1 /* 2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include <openssl/rand.h> 36 # include <crypto/ml_kem.h> 37 #include "testutil.h" 38 #include "internal/nelem.h" 39 #include "internal/sizes.h" 40 #include "crypto/evp.h" 41 #include "fake_rsaprov.h" 42 #include "fake_pipelineprov.h" 43 44 #ifdef STATIC_LEGACY 45 OSSL_provider_init_fn ossl_legacy_provider_init; 46 #endif 47 48 static OSSL_LIB_CTX *testctx = NULL; 49 static char *testpropq = NULL; 50 51 static OSSL_PROVIDER *nullprov = NULL; 52 static OSSL_PROVIDER *deflprov = NULL; 53 static OSSL_PROVIDER *lgcyprov = NULL; 54 55 /* 56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 57 * should never use this key anywhere but in an example. 58 */ 59 static const unsigned char kExampleRSAKeyDER[] = { 60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 111 }; 112 113 /* An invalid key whose prime factors exceed modulus n. */ 114 static const unsigned char kInvalidRSAKeyDER[] = { 115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, 166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, 174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, 176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, 177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, 183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, 185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, 186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, 187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, 191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, 195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, 196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, 200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, 201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, 203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, 204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, 212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, 218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, 233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, 240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, 245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, 249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, 250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, 256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, 258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, 260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, 261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, 266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, 267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, 269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, 270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, 272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, 273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, 274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, 275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, 276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, 277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, 280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, 288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 289 0xe2, 0x80, 290 }; 291 292 /* 293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 294 * should never use this key anywhere but in an example. 295 */ 296 #ifndef OPENSSL_NO_DSA 297 static const unsigned char kExampleDSAKeyDER[] = { 298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 335 0x40, 0x48 336 }; 337 #endif 338 339 /* 340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 341 * components are not correct. 342 */ 343 static const unsigned char kExampleBadRSAKeyDER[] = { 344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 433 }; 434 435 /* 436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 437 * values are 0. 438 */ 439 static const unsigned char kExampleBad2RSAKeyDER[] = { 440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 442 0x01, 0x00, 0x02, 0x01, 0x00 443 }; 444 445 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 446 447 static const unsigned char kSignature[] = { 448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 459 }; 460 461 /* 462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 463 * PrivateKeyInfo. 464 */ 465 static const unsigned char kExampleRSAKeyPKCS8[] = { 466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 519 }; 520 521 /* 522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 523 * PrivateKeyInfo (with an optional public key). 524 */ 525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = { 526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 579 /* Implicit optional Public key BIT STRING */ 580 0x81, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 581 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 582 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 583 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 584 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 585 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 586 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 587 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 588 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 589 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 590 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 591 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 592 }; 593 594 #ifndef OPENSSL_NO_EC 595 /* 596 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 597 * structure. 