 #ifndef OPENSSL_NO_DSA
1741 DSA_free(dsa);
1742 DSA_meth_free(dsa_meth);
1743 #endif
1744 return ret;
1745 }
1746 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1747
1748 /*
1749 * n = 0 => test using legacy cipher
1750 * n = 1 => test using fetched cipher
1751 */
test_EVP_Enveloped(int n)1752 static int test_EVP_Enveloped(int n)
1753 {
1754 int ret = 0;
1755 EVP_CIPHER_CTX *ctx = NULL;
1756 EVP_PKEY *keypair = NULL;
1757 unsigned char *kek = NULL;
1758 unsigned char iv[EVP_MAX_IV_LENGTH];
1759 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1760 int len, kek_len, ciphertext_len, plaintext_len;
1761 unsigned char ciphertext[32], plaintext[16];
1762 EVP_CIPHER *type = NULL;
1763
1764 if (nullprov != NULL)
1765 return TEST_skip("Test does not support a non-default library context");
1766
1767 if (n == 0)
1768 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1769 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1770 testpropq)))
1771 goto err;
1772
1773 if (!TEST_ptr(keypair = load_example_rsa_key())
1774 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1775 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1776 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1777 &keypair, 1))
1778 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1779 msg, sizeof(msg)))
1780 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1781 &len)))
1782 goto err;
1783
1784 ciphertext_len += len;
1785
1786 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1787 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1788 ciphertext, ciphertext_len))
1789 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1790 goto err;
1791
1792 plaintext_len += len;
1793 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1794 goto err;
1795
1796 ret = 1;
1797 err:
1798 if (n != 0)
1799 EVP_CIPHER_free(type);
1800 OPENSSL_free(kek);
1801 EVP_PKEY_free(keypair);
1802 EVP_CIPHER_CTX_free(ctx);
1803 return ret;
1804 }
1805
1806 /*
1807 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1808 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1809 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1810 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1811 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1812 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1813 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1814 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1815 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1816 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1817 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1818 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1819 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1820 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1821 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1822 * Test 15-29: Same as above with reinitialization
1823 */
test_EVP_DigestSignInit(int tst)1824 static int test_EVP_DigestSignInit(int tst)
1825 {
1826 int ret = 0;
1827 EVP_PKEY *pkey = NULL;
1828 unsigned char *sig = NULL, *sig2 = NULL;
1829 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1830 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1831 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1832 BIO *mdbio = NULL, *membio = NULL;
1833 size_t written;
1834 const EVP_MD *md;
1835 EVP_MD *mdexp = NULL;
1836 int reinit = 0;
1837
1838 if (nullprov != NULL)
1839 return TEST_skip("Test does not support a non-default library context");
1840
1841 if (tst >= 15) {
1842 reinit = 1;
1843 tst -= 15;
1844 }
1845
1846 if (tst >= 6 && tst <= 8) {
1847 membio = BIO_new(BIO_s_mem());
1848 mdbio = BIO_new(BIO_f_md());
1849 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1850 goto out;
1851 BIO_push(mdbio, membio);
1852 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1853 goto out;
1854 } else {
1855 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1856 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1857 goto out;
1858 }
1859
1860 if (tst % 3 == 0) {
1861 if (!TEST_ptr(pkey = load_example_rsa_key()))
1862 goto out;
1863 } else if (tst % 3 == 1) {
1864 #ifndef OPENSSL_NO_DSA
1865 if (!TEST_ptr(pkey = load_example_dsa_key()))
1866 goto out;
1867 #else
1868 ret = 1;
1869 goto out;
1870 #endif
1871 } else {
1872 if (!TEST_ptr(pkey = load_example_hmac_key()))
1873 goto out;
1874 }
1875
1876 if (tst >= 3 && tst <= 5)
1877 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1878 else
1879 md = EVP_sha256();
1880
1881 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1882 goto out;
1883
1884 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1885 goto out;
1886
1887 if (tst >= 6 && tst <= 8) {
1888 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1889 goto out;
1890 } else if (tst < 6) {
1891 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1892 goto out;
1893 }
1894
1895 if (tst >= 9) {
1896 /* Determine the size of the signature. */
1897 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1898 sizeof(kMsg)))
1899 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1900 goto out;
1901 if (tst <= 11) {
1902 /* Test that supply a short sig buffer fails */
1903 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1904 sizeof(kMsg))))
1905 goto out;
1906 /*
1907 * We end here because once EVP_DigestSign() has failed you should
1908 * not call it again without re-initing the ctx
1909 */
1910 ret = 1;
1911 goto out;
1912 }
1913 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1914 sizeof(kMsg))))
1915 goto out;
1916 } else {
1917 /* Determine the size of the signature. */
1918 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1919 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1920 /*
1921 * Trying to create a signature with a deliberately short
1922 * buffer should fail.
1923 */
1924 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1925 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1926 goto out;
1927 }
1928
1929 /*
1930 * Ensure that the signature round-trips (Verification isn't supported for
1931 * HMAC via EVP_DigestVerify*)
1932 */
1933 if (tst % 3 != 2) {
1934 if (tst >= 6 && tst <= 8) {
1935 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1936 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1937 goto out;
1938 }
1939
1940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1941 NULL, pkey)))
1942 goto out;
1943
1944 if (tst >= 6 && tst <= 8) {
1945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1946 goto out;
1947 } else {
1948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1949 sizeof(kMsg))))
1950 goto out;
1951 }
1952 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1953 goto out;
1954
1955 /* Multiple calls to EVP_DigestVerifyFinal should work */
1956 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1957 goto out;
1958 } else {
1959 /*
1960 * For HMAC a doubled call to DigestSignFinal should produce the same
1961 * value as finalization should not happen.
1962 */
1963 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1964 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1965 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1966 goto out;
1967
1968 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1969 goto out;
1970 }
1971
1972 ret = 1;
1973
1974 out:
1975 BIO_free(membio);
1976 BIO_free(mdbio);
1977 EVP_MD_CTX_free(a_md_ctx);
1978 EVP_MD_CTX_free(a_md_ctx_verify);
1979 EVP_PKEY_free(pkey);
1980 OPENSSL_free(sig);
1981 OPENSSL_free(sig2);
1982 EVP_MD_free(mdexp);
1983
1984 return ret;
1985 }
1986
test_EVP_DigestVerifyInit(void)1987 static int test_EVP_DigestVerifyInit(void)
1988 {
1989 int ret = 0;
1990 EVP_PKEY *pkey = NULL;
1991 EVP_MD_CTX *md_ctx = NULL;
1992
1993 if (nullprov != NULL)
1994 return TEST_skip("Test does not support a non-default library context");
1995
1996 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1997 || !TEST_ptr(pkey = load_example_rsa_key()))
1998 goto out;
1999
2000 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
2001 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2002 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2003 sizeof(kSignature)), 0))
2004 goto out;
2005
2006 /* test with reinitialization */
2007 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
2008 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2009 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2010 sizeof(kSignature)), 0))
2011 goto out;
2012 ret = 1;
2013
2014 out:
2015 EVP_MD_CTX_free(md_ctx);
2016 EVP_PKEY_free(pkey);
2017 return ret;
2018 }
2019
2020 #ifndef OPENSSL_NO_EC
test_ecdsa_digestsign_keccak(void)2021 static int test_ecdsa_digestsign_keccak(void)
2022 {
2023 int ret = 0;
2024 EVP_PKEY *pkey = NULL;
2025 EVP_MD_CTX *ctx = NULL;
2026 EVP_MD *md = NULL;
2027
2028 if (nullprov != NULL)
2029 return TEST_skip("Test does not support a non-default library context");
2030
2031 pkey = load_example_ec_key();
2032 if (!TEST_ptr(pkey))
2033 goto err;
2034
2035 /* This would not work with FIPS provider so just use NULL libctx */
2036 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL);
2037 if (!TEST_ptr(md))
2038 goto err;
2039
2040 ctx = EVP_MD_CTX_new();
2041 if (!TEST_ptr(ctx))
2042 goto err;
2043
2044 /*
2045 * Just check EVP_DigestSignInit_ex() works.
2046 */
2047 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
2048 goto err;
2049
2050 ret = 1;
2051 err:
2052 EVP_MD_CTX_free(ctx);
2053 EVP_PKEY_free(pkey);
2054 EVP_MD_free(md);
2055
2056 return ret;
2057 }
2058 #endif
2059
2060 #ifndef OPENSSL_NO_SIPHASH
2061 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)2062 static int test_siphash_digestsign(void)
2063 {
2064 unsigned char key[16];
2065 unsigned char buf[8], digest[8];
2066 unsigned char expected[8] = {
2067 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
2068 };
2069 EVP_PKEY *pkey = NULL;
2070 EVP_MD_CTX *mdctx = NULL;
2071 EVP_PKEY_CTX *ctx = NULL;
2072 int ret = 0;
2073 size_t len = 8;
2074
2075 if (nullprov != NULL)
2076 return TEST_skip("Test does not support a non-default library context");
2077
2078 memset(buf, 0, 8);
2079 memset(key, 1, 16);
2080 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
2081 key, 16)))
2082 goto out;
2083
2084 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
2085 goto out;
2086
2087 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
2088 goto out;
2089 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
2090 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
2091 8, NULL), 1))
2092 goto out;
2093 /* reinitialize */
2094 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
2095 goto out;
2096 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
2097 goto out;
2098 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
2099 goto out;
2100 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
2101 goto out;
2102
2103 ret = 1;
2104 out:
2105 EVP_PKEY_free(pkey);
2106 EVP_MD_CTX_free(mdctx);
2107 return ret;
2108 }
2109 #endif
2110
2111 /*
2112 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
2113 */
test_EVP_Digest(void)2114 static int test_EVP_Digest(void)
2115 {
2116 int ret = 0;
2117 EVP_MD_CTX *md_ctx = NULL;
2118 unsigned char md[EVP_MAX_MD_SIZE];
2119 EVP_MD *sha256 = NULL;
2120 EVP_MD *shake256 = NULL;
2121
2122 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2123 goto out;
2124
2125 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
2126 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
2127 goto out;
2128
2129 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2130 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2131 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
2132 /* EVP_DigestFinal resets the EVP_MD_CTX. */
2133 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
2134 goto out;
2135
2136 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2137 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2138 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
2139 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
2140 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2141 /*
2142 * EVP_DigestInit_ex with NULL type should work on
2143 * pre-initialized context.
2144 */
2145 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2146 goto out;
2147
2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2150 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2151 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2153 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2154 goto out;
2155 ret = 1;
2156
2157 out:
2158 EVP_MD_CTX_free(md_ctx);
2159 EVP_MD_free(sha256);
2160 EVP_MD_free(shake256);
2161 return ret;
2162 }
2163
test_EVP_md_null(void)2164 static int test_EVP_md_null(void)
2165 {
2166 int ret = 0;
2167 EVP_MD_CTX *md_ctx = NULL;
2168 const EVP_MD *md_null = EVP_md_null();
2169 unsigned char md_value[EVP_MAX_MD_SIZE];
2170 unsigned int md_len = sizeof(md_value);
2171
2172 if (nullprov != NULL)
2173 return TEST_skip("Test does not support a non-default library context");
2174
2175 if (!TEST_ptr(md_null)
2176 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2177 goto out;
2178
2179 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2180 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2181 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2182 goto out;
2183
2184 if (!TEST_uint_eq(md_len, 0))
2185 goto out;
2186
2187 ret = 1;
2188 out:
2189 EVP_MD_CTX_free(md_ctx);
2190 return ret;
2191 }
2192
test_d2i_AutoPrivateKey(int i)2193 static int test_d2i_AutoPrivateKey(int i)
2194 {
2195 int ret = 0;
2196 const unsigned char *p;
2197 EVP_PKEY *pkey = NULL;
2198 const APK_DATA *ak = &keydata[i];
2199 const unsigned char *input = ak->kder;
2200 size_t input_len = ak->size;
2201 int expected_id = ak->evptype;
2202
2203 p = input;
2204 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2205 || !TEST_ptr_eq(p, input + input_len)
2206 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2207 goto done;
2208
2209 ret = 1;
2210
2211 done:
2212 EVP_PKEY_free(pkey);
2213 return ret;
2214 }
2215
2216 #ifndef OPENSSL_NO_EC
2217
2218 static const unsigned char ec_public_sect163k1_validxy[] = {
2219 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2220 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2221 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2222 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2223 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2224 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2225 };
2226
2227 static const unsigned char ec_public_sect163k1_badx[] = {
2228 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2229 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2230 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2231 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2232 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2233 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2234 };
2235
2236 static const unsigned char ec_public_sect163k1_bady[] = {
2237 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2238 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2239 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2240 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2241 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2242 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2243 };
2244
2245 static struct ec_der_pub_keys_st {
2246 const unsigned char *der;
2247 size_t len;
2248 int valid;
2249 } ec_der_pub_keys[] = {
2250 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2251 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2252 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2253 };
2254
2255 /*
2256 * Tests the range of the decoded EC char2 public point.
2257 * See ec_GF2m_simple_oct2point().
2258 */
test_invalide_ec_char2_pub_range_decode(int id)2259 static int test_invalide_ec_char2_pub_range_decode(int id)
2260 {
2261 int ret = 0;
2262 EVP_PKEY *pkey;
2263
2264 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2265 ec_der_pub_keys[id].len);
2266
2267 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2268 || TEST_ptr_null(pkey);
2269 EVP_PKEY_free(pkey);
2270 return ret;
2271 }
2272
test_EVP_PKCS82PKEY(void)2273 static int test_EVP_PKCS82PKEY(void)
2274 {
2275 int ret = 0;
2276 const unsigned char *derp = kExampleBadECKeyDER;
2277 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2278 EVP_PKEY *pkey = NULL;
2279
2280 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2281 sizeof(kExampleBadECKeyDER))))
2282 goto done;
2283
2284 if (!TEST_ptr_eq(derp,
2285 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2286 goto done;
2287
2288 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2289 goto done;
2290
2291 ret = 1;
2292
2293 done:
2294 PKCS8_PRIV_KEY_INFO_free(p8inf);
2295 EVP_PKEY_free(pkey);
2296
2297 return ret;
2298 }
2299
2300 #endif
2301
test_EVP_PKCS82PKEY_v2(int i)2302 static int test_EVP_PKCS82PKEY_v2(int i)
2303 {
2304 int ret = 0;
2305 const unsigned char *p;
2306 const APK_DATA *ak = &keydata_v2[i];
2307 const unsigned char *input = ak->kder;
2308 size_t input_len = ak->size;
2309 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2310
2311 /* Can we parse PKCS#8 v2, ignoring the public key for now? */
2312 p = input;
2313 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len);
2314 if (!TEST_ptr(p8inf)
2315 || !TEST_true(p == input + input_len))
2316 goto done;
2317
2318 ret = 1;
2319 done:
2320 PKCS8_PRIV_KEY_INFO_free(p8inf);
2321 return ret;
2322 }
2323
2324 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY_wrong_tag(void)2325 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2326 {
2327 EVP_PKEY *pkey = NULL;
2328 EVP_PKEY *pkey2 = NULL;
2329 BIO *membio = NULL;
2330 char *membuf = NULL;
2331 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2332 int ok = 0;
2333
2334 if (testctx != NULL)
2335 /* test not supported with non-default context */
2336 return 1;
2337
2338 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2339 || !TEST_ptr(pkey = load_example_rsa_key())
2340 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2341 NULL, 0, NULL, NULL),
2342 0)
2343 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2344 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2345 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2346 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2347 goto done;
2348 }
2349
2350 ok = 1;
2351 done:
2352 EVP_PKEY_free(pkey);
2353 EVP_PKEY_free(pkey2);
2354 PKCS8_PRIV_KEY_INFO_free(p8inf);
2355 BIO_free_all(membio);
2356 return ok;
2357 }
2358
2359 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2360 static int test_privatekey_to_pkcs8(void)
2361 {
2362 EVP_PKEY *pkey = NULL;
2363 BIO *membio = NULL;
2364 char *membuf = NULL;
2365 long membuf_len = 0;
2366 int ok = 0;
2367
2368 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2369 || !TEST_ptr(pkey = load_example_rsa_key())
2370 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2371 NULL, 0, NULL, NULL),
2372 0)
2373 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2374 || !TEST_ptr(membuf)
2375 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2376 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2377 /*
2378 * We try to write PEM as well, just to see that it doesn't err, but
2379 * assume that the result is correct.