598 */ 599 static const unsigned char kExampleECKeyDER[] = { 600 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 601 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 602 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 603 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 604 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 605 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 606 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 607 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 608 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 609 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 610 0xc1, 611 }; 612 613 static const unsigned char kExampleECKeyPKCS8_v2[] = { 614 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 615 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 616 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 617 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 618 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 619 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, 620 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 621 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 622 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 623 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 624 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 625 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, 626 /* Optional implicit public key BIT STRING */ 627 0x81, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 628 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 629 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 630 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 631 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 632 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 633 }; 634 635 /* 636 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 637 * structure. The private key is equal to the order and will fail to import 638 */ 639 static const unsigned char kExampleBadECKeyDER[] = { 640 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 641 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 642 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 643 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 644 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 645 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 646 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 647 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 648 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 649 }; 650 651 /* prime256v1 */ 652 static const unsigned char kExampleECPubKeyDER[] = { 653 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 654 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 655 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 656 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 657 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 658 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 659 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 660 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 661 }; 662 663 /* 664 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 665 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 666 */ 667 static const unsigned char kExampleBadECPubKeyDER[] = { 668 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 669 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 670 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 671 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 672 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 673 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 674 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 675 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 676 }; 677 678 static const unsigned char pExampleECParamDER[] = { 679 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 680 }; 681 682 # ifndef OPENSSL_NO_ECX 683 static const unsigned char kExampleED25519KeyDER[] = { 684 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 685 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 686 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 687 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 688 }; 689 690 static const unsigned char kExampleED25519PubKeyDER[] = { 691 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 692 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 693 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 694 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 695 }; 696 697 # ifndef OPENSSL_NO_DEPRECATED_3_0 698 static const unsigned char kExampleX25519KeyDER[] = { 699 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 700 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 701 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 702 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 703 }; 704 # endif 705 # endif 706 #endif 707 708 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 709 #ifndef OPENSSL_NO_DEPRECATED_3_0 710 # ifndef OPENSSL_NO_DH 711 static const unsigned char kExampleDHKeyDER[] = { 712 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 713 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 714 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 715 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 716 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 717 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 718 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 719 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 720 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 721 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 722 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 723 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 724 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 725 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 726 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 727 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 728 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 729 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 730 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 731 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 732 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 733 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 734 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 735 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 736 0x2e, 0x87, 0x2a, 0x0b, 0x7a 737 }; 738 # endif 739 #endif 740 741 static const unsigned char kCFBDefaultKey[] = { 742 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 743 0x09, 0xCF, 0x4F, 0x3C 744 }; 745 746 static const unsigned char kGCMDefaultKey[32] = { 0 }; 747 748 static const unsigned char kGCMResetKey[] = { 749 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 750 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 751 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 752 }; 753 754 static const unsigned char iCFBIV[] = { 755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 756 0x0C, 0x0D, 0x0E, 0x0F 757 }; 758 759 static const unsigned char iGCMDefaultIV[12] = { 0 }; 760 761 static const unsigned char iGCMResetIV1[] = { 762 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 763 }; 764 765 static const unsigned char iGCMResetIV2[] = { 766 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 767 }; 768 769 static const unsigned char cfbPlaintext[] = { 770 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 771 0x73, 0x93, 0x17, 0x2A 772 }; 773 static const unsigned char cfbPlaintext_partial[] = { 774 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 775 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 776 }; 777 778 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 779 780 static const unsigned char gcmResetPlaintext[] = { 781 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 782 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 783 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 784 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 785 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 786 }; 787 788 static const unsigned char cfbCiphertext[] = { 789 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 790 0xE8, 0x3C, 0xFB, 0x4A 791 }; 792 793 static const unsigned char cfbCiphertext_partial[] = { 794 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 795 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 796 }; 797 798 static const unsigned char ofbCiphertext_partial[] = { 799 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 800 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 801 }; 802 803 static const unsigned char gcmDefaultCiphertext[] = { 804 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 805 0xba, 0xf3, 0x9d, 0x18 806 }; 807 808 static const unsigned char gcmResetCiphertext1[] = { 809 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 810 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 811 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 812 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 813 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 814 }; 815 816 static const unsigned char gcmResetCiphertext2[] = { 817 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 818 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 819 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 820 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 821 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 822 }; 823 824 static const unsigned char gcmAAD[] = { 825 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 826 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 827 }; 828 829 static const unsigned char gcmDefaultTag[] = { 830 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 831 0xd4, 0x8a, 0xb9, 0x19 832 }; 833 834 static const unsigned char gcmResetTag1[] = { 835 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 836 0xfe, 0x2e, 0xa8, 0xf2 837 }; 838 839 static const unsigned char gcmResetTag2[] = { 840 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 841 0xbb, 0x2d, 0x55, 0x1b 842 }; 843 844 typedef struct APK_DATA_st { 845 const unsigned char *kder; 846 size_t size; 847 const char *keytype; 848 int evptype; 849 int check; 850 int pub_check; 851 int param_check; 852 int type; /* 0 for private, 1 for public, 2 for params */ 