2380 */
2381 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2382 NULL, 0, NULL, NULL),
2383 0))
2384 goto done;
2385
2386 ok = 1;
2387 done:
2388 EVP_PKEY_free(pkey);
2389 BIO_free_all(membio);
2390 return ok;
2391 }
2392
2393 #ifndef OPENSSL_NO_EC
2394 static const struct {
2395 int encoding;
2396 const char *encoding_name;
2397 } ec_encodings[] = {
2398 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2399 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2400 };
2401
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2402 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2403 {
2404 const OSSL_PARAM *p;
2405 const char *enc_name = NULL;
2406 int *enc = arg;
2407 size_t i;
2408
2409 *enc = -1;
2410
2411 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2412 OSSL_PKEY_PARAM_EC_ENCODING))
2413 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2414 return 0;
2415
2416 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2417 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2418 *enc = ec_encodings[i].encoding;
2419 break;
2420 }
2421 }
2422
2423 return (*enc != -1);
2424 }
2425
test_EC_keygen_with_enc(int idx)2426 static int test_EC_keygen_with_enc(int idx)
2427 {
2428 EVP_PKEY *params = NULL, *key = NULL;
2429 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2430 int enc;
2431 int ret = 0;
2432
2433 enc = ec_encodings[idx].encoding;
2434
2435 /* Create key parameters */
2436 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2437 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2438 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2439 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2440 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2441 || !TEST_ptr(params))
2442 goto done;
2443
2444 /* Create key */
2445 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2446 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2447 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2448 || !TEST_ptr(key))
2449 goto done;
2450
2451 /* Check that the encoding got all the way into the key */
2452 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2453 ec_export_get_encoding_cb, &enc))
2454 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2455 goto done;
2456
2457 ret = 1;
2458 done:
2459 EVP_PKEY_free(key);
2460 EVP_PKEY_free(params);
2461 EVP_PKEY_CTX_free(kctx);
2462 EVP_PKEY_CTX_free(pctx);
2463 return ret;
2464 }
2465 #endif
2466
2467 #if !defined(OPENSSL_NO_SM2)
2468
test_EVP_SM2_verify(void)2469 static int test_EVP_SM2_verify(void)
2470 {
2471 const char *pubkey =
2472 "-----BEGIN PUBLIC KEY-----\n"
2473 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2474 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2475 "-----END PUBLIC KEY-----\n";
2476
2477 const char *msg = "message digest";
2478 const char *id = "ALICE123@YAHOO.COM";
2479
2480 const uint8_t signature[] = {
2481 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2482 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2483 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2484 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2485 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2486 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2487 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2488 };
2489
2490 int rc = 0;
2491 BIO *bio = NULL;
2492 EVP_PKEY *pkey = NULL;
2493 EVP_MD_CTX *mctx = NULL;
2494 EVP_PKEY_CTX *pctx = NULL;
2495 EVP_MD *sm3 = NULL;
2496
2497 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2498 if (!TEST_true(bio != NULL))
2499 goto done;
2500
2501 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2502 if (!TEST_true(pkey != NULL))
2503 goto done;
2504
2505 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2506 goto done;
2507
2508 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2509 goto done;
2510
2511 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2512 goto done;
2513
2514 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2515
2516 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2517 goto done;
2518
2519 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2520 goto done;
2521
2522 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2523 goto done;
2524
2525 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2526 goto done;
2527
2528 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2529 goto done;
2530 rc = 1;
2531
2532 done:
2533 BIO_free(bio);
2534 EVP_PKEY_free(pkey);
2535 EVP_PKEY_CTX_free(pctx);
2536 EVP_MD_CTX_free(mctx);
2537 EVP_MD_free(sm3);
2538 return rc;
2539 }
2540
test_EVP_SM2(void)2541 static int test_EVP_SM2(void)
2542 {
2543 int ret = 0;
2544 EVP_PKEY *pkey = NULL;
2545 EVP_PKEY *pkeyparams = NULL;
2546 EVP_PKEY_CTX *pctx = NULL;
2547 EVP_PKEY_CTX *kctx = NULL;
2548 EVP_PKEY_CTX *sctx = NULL;
2549 size_t sig_len = 0;
2550 unsigned char *sig = NULL;
2551 EVP_MD_CTX *md_ctx = NULL;
2552 EVP_MD_CTX *md_ctx_verify = NULL;
2553 EVP_PKEY_CTX *cctx = NULL;
2554 EVP_MD *check_md = NULL;
2555
2556 uint8_t ciphertext[128];
2557 size_t ctext_len = sizeof(ciphertext);
2558
2559 uint8_t plaintext[8];
2560 size_t ptext_len = sizeof(plaintext);
2561
2562 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2563
2564 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2565 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2566 int i;
2567 char mdname[OSSL_MAX_NAME_SIZE];
2568
2569 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2570 "SM2", testpropq)))
2571 goto done;
2572
2573 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2574 goto done;
2575
2576 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2577 goto done;
2578
2579 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2580 goto done;
2581
2582 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2583 pkeyparams, testpropq)))
2584 goto done;
2585
2586 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2587 goto done;
2588
2589 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2590 goto done;
2591
2592 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2593 goto done;
2594
2595 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2596 goto done;
2597
2598 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2599 goto done;
2600
2601 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2602 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2603
2604 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2605 goto done;
2606
2607 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2608 goto done;
2609
2610 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2611 goto done;
2612
2613 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2614 goto done;
2615
2616 /* Determine the size of the signature. */
2617 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2618 goto done;
2619
2620 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2621 goto done;
2622
2623 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2624 goto done;
2625
2626 /* Ensure that the signature round-trips. */
2627
2628 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2629 pkey)))
2630 goto done;
2631
2632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2633 goto done;
2634
2635 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2636 goto done;
2637
2638 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2639 goto done;
2640
2641 /*
2642 * Try verify again with non-matching 0 length id but ensure that it can
2643 * be set on the context and overrides the previous value.
2644 */
2645
2646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2647 pkey)))
2648 goto done;
2649
2650 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2651 goto done;
2652
2653 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2654 goto done;
2655
2656 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2657 goto done;
2658
2659 /* now check encryption/decryption */
2660
2661 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2662 mdname, sizeof(mdname));
2663 for (i = 0; i < 2; i++) {
2664 const char *mdnames[] = {
2665 #ifndef OPENSSL_NO_SM3
2666 "SM3",
2667 #else
2668 NULL,
2669 #endif
2670 "SHA2-256" };
2671 EVP_PKEY_CTX_free(cctx);
2672
2673 if (mdnames[i] == NULL)
2674 continue;
2675
2676 sparams[0] =
2677 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2678 (char *)mdnames[i], 0);
2679
2680 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2681 pkey, testpropq)))
2682 goto done;
2683
2684 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2685 goto done;
2686
2687 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2688 goto done;
2689
2690 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2691 sizeof(kMsg))))
2692 goto done;
2693
2694 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2695 goto done;
2696
2697 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2698 goto done;
2699
2700 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2701 ctext_len), 0))
2702 goto done;
2703
2704 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2705 goto done;
2706
2707 /*
2708 * Test we're still using the digest we think we are.
2709 * Because of aliases, the easiest is to fetch the digest and
2710 * check the name with EVP_MD_is_a().
2711 */
2712 EVP_MD_free(check_md);
2713 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2714 goto done;
2715 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2716 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2717 goto done;
2718 }
2719
2720 if (!TEST_true(ptext_len == sizeof(kMsg)))
2721 goto done;
2722
2723 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2724 goto done;
2725 }
2726
2727 ret = 1;
2728 done:
2729 EVP_PKEY_CTX_free(pctx);
2730 EVP_PKEY_CTX_free(kctx);
2731 EVP_PKEY_CTX_free(sctx);
2732 EVP_PKEY_CTX_free(cctx);
2733 EVP_PKEY_free(pkey);
2734 EVP_PKEY_free(pkeyparams);
2735 EVP_MD_CTX_free(md_ctx);
2736 EVP_MD_CTX_free(md_ctx_verify);
2737 EVP_MD_free(check_md);
2738 OPENSSL_free(sig);
2739 return ret;
2740 }
2741
2742 #endif
2743
2744 #ifndef OPENSSL_NO_ML_KEM
2745 static const uint8_t ml_kem_seed[] = {
2746 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4,
2747 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
2748 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79,
2749 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
2750 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b,
2751 0x87, 0x2b, 0xfb, 0x8f
2752 };
2753 static const uint8_t ml_kem_512_pubkey[] = {
2754 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
2755 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
2756 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26,
2757 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
2758 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19,
2759 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
2760 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36,
2761 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
2762 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb,
2763 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
2764 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3,
2765 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
2766 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8,
2767 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
2768 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82,
2769 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
2770 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b,
2771 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
2772 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74,
2773 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
2774 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07,
2775 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
2776 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92,
2777 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
2778 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55,
2779 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
2780 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a,
2781 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
2782 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f,
2783 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
2784 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3,
2785 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
2786 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b,
2787 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
2788 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a,
2789 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
2790 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50,
2791 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
2792 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6,
2793 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
2794 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13,
2795 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
2796 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22,
2797 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
2798 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27,
2799 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
2800 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06,
2801 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
2802 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f,
2803 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
2804 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a,
2805 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
2806 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a,
2807 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
2808 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a,
2809 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
2810 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d,
2811 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
2812 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77,
2813 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
2814 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e,
2815 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
2816 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8,
2817 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
2818 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae,
2819 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
2820 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
2821 };
2822 static const uint8_t ml_kem_768_pubkey[] = {
2823 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
2824 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
2825 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13,
2826 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
2827 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25,
2828 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
2829 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce,
2830 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
2831 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e,
2832 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
2833 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56,
2834 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
2835 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba,
2836 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
2837 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74,
2838 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
2839 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49,
2840 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
2841 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74,
2842 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
2843 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0,
2844 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
2845 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b,
2846 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
2847 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf,
2848 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
2849 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53,
2850 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
2851 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc,
2852 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
2853 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19,
2854 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
2855 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a,
2856 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
2857 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7,
2858 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
2859 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5,
2860 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
2861 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51,
2862 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
2863 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf,
2864 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
2865 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48,
2866 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
2867 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a,
2868 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
2869 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7,
2870 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
2871 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28,
2872 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
2873 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11,
2874 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
2875 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0,
2876 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
2877 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f,
2878 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
2879 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7,
2880 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
2881 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e,
2882 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
2883 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68,
2884 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
2885 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82,
2886 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
2887 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d,
2888 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
2889 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e,
2890 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
2891 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce,
2892 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
2893 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d,
2894 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
2895 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48,
2896 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
2897 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b,
2898 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
2899 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97,
2900 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
2901 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac,
2902 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
2903 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1,
2904 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
2905 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62,
2906 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
2907 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f,
2908 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
2909 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd,
2910 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
2911 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd,
2912 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
2913 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63,
2914 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
2915 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82,
2916 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
2917 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e,
2918 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
2919 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb,
2920 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
2921 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
2922 };
2923 static const uint8_t ml_kem_1024_pubkey[] = {
2924 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
2925 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
2926 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18,
2927 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
2928 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33,
2929 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
2930 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45,
2931 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
2932 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45,
2933 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
2934 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06,
2935 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
2936 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d,
2937 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
2938 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97,
2939 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
2940 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80,
2941 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
2942 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d,
2943 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
2944 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7,
2945 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
2946 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7,
2947 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
2948 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc,
2949 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
2950 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39,
2951 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
2952 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5,
2953 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
2954 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89,
2955 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
2956 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1,
2957 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
2958 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca,
2959 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
2960 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b,
2961 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
2962 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50,
2963 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
2964 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86,
2965 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
2966 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c,
2967 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
2968 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44,
2969 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
2970 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f,
2971 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
2972 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65,
2973 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
2974 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7,
2975 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
2976 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d,
2977 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
2978 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e,
2979 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
2980 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94,
2981 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
2982 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d,
2983 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
2984 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f,
2985 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
2986 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e,
2987 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
2988 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b,
2989 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
2990 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe,
2991 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
2992 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98,
2993 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
2994 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f,
2995 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
2996 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4,
2997 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
2998 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0,
2999 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
3000 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a,
3001 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
3002 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a,
3003 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
3004 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24,
3005 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
3006 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f,
3007 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
3008 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33,
3009 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
3010 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89,
3011 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
3012 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32,
3013 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
3014 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37,
3015 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
3016 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84,
3017 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
3018 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50,
3019 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
3020 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25,
3021 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
3022 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6,
3023 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
3024 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e,
3025 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
3026 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b,
3027 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
3028 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf,
3029 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
3030 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2,
3031 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
3032 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03,
3033 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
3034 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66,
3035 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
3036 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55,
3037 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
3038 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e,
3039 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
3040 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76,
3041 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
3042 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a,
3043 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
3044 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86,
3045 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
3046 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44,
3047 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
3048 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34,
3049 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
3050 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d,
3051 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
3052 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf,
3053 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
3054 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
3055 };
3056 #endif
3057
3058 static struct keys_st {
3059 int type;
3060 const uint8_t *priv;
3061 const uint8_t *pub;
3062 /* If "name" is non-NULL, create via non-legacy _ex() API */
3063 char *name;
3064 int privlen;
3065 int publen;
3066 } keys[] = {
3067 {
3068 EVP_PKEY_HMAC,
3069 (const uint8_t *)"0123456789",
3070 NULL,
3071 NULL, 10, 0
3072 },
3073 {
3074 EVP_PKEY_HMAC, (const uint8_t *)"", NULL,
3075 NULL, 0, 0
3076 #ifndef OPENSSL_NO_POLY1305
3077 }, {
3078 EVP_PKEY_POLY1305,
3079 (const uint8_t *)"01234567890123456789012345678901",
3080 NULL,
3081 NULL, 32, 0
3082 #endif
3083 #ifndef OPENSSL_NO_SIPHASH
3084 }, {
3085 EVP_PKEY_SIPHASH,
3086 (const uint8_t *)"0123456789012345",
3087 NULL,
3088 NULL, 16, 0
3089 #endif
3090 },
3091 #ifndef OPENSSL_NO_ECX
3092 {
3093 EVP_PKEY_X25519,
3094 (const uint8_t *)"01234567890123456789012345678901",
3095 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef",
3096 NULL, 32, 32
3097 }, {
3098 EVP_PKEY_ED25519,
3099 (const uint8_t *)"01234567890123456789012345678901",
3100 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef",
3101 NULL, 32, 32
3102 }, {
3103 EVP_PKEY_X448,
3104 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345",
3105 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd",
3106 NULL, 56, 56
3107 }, {
3108 EVP_PKEY_ED448,
3109 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456",
3110 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde",
3111 NULL, 57, 57
3112 },
3113 #endif
3114 #ifndef OPENSSL_NO_ML_KEM
3115 {
3116 NID_undef, ml_kem_seed, ml_kem_512_pubkey,
3117 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey)
3118 }, {
3119 NID_undef, ml_kem_seed, ml_kem_768_pubkey,
3120 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey)
3121 }, {
3122 NID_undef, ml_kem_seed, ml_kem_1024_pubkey,
3123 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey)
3124 },
3125 #endif
3126 };
3127
3128 #ifndef OPENSSL_NO_ML_KEM
3129 static int
ml_kem_seed_to_priv(const char * alg,const unsigned char * seed,int seedlen,unsigned char ** ret,size_t * retlen)3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen,
3131 unsigned char **ret, size_t *retlen)
3132 {
3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3134 EVP_PKEY_CTX *ctx = NULL;
3135 EVP_PKEY *pkey = NULL;
3136 const OSSL_PARAM *p;
3137 OSSL_PARAM *params = NULL;
3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
3139 int ok = 0;
3140
3141 /* Import the seed to generate a key */
3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL);
3143 if (!TEST_ptr(ctx)
3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0))
3145 goto done;
3146 parr[0] = OSSL_PARAM_construct_octet_string(
3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen);
3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0))
3149 goto done;
3150
3151 /* Export the key to get the encoded form */
3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms)))
3153 goto done;
3154
3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
3156 if (!TEST_ptr(p)
3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen)))
3158 goto done;
3159 ok = 1;
3160
3161 done:
3162 EVP_PKEY_free(pkey);
3163 OSSL_PARAM_free(params);
3164 EVP_PKEY_CTX_free(ctx);
3165 return ok;
3166 }
3167 #endif
3168
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
3170 {
3171 int ret = 0;
3172 uint8_t *buf = NULL;
3173 const uint8_t *in;
3174 uint8_t shortbuf[1];
3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf);
3176 EVP_PKEY *pkey = NULL;
3177 unsigned char *privalloc = NULL;
3178 const char *name;
3179
3180 /* Check if this algorithm supports public keys */
3181 if (pub && keys[tst].pub == NULL)
3182 return 1;
3183
3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type);
3185
3186 if (pub) {
3187 #ifndef OPENSSL_NO_EC
3188 inlen = keys[tst].publen;
3189 in = keys[tst].pub;
3190 if (uselibctx || keys[tst].name != NULL) {
3191 pkey = EVP_PKEY_new_raw_public_key_ex(
3192 testctx,
3193 name,
3194 NULL,
3195 in,
3196 inlen);
3197 } else {
3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
3199 NULL,
3200 in,
3201 inlen);
3202 }
3203 #else
3204 return 1;
3205 #endif
3206 } else {
3207 inlen = keys[tst].privlen;
3208 in = keys[tst].priv;
3209 #ifndef OPENSSL_NO_ML_KEM
3210 if (in == ml_kem_seed) {
3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen,
3212 &privalloc, &inlen)))
3213 goto done;
3214 in = privalloc;
3215 }
3216 #endif
3217 if (uselibctx || keys[tst].name != NULL) {
3218 pkey = EVP_PKEY_new_raw_private_key_ex(
3219 testctx,
3220 name,
3221 NULL,
3222 in,
3223 inlen);
3224 } else {
3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
3226 NULL,
3227 in,
3228 inlen);
3229 }
3230 }
3231
3232 if (!TEST_ptr(pkey)
3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
3236 || !TEST_true(len == inlen))
3237 goto done;
3238 if (tst != 1) {
3239 /*
3240 * Test that supplying a buffer that is too small fails. Doesn't apply
3241 * to HMAC with a zero length key
3242 */
3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf,
3244 &shortlen)))
3245 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf,
3246 &shortlen))))
3247 goto done;
3248 }
3249 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len)))
3250 goto done;
3251 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
3252 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
3253 || !TEST_mem_eq(in, inlen, buf, len))
3254 goto done;
3255
3256 ret = 1;
3257 done:
3258 OPENSSL_free(privalloc);
3259 OPENSSL_free(buf);
3260 EVP_PKEY_free(pkey);
3261 return ret;
3262 }
3263
test_set_get_raw_keys(int tst)3264 static int test_set_get_raw_keys(int tst)
3265 {
3266 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
3267 && test_set_get_raw_keys_int(tst, 0, 1)
3268 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
3269 && test_set_get_raw_keys_int(tst, 1, 1);
3270 }
3271
3272 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)3273 static int pkey_custom_check(EVP_PKEY *pkey)
3274 {
3275 return 0xbeef;
3276 }
3277
pkey_custom_pub_check(EVP_PKEY * pkey)3278 static int pkey_custom_pub_check(EVP_PKEY *pkey)
3279 {
3280 return 0xbeef;
3281 }
3282
pkey_custom_param_check(EVP_PKEY * pkey)3283 static int pkey_custom_param_check(EVP_PKEY *pkey)
3284 {
3285 return 0xbeef;
3286 }
3287
3288 static EVP_PKEY_METHOD *custom_pmeth;
3289 #endif
3290
test_EVP_PKEY_check(int i)3291 static int test_EVP_PKEY_check(int i)
3292 {
3293 int ret = 0;
3294 EVP_PKEY *pkey = NULL;
3295 EVP_PKEY_CTX *ctx = NULL;
3296 #ifndef OPENSSL_NO_DEPRECATED_3_0
3297 EVP_PKEY_CTX *ctx2 = NULL;
3298 #endif
3299 const APK_DATA *ak = &keycheckdata[i];
3300 const unsigned char *input = ak->kder;
3301 size_t input_len = ak->size;
3302 int expected_id = ak->evptype;
3303 int expected_check = ak->check;
3304 int expected_pub_check = ak->pub_check;
3305 int expected_param_check = ak->param_check;
3306 int type = ak->type;
3307
3308 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
3309 goto done;
3310 if (type == 0
3311 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
3312 goto done;
3313
3314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
3315 goto done;
3316
3317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
3318 goto done;
3319
3320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
3321 goto done;
3322
3323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
3324 goto done;
3325
3326 #ifndef OPENSSL_NO_DEPRECATED_3_0
3327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
3328 /* assign the pkey directly, as an internal test */
3329 if (!EVP_PKEY_up_ref(pkey))
3330 goto done;
3331
3332 ctx2->pkey = pkey;
3333
3334 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
3335 goto done;
3336
3337 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
3338 goto done;
3339
3340 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
3341 goto done;
3342 #endif
3343
3344 ret = 1;
3345
3346 done:
3347 EVP_PKEY_CTX_free(ctx);
3348 #ifndef OPENSSL_NO_DEPRECATED_3_0
3349 EVP_PKEY_CTX_free(ctx2);
3350 #endif
3351 EVP_PKEY_free(pkey);
3352 return ret;
3353 }
3354
3355 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)3356 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
3357 {
3358 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
3359 const char msg[] = "Hello World";
3360 size_t maclen = AES_BLOCK_SIZE;
3361 int ret = 1;
3362
3363 if (!TEST_ptr(mdctx)
3364 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
3365 testpropq, pkey, NULL))
3366 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
3367 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
3368 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
3369 ret = 0;
3370
3371 EVP_MD_CTX_free(mdctx);
3372
3373 return ret;
3374 }
test_CMAC_keygen(void)3375 static int test_CMAC_keygen(void)
3376 {
3377 static unsigned char key[] = {
3378 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3379 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3380 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3381 };
3382 EVP_PKEY_CTX *kctx = NULL;
3383 int ret = 0;
3384 EVP_PKEY *pkey = NULL;
3385 unsigned char mac[AES_BLOCK_SIZE];
3386 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
3387 unsigned char mac2[AES_BLOCK_SIZE];
3388 # endif
3389
3390 if (nullprov != NULL)
3391 return TEST_skip("Test does not support a non-default library context");
3392
3393 /*
3394 * This is a legacy method for CMACs, but should still work.
3395 * This verifies that it works without an ENGINE.
3396 */
3397 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
3398
3399 /* Test a CMAC key created using the "generated" method */
3400 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
3401 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3402 EVP_PKEY_CTRL_CIPHER,
3403 0, (void *)EVP_aes_256_cbc()), 0)
3404 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3405 EVP_PKEY_CTRL_SET_MAC_KEY,
3406 sizeof(key), (void *)key), 0)
3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
3408 || !TEST_ptr(pkey)
3409 || !TEST_true(get_cmac_val(pkey, mac)))
3410 goto done;
3411
3412 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
3413 EVP_PKEY_free(pkey);
3414
3415 /*
3416 * Test a CMAC key using the direct method, and compare with the mac
3417 * created above.
3418 */
3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
3420 if (!TEST_ptr(pkey)
3421 || !TEST_true(get_cmac_val(pkey, mac2))
3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
3423 goto done;
3424 # endif
3425
3426 ret = 1;
3427
3428 done:
3429 EVP_PKEY_free(pkey);
3430 EVP_PKEY_CTX_free(kctx);
3431 return ret;
3432 }
3433 #endif
3434
test_HKDF(void)3435 static int test_HKDF(void)
3436 {
3437 EVP_PKEY_CTX *pctx;
3438 unsigned char out[20];
3439 size_t outlen;
3440 int i, ret = 0;
3441 unsigned char salt[] = "0123456789";
3442 unsigned char key[] = "012345678901234567890123456789";
3443 unsigned char info[] = "infostring";
3444 const unsigned char expected[] = {
3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
3447 };
3448 size_t expectedlen = sizeof(expected);
3449
3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3451 goto done;
3452
3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */
3454 for (i = 0; i < 2; i++) {
3455 outlen = sizeof(out);
3456 memset(out, 0, outlen);
3457
3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3461 sizeof(salt) - 1), 0)
3462 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3463 sizeof(key) - 1), 0)
3464 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3465 sizeof(info) - 1), 0)
3466 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3467 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3468 goto done;
3469 }
3470
3471 ret = 1;
3472
3473 done:
3474 EVP_PKEY_CTX_free(pctx);
3475
3476 return ret;
3477 }
3478
test_emptyikm_HKDF(void)3479 static int test_emptyikm_HKDF(void)
3480 {
3481 EVP_PKEY_CTX *pctx;
3482 unsigned char out[20];
3483 size_t outlen;
3484 int ret = 0;
3485 unsigned char salt[] = "9876543210";
3486 unsigned char key[] = "";
3487 unsigned char info[] = "stringinfo";
3488 const unsigned char expected[] = {
3489 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
3490 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
3491 };
3492 size_t expectedlen = sizeof(expected);
3493
3494 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3495 goto done;
3496
3497 outlen = sizeof(out);
3498 memset(out, 0, outlen);
3499
3500 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3501 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3502 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3503 sizeof(salt) - 1), 0)
3504 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3505 sizeof(key) - 1), 0)
3506 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3507 sizeof(info) - 1), 0)
3508 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3509 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3510 goto done;
3511
3512 ret = 1;
3513
3514 done:
3515 EVP_PKEY_CTX_free(pctx);
3516
3517 return ret;
3518 }
3519
test_empty_salt_info_HKDF(void)3520 static int test_empty_salt_info_HKDF(void)
3521 {
3522 EVP_PKEY_CTX *pctx;
3523 unsigned char out[20];
3524 size_t outlen;
3525 int ret = 0;
3526 unsigned char salt[] = "";
3527 unsigned char fake[] = "0123456789";
3528 unsigned char key[] = "012345678901234567890123456789";
3529 unsigned char info[] = "";
3530 const unsigned char expected[] = {
3531 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
3532 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
3533 };
3534 size_t expectedlen = sizeof(expected);
3535
3536 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3537 goto done;
3538
3539 outlen = sizeof(out);
3540 memset(out, 0, outlen);
3541
3542 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3543 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3544 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
3545 sizeof(fake) - 1), 0)
3546 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3547 sizeof(salt) - 1), 0)
3548 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3549 sizeof(key) - 1), 0)
3550 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3551 sizeof(info) - 1), 0)
3552 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3553 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3554 goto done;
3555
3556 ret = 1;
3557
3558 done:
3559 EVP_PKEY_CTX_free(pctx);
3560
3561 return ret;
3562 }
3563
3564 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)3565 static int test_X509_PUBKEY_inplace(void)
3566 {
3567 int ret = 0;
3568 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
3569 const unsigned char *p = kExampleECPubKeyDER;
3570 size_t input_len = sizeof(kExampleECPubKeyDER);
3571
3572 if (!TEST_ptr(xp))
3573 goto done;
3574 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
3575 goto done;
3576
3577 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3578 goto done;
3579
3580 p = kExampleBadECPubKeyDER;
3581 input_len = sizeof(kExampleBadECPubKeyDER);
3582
3583 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3584 goto done;
3585
3586 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3587 goto done;
3588
3589 ret = 1;
3590
3591 done:
3592 X509_PUBKEY_free(xp);
3593 return ret;
3594 }
3595
test_X509_PUBKEY_dup(void)3596 static int test_X509_PUBKEY_dup(void)
3597 {
3598 int ret = 0;
3599 X509_PUBKEY *xp = NULL, *xq = NULL;
3600 const unsigned char *p = kExampleECPubKeyDER;
3601 size_t input_len = sizeof(kExampleECPubKeyDER);
3602
3603 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3604 if (!TEST_ptr(xp)
3605 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3606 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3607 || !TEST_ptr_ne(xp, xq))
3608 goto done;
3609
3610 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3611 || !TEST_ptr(X509_PUBKEY_get0(xp))
3612 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3613 goto done;
3614
3615 X509_PUBKEY_free(xq);
3616 xq = NULL;
3617 p = kExampleBadECPubKeyDER;
3618 input_len = sizeof(kExampleBadECPubKeyDER);
3619
3620 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3621 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3622 goto done;
3623
3624 X509_PUBKEY_free(xp);
3625 xp = NULL;
3626 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3627 goto done;
3628
3629 ret = 1;
3630
3631 done:
3632 X509_PUBKEY_free(xp);
3633 X509_PUBKEY_free(xq);
3634 return ret;
3635 }
3636 #endif /* OPENSSL_NO_EC */
3637
3638 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3639 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3640 {
3641 EVP_MD_CTX *mdctx = NULL;
3642 EVP_PKEY_CTX *ctx = NULL;
3643 const OSSL_PARAM *params;
3644 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3645 int ret = 0;
3646 const EVP_MD *md;
3647 char mdname[OSSL_MAX_NAME_SIZE];
3648 char ssl3ms[48];
3649
3650 /* Initialise a sign operation */
3651 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3652 if (!TEST_ptr(ctx)
3653 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3654 goto err;
3655
3656 /*
3657 * We should be able to query the parameters now.
3658 */
3659 params = EVP_PKEY_CTX_settable_params(ctx);
3660 if (!TEST_ptr(params)
3661 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3662 OSSL_SIGNATURE_PARAM_DIGEST)))
3663 goto err;
3664
3665 params = EVP_PKEY_CTX_gettable_params(ctx);
3666 if (!TEST_ptr(params)
3667 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3668 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3669 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3670 OSSL_SIGNATURE_PARAM_DIGEST)))
3671 goto err;
3672
3673 /*
3674 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3675 * EVP_PKEY_CTX_get_params()
3676 */
3677 strcpy(mdname, "SHA512");
3678 param_md = param;
3679 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3680 mdname, 0);
3681 *param++ = OSSL_PARAM_construct_end();
3682
3683 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3684 goto err;
3685
3686 mdname[0] = '\0';
3687 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3688 mdname, sizeof(mdname));
3689 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3690 || !TEST_str_eq(mdname, "SHA512"))
3691 goto err;
3692
3693 /*
3694 * Test the TEST_PKEY_CTX_set_signature_md() and
3695 * TEST_PKEY_CTX_get_signature_md() functions
3696 */
3697 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3698 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3699 || !TEST_ptr_eq(md, EVP_sha256()))
3700 goto err;
3701
3702 /*
3703 * Test getting MD parameters via an associated EVP_PKEY_CTX
3704 */
3705 mdctx = EVP_MD_CTX_new();
3706 if (!TEST_ptr(mdctx)
3707 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3708 pkey, NULL)))
3709 goto err;
3710
3711 /*
3712 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3713 * able to obtain the digest's settable parameters from the provider.
3714 */
3715 params = EVP_MD_CTX_settable_params(mdctx);
3716 if (!TEST_ptr(params)
3717 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3718 /* The final key should be NULL */
3719 || !TEST_ptr_null(params[1].key))
3720 goto err;
3721
3722 param = ourparams;
3723 memset(ssl3ms, 0, sizeof(ssl3ms));
3724 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3725 ssl3ms, sizeof(ssl3ms));
3726 *param++ = OSSL_PARAM_construct_end();
3727
3728 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3729 goto err;
3730
3731 ret = 1;
3732
3733 err:
3734 EVP_MD_CTX_free(mdctx);
3735 EVP_PKEY_CTX_free(ctx);
3736
3737 return ret;
3738 }
3739
3740 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3741 static int test_DSA_get_set_params(void)
3742 {
3743 OSSL_PARAM_BLD *bld = NULL;
3744 OSSL_PARAM *params = NULL;
3745 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3746 EVP_PKEY_CTX *pctx = NULL;
3747 EVP_PKEY *pkey = NULL;
3748 int ret = 0;
3749
3750 /*
3751 * Setup the parameters for our DSA object. For our purposes they don't
3752 * have to actually be *valid* parameters. We just need to set something.
3753 */
3754 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3755 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3756 || !TEST_ptr(p = BN_new())
3757 || !TEST_ptr(q = BN_new())
3758 || !TEST_ptr(g = BN_new())
3759 || !TEST_ptr(pub = BN_new())
3760 || !TEST_ptr(priv = BN_new()))
3761 goto err;
3762 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3766 pub))
3767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3768 priv)))
3769 goto err;
3770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3771 goto err;
3772
3773 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3774 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3775 params), 0))
3776 goto err;
3777
3778 if (!TEST_ptr(pkey))
3779 goto err;
3780
3781 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3782
3783 err:
3784 EVP_PKEY_free(pkey);
3785 EVP_PKEY_CTX_free(pctx);
3786 OSSL_PARAM_free(params);
3787 OSSL_PARAM_BLD_free(bld);
3788 BN_free(p);
3789 BN_free(q);
3790 BN_free(g);
3791 BN_free(pub);
3792 BN_free(priv);
3793
3794 return ret;
3795 }
3796
3797 /*
3798 * Test combinations of private, public, missing and private + public key
3799 * params to ensure they are all accepted
3800 */
test_DSA_priv_pub(void)3801 static int test_DSA_priv_pub(void)
3802 {
3803 return test_EVP_PKEY_ffc_priv_pub("DSA");
3804 }
3805
3806 #endif /* !OPENSSL_NO_DSA */
3807
test_RSA_get_set_params(void)3808 static int test_RSA_get_set_params(void)
3809 {
3810 OSSL_PARAM_BLD *bld = NULL;
3811 OSSL_PARAM *params = NULL;
3812 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3813 EVP_PKEY_CTX *pctx = NULL;
3814 EVP_PKEY *pkey = NULL;
3815 int ret = 0;
3816
3817 /*
3818 * Setup the parameters for our RSA object. For our purposes they don't
3819 * have to actually be *valid* parameters. We just need to set something.