853 } APK_DATA; 854 855 static APK_DATA keydata[] = { 856 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, 857 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, 858 #ifndef OPENSSL_NO_EC 859 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} 860 #endif 861 }; 862 863 static APK_DATA keydata_v2[] = { 864 {kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA}, 865 #ifndef OPENSSL_NO_EC 866 {kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC} 867 #endif 868 }; 869 870 static APK_DATA keycheckdata[] = { 871 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 872 0}, 873 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 874 0, 1, 1, 0}, 875 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 876 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, 877 #ifndef OPENSSL_NO_EC 878 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, 879 /* group is also associated in our pub key */ 880 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 881 1, 1}, 882 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 883 2}, 884 # ifndef OPENSSL_NO_ECX 885 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 886 EVP_PKEY_ED25519, 1, 1, 1, 0}, 887 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 888 EVP_PKEY_ED25519, 0, 1, 1, 1}, 889 # endif 890 #endif 891 }; 892 893 static EVP_PKEY *load_example_key(const char *keytype, 894 const unsigned char *data, size_t data_len) 895 { 896 const unsigned char **pdata = &data; 897 EVP_PKEY *pkey = NULL; 898 OSSL_DECODER_CTX *dctx = 899 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 900 testctx, testpropq); 901 902 /* |pkey| will be NULL on error */ 903 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 904 OSSL_DECODER_CTX_free(dctx); 905 return pkey; 906 } 907 908 static EVP_PKEY *load_example_rsa_key(void) 909 { 910 return load_example_key("RSA", kExampleRSAKeyDER, 911 sizeof(kExampleRSAKeyDER)); 912 } 913 914 #ifndef OPENSSL_NO_DSA 915 static EVP_PKEY *load_example_dsa_key(void) 916 { 917 return load_example_key("DSA", kExampleDSAKeyDER, 918 sizeof(kExampleDSAKeyDER)); 919 } 920 #endif 921 922 #ifndef OPENSSL_NO_EC 923 static EVP_PKEY *load_example_ec_key(void) 924 { 925 return load_example_key("EC", kExampleECKeyDER, 926 sizeof(kExampleECKeyDER)); 927 } 928 #endif 929 930 #ifndef OPENSSL_NO_DEPRECATED_3_0 931 # ifndef OPENSSL_NO_DH 932 static EVP_PKEY *load_example_dh_key(void) 933 { 934 return load_example_key("DH", kExampleDHKeyDER, 935 sizeof(kExampleDHKeyDER)); 936 } 937 # endif 938 939 # ifndef OPENSSL_NO_ECX 940 static EVP_PKEY *load_example_ed25519_key(void) 941 { 942 return load_example_key("ED25519", kExampleED25519KeyDER, 943 sizeof(kExampleED25519KeyDER)); 944 } 945 946 static EVP_PKEY *load_example_x25519_key(void) 947 { 948 return load_example_key("X25519", kExampleX25519KeyDER, 949 sizeof(kExampleX25519KeyDER)); 950 } 951 # endif 952 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 953 954 static EVP_PKEY *load_example_hmac_key(void) 955 { 956 EVP_PKEY *pkey = NULL; 957 unsigned char key[] = { 958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 959 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 960 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 961 }; 962 963 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 964 NULL, key, sizeof(key)); 965 if (!TEST_ptr(pkey)) 966 return NULL; 967 968 return pkey; 969 } 970 971 static int test_EVP_set_config_properties(void) 972 { 973 char *fetched_properties = NULL; 974 const char test_propq[] = "test.fizzbuzz=buzzfizz"; 975 int res = 0; 976 977 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); 978 if (!TEST_ptr(fetched_properties) 979 || !TEST_str_eq(fetched_properties, test_propq)) 980 goto err; 981 OPENSSL_free(fetched_properties); 982 fetched_properties = NULL; 983 984 res = 1; 985 err: 986 OPENSSL_free(fetched_properties); 987 return res; 988 } 989 990 static int test_EVP_set_default_properties(void) 991 { 992 OSSL_LIB_CTX *ctx; 993 EVP_MD *md = NULL; 994 int res = 0; 995 char *fetched_properties = NULL; 996 const char test_propq[] = "provider=fizzbang"; 997 const char test_fips_propq[] = "fips=yes,provider=fizzbang"; 998 999 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 1000 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1001 goto err; 1002 EVP_MD_free(md); 1003 md = NULL; 1004 1005 if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) 1006 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 1007 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 1008 goto err; 1009 EVP_MD_free(md); 1010 md = NULL; 1011 1012 fetched_properties = EVP_get1_default_properties(ctx); 1013 if (!TEST_ptr(fetched_properties) 1014 || !TEST_str_eq(fetched_properties, test_propq)) 1015 goto err; 1016 OPENSSL_free(fetched_properties); 1017 fetched_properties = NULL; 1018 1019 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) 1020 goto err; 1021 fetched_properties = EVP_get1_default_properties(ctx); 1022 if (!TEST_ptr(fetched_properties) 1023 || !TEST_str_eq(fetched_properties, test_fips_propq)) 1024 goto err; 1025 OPENSSL_free(fetched_properties); 1026 fetched_properties = NULL; 1027 1028 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) 1029 goto err; 1030 1031 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 1032 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1033 