3820 */
3821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3823 || !TEST_ptr(n = BN_new())
3824 || !TEST_ptr(e = BN_new())
3825 || !TEST_ptr(d = BN_new()))
3826 goto err;
3827 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3830 goto err;
3831 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3832 goto err;
3833
3834 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3835 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3836 params), 0))
3837 goto err;
3838
3839 if (!TEST_ptr(pkey))
3840 goto err;
3841
3842 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3843
3844 err:
3845 EVP_PKEY_free(pkey);
3846 EVP_PKEY_CTX_free(pctx);
3847 OSSL_PARAM_free(params);
3848 OSSL_PARAM_BLD_free(bld);
3849 BN_free(n);
3850 BN_free(e);
3851 BN_free(d);
3852
3853 return ret;
3854 }
3855
test_RSA_OAEP_set_get_params(void)3856 static int test_RSA_OAEP_set_get_params(void)
3857 {
3858 int ret = 0;
3859 EVP_PKEY *key = NULL;
3860 EVP_PKEY_CTX *key_ctx = NULL;
3861
3862 if (nullprov != NULL)
3863 return TEST_skip("Test does not support a non-default library context");
3864
3865 if (!TEST_ptr(key = load_example_rsa_key())
3866 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3867 goto err;
3868
3869 {
3870 int padding = RSA_PKCS1_OAEP_PADDING;
3871 OSSL_PARAM params[4];
3872
3873 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3874 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3875 OSSL_DIGEST_NAME_SHA2_256, 0);
3876 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3877 OSSL_DIGEST_NAME_SHA1, 0);
3878 params[3] = OSSL_PARAM_construct_end();
3879
3880 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3881 goto err;
3882 }
3883 {
3884 OSSL_PARAM params[3];
3885 char oaepmd[30] = { '\0' };
3886 char mgf1md[30] = { '\0' };
3887
3888 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3889 oaepmd, sizeof(oaepmd));
3890 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3891 mgf1md, sizeof(mgf1md));
3892 params[2] = OSSL_PARAM_construct_end();
3893
3894 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3895 goto err;
3896
3897 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3898 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3899 goto err;
3900 }
3901
3902 ret = 1;
3903
3904 err:
3905 EVP_PKEY_free(key);
3906 EVP_PKEY_CTX_free(key_ctx);
3907
3908 return ret;
3909 }
3910
3911 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3912 static int test_RSA_OAEP_set_null_label(void)
3913 {
3914 int ret = 0;
3915 EVP_PKEY *key = NULL;
3916 EVP_PKEY_CTX *key_ctx = NULL;
3917
3918 if (!TEST_ptr(key = load_example_rsa_key())
3919 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3920 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3921 goto err;
3922
3923 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3924 goto err;
3925
3926 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3927 goto err;
3928
3929 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3930 goto err;
3931
3932 ret = 1;
3933
3934 err:
3935 EVP_PKEY_free(key);
3936 EVP_PKEY_CTX_free(key_ctx);
3937
3938 return ret;
3939 }
3940
test_RSA_encrypt(void)3941 static int test_RSA_encrypt(void)
3942 {
3943 int ret = 0;
3944 EVP_PKEY *pkey = NULL;
3945 EVP_PKEY_CTX *pctx = NULL;
3946 unsigned char *cbuf = NULL, *pbuf = NULL;
3947 size_t clen = 0, plen = 0;
3948
3949 if (!TEST_ptr(pkey = load_example_rsa_key())
3950 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx,
3951 pkey, testpropq))
3952 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)
3953 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)
3954 || !TEST_ptr(cbuf = OPENSSL_malloc(clen))
3955 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0))
3956 goto done;
3957
3958 /* Require failure when the output buffer is too small */
3959 plen = clen - 1;
3960 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0))
3961 goto done;
3962 /* flush error stack */
3963 TEST_openssl_errors();
3964
3965 /* Check decryption of encrypted result */
3966 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0)
3967 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
3968 || !TEST_ptr(pbuf = OPENSSL_malloc(plen))
3969 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
3970 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg))
3971 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0))
3972 goto done;
3973
3974 ret = 1;
3975 done:
3976 EVP_PKEY_CTX_free(pctx);
3977 EVP_PKEY_free(pkey);
3978 OPENSSL_free(cbuf);
3979 OPENSSL_free(pbuf);
3980 return ret;
3981 }
3982
3983 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3984 static int test_RSA_legacy(void)
3985 {
3986 int ret = 0;
3987 BIGNUM *p = NULL;
3988 BIGNUM *q = NULL;
3989 BIGNUM *n = NULL;
3990 BIGNUM *e = NULL;
3991 BIGNUM *d = NULL;
3992 const EVP_MD *md = EVP_sha256();
3993 EVP_MD_CTX *ctx = NULL;
3994 EVP_PKEY *pkey = NULL;
3995 RSA *rsa = NULL;
3996
3997 if (nullprov != NULL)
3998 return TEST_skip("Test does not support a non-default library context");
3999
4000 if (!TEST_ptr(p = BN_dup(BN_value_one()))
4001 || !TEST_ptr(q = BN_dup(BN_value_one()))
4002 || !TEST_ptr(n = BN_dup(BN_value_one()))
4003 || !TEST_ptr(e = BN_dup(BN_value_one()))
4004 || !TEST_ptr(d = BN_dup(BN_value_one())))
4005 goto err;
4006
4007 if (!TEST_ptr(rsa = RSA_new())
4008 || !TEST_ptr(pkey = EVP_PKEY_new())
4009 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
4010 goto err;
4011
4012 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
4013 goto err;
4014 p = NULL;
4015 q = NULL;
4016
4017 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
4018 goto err;
4019 n = NULL;
4020 e = NULL;
4021 d = NULL;
4022
4023 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
4024 goto err;
4025
4026 rsa = NULL;
4027
4028 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
4029 goto err;
4030
4031 ret = 1;
4032
4033 err:
4034 RSA_free(rsa);
4035 EVP_MD_CTX_free(ctx);
4036 EVP_PKEY_free(pkey);
4037 BN_free(p);
4038 BN_free(q);
4039 BN_free(n);
4040 BN_free(e);
4041 BN_free(d);
4042
4043 return ret;
4044 }
4045 #endif
4046
4047 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)4048 static int test_decrypt_null_chunks(void)
4049 {
4050 EVP_CIPHER_CTX* ctx = NULL;
4051 EVP_CIPHER *cipher = NULL;
4052 const unsigned char key[32] = {
4053 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4054 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4055 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
4056 };
4057 unsigned char iv[12] = {
4058 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
4059 };
4060 unsigned char msg[] = "It was the best of times, it was the worst of times";
4061 unsigned char ciphertext[80];
4062 unsigned char plaintext[80];
4063 /* We initialise tmp to a non zero value on purpose */
4064 int ctlen, ptlen, tmp = 99;
4065 int ret = 0;
4066 const int enc_offset = 10, dec_offset = 20;
4067
4068 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
4069 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4070 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
4071 key, iv))
4072 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
4073 enc_offset))
4074 /* Deliberate add a zero length update */
4075 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
4076 0))
4077 || !TEST_int_eq(tmp, 0)
4078 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
4079 msg + enc_offset,
4080 sizeof(msg) - enc_offset))
4081 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
4082 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
4083 || !TEST_int_eq(tmp, 0))
4084 goto err;
4085
4086 /* Deliberately initialise tmp to a non zero value */
4087 tmp = 99;
4088 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
4089 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
4090 dec_offset))
4091 /*
4092 * Deliberately add a zero length update. We also deliberately do
4093 * this at a different offset than for encryption.
4094 */
4095 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
4096 0))
4097 || !TEST_int_eq(tmp, 0)
4098 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
4099 ciphertext + dec_offset,
4100 ctlen - dec_offset))
4101 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
4102 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
4103 || !TEST_int_eq(tmp, 0)
4104 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
4105 goto err;
4106
4107 ret = 1;
4108 err:
4109 EVP_CIPHER_CTX_free(ctx);
4110 EVP_CIPHER_free(cipher);
4111 return ret;
4112 }
4113 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
4114
4115 #ifndef OPENSSL_NO_DH
4116 /*
4117 * Test combinations of private, public, missing and private + public key
4118 * params to ensure they are all accepted
4119 */
test_DH_priv_pub(void)4120 static int test_DH_priv_pub(void)
4121 {
4122 return test_EVP_PKEY_ffc_priv_pub("DH");
4123 }
4124
4125 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)4126 static int test_EVP_PKEY_set1_DH(void)
4127 {
4128 DH *x942dh = NULL, *noqdh = NULL;
4129 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
4130 int ret = 0;
4131 BIGNUM *p, *g = NULL;
4132 BIGNUM *pubkey = NULL;
4133 unsigned char pub[2048 / 8];
4134 size_t len = 0;
4135
4136 if (!TEST_ptr(p = BN_new())
4137 || !TEST_ptr(g = BN_new())
4138 || !TEST_ptr(pubkey = BN_new())
4139 || !TEST_true(BN_set_word(p, 9999))
4140 || !TEST_true(BN_set_word(g, 2))
4141 || !TEST_true(BN_set_word(pubkey, 4321))
4142 || !TEST_ptr(noqdh = DH_new())
4143 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
4144 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
4145 || !TEST_ptr(pubkey = BN_new())
4146 || !TEST_true(BN_set_word(pubkey, 4321)))
4147 goto err;
4148 p = g = NULL;
4149
4150 x942dh = DH_get_2048_256();
4151 pkey1 = EVP_PKEY_new();
4152 pkey2 = EVP_PKEY_new();
4153 if (!TEST_ptr(x942dh)
4154 || !TEST_ptr(noqdh)
4155 || !TEST_ptr(pkey1)
4156 || !TEST_ptr(pkey2)
4157 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
4158 goto err;
4159 pubkey = NULL;
4160
4161 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
4162 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
4163 goto err;
4164
4165 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
4166 &pubkey))
4167 || !TEST_ptr(pubkey))
4168 goto err;
4169
4170 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
4171 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
4172 goto err;
4173
4174 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
4175 OSSL_PKEY_PARAM_PUB_KEY,
4176 pub, sizeof(pub), &len))
4177 || !TEST_size_t_ne(len, 0))
4178 goto err;
4179
4180 ret = 1;
4181 err:
4182 BN_free(p);
4183 BN_free(g);
4184 BN_free(pubkey);
4185 EVP_PKEY_free(pkey1);
4186 EVP_PKEY_free(pkey2);
4187 DH_free(x942dh);
4188 DH_free(noqdh);
4189
4190 return ret;
4191 }
4192 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4193 #endif /* !OPENSSL_NO_DH */
4194
4195 /*
4196 * We test what happens with an empty template. For the sake of this test,
4197 * the template must be ignored, and we know that's the case for RSA keys
4198 * (this might arguably be a misfeature, but that's what we currently do,
4199 * even in provider code, since that's how the legacy RSA implementation
4200 * does things)
4201 */
test_keygen_with_empty_template(int n)4202 static int test_keygen_with_empty_template(int n)
4203 {
4204 EVP_PKEY_CTX *ctx = NULL;
4205 EVP_PKEY *pkey = NULL;
4206 EVP_PKEY *tkey = NULL;
4207 int ret = 0;
4208
4209 if (nullprov != NULL)
4210 return TEST_skip("Test does not support a non-default library context");
4211
4212 switch (n) {
4213 case 0:
4214 /* We do test with no template at all as well */
4215 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
4216 goto err;
4217 break;
4218 case 1:
4219 /* Here we create an empty RSA key that serves as our template */
4220 if (!TEST_ptr(tkey = EVP_PKEY_new())
4221 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
4222 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
4223 goto err;
4224 break;
4225 }
4226
4227 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4228 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
4229 goto err;
4230
4231 ret = 1;
4232 err:
4233 EVP_PKEY_CTX_free(ctx);
4234 EVP_PKEY_free(pkey);
4235 EVP_PKEY_free(tkey);
4236 return ret;
4237 }
4238
4239 /*
4240 * Test that we fail if we attempt to use an algorithm that is not available
4241 * in the current library context (unless we are using an algorithm that
4242 * should be made available via legacy codepaths).
4243 *
4244 * 0: RSA
4245 * 1: SM2
4246 */
test_pkey_ctx_fail_without_provider(int tst)4247 static int test_pkey_ctx_fail_without_provider(int tst)
4248 {
4249 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
4250 OSSL_PROVIDER *tmpnullprov = NULL;
4251 EVP_PKEY_CTX *pctx = NULL;
4252 const char *keytype = NULL;
4253 int expect_null = 0;
4254 int ret = 0;
4255
4256 if (!TEST_ptr(tmpctx))
4257 goto err;
4258
4259 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
4260 if (!TEST_ptr(tmpnullprov))
4261 goto err;
4262
4263 /*
4264 * We check for certain algos in the null provider.
4265 * If an algo is expected to have a provider keymgmt, constructing an
4266 * EVP_PKEY_CTX is expected to fail (return NULL).
4267 * Otherwise, if it's expected to have legacy support, constructing an
4268 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
4269 */
4270 switch (tst) {
4271 case 0:
4272 keytype = "RSA";
4273 expect_null = 1;
4274 break;
4275 case 1:
4276 keytype = "SM2";
4277 expect_null = 1;
4278 #ifdef OPENSSL_NO_EC
4279 TEST_info("EC disable, skipping SM2 check...");
4280 goto end;
4281 #endif
4282 #ifdef OPENSSL_NO_SM2
4283 TEST_info("SM2 disable, skipping SM2 check...");
4284 goto end;
4285 #endif
4286 break;
4287 default:
4288 TEST_error("No test for case %d", tst);
4289 goto err;
4290 }
4291
4292 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
4293 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
4294 goto err;
4295
4296 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
4297 end:
4298 #endif
4299 ret = 1;
4300
4301 err:
4302 EVP_PKEY_CTX_free(pctx);
4303 OSSL_PROVIDER_unload(tmpnullprov);
4304 OSSL_LIB_CTX_free(tmpctx);
4305 return ret;
4306 }
4307
test_rand_agglomeration(void)4308 static int test_rand_agglomeration(void)
4309 {
4310 EVP_RAND *rand;
4311 EVP_RAND_CTX *ctx;
4312 OSSL_PARAM params[3], *p = params;
4313 int res;
4314 unsigned int step = 7;
4315 static unsigned char seed[] = "It does not matter how slowly you go "
4316 "as long as you do not stop.";
4317 unsigned char out[sizeof(seed)];
4318
4319 if (!TEST_int_ne(sizeof(seed) % step, 0)
4320 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
4321 return 0;
4322 ctx = EVP_RAND_CTX_new(rand, NULL);
4323 EVP_RAND_free(rand);
4324 if (!TEST_ptr(ctx))
4325 return 0;
4326
4327 memset(out, 0, sizeof(out));
4328 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
4329 seed, sizeof(seed));
4330 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
4331 *p = OSSL_PARAM_construct_end();
4332 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
4333 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
4334 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
4335 EVP_RAND_CTX_free(ctx);
4336 return res;
4337 }
4338
4339 /*
4340 * Test that we correctly return the original or "running" IV after
4341 * an encryption operation.
4342 * Run multiple times for some different relevant algorithms/modes.
4343 */
test_evp_iv_aes(int idx)4344 static int test_evp_iv_aes(int idx)
4345 {
4346 int ret = 0;
4347 EVP_CIPHER_CTX *ctx = NULL;
4348 unsigned char key[16] = {
4349 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
4350 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
4351 };
4352 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
4353 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4354 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4355 };
4356 static const unsigned char msg[] = {
4357 1, 2, 3, 4, 5, 6, 7, 8,
4358 9, 10, 11, 12, 13, 14, 15, 16
4359 };
4360 unsigned char ciphertext[32], oiv[16], iv[16];
4361 unsigned char *ref_iv;
4362 unsigned char cbc_state[16] = {
4363 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
4364 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
4365 };
4366
4367 unsigned char ofb_state[16] = {
4368 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
4369 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
4370 };
4371 unsigned char cfb_state[16] = {
4372 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
4373 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
4374 };
4375 unsigned char gcm_state[12] = {
4376 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4377 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4378 };
4379 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
4380 #ifndef OPENSSL_NO_OCB
4381 unsigned char ocb_state[12] = {
4382 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4383 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4384 };
4385 #endif
4386 int len = sizeof(ciphertext);
4387 size_t ivlen, ref_len;
4388 const EVP_CIPHER *type = NULL;
4389 int iv_reset = 0;
4390
4391 if (nullprov != NULL && idx < 6)
4392 return TEST_skip("Test does not support a non-default library context");
4393
4394 switch (idx) {
4395 case 0:
4396 type = EVP_aes_128_cbc();
4397 /* FALLTHROUGH */
4398 case 6:
4399 type = (type != NULL) ? type :
4400 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
4401 ref_iv = cbc_state;
4402 ref_len = sizeof(cbc_state);
4403 iv_reset = 1;
4404 break;
4405 case 1:
4406 type = EVP_aes_128_ofb();
4407 /* FALLTHROUGH */
4408 case 7:
4409 type = (type != NULL) ? type :
4410 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
4411 ref_iv = ofb_state;
4412 ref_len = sizeof(ofb_state);
4413 iv_reset = 1;
4414 break;
4415 case 2:
4416 type = EVP_aes_128_cfb();
4417 /* FALLTHROUGH */
4418 case 8:
4419 type = (type != NULL) ? type :
4420 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
4421 ref_iv = cfb_state;
4422 ref_len = sizeof(cfb_state);
4423 iv_reset = 1;
4424 break;
4425 case 3:
4426 type = EVP_aes_128_gcm();
4427 /* FALLTHROUGH */
4428 case 9:
4429 type = (type != NULL) ? type :
4430 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
4431 ref_iv = gcm_state;
4432 ref_len = sizeof(gcm_state);
4433 break;
4434 case 4:
4435 type = EVP_aes_128_ccm();
4436 /* FALLTHROUGH */
4437 case 10:
4438 type = (type != NULL) ? type :
4439 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
4440 ref_iv = ccm_state;
4441 ref_len = sizeof(ccm_state);
4442 break;
4443 #ifdef OPENSSL_NO_OCB
4444 case 5:
4445 case 11:
4446 return 1;
4447 #else
4448 case 5:
4449 type = EVP_aes_128_ocb();
4450 /* FALLTHROUGH */
4451 case 11:
4452 type = (type != NULL) ? type :
4453 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
4454 ref_iv = ocb_state;
4455 ref_len = sizeof(ocb_state);
4456 break;
4457 #endif
4458 default:
4459 return 0;
4460 }
4461
4462 if (!TEST_ptr(type)
4463 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4464 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4465 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4466 (int)sizeof(msg)))
4467 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4468 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4469 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4470 goto err;
4471 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4472
4473 if (!TEST_int_gt(ivlen, 0))
4474 goto err;
4475
4476 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4477 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4478 goto err;
4479
4480 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
4481 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4482 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4483 goto err;
4484 if (iv_reset) {
4485 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4486 goto err;
4487 } else {
4488 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
4489 goto err;
4490 }
4491
4492 ret = 1;
4493 err:
4494 EVP_CIPHER_CTX_free(ctx);
4495 if (idx >= 6)
4496 EVP_CIPHER_free((EVP_CIPHER *)type);
4497 return ret;
4498 }
4499
4500 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)4501 static int test_evp_iv_des(int idx)
4502 {
4503 int ret = 0;
4504 EVP_CIPHER_CTX *ctx = NULL;
4505 static const unsigned char key[24] = {
4506 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
4507 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
4508 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4509 };
4510 static const unsigned char init_iv[8] = {
4511 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4512 };
4513 static const unsigned char msg[] = {
4514 1, 2, 3, 4, 5, 6, 7, 8,
4515 9, 10, 11, 12, 13, 14, 15, 16
4516 };
4517 unsigned char ciphertext[32], oiv[8], iv[8];
4518 unsigned const char *ref_iv;
4519 static const unsigned char cbc_state_des[8] = {
4520 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
4521 };
4522 static const unsigned char cbc_state_3des[8] = {
4523 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
4524 };
4525 static const unsigned char ofb_state_des[8] = {
4526 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
4527 };
4528 static const unsigned char ofb_state_3des[8] = {
4529 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
4530 };
4531 static const unsigned char cfb_state_des[8] = {
4532 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
4533 };
4534 static const unsigned char cfb_state_3des[8] = {
4535 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
4536 };
4537 int len = sizeof(ciphertext);
4538 size_t ivlen, ref_len;
4539 EVP_CIPHER *type = NULL;
4540
4541 if (lgcyprov == NULL && idx < 3)
4542 return TEST_skip("Test requires legacy provider to be loaded");
4543
4544 switch (idx) {
4545 case 0:
4546 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
4547 ref_iv = cbc_state_des;
4548 ref_len = sizeof(cbc_state_des);
4549 break;
4550 case 1:
4551 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
4552 ref_iv = ofb_state_des;
4553 ref_len = sizeof(ofb_state_des);
4554 break;
4555 case 2:
4556 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
4557 ref_iv = cfb_state_des;
4558 ref_len = sizeof(cfb_state_des);
4559 break;
4560 case 3:
4561 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
4562 ref_iv = cbc_state_3des;
4563 ref_len = sizeof(cbc_state_3des);
4564 break;
4565 case 4:
4566 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
4567 ref_iv = ofb_state_3des;
4568 ref_len = sizeof(ofb_state_3des);
4569 break;
4570 case 5:
4571 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
4572 ref_iv = cfb_state_3des;
4573 ref_len = sizeof(cfb_state_3des);
4574 break;
4575 default:
4576 return 0;
4577 }
4578
4579 if (!TEST_ptr(type)
4580 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4581 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4582 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4583 (int)sizeof(msg)))
4584 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4585 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4586 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4587 goto err;
4588 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4589
4590 if (!TEST_int_gt(ivlen, 0))
4591 goto err;
4592
4593 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4594 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4595 goto err;
4596
4597 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4598 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4599 goto err;
4600 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4601 goto err;
4602
4603 ret = 1;
4604 err:
4605 EVP_CIPHER_CTX_free(ctx);
4606 EVP_CIPHER_free(type);
4607 return ret;
4608 }
4609 #endif
4610
4611 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)4612 static int test_evp_bf_default_keylen(int idx)
4613 {
4614 int ret = 0;
4615 static const char *algos[4] = {
4616 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
4617 };
4618 int ivlen[4] = { 0, 8, 8, 8 };
4619 EVP_CIPHER *cipher = NULL;
4620
4621 if (lgcyprov == NULL)
4622 return TEST_skip("Test requires legacy provider to be loaded");
4623
4624 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4625 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4626 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4627 goto err;
4628
4629 ret = 1;
4630 err:
4631 EVP_CIPHER_free(cipher);
4632 return ret;
4633 }
4634 #endif
4635
4636 #ifndef OPENSSL_NO_EC
4637 static int ecpub_nids[] = {
4638 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4639 NID_secp384r1, NID_secp521r1,
4640 # ifndef OPENSSL_NO_EC2M
4641 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4642 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4643 # endif
4644 NID_brainpoolP384r1, NID_brainpoolP512r1
4645 };
4646
test_ecpub(int idx)4647 static int test_ecpub(int idx)
4648 {
4649 int ret = 0, len, savelen;
4650 int nid;
4651 unsigned char buf[1024];
4652 unsigned char *p;
4653 EVP_PKEY *pkey = NULL;
4654 EVP_PKEY_CTX *ctx = NULL;
4655 # ifndef OPENSSL_NO_DEPRECATED_3_0
4656 const unsigned char *q;
4657 EVP_PKEY *pkey2 = NULL;
4658 EC_KEY *ec = NULL;
4659 # endif
4660
4661 if (nullprov != NULL)
4662 return TEST_skip("Test does not support a non-default library context");
4663
4664 nid = ecpub_nids[idx];
4665
4666 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4667 if (!TEST_ptr(ctx)
4668 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4669 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4670 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4671 goto done;
4672 len = i2d_PublicKey(pkey, NULL);
4673 savelen = len;
4674 if (!TEST_int_ge(len, 1)
4675 || !TEST_int_lt(len, 1024))
4676 goto done;
4677 p = buf;
4678 len = i2d_PublicKey(pkey, &p);
4679 if (!TEST_int_ge(len, 1)
4680 || !TEST_int_eq(len, savelen))
4681 goto done;
4682
4683 # ifndef OPENSSL_NO_DEPRECATED_3_0
4684 /* Now try to decode the just-created DER. */
4685 q = buf;
4686 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4687 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4688 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4689 goto done;
4690 /* EC_KEY ownership transferred */
4691 ec = NULL;
4692 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4693 goto done;
4694 /* The keys should match. */
4695 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4696 goto done;
4697 # endif
4698
4699 ret = 1;
4700
4701 done:
4702 EVP_PKEY_CTX_free(ctx);
4703 EVP_PKEY_free(pkey);
4704 # ifndef OPENSSL_NO_DEPRECATED_3_0
4705 EVP_PKEY_free(pkey2);
4706 EC_KEY_free(ec);
4707 # endif
4708 return ret;
4709 }
4710 #endif
4711
test_EVP_rsa_pss_with_keygen_bits(void)4712 static int test_EVP_rsa_pss_with_keygen_bits(void)
4713 {
4714 int ret = 0;
4715 EVP_PKEY_CTX *ctx = NULL;
4716 EVP_PKEY *pkey = NULL;
4717 EVP_MD *md;
4718
4719 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4720 ret = TEST_ptr(md)
4721 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4722 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4723 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4724 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4725 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4726
4727 EVP_MD_free(md);
4728 EVP_PKEY_free(pkey);
4729 EVP_PKEY_CTX_free(ctx);
4730 return ret;
4731 }
4732
test_EVP_rsa_pss_set_saltlen(void)4733 static int test_EVP_rsa_pss_set_saltlen(void)
4734 {
4735 int ret = 0;
4736 EVP_PKEY *pkey = NULL;
4737 EVP_PKEY_CTX *pkey_ctx = NULL;
4738 EVP_MD *sha256 = NULL;
4739 EVP_MD_CTX *sha256_ctx = NULL;
4740 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4741 const int test_value = 32;
4742
4743 ret = TEST_ptr(pkey = load_example_rsa_key())
4744 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4745 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4746 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4747 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4748 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4749 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4750 && TEST_int_eq(saltlen, test_value);
4751
4752 EVP_MD_CTX_free(sha256_ctx);
4753 EVP_PKEY_free(pkey);
4754 EVP_MD_free(sha256);
4755
4756 return ret;
4757 }
4758
test_EVP_rsa_invalid_key(void)4759 static int test_EVP_rsa_invalid_key(void)
4760 {
4761 int ret = 0;
4762 EVP_PKEY *pkey = NULL;
4763
4764 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4765 /* we expect to fail to load bogus key */
4766 ret = !TEST_ptr(pkey);
4767 EVP_PKEY_free(pkey);
4768
4769 return ret;
4770 }
4771
4772 static int success = 1;
md_names(const char * name,void * vctx)4773 static void md_names(const char *name, void *vctx)
4774 {
4775 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4776 /* Force a namemap update */
4777 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4778
4779 if (!TEST_ptr(aes128))
4780 success = 0;
4781
4782 EVP_CIPHER_free(aes128);
4783 }
4784
4785 /*
4786 * Test that changing the namemap in a user callback works in a names_do_all
4787 * function.
4788 */
test_names_do_all(void)4789 static int test_names_do_all(void)
4790 {
4791 /* We use a custom libctx so that we know the state of the namemap */
4792 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4793 EVP_MD *sha256 = NULL;
4794 int testresult = 0;
4795
4796 if (!TEST_ptr(ctx))
4797 goto err;
4798
4799 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4800 if (!TEST_ptr(sha256))
4801 goto err;
4802
4803 /*
4804 * We loop through all the names for a given digest. This should still work
4805 * even if the namemap changes part way through.
4806 */
4807 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4808 goto err;
4809
4810 if (!TEST_true(success))
4811 goto err;
4812
4813 testresult = 1;
4814 err:
4815 EVP_MD_free(sha256);
4816 OSSL_LIB_CTX_free(ctx);
4817 return testresult;
4818 }
4819
4820 typedef struct {
4821 const char *cipher;
4822 const unsigned char *key;
4823 const unsigned char *iv;
4824 const unsigned char *input;
4825 const unsigned char *expected;
4826 const unsigned char *tag;
4827 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4828 size_t inlen;
4829 size_t expectedlen;
4830 size_t taglen;
4831 int keyfirst;
4832 int initenc;
4833 int finalenc;
4834 } EVP_INIT_TEST_st;
4835
4836 static const EVP_INIT_TEST_st evp_init_tests[] = {
4837 {
4838 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4839 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4840 0, 1, 0, 1
4841 },
4842 {
4843 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4844 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4845 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4846 sizeof(gcmDefaultTag), 1, 0, 1
4847 },
4848 {
4849 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4850 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4851 0, 0, 0, 1
4852 },
4853 {
4854 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4855 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4856 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4857 sizeof(gcmDefaultTag), 0, 0, 1
4858 },
4859 {
4860 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4861 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4862 0, 1, 1, 0
4863 },
4864 {
4865 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4866 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4867 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4868 sizeof(gcmDefaultTag), 1, 1, 0
4869 },
4870 {
4871 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4872 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4873 0, 0, 1, 0
4874 },
4875 {
4876 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4877 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4878 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4879 sizeof(gcmDefaultTag), 0, 1, 0
4880 }
4881 };
4882
4883 /* use same key, iv and plaintext for cfb and ofb */
4884 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4885 {
4886 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4887 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4888 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4889 },
4890 {
4891 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4892 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4893 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4894 },
4895 {
4896 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4897 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4898 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4899 },
4900 {
4901 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4902 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4903 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4904 },
4905 };
4906
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4907 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4908 {
4909 int res = 0;
4910
4911 if (t->ivlen != 0) {
4912 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4913 goto err;
4914 }
4915 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4916 goto err;
4917 res = 1;
4918 err:
4919 return res;
4920 }
4921
4922 /*
4923 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4924 * arguments are given one at a time and a final adjustment to the enc
4925 * parameter sets the correct operation.
4926 */
test_evp_init_seq(int idx)4927 static int test_evp_init_seq(int idx)
4928 {
4929 int outlen1, outlen2;
4930 int testresult = 0;
4931 unsigned char outbuf[1024];
4932 unsigned char tag[16];
4933 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4934 EVP_CIPHER_CTX *ctx = NULL;
4935 EVP_CIPHER *type = NULL;
4936 size_t taglen = sizeof(tag);
4937 char *errmsg = NULL;
4938
4939 ctx = EVP_CIPHER_CTX_new();
4940 if (ctx == NULL) {
4941 errmsg = "CTX_ALLOC";
4942 goto err;
4943 }
4944 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4945 errmsg = "CIPHER_FETCH";
4946 goto err;
4947 }
4948 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4949 errmsg = "EMPTY_ENC_INIT";
4950 goto err;
4951 }
4952 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4953 errmsg = "PADDING";
4954 goto err;
4955 }
4956 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4957 errmsg = "KEY_INIT (before iv)";
4958 goto err;
4959 }
4960 if (!evp_init_seq_set_iv(ctx, t)) {
4961 errmsg = "IV_INIT";
4962 goto err;
4963 }
4964 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4965 errmsg = "KEY_INIT (after iv)";
4966 goto err;
4967 }
4968 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4969 errmsg = "FINAL_ENC_INIT";
4970 goto err;
4971 }
4972 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4973 errmsg = "CIPHER_UPDATE";
4974 goto err;
4975 }
4976 if (t->finalenc == 0 && t->tag != NULL) {
4977 /* Set expected tag */
4978 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4979 t->taglen, (void *)t->tag), 0)) {
4980 errmsg = "SET_TAG";
4981 goto err;
4982 }
4983 }
4984 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4985 errmsg = "CIPHER_FINAL";
4986 goto err;
4987 }
4988 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4989 errmsg = "WRONG_RESULT";
4990 goto err;
4991 }
4992 if (t->finalenc != 0 && t->tag != NULL) {
4993 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4994 errmsg = "GET_TAG";
4995 goto err;
4996 }
4997 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4998 errmsg = "TAG_ERROR";
4999 goto err;
5000 }
5001 }
5002 testresult = 1;
5003 err:
5004 if (errmsg != NULL)
5005 TEST_info("evp_init_test %d: %s", idx, errmsg);
5006 EVP_CIPHER_CTX_free(ctx);
5007 EVP_CIPHER_free(type);
5008 return testresult;
5009 }
5010
5011 /*
5012 * Test re-initialization of cipher context without changing key or iv.
5013 * The result of both iteration should be the same.
5014 */
test_evp_reinit_seq(int idx)5015 static int test_evp_reinit_seq(int idx)
5016 {
5017 int outlen1, outlen2, outlen_final;
5018 int testresult = 0;
5019 unsigned char outbuf1[1024];
5020 unsigned char outbuf2[1024];
5021 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
5022 EVP_CIPHER_CTX *ctx = NULL;
5023 EVP_CIPHER *type = NULL;
5024
5025 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5026 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
5027 /* setup cipher context */
5028 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
5029 /* first iteration */
5030 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
5031 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
5032 /* check test results iteration 1 */
5033 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
5034 /* now re-init the context (same cipher, key and iv) */
5035 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
5036 /* second iteration */
5037 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
5038 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
5039 /* check test results iteration 2 */
5040 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
5041 goto err;
5042 testresult = 1;
5043 err:
5044 EVP_CIPHER_CTX_free(ctx);
5045 EVP_CIPHER_free(type);
5046 return testresult;
5047 }
5048
5049 typedef struct {
5050 const unsigned char *input;
5051 const unsigned char *expected;
5052 size_t inlen;
5053 size_t expectedlen;
5054 int enc;
5055 } EVP_RESET_TEST_st;
5056
5057 static const EVP_RESET_TEST_st evp_reset_tests[] = {
5058 {
5059 cfbPlaintext, cfbCiphertext,
5060 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
5061 },
5062 {
5063 cfbCiphertext, cfbPlaintext,
5064 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
5065 }
5066 };
5067
5068 /*
5069 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
5070 * been used.