goto err; 1034 res = 1; 1035 err: 1036 OPENSSL_free(fetched_properties); 1037 EVP_MD_free(md); 1038 OSSL_LIB_CTX_free(ctx); 1039 return res; 1040 } 1041 1042 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1043 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 1044 { 1045 EVP_PKEY_CTX *pctx = NULL; 1046 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 1047 1048 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 1049 goto err; 1050 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ 1051 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) 1052 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 1053 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 1054 params), 0)) 1055 goto err; 1056 1057 if (!TEST_ptr(tmp_pkey)) 1058 goto err; 1059 1060 pkey = tmp_pkey; 1061 tmp_pkey = NULL; 1062 err: 1063 EVP_PKEY_free(tmp_pkey); 1064 EVP_PKEY_CTX_free(pctx); 1065 return pkey; 1066 } 1067 1068 static int test_selection(EVP_PKEY *pkey, int selection) 1069 { 1070 int testresult = 0; 1071 int ret; 1072 BIO *bio = BIO_new(BIO_s_mem()); 1073 1074 ret = PEM_write_bio_PUBKEY(bio, pkey); 1075 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 1076 if (!TEST_true(ret)) 1077 goto err; 1078 } else { 1079 if (!TEST_false(ret)) 1080 goto err; 1081 } 1082 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 1083 testctx, NULL); 1084 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 1085 if (!TEST_true(ret)) 1086 goto err; 1087 } else { 1088 if (!TEST_false(ret)) 1089 goto err; 1090 } 1091 1092 testresult = 1; 1093 err: 1094 BIO_free(bio); 1095 1096 return testresult; 1097 } 1098 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 1099 1100 /* 1101 * Test combinations of private, public, missing and private + public key 1102 * params to ensure they are all accepted 1103 */ 1104 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 1105 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 1106 { 1107 OSSL_PARAM_BLD *bld = NULL; 1108 OSSL_PARAM *params = NULL; 1109 EVP_PKEY *just_params = NULL; 1110 EVP_PKEY *params_and_priv = NULL; 1111 EVP_PKEY *params_and_pub = NULL; 1112 EVP_PKEY *params_and_keypair = NULL; 1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 1114 int ret = 0; 1115 1116 /* 1117 * Setup the parameters for our pkey object. For our purposes they don't 1118 * have to actually be *valid* parameters. We just need to set something. 1119 */ 1120 if (!TEST_ptr(p = BN_new()) 1121 || !TEST_ptr(q = BN_new()) 1122 || !TEST_ptr(g = BN_new()) 1123 || !TEST_ptr(pub = BN_new()) 1124 || !TEST_ptr(priv = BN_new())) 1125 goto err; 1126 1127 /* Test !priv and !pub */ 1128 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1130 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 1132 goto err; 1133 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1134 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 1135 goto err; 1136 1137 OSSL_PARAM_free(params); 1138 OSSL_PARAM_BLD_free(bld); 1139 params = NULL; 1140 bld = NULL; 1141 1142 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1143 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1144 goto err; 1145 1146 /* Test priv and !pub */ 1147 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1148 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1149 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1152 priv))) 1153 goto err; 1154 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1155 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 1156 goto err; 1157 1158 OSSL_PARAM_free(params); 1159 OSSL_PARAM_BLD_free(bld); 1160 params = NULL; 1161 bld = NULL; 1162 1163 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 1164 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1165 goto err; 1166 1167 /* Test !priv and pub */ 1168 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1169 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1170 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1173 pub))) 1174 goto err; 1175 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1176 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 1177 goto err; 1178 1179 OSSL_PARAM_free(params); 1180 OSSL_PARAM_BLD_free(bld); 1181 params = NULL; 1182 bld = NULL; 1183 1184 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1185 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1186 goto err; 1187 1188 /* Test priv and pub */ 1189 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1191 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1194 pub)) 1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1196 priv))) 1197 goto err; 1198 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1199 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 1200 goto err; 1201 1202 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1203 goto err; 1204 1205 ret = 1; 1206 err: 1207 OSSL_PARAM_free(params); 1208 OSSL_PARAM_BLD_free(bld); 1209 EVP_PKEY_free(just_params); 1210 EVP_PKEY_free(params_and_priv); 1211 EVP_PKEY_free(params_and_pub); 1212 EVP_PKEY_free(params_and_keypair); 1213 BN_free(p); 1214 BN_free(q); 1215 BN_free(g); 1216 BN_free(pub); 1217 BN_free(priv); 1218 1219 return ret; 1220 } 1221 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 1222 1223 /* 1224 * Test combinations of private, public, missing and private + public key 1225 * params to ensure they are all accepted for EC keys 1226 */ 1227 #ifndef OPENSSL_NO_EC 1228 static unsigned char ec_priv[] = { 1229 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 1230 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 1231 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 1232 }; 1233 static unsigned char ec_pub[] = { 1234 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 1235 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 1236 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 1237 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 1238 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 1239 0x08, 0x09, 0xb8, 0xdb, 0x03 1240 }; 1241 1242 static int test_EC_priv_pub(void) 1243 { 1244 OSSL_PARAM_BLD *bld = NULL; 1245 OSSL_PARAM *params = NULL; 1246 EVP_PKEY *just_params = NULL; 1247 EVP_PKEY *params_and_priv = NULL; 1248 EVP_PKEY *params_and_pub = NULL; 1249 EVP_PKEY *params_and_keypair = NULL; 1250 BIGNUM *priv = NULL; 1251 int ret = 0; 1252 unsigned char *encoded = NULL; 1253 size_t len = 0; 1254 unsigned char buffer[128]; 1255 1256 /* 1257 * Setup the parameters for our pkey object. For our purposes they don't 1258 * have to actually be *valid* parameters. We just need to set something. 1259 */ 1260 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1261 goto err; 1262 1263 /* Test !priv and !pub */ 1264 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1265 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1266 OSSL_PKEY_PARAM_GROUP_NAME, 1267 "P-256", 0))) 1268 goto err; 1269 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1270 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 1271 goto err; 1272 1273 OSSL_PARAM_free(params); 1274 OSSL_PARAM_BLD_free(bld); 1275 params = NULL; 1276 bld = NULL; 1277 1278 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1279 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1280 goto err; 1281 1282 /* Test priv and !pub */ 1283 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1284 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1285 OSSL_PKEY_PARAM_GROUP_NAME, 1286 "P-256", 0)) 1287 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1288 priv))) 1289 goto err; 1290 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1291 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 1292 goto err; 1293 1294 OSSL_PARAM_free(params); 1295 OSSL_PARAM_BLD_free(bld); 1296 params = NULL; 1297 bld = NULL; 1298 1299 /* 1300 * We indicate only parameters here, in spite of having built a key that 1301 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 1302 * expected to fail because it does not support exporting a private EC 1303 * key without a corresponding public key 1304 */ 1305 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1306 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1307 goto err; 1308 1309 /* Test !priv and pub */ 1310 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1311 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1312 OSSL_PKEY_PARAM_GROUP_NAME, 1313 "P-256", 0)) 1314 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1315 OSSL_PKEY_PARAM_PUB_KEY, 1316 ec_pub, sizeof(ec_pub)))) 1317 goto err; 1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1319 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 1320 goto err; 1321 1322 OSSL_PARAM_free(params); 1323 OSSL_PARAM_BLD_free(bld); 1324 params = NULL; 1325 bld = NULL; 1326 1327 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1328 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1329 goto err; 1330 1331 /* Test priv and pub */ 1332 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1333 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1334 OSSL_PKEY_PARAM_GROUP_NAME, 1335 "P-256", 0)) 1336 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1337 OSSL_PKEY_PARAM_PUB_KEY, 1338 ec_pub, sizeof(ec_pub))) 1339 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1340 priv))) 1341 goto err; 1342 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1343 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1344 goto err; 1345 1346 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1347 goto err; 1348 1349 /* Try key equality */ 1350 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1351 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1352 0) 1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1354 0) 1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1356 0) 1357 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1358 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1361 goto err; 1362 1363 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1364 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1365 goto err; 1366 OPENSSL_free(encoded); 1367 encoded = NULL; 1368 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1369 OPENSSL_free(encoded); 1370 encoded = NULL; 1371 goto err; 1372 } 1373 1374 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1375 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1376 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1377 buffer, sizeof(buffer), &len), 1) 1378 || !TEST_int_eq(len, 65)) 1379 goto err; 1380 1381 len = 0; 1382 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1383 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1384 NULL, 0, &len), 1) 