5071 */
test_evp_reset(int idx)5072 static int test_evp_reset(int idx)
5073 {
5074 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
5075 int outlen1, outlen2;
5076 int testresult = 0;
5077 unsigned char outbuf[1024];
5078 EVP_CIPHER_CTX *ctx = NULL;
5079 EVP_CIPHER *type = NULL;
5080 char *errmsg = NULL;
5081
5082 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5083 errmsg = "CTX_ALLOC";
5084 goto err;
5085 }
5086 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
5087 errmsg = "CIPHER_FETCH";
5088 goto err;
5089 }
5090 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5091 errmsg = "CIPHER_INIT";
5092 goto err;
5093 }
5094 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5095 errmsg = "PADDING";
5096 goto err;
5097 }
5098 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5099 errmsg = "CIPHER_UPDATE";
5100 goto err;
5101 }
5102 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5103 errmsg = "CIPHER_FINAL";
5104 goto err;
5105 }
5106 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5107 errmsg = "WRONG_RESULT";
5108 goto err;
5109 }
5110 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
5111 errmsg = "CIPHER_REINIT";
5112 goto err;
5113 }
5114 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5115 errmsg = "CIPHER_UPDATE (reinit)";
5116 goto err;
5117 }
5118 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5119 errmsg = "CIPHER_FINAL (reinit)";
5120 goto err;
5121 }
5122 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5123 errmsg = "WRONG_RESULT (reinit)";
5124 goto err;
5125 }
5126 testresult = 1;
5127 err:
5128 if (errmsg != NULL)
5129 TEST_info("test_evp_reset %d: %s", idx, errmsg);
5130 EVP_CIPHER_CTX_free(ctx);
5131 EVP_CIPHER_free(type);
5132 return testresult;
5133 }
5134
5135 typedef struct {
5136 const char *cipher;
5137 int enc;
5138 } EVP_UPDATED_IV_TEST_st;
5139
5140 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
5141 {
5142 "aes-128-cfb", 1
5143 },
5144 {
5145 "aes-128-cfb", 0
5146 },
5147 {
5148 "aes-128-cfb1", 1
5149 },
5150 {
5151 "aes-128-cfb1", 0
5152 },
5153 {
5154 "aes-128-cfb8", 1
5155 },
5156 {
5157 "aes-128-cfb8", 0
5158 },
5159 {
5160 "aes-128-ofb", 1
5161 },
5162 {
5163 "aes-128-ofb", 0
5164 },
5165 {
5166 "aes-128-ctr", 1
5167 },
5168 {
5169 "aes-128-ctr", 0
5170 },
5171 {
5172 "aes-128-cbc", 1
5173 },
5174 {
5175 "aes-128-cbc", 0
5176 }
5177 };
5178
5179 /*
5180 * Test that the IV in the context is updated during a crypto operation for CFB
5181 * and OFB.
5182 */
test_evp_updated_iv(int idx)5183 static int test_evp_updated_iv(int idx)
5184 {
5185 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
5186 int outlen1, outlen2;
5187 int testresult = 0;
5188 unsigned char outbuf[1024];
5189 EVP_CIPHER_CTX *ctx = NULL;
5190 EVP_CIPHER *type = NULL;
5191 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
5192 int iv_len;
5193 char *errmsg = NULL;
5194
5195 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5196 errmsg = "CTX_ALLOC";
5197 goto err;
5198 }
5199 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
5200 TEST_info("cipher %s not supported, skipping", t->cipher);
5201 goto ok;
5202 }
5203
5204 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5205 errmsg = "CIPHER_INIT";
5206 goto err;
5207 }
5208 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5209 errmsg = "PADDING";
5210 goto err;
5211 }
5212 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
5213 errmsg = "CIPHER_UPDATE";
5214 goto err;
5215 }
5216 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
5217 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
5218 goto err;
5219 }
5220 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
5221 if (!TEST_int_ge(iv_len,0)) {
5222 errmsg = "CIPHER_CTX_GET_IV_LEN";
5223 goto err;
5224 }
5225 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
5226 errmsg = "IV_NOT_UPDATED";
5227 goto err;
5228 }
5229 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5230 errmsg = "CIPHER_FINAL";
5231 goto err;
5232 }
5233 ok:
5234 testresult = 1;
5235 err:
5236 if (errmsg != NULL)
5237 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
5238 EVP_CIPHER_CTX_free(ctx);
5239 EVP_CIPHER_free(type);
5240 return testresult;
5241 }
5242
5243 typedef struct {
5244 const unsigned char *iv1;
5245 const unsigned char *iv2;
5246 const unsigned char *expected1;
5247 const unsigned char *expected2;
5248 const unsigned char *tag1;
5249 const unsigned char *tag2;
5250 size_t ivlen1;
5251 size_t ivlen2;
5252 size_t expectedlen1;
5253 size_t expectedlen2;
5254 } TEST_GCM_IV_REINIT_st;
5255
5256 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
5257 {
5258 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
5259 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
5260 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
5261 },
5262 {
5263 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
5264 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
5265 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
5266 }
5267 };
5268
test_gcm_reinit(int idx)5269 static int test_gcm_reinit(int idx)
5270 {
5271 int outlen1, outlen2, outlen3;
5272 int testresult = 0;
5273 unsigned char outbuf[1024];
5274 unsigned char tag[16];
5275 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
5276 EVP_CIPHER_CTX *ctx = NULL;
5277 EVP_CIPHER *type = NULL;
5278 size_t taglen = sizeof(tag);
5279 char *errmsg = NULL;
5280
5281 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5282 errmsg = "CTX_ALLOC";
5283 goto err;
5284 }
5285 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
5286 errmsg = "CIPHER_FETCH";
5287 goto err;
5288 }
5289 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
5290 errmsg = "ENC_INIT";
5291 goto err;
5292 }
5293 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
5294 errmsg = "SET_IVLEN1";
5295 goto err;
5296 }
5297 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
5298 errmsg = "SET_IV1";
5299 goto err;
5300 }
5301 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5302 errmsg = "AAD1";
5303 goto err;
5304 }
5305 EVP_CIPHER_CTX_set_padding(ctx, 0);
5306 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5307 sizeof(gcmResetPlaintext)))) {
5308 errmsg = "CIPHER_UPDATE1";
5309 goto err;
5310 }
5311 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5312 errmsg = "CIPHER_FINAL1";
5313 goto err;
5314 }
5315 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
5316 errmsg = "WRONG_RESULT1";
5317 goto err;
5318 }
5319 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5320 errmsg = "GET_TAG1";
5321 goto err;
5322 }
5323 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
5324 errmsg = "TAG_ERROR1";
5325 goto err;
5326 }
5327 /* Now reinit */
5328 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
5329 errmsg = "SET_IVLEN2";
5330 goto err;
5331 }
5332 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
5333 errmsg = "SET_IV2";
5334 goto err;
5335 }
5336 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5337 errmsg = "AAD2";
5338 goto err;
5339 }
5340 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5341 sizeof(gcmResetPlaintext)))) {
5342 errmsg = "CIPHER_UPDATE2";
5343 goto err;
5344 }
5345 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5346 errmsg = "CIPHER_FINAL2";
5347 goto err;
5348 }
5349 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
5350 errmsg = "WRONG_RESULT2";
5351 goto err;
5352 }
5353 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5354 errmsg = "GET_TAG2";
5355 goto err;
5356 }
5357 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
5358 errmsg = "TAG_ERROR2";
5359 goto err;
5360 }
5361 testresult = 1;
5362 err:
5363 if (errmsg != NULL)
5364 TEST_info("evp_init_test %d: %s", idx, errmsg);
5365 EVP_CIPHER_CTX_free(ctx);
5366 EVP_CIPHER_free(type);
5367 return testresult;
5368 }
5369
5370 static const char *ivlen_change_ciphers[] = {
5371 "AES-256-GCM",
5372 #ifndef OPENSSL_NO_OCB
5373 "AES-256-OCB",
5374 #endif
5375 "AES-256-CCM"
5376 };
5377
5378 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)5379 static int test_ivlen_change(int idx)
5380 {
5381 int outlen;
5382 int res = 0;
5383 unsigned char outbuf[1024];
5384 static const unsigned char iv[] = {
5385 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5386 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5387 };
5388 EVP_CIPHER_CTX *ctx = NULL;
5389 EVP_CIPHER *ciph = NULL;
5390 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5391 size_t ivlen = 13; /* non-default IV length */
5392
5393 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5394 goto err;
5395
5396 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
5397 testpropq)))
5398 goto err;
5399
5400 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
5401 goto err;
5402
5403 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5404 sizeof(gcmDefaultPlaintext))))
5405 goto err;
5406
5407 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5408 &ivlen);
5409 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5410 goto err;
5411
5412 ERR_set_mark();
5413 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5414 sizeof(gcmDefaultPlaintext)))) {
5415 ERR_clear_last_mark();
5416 goto err;
5417 }
5418 ERR_pop_to_mark();
5419
5420 res = 1;
5421 err:
5422 EVP_CIPHER_CTX_free(ctx);
5423 EVP_CIPHER_free(ciph);
5424 return res;
5425 }
5426
5427 static const char *keylen_change_ciphers[] = {
5428 #ifndef OPENSSL_NO_BF
5429 "BF-ECB",
5430 #endif
5431 #ifndef OPENSSL_NO_CAST
5432 "CAST5-ECB",
5433 #endif
5434 #ifndef OPENSSL_NO_RC2
5435 "RC2-ECB",
5436 #endif
5437 #ifndef OPENSSL_NO_RC4
5438 "RC4",
5439 #endif
5440 #ifndef OPENSSL_NO_RC5
5441 "RC5-ECB",
5442 #endif
5443 NULL
5444 };
5445
5446 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)5447 static int test_keylen_change(int idx)
5448 {
5449 int outlen;
5450 int res = 0;
5451 unsigned char outbuf[1024];
5452 static const unsigned char key[] = {
5453 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5454 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5455 };
5456 EVP_CIPHER_CTX *ctx = NULL;
5457 EVP_CIPHER *ciph = NULL;
5458 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5459 size_t keylen = 12; /* non-default key length */
5460
5461 if (lgcyprov == NULL)
5462 return TEST_skip("Test requires legacy provider to be loaded");
5463
5464 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5465 goto err;
5466
5467 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
5468 testpropq)))
5469 goto err;
5470
5471 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
5472 goto err;
5473
5474 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5475 sizeof(gcmDefaultPlaintext))))
5476 goto err;
5477
5478 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5479 &keylen);
5480 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5481 goto err;
5482
5483 ERR_set_mark();
5484 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5485 sizeof(gcmDefaultPlaintext)))) {
5486 ERR_clear_last_mark();
5487 goto err;
5488 }
5489 ERR_pop_to_mark();
5490
5491 res = 1;
5492 err:
5493 EVP_CIPHER_CTX_free(ctx);
5494 EVP_CIPHER_free(ciph);
5495 return res;
5496 }
5497
5498 #ifndef OPENSSL_NO_DEPRECATED_3_0
5499 static EVP_PKEY_METHOD *custom_pmeth = NULL;
5500 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
5501
5502 # define EVP_PKEY_CTRL_MY_COMMAND 9999
5503
custom_pmeth_init(EVP_PKEY_CTX * ctx)5504 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
5505 {
5506 int (*pinit)(EVP_PKEY_CTX *ctx);
5507
5508 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
5509 return pinit(ctx);
5510 }
5511
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)5512 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
5513 {
5514 void (*pcleanup)(EVP_PKEY_CTX *ctx);
5515
5516 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
5517 pcleanup(ctx);
5518 }
5519
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)5520 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
5521 size_t *outlen, const unsigned char *in,
5522 size_t inlen)
5523 {
5524 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
5525 const unsigned char *tbs, size_t tbslen);
5526
5527 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
5528 return psign(ctx, out, outlen, in, inlen);
5529 }
5530
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)5531 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
5532 size_t *siglen, const unsigned char *tbs,
5533 size_t tbslen)
5534 {
5535 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
5536 const unsigned char *tbs, size_t tbslen);
5537
5538 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
5539 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
5540 }
5541
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)5542 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
5543 size_t *keylen)
5544 {
5545 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
5546
5547 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
5548 return pderive(ctx, key, keylen);
5549 }
5550
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)5551 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
5552 {
5553 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
5554
5555 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
5556 return pcopy(dst, src);
5557 }
5558
5559 static int ctrl_called;
5560
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)5561 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
5562 {
5563 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
5564
5565 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
5566
5567 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
5568 ctrl_called = 1;
5569 return 1;
5570 }
5571
5572 return pctrl(ctx, type, p1, p2);
5573 }
5574
test_custom_pmeth(int idx)5575 static int test_custom_pmeth(int idx)
5576 {
5577 EVP_PKEY_CTX *pctx = NULL;
5578 EVP_MD_CTX *ctx = NULL;
5579 EVP_PKEY *pkey = NULL;
5580 int id, orig_id, orig_flags;
5581 int testresult = 0;
5582 size_t reslen;
5583 unsigned char *res = NULL;
5584 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
5585 const EVP_MD *md = EVP_sha256();
5586 int doderive = 0;
5587
5588 ctrl_called = 0;
5589
5590 /* We call deprecated APIs so this test doesn't support a custom libctx */
5591 if (testctx != NULL)
5592 return 1;
5593
5594 switch (idx) {
5595 case 0:
5596 case 6:
5597 id = EVP_PKEY_RSA;
5598 pkey = load_example_rsa_key();
5599 break;
5600 case 1:
5601 case 7:
5602 # ifndef OPENSSL_NO_DSA
5603 id = EVP_PKEY_DSA;
5604 pkey = load_example_dsa_key();
5605 break;
5606 # else
5607 return 1;
5608 # endif
5609 case 2:
5610 case 8:
5611 # ifndef OPENSSL_NO_EC
5612 id = EVP_PKEY_EC;
5613 pkey = load_example_ec_key();
5614 break;
5615 # else
5616 return 1;
5617 # endif
5618 case 3:
5619 case 9:
5620 # ifndef OPENSSL_NO_ECX
5621 id = EVP_PKEY_ED25519;
5622 md = NULL;
5623 pkey = load_example_ed25519_key();
5624 break;
5625 # else
5626 return 1;
5627 # endif
5628 case 4:
5629 case 10:
5630 # ifndef OPENSSL_NO_DH
5631 id = EVP_PKEY_DH;
5632 doderive = 1;
5633 pkey = load_example_dh_key();
5634 break;
5635 # else
5636 return 1;
5637 # endif
5638 case 5:
5639 case 11:
5640 # ifndef OPENSSL_NO_ECX
5641 id = EVP_PKEY_X25519;
5642 doderive = 1;
5643 pkey = load_example_x25519_key();
5644 break;
5645 # else
5646 return 1;
5647 # endif
5648 default:
5649 TEST_error("Should not happen");
5650 goto err;
5651 }
5652
5653 if (!TEST_ptr(pkey))
5654 goto err;
5655
5656 if (idx < 6) {
5657 if (!TEST_true(evp_pkey_is_provided(pkey)))
5658 goto err;
5659 } else {
5660 EVP_PKEY *tmp = pkey;
5661
5662 /* Convert to a legacy key */
5663 pkey = EVP_PKEY_new();
5664 if (!TEST_ptr(pkey)) {
5665 pkey = tmp;
5666 goto err;
5667 }
5668 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5669 EVP_PKEY_free(tmp);
5670 goto err;
5671 }
5672 EVP_PKEY_free(tmp);
5673 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5674 goto err;
5675 }
5676
5677 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5678 || !TEST_ptr(pkey))
5679 goto err;
5680
5681 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5682 if (!TEST_int_eq(orig_id, id)
5683 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5684 goto err;
5685
5686 if (id == EVP_PKEY_ED25519) {
5687 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5688 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5689 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5690 } else {
5691 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5692 }
5693 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5694 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5695 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5696 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5697 }
5698 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5699 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5700 goto err;
5701
5702 if (doderive) {
5703 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5704 if (!TEST_ptr(pctx)
5705 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5706 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5707 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5708 1)
5709 || !TEST_int_eq(ctrl_called, 1)
5710 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5711 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5712 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5713 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5714 goto err;
5715 } else {
5716 ctx = EVP_MD_CTX_new();
5717 reslen = EVP_PKEY_size(pkey);
5718 res = OPENSSL_malloc(reslen);
5719 if (!TEST_ptr(ctx)
5720 || !TEST_ptr(res)
5721 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5722 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5723 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5724 1)
5725 || !TEST_int_eq(ctrl_called, 1))
5726 goto err;
5727
5728 if (id == EVP_PKEY_ED25519) {
5729 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5730 goto err;
5731 } else {
5732 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5733 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5734 goto err;
5735 }
5736 }
5737
5738 testresult = 1;
5739 err:
5740 OPENSSL_free(res);
5741 EVP_MD_CTX_free(ctx);
5742 if (doderive)
5743 EVP_PKEY_CTX_free(pctx);
5744 EVP_PKEY_free(pkey);
5745 EVP_PKEY_meth_remove(custom_pmeth);
5746 EVP_PKEY_meth_free(custom_pmeth);
5747 custom_pmeth = NULL;
5748 return testresult;
5749 }
5750
test_evp_md_cipher_meth(void)5751 static int test_evp_md_cipher_meth(void)
5752 {
5753 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5754 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5755 int testresult = 0;
5756
5757 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5758 goto err;
5759
5760 testresult = 1;
5761
5762 err:
5763 EVP_MD_meth_free(md);
5764 EVP_CIPHER_meth_free(ciph);
5765
5766 return testresult;
5767 }
5768
5769 typedef struct {
5770 int data;
5771 } custom_dgst_ctx;
5772
5773 static int custom_md_init_called = 0;
5774 static int custom_md_cleanup_called = 0;
5775
custom_md_init(EVP_MD_CTX * ctx)5776 static int custom_md_init(EVP_MD_CTX *ctx)
5777 {
5778 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5779
5780 if (p == NULL)
5781 return 0;
5782
5783 custom_md_init_called++;
5784 return 1;
5785 }
5786
custom_md_cleanup(EVP_MD_CTX * ctx)5787 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5788 {
5789 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5790
5791 if (p == NULL)
5792 /* Nothing to do */
5793 return 1;
5794
5795 custom_md_cleanup_called++;
5796 return 1;
5797 }
5798
test_custom_md_meth(void)5799 static int test_custom_md_meth(void)
5800 {
5801 ASN1_OBJECT *o = NULL;
5802 EVP_MD_CTX *mdctx = NULL;
5803 EVP_MD *tmp = NULL;
5804 char mess[] = "Test Message\n";
5805 unsigned char md_value[EVP_MAX_MD_SIZE];
5806 unsigned int md_len;
5807 int testresult = 0;
5808 int nid;
5809
5810 /*
5811 * We are testing deprecated functions. We don't support a non-default
5812 * library context in this test.
5813 */
5814 if (testctx != NULL)
5815 return TEST_skip("Non-default libctx");
5816
5817 custom_md_init_called = custom_md_cleanup_called = 0;
5818
5819 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5820 if (!TEST_int_ne(nid, NID_undef))
5821 goto err;
5822 tmp = EVP_MD_meth_new(nid, NID_undef);
5823 if (!TEST_ptr(tmp))
5824 goto err;
5825
5826 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5827 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5828 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5829 sizeof(custom_dgst_ctx))))
5830 goto err;
5831
5832 mdctx = EVP_MD_CTX_new();
5833 if (!TEST_ptr(mdctx)
5834 /*
5835 * Initing our custom md and then initing another md should
5836 * result in the init and cleanup functions of the custom md
5837 * being called.
5838 */
5839 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5840 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5841 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5842 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5843 || !TEST_int_eq(custom_md_init_called, 1)
5844 || !TEST_int_eq(custom_md_cleanup_called, 1))
5845 goto err;
5846
5847 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5848 "custom-md", "custom-md"), NID_undef)
5849 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5850 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5851 goto err;
5852
5853 o = ASN1_OBJECT_create(nid, (unsigned char *)
5854 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5855 "custom-md", "custom-md");
5856 if (!TEST_int_eq(OBJ_add_object(o), nid))
5857 goto err;
5858
5859 testresult = 1;
5860 err:
5861 ASN1_OBJECT_free(o);
5862 EVP_MD_CTX_free(mdctx);
5863 EVP_MD_meth_free(tmp);
5864 return testresult;
5865 }
5866
5867 typedef struct {
5868 int data;
5869 } custom_ciph_ctx;
5870
5871 static int custom_ciph_init_called = 0;
5872 static int custom_ciph_cleanup_called = 0;
5873
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5874 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5875 const unsigned char *iv, int enc)
5876 {
5877 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5878
5879 if (p == NULL)
5880 return 0;
5881
5882 custom_ciph_init_called++;
5883 return 1;
5884 }
5885
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5886 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5887 {
5888 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5889
5890 if (p == NULL)
5891 /* Nothing to do */
5892 return 1;
5893
5894 custom_ciph_cleanup_called++;
5895 return 1;
5896 }
5897
test_custom_ciph_meth(void)5898 static int test_custom_ciph_meth(void)
5899 {
5900 EVP_CIPHER_CTX *ciphctx = NULL;
5901 EVP_CIPHER *tmp = NULL;
5902 int testresult = 0;
5903 int nid;
5904
5905 /*
5906 * We are testing deprecated functions. We don't support a non-default
5907 * library context in this test.
5908 */
5909 if (testctx != NULL)
5910 return TEST_skip("Non-default libctx");
5911
5912 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5913
5914 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5915 if (!TEST_int_ne(nid, NID_undef))
5916 goto err;
5917 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5918 if (!TEST_ptr(tmp))
5919 goto err;
5920
5921 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5922 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5923 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5924 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5925 sizeof(custom_ciph_ctx))))
5926 goto err;
5927
5928 ciphctx = EVP_CIPHER_CTX_new();
5929 if (!TEST_ptr(ciphctx)
5930 /*
5931 * Initing our custom cipher and then initing another cipher
5932 * should result in the init and cleanup functions of the custom
5933 * cipher being called.
5934 */
5935 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5936 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5937 NULL, NULL, 1))
5938 || !TEST_int_eq(custom_ciph_init_called, 1)
5939 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5940 goto err;
5941
5942 testresult = 1;
5943 err:
5944 EVP_CIPHER_CTX_free(ciphctx);
5945 EVP_CIPHER_meth_free(tmp);
5946 return testresult;
5947 }
5948
5949 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5950 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5951 static int test_signatures_with_engine(int tst)
5952 {
5953 ENGINE *e;
5954 const char *engine_id = "dasync";
5955 EVP_PKEY *pkey = NULL;
5956 const unsigned char badcmackey[] = { 0x00, 0x01 };
5957 const unsigned char cmackey[] = {
5958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5959 0x0c, 0x0d, 0x0e, 0x0f
5960 };
5961 const unsigned char ed25519key[] = {
5962 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5963 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5964 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5965 };
5966 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5967 int testresult = 0;
5968 EVP_MD_CTX *ctx = NULL;
5969 unsigned char *mac = NULL;
5970 size_t maclen = 0;
5971 int ret;
5972
5973 # ifdef OPENSSL_NO_CMAC
5974 /* Skip CMAC tests in a no-cmac build */
5975 if (tst <= 1)
5976 return 1;
5977 # endif
5978 # ifdef OPENSSL_NO_ECX
5979 /* Skip ECX tests in a no-ecx build */
5980 if (tst == 2)
5981 return 1;
5982 # endif
5983
5984 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5985 return 0;
5986
5987 if (!TEST_true(ENGINE_init(e))) {
5988 ENGINE_free(e);
5989 return 0;
5990 }
5991
5992 switch (tst) {
5993 case 0:
5994 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5995 EVP_aes_128_cbc());
5996 break;
5997 case 1:
5998 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5999 EVP_aes_128_cbc());
6000 break;
6001 case 2:
6002 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
6003 sizeof(ed25519key));
6004 break;
6005 default:
6006 TEST_error("Invalid test case");
6007 goto err;
6008 }
6009 if (!TEST_ptr(pkey))
6010 goto err;
6011
6012 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6013 goto err;
6014
6015 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
6016 pkey);
6017 if (tst == 0) {
6018 if (!TEST_true(ret))
6019 goto err;
6020
6021 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
6022 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
6023 goto err;
6024
6025 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6026 goto err;
6027
6028 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
6029 goto err;
6030 } else {
6031 /* We used a bad key. We expect a failure here */
6032 if (!TEST_false(ret))
6033 goto err;
6034 }
6035
6036 testresult = 1;
6037 err:
6038 EVP_MD_CTX_free(ctx);
6039 OPENSSL_free(mac);
6040 EVP_PKEY_free(pkey);
6041 ENGINE_finish(e);
6042 ENGINE_free(e);
6043
6044 return testresult;
6045 }
6046
test_cipher_with_engine(void)6047 static int test_cipher_with_engine(void)
6048 {
6049 ENGINE *e;
6050 const char *engine_id = "dasync";
6051 const unsigned char keyiv[] = {
6052 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
6053 0x0c, 0x0d, 0x0e, 0x0f
6054 };
6055 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6056 int testresult = 0;
6057 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
6058 unsigned char buf[AES_BLOCK_SIZE];
6059 int len = 0;
6060
6061 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
6062 return 0;
6063
6064 if (!TEST_true(ENGINE_init(e))) {
6065 ENGINE_free(e);
6066 return 0;
6067 }
6068
6069 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6070 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
6071 goto err;
6072
6073 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
6074 goto err;
6075
6076 /* Copy the ctx, and complete the operation with the new ctx */
6077 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
6078 goto err;
6079
6080 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
6081 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
6082 goto err;
6083
6084 testresult = 1;
6085 err:
6086 EVP_CIPHER_CTX_free(ctx);
6087 EVP_CIPHER_CTX_free(ctx2);
6088 ENGINE_finish(e);
6089 ENGINE_free(e);
6090
6091 return testresult;
6092 }
6093 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
6094 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
6095
6096 #ifndef OPENSSL_NO_ECX
6097 static int ecxnids[] = {
6098 NID_X25519,
6099 NID_X448,
6100 NID_ED25519,
6101 NID_ED448
6102 };
6103
6104 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)6105 static int test_ecx_short_keys(int tst)
6106 {
6107 unsigned char ecxkeydata = 1;
6108 EVP_PKEY *pkey;
6109
6110
6111 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
6112 NULL, &ecxkeydata, 1);
6113 if (!TEST_ptr_null(pkey)) {
6114 EVP_PKEY_free(pkey);
6115 return 0;
6116 }
6117
6118 return 1;
6119 }
6120 #endif
6121
6122 typedef enum OPTION_choice {
6123 OPT_ERR = -1,
6124 OPT_EOF = 0,
6125 OPT_CONTEXT,
6126 OPT_CONFIG_FILE,
6127 OPT_TEST_ENUM
6128 } OPTION_CHOICE;
6129
test_get_options(void)6130 const OPTIONS *test_get_options(void)
6131 {
6132 static const OPTIONS options[] = {
6133 OPT_TEST_OPTIONS_DEFAULT_USAGE,
6134 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
6135 { "config", OPT_CONFIG_FILE, '<',
6136 "The configuration file to use for the libctx" },
6137 { NULL }
6138 };
6139 return options;
6140 }
6141
6142 #ifndef OPENSSL_NO_ECX
6143 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)6144 static int test_ecx_not_private_key(int tst)
6145 {
6146 EVP_PKEY *pkey = NULL;
6147
6148 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6149 int testresult = 0;
6150 EVP_MD_CTX *ctx = NULL;
6151 unsigned char *mac = NULL;
6152 size_t maclen = 0;
6153 const uint8_t *pubkey;
6154 size_t pubkeylen;
6155
6156 switch (keys[tst].type) {
6157 case NID_X25519:
6158 case NID_X448:
6159 case NID_undef:
6160 return TEST_skip("signing not supported for X25519/X448/ML-KEM");
6161 }
6162
6163 /* Check if this algorithm supports public keys */
6164 if (keys[tst].pub == NULL)
6165 return TEST_skip("no public key present");
6166
6167 pubkey = keys[tst].pub;
6168 pubkeylen = keys[tst].publen;
6169
6170 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
6171 NULL, pubkey, pubkeylen);
6172 if (!TEST_ptr(pkey))
6173 goto err;
6174
6175 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6176 goto err;
6177
6178 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
6179 goto check_err;
6180
6181 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
6182 goto check_err;
6183
6184 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6185 goto err;
6186
6187 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
6188 goto err;
6189
6190 check_err:
6191 /*
6192 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
6193 * but we relax the check to allow error also thrown by
6194 * EVP_DigestSignInit and EVP_DigestSign.
6195 */
6196 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
6197 testresult = 1;
6198 ERR_clear_error();
6199 }
6200
6201 err:
6202 EVP_MD_CTX_free(ctx);
6203 OPENSSL_free(mac);
6204 EVP_PKEY_free(pkey);
6205
6206 return testresult;
6207 }
6208 #endif /* OPENSSL_NO_ECX */
6209
test_sign_continuation(void)6210 static int test_sign_continuation(void)
6211 {
6212 OSSL_PROVIDER *fake_rsa = NULL;
6213 int testresult = 0;
6214 EVP_PKEY *pkey = NULL;
6215 EVP_PKEY_CTX *pctx = NULL;
6216 EVP_MD_CTX *mctx = NULL;
6217 const char sigbuf[] = "To Be Signed";
6218 unsigned char signature[256];
6219 size_t siglen = 256;
6220 static int nodupnum = 1;
6221 static const OSSL_PARAM nodup_params[] = {
6222 OSSL_PARAM_int("NO_DUP", &nodupnum),
6223 OSSL_PARAM_END
6224 };
6225
6226 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
6227 return 0;
6228
6229 /* Construct a pkey using precise propq to use our provider */
6230 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
6231 "provider=fake-rsa"))
6232 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
6233 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
6234 || !TEST_ptr(pkey))
6235 goto end;
6236
6237 /* First test it continues (classic behavior) */
6238 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6239 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6240 NULL, pkey, NULL))
6241 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6242 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6243 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6244 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
6245 goto end;
6246
6247 EVP_MD_CTX_free(mctx);
6248
6249 /* try again but failing the continuation */
6250 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6251 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6252 NULL, pkey, nodup_params))
6253 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6254 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6255 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6256 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
6257 goto end;
6258
6259 testresult = 1;
6260
6261 end:
6262 EVP_MD_CTX_free(mctx);
6263 EVP_PKEY_free(pkey);
6264 EVP_PKEY_CTX_free(pctx);
6265 fake_rsa_finish(fake_rsa);
6266 return testresult;
6267 }
6268
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6269 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6270 const unsigned char *gcm_iv, size_t gcm_ivlen,
6271 const unsigned char *gcm_pt, size_t gcm_pt_s,
6272 const unsigned char *gcm_aad, size_t gcm_aad_s,
6273 const unsigned char *gcm_ct, size_t gcm_ct_s,
6274 const unsigned char *gcm_tag, size_t gcm_tag_s)
6275 {
6276 int ret = 0;
6277 EVP_CIPHER_CTX *ctx;
6278 EVP_CIPHER *cipher = NULL;
6279 int outlen, tmplen;
6280 unsigned char outbuf[1024];
6281 unsigned char outtag[16];
6282 OSSL_PARAM params[2] = {
6283 OSSL_PARAM_END, OSSL_PARAM_END
6284 };
6285
6286 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6287 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
6288 goto err;
6289
6290 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6291 &gcm_ivlen);
6292
6293 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6294 || (gcm_aad != NULL
6295 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6296 gcm_aad, gcm_aad_s)))
6297 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6298 gcm_pt, gcm_pt_s))
6299 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6300 goto err;
6301
6302 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6303 outtag, sizeof(outtag));
6304
6305 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
6306 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
6307 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
6308 goto err;
6309
6310 ret = 1;
6311 err:
6312 EVP_CIPHER_free(cipher);
6313 EVP_CIPHER_CTX_free(ctx);
6314
6315 return ret;
6316 }
6317
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6318 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6319 const unsigned char *gcm_iv, size_t gcm_ivlen,
6320 const unsigned char *gcm_pt, size_t gcm_pt_s,
6321 const unsigned char *gcm_aad, size_t gcm_aad_s,
6322 const unsigned char *gcm_ct, size_t gcm_ct_s,
6323 const unsigned char *gcm_tag, size_t gcm_tag_s)
6324 {
6325 int ret = 0;
6326 EVP_CIPHER_CTX *ctx;
6327 EVP_CIPHER *cipher = NULL;
6328 int outlen;
6329 unsigned char outbuf[1024];
6330 OSSL_PARAM params[2] = {
6331 OSSL_PARAM_END, OSSL_PARAM_END
6332 };
6333
6334 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6335 goto err;
6336
6337 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
6338 goto err;
6339
6340 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6341 &gcm_ivlen);
6342
6343 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6344 || (gcm_aad != NULL
6345 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
6346 gcm_aad, gcm_aad_s)))
6347 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6348 gcm_ct, gcm_ct_s))
6349 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
6350 goto err;
6351
6352 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6353 (void*)gcm_tag, gcm_tag_s);
6354
6355 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6356 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
6357 goto err;
6358
6359 ret = 1;
6360 err:
6361 EVP_CIPHER_free(cipher);
6362 EVP_CIPHER_CTX_free(ctx);
6363
6364 return ret;
6365 }
6366
test_aes_gcm_ivlen_change_cve_2023_5363(void)6367 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
6368 {
6369 /* AES-GCM test data obtained from NIST public test vectors */
6370 static const unsigned char gcm_key[] = {
6371 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
6372 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
6373 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
6374 };
6375 static const unsigned char gcm_iv[] = {
6376 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
6377 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
6378 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
6379 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
6380 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
6381 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
6382 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
6383 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
6384 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
6385 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
6386 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
6387 };
6388 static const unsigned char gcm_pt[] = {
6389 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
6390 0x4f, 0xe3, 0x6f, 0x81,
6391 };
6392 static const unsigned char gcm_ct[] = {
6393 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
6394 0xe2, 0xd0, 0xec, 0xed,
6395 };
6396 static const unsigned char gcm_tag[] = {
6397 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
6398 0xdb, 0x99, 0x6c, 0x21,
6399 };
6400
6401 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6402 gcm_pt, sizeof(gcm_pt), NULL, 0,
6403 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
6404 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6405 gcm_pt, sizeof(gcm_pt), NULL, 0,
6406 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
6407 }
6408
6409 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6410 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6411 const unsigned char *rc4_pt, size_t rc4_pt_s,
6412 const unsigned char *rc4_ct, size_t rc4_ct_s)
6413 {
6414 int ret = 0;
6415 EVP_CIPHER_CTX *ctx;
6416 EVP_CIPHER *cipher = NULL;
6417 int outlen, tmplen;
6418 unsigned char outbuf[1024];
6419 OSSL_PARAM params[2] = {
6420 OSSL_PARAM_END, OSSL_PARAM_END
6421 };
6422
6423 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6424 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
6425 goto err;
6426
6427 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6428 &rc4_key_s);
6429
6430 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6431 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6432 rc4_pt, rc4_pt_s))
6433 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6434 goto err;
6435
6436 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
6437 goto err;
6438
6439 ret = 1;
6440 err:
6441 EVP_CIPHER_free(cipher);
6442 EVP_CIPHER_CTX_free(ctx);
6443
6444 return ret;
6445 }
6446
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6447 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6448 const unsigned char *rc4_pt, size_t rc4_pt_s,
6449 const unsigned char *rc4_ct, size_t rc4_ct_s)
6450 {
6451 int ret = 0;
6452 EVP_CIPHER_CTX *ctx;
6453 EVP_CIPHER *cipher = NULL;
6454 int outlen;
6455 unsigned char outbuf[1024];
6456 OSSL_PARAM params[2] = {
6457 OSSL_PARAM_END, OSSL_PARAM_END
6458 };
6459
6460 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6461 goto err;
6462
6463 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
6464 goto err;
6465
6466 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6467 &rc4_key_s);
6468
6469 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6470 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6471 rc4_ct, rc4_ct_s))
6472 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
6473 goto err;
6474
6475 ret = 1;
6476 err:
6477 EVP_CIPHER_free(cipher);
6478 EVP_CIPHER_CTX_free(ctx);
6479
6480 return ret;
6481 }
6482
test_aes_rc4_keylen_change_cve_2023_5363(void)6483 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
6484 {
6485 /* RC4 test data obtained from RFC 6229 */
6486 static const struct {
6487 unsigned char key[5];
6488 unsigned char padding[11];
6489 } rc4_key = {
6490 { /* Five bytes of key material */
6491 0x83, 0x32, 0x22, 0x77, 0x2a,
6492 },
6493 { /* Random padding to 16 bytes */
6494 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
6495 }
6496 };
6497 static const unsigned char rc4_pt[] = {
6498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6500 };
6501 static const unsigned char rc4_ct[] = {
6502 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
6503 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
6504 };
6505
6506 if (lgcyprov == NULL)
6507 return TEST_skip("Test requires legacy provider to be loaded");
6508
6509 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
6510 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
6511 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
6512 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
6513 }
6514 #endif
6515
test_invalid_ctx_for_digest(void)6516 static int test_invalid_ctx_for_digest(void)
6517 {
6518 int ret;
6519 EVP_MD_CTX *mdctx;
6520
6521 mdctx = EVP_MD_CTX_new();
6522 if (!TEST_ptr(mdctx))
6523 return 0;
6524
6525 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
6526 ret = 0;
6527 else
6528 ret = 1;
6529
6530 EVP_MD_CTX_free(mdctx);
6531
6532 return ret;
6533 }
6534
test_evp_cipher_pipeline(void)6535 static int test_evp_cipher_pipeline(void)
6536 {
6537 OSSL_PROVIDER *fake_pipeline = NULL;
6538 int testresult = 0;
6539 EVP_CIPHER *cipher = NULL;
6540 EVP_CIPHER *pipeline_cipher = NULL;
6541 EVP_CIPHER_CTX *ctx = NULL;
6542 unsigned char key[32];
6543 size_t keylen = 32;
6544 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
6545 size_t taglen = EVP_GCM_TLS_TAG_LEN;
6546 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
6547 unsigned char *plaintext_array[EVP_MAX_PIPES];
6548 unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
6549 void **aead_tags = (void **)&tag_array;
6550 unsigned char *temp[EVP_MAX_PIPES];
6551 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
6552 size_t ciphertextlen_array[EVP_MAX_PIPES];
6553 size_t inlen_array[EVP_MAX_PIPES];
6554 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
6555 unsigned char *ciphertext, *exp_plaintext, *tag;
6556 size_t numpipes, plaintextlen, i;
6557
6558 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
6559 return 0;
6560 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6561 "provider=fake-pipeline"))
6562 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6563 "provider!=fake-pipeline"))
6564 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
6565 goto end;
6566 memset(key, 0x01, sizeof(key));
6567
6568 /* Negative tests */
6569 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
6570 goto end;
6571 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
6572 goto end;
6573 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6574 key, keylen,
6575 EVP_MAX_PIPES + 1, NULL, 0)))
6576 goto end;
6577
6578 /* Positive tests */
6579 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
6580 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
6581 size_t ciphertextlen = 0;
6582 int outlen = 0;
6583
6584 /* Cleanup to be able to error out */
6585 memset(iv_array, 0, sizeof(iv_array));
6586 memset(plaintext_array, 0, sizeof(plaintext_array));
6587 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
6588 memset(tag_array, 0, sizeof(tag_array));
6589 ciphertext = NULL;
6590 exp_plaintext = NULL;
6591 tag = NULL;
6592
6593 /* Allocate fresh buffers with exact size to catch buffer overwrites */
6594 for (i = 0; i < numpipes; i++) {
6595 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
6596 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
6597 || !TEST_ptr(ciphertext_array_p[i] =
6598 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6599 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
6600 goto err;
6601
6602 memset(iv_array[i], i + 33, ivlen);
6603 memset(plaintext_array[i], i + 1, plaintextlen);
6604 inlen_array[i] = plaintextlen;
6605 outlen_array[i] = 0;
6606 ciphertextlen_array[i] = 0;
6607 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
6608 }
6609 if (!TEST_ptr(ciphertext =
6610 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6611 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
6612 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
6613 goto err;
6614
6615 /* Encrypt using pipeline API */
6616 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6617 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
6618 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6619 key, keylen, numpipes,
6620 (const unsigned char **)iv_array,
6621 ivlen))
6622 /* reuse plaintext for AAD as it won't affect test */
6623 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6624 (const unsigned char **)plaintext_array,
6625 inlen_array))
6626 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6627 outlen_array, outsize_array,
6628 (const unsigned char **)plaintext_array,
6629 inlen_array)))
6630 goto err;
6631
6632 for (i = 0; i < numpipes; i++) {
6633 ciphertextlen_array[i] = outlen_array[i];
6634 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6635 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6636 }
6637
6638 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6639 goto err;
6640
6641 for (i = 0; i < numpipes; i++)
6642 ciphertextlen_array[i] += outlen_array[i];
6643
6644 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6645 (void **)&aead_tags, taglen);
6646 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6647 goto err;
6648
6649 /* Encrypt using non-pipeline API and compare */
6650 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6651 goto err;
6652
6653 for (i = 0; i < numpipes; i++) {
6654 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6655 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6656 plaintext_array[i],
6657 plaintextlen))
6658 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6659 plaintext_array[i],
6660 plaintextlen)))
6661 goto err;
6662 ciphertextlen = outlen;
6663
6664 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6665 goto err;
6666 ciphertextlen += outlen;
6667
6668 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6669 (void *)tag, taglen);
6670 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6671 goto err;
6672
6673 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6674 ciphertext, ciphertextlen)
6675 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6676 goto err;
6677 }
6678
6679 for (i = 0; i < numpipes; i++)
6680 outsize_array[i] = plaintextlen;
6681
6682 /* Decrypt using pipeline API and compare */
6683 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6684 (void **)&aead_tags, taglen);
6685 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6686 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6687 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6688 key, keylen, numpipes,
6689 (const unsigned char **)iv_array,
6690 ivlen))
6691 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6692 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6693 (const unsigned char **)plaintext_array,
6694 inlen_array))
6695 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6696 outlen_array, outsize_array,
6697 (const unsigned char **)ciphertext_array_p,
6698 ciphertextlen_array)))
6699 goto err;
6700
6701 for (i = 0; i < numpipes; i++) {
6702 temp[i] = plaintext_array[i] + outlen_array[i];
6703 outsize_array[i] = outsize_array[i] - outlen_array[i];
6704 }
6705
6706 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6707 goto err;
6708
6709 for (i = 0; i < numpipes; i++) {
6710 memset(exp_plaintext, i + 1, plaintextlen);
6711 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6712 exp_plaintext, plaintextlen))
6713 goto err;
6714 }
6715
6716 for (i = 0; i < numpipes; i++) {
6717 OPENSSL_free(iv_array[i]);
6718 OPENSSL_free(plaintext_array[i]);
6719 OPENSSL_free(ciphertext_array_p[i]);
6720 OPENSSL_free(tag_array[i]);
6721 }
6722 OPENSSL_free(exp_plaintext);
6723 OPENSSL_free(ciphertext);
6724 OPENSSL_free(tag);
6725 }
6726 }
6727
6728 testresult = 1;
6729 goto end;
6730
6731 err:
6732 for (i = 0; i < numpipes; i++) {
6733 OPENSSL_free(iv_array[i]);
6734 OPENSSL_free(plaintext_array[i]);
6735 OPENSSL_free(ciphertext_array_p[i]);
6736 OPENSSL_free(tag_array[i]);
6737 }
6738 OPENSSL_free(exp_plaintext);
6739 OPENSSL_free(ciphertext);
6740 OPENSSL_free(tag);
6741 end:
6742 EVP_CIPHER_CTX_free(ctx);
6743 EVP_CIPHER_free(cipher);
6744 EVP_CIPHER_free(pipeline_cipher);
6745 fake_pipeline_finish(fake_pipeline);
6746 return testresult;
6747 }
6748
setup_tests(void)6749 int setup_tests(void)
6750 {
6751 char *config_file = NULL;
6752 OPTION_CHOICE o;
6753
6754 while ((o = opt_next()) != OPT_EOF) {
6755 switch (o) {
6756 case OPT_CONTEXT:
6757 /* Set up an alternate library context */
6758 testctx = OSSL_LIB_CTX_new();
6759 if (!TEST_ptr(testctx))
6760 return 0;
6761 #ifdef STATIC_LEGACY
6762 /*
6763 * This test is always statically linked against libcrypto. We must not
6764 * attempt to load legacy.so that might be dynamically linked against
6765 * libcrypto. Instead we use a built-in version of the legacy provider.
6766 */
6767 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6768 return 0;
6769 #endif
6770 /* Swap the libctx to test non-default context only */
6771 nullprov = OSSL_PROVIDER_load(NULL, "null");
6772 deflprov = OSSL_PROVIDER_load(testctx, "default");
6773 #ifndef OPENSSL_SYS_TANDEM
6774 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6775 #endif
6776 break;
6777 case OPT_CONFIG_FILE:
6778 config_file = opt_arg();
6779 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6780 return 0;
6781 break;
6782 case OPT_TEST_CASES:
6783 break;
6784 default:
6785 return 0;
6786 }
6787 }
6788
6789 if (config_file != NULL) {
6790 ADD_TEST(test_EVP_set_config_properties);
6791 return 1;
6792 }
6793
6794 ADD_TEST(test_EVP_set_default_properties);
6795 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6796 ADD_TEST(test_EVP_DigestVerifyInit);
6797 #ifndef OPENSSL_NO_EC
6798 ADD_TEST(test_ecdsa_digestsign_keccak);
6799 #endif
6800 #ifndef OPENSSL_NO_SIPHASH
6801 ADD_TEST(test_siphash_digestsign);
6802 #endif
6803 ADD_TEST(test_EVP_Digest);
6804 ADD_TEST(test_EVP_md_null);
6805 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6806 #ifndef OPENSSL_NO_DEPRECATED_3_0
6807 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6808 #endif
6809 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6810 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6811 ADD_TEST(test_privatekey_to_pkcs8);
6812 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6813 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2));
6814 #ifndef OPENSSL_NO_EC
6815 ADD_TEST(test_EVP_PKCS82PKEY);
6816 #endif
6817 #ifndef OPENSSL_NO_EC
6818 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6819 #endif
6820 #if !defined(OPENSSL_NO_SM2)
6821 ADD_TEST(test_EVP_SM2);
6822 ADD_TEST(test_EVP_SM2_verify);
6823 #endif
6824 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6825 #ifndef OPENSSL_NO_DEPRECATED_3_0
6826 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6827 if (!TEST_ptr(custom_pmeth))
6828 return 0;
6829 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6830 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6831 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6832 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6833 return 0;
6834 #endif
6835 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6836 #ifndef OPENSSL_NO_CMAC
6837 ADD_TEST(test_CMAC_keygen);
6838 #endif
6839 ADD_TEST(test_HKDF);
6840 ADD_TEST(test_emptyikm_HKDF);
6841 ADD_TEST(test_empty_salt_info_HKDF);
6842 #ifndef OPENSSL_NO_EC
6843 ADD_TEST(test_X509_PUBKEY_inplace);
6844 ADD_TEST(test_X509_PUBKEY_dup);
6845 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6846 OSSL_NELEM(ec_der_pub_keys));
6847 #endif
6848 #ifndef OPENSSL_NO_DSA
6849 ADD_TEST(test_DSA_get_set_params);
6850 ADD_TEST(test_DSA_priv_pub);
6851 #endif
6852 ADD_TEST(test_RSA_get_set_params);
6853 ADD_TEST(test_RSA_OAEP_set_get_params);
6854 ADD_TEST(test_RSA_OAEP_set_null_label);
6855 ADD_TEST(test_RSA_encrypt);
6856 #ifndef OPENSSL_NO_DEPRECATED_3_0
6857 ADD_TEST(test_RSA_legacy);
6858 #endif
6859 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6860 ADD_TEST(test_decrypt_null_chunks);
6861 #endif
6862 #ifndef OPENSSL_NO_DH
6863 ADD_TEST(test_DH_priv_pub);
6864 # ifndef OPENSSL_NO_DEPRECATED_3_0
6865 ADD_TEST(test_EVP_PKEY_set1_DH);
6866 # endif
6867 #endif
6868 #ifndef OPENSSL_NO_EC
6869 ADD_TEST(test_EC_priv_pub);
6870 ADD_TEST(test_evp_get_ec_pub);
6871 # ifndef OPENSSL_NO_DEPRECATED_3_0
6872 ADD_TEST(test_EC_priv_only_legacy);
6873 ADD_TEST(test_evp_get_ec_pub_legacy);
6874 # endif
6875 #endif
6876 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6877 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6878
6879 ADD_TEST(test_rand_agglomeration);
6880 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6881 #ifndef OPENSSL_NO_DES
6882 ADD_ALL_TESTS(test_evp_iv_des, 6);
6883 #endif
6884 #ifndef OPENSSL_NO_BF
6885 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6886 #endif
6887 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6888 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6889 ADD_TEST(test_EVP_rsa_invalid_key);
6890 #ifndef OPENSSL_NO_EC
6891 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6892 #endif
6893
6894 ADD_TEST(test_names_do_all);
6895
6896 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6897 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6898 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6899 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6900 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6901 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6902 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6903 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6904
6905 #ifndef OPENSSL_NO_DEPRECATED_3_0
6906 ADD_ALL_TESTS(test_custom_pmeth, 12);
6907 ADD_TEST(test_evp_md_cipher_meth);
6908 ADD_TEST(test_custom_md_meth);
6909 ADD_TEST(test_custom_ciph_meth);
6910
6911 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
6912 /* Tests only support the default libctx */
6913 if (testctx == NULL) {
6914 # ifndef OPENSSL_NO_EC
6915 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6916 # else
6917 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6918 # endif
6919 ADD_TEST(test_cipher_with_engine);
6920 }
6921 # endif
6922 #endif
6923
6924 #ifndef OPENSSL_NO_ECX
6925 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6926 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6927 #endif
6928
6929 ADD_TEST(test_sign_continuation);
6930
6931 /* Test cases for CVE-2023-5363 */
6932 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6933 #ifndef OPENSSL_NO_RC4
6934 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6935 #endif
6936
6937 ADD_TEST(test_invalid_ctx_for_digest);
6938
6939 ADD_TEST(test_evp_cipher_pipeline);
6940
6941 return 1;
6942 }
6943
cleanup_tests(void)6944 void cleanup_tests(void)
6945 {
6946 OSSL_PROVIDER_unload(nullprov);
6947 OSSL_PROVIDER_unload(deflprov);
6948 #ifndef OPENSSL_SYS_TANDEM
6949 OSSL_PROVIDER_unload(lgcyprov);
6950 #endif
6951 OSSL_LIB_CTX_free(testctx);
6952 }
6953