1385 || !TEST_int_eq(len, 65)) 1386 goto err; 1387 1388 /* too-short buffer len*/ 1389 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1390 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1391 buffer, 10, &len), 0)) 1392 goto err; 1393 1394 ret = 1; 1395 err: 1396 OSSL_PARAM_free(params); 1397 OSSL_PARAM_BLD_free(bld); 1398 EVP_PKEY_free(just_params); 1399 EVP_PKEY_free(params_and_priv); 1400 EVP_PKEY_free(params_and_pub); 1401 EVP_PKEY_free(params_and_keypair); 1402 BN_free(priv); 1403 1404 return ret; 1405 } 1406 1407 /* Also test that we can read the EC PUB affine coordinates */ 1408 static int test_evp_get_ec_pub(void) 1409 { 1410 OSSL_PARAM_BLD *bld = NULL; 1411 OSSL_PARAM *params = NULL; 1412 unsigned char *pad = NULL; 1413 EVP_PKEY *keypair = NULL; 1414 BIGNUM *priv = NULL; 1415 BIGNUM *x = NULL; 1416 BIGNUM *y = NULL; 1417 int ret = 0; 1418 1419 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1420 goto err; 1421 1422 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1423 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1424 OSSL_PKEY_PARAM_GROUP_NAME, 1425 "P-256", 0)) 1426 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1427 OSSL_PKEY_PARAM_PUB_KEY, 1428 ec_pub, sizeof(ec_pub))) 1429 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1430 priv))) 1431 goto err; 1432 1433 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1434 || !TEST_ptr(keypair = make_key_fromdata("EC", params))) 1435 goto err; 1436 1437 if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) 1438 goto err; 1439 1440 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) 1441 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) 1442 goto err; 1443 1444 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1445 goto err; 1446 1447 pad[0] = ec_pub[0]; 1448 BN_bn2bin(x, &pad[1]); 1449 BN_bn2bin(y, &pad[33]); 1450 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1451 goto err; 1452 1453 ret = 1; 1454 1455 err: 1456 OSSL_PARAM_free(params); 1457 OSSL_PARAM_BLD_free(bld); 1458 EVP_PKEY_free(keypair); 1459 OPENSSL_free(pad); 1460 BN_free(priv); 1461 BN_free(x); 1462 BN_free(y); 1463 return ret; 1464 } 1465 1466 /* Test that using a legacy EC key with only a private key in it works */ 1467 # ifndef OPENSSL_NO_DEPRECATED_3_0 1468 static int test_EC_priv_only_legacy(void) 1469 { 1470 BIGNUM *priv = NULL; 1471 int ret = 0; 1472 EC_KEY *eckey = NULL; 1473 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1474 EVP_MD_CTX *ctx = NULL; 1475 1476 /* Create the low level EC_KEY */ 1477 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1478 goto err; 1479 1480 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1481 if (!TEST_ptr(eckey)) 1482 goto err; 1483 1484 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1485 goto err; 1486 1487 pkey = EVP_PKEY_new(); 1488 if (!TEST_ptr(pkey)) 1489 goto err; 1490 1491 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1492 goto err; 1493 eckey = NULL; 1494 1495 for (;;) { 1496 ret = 0; 1497 ctx = EVP_MD_CTX_new(); 1498 if (!TEST_ptr(ctx)) 1499 goto err; 1500 1501 /* 1502 * The EVP_DigestSignInit function should create the key on the 1503 * provider side which is sufficient for this test. 1504 */ 1505 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1506 testpropq, pkey, NULL))) 1507 goto err; 1508 EVP_MD_CTX_free(ctx); 1509 ctx = NULL; 1510 1511 if (dup_pk != NULL) 1512 break; 1513 1514 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1515 goto err; 1516 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1517 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1518 EVP_PKEY_free(pkey); 1519 pkey = dup_pk; 1520 if (!ret) 1521 goto err; 1522 } 1523 ret = 1; 1524 1525 err: 1526 EVP_MD_CTX_free(ctx); 1527 EVP_PKEY_free(pkey); 1528 EC_KEY_free(eckey); 1529 BN_free(priv); 1530 1531 return ret; 1532 } 1533 1534 static int test_evp_get_ec_pub_legacy(void) 1535 { 1536 OSSL_LIB_CTX *libctx = NULL; 1537 unsigned char *pad = NULL; 1538 EVP_PKEY *pkey = NULL; 1539 EC_KEY *eckey = NULL; 1540 BIGNUM *priv = NULL; 1541 BIGNUM *x = NULL; 1542 BIGNUM *y = NULL; 1543 int ret = 0; 1544 1545 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 1546 goto err; 1547 1548 /* Create the legacy key */ 1549 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, 1550 NID_X9_62_prime256v1))) 1551 goto err; 1552 1553 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1554 goto err; 1555 1556 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1557 goto err; 1558 1559 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) 1560 goto err; 1561 1562 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) 1563 goto err; 1564 1565 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) 1566 goto err; 1567 1568 if (!TEST_ptr(pkey = EVP_PKEY_new())) 1569 goto err; 1570 1571 /* Transfer the legacy key */ 1572 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1573 goto err; 1574 eckey = NULL; 1575 1576 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) 1577 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) 1578 goto err; 1579 1580 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1581 goto err; 1582 1583 pad[0] = ec_pub[0]; 1584 BN_bn2bin(x, &pad[1]); 1585 BN_bn2bin(y, &pad[33]); 1586 1587 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1588 goto err; 1589 1590 ret = 1; 1591 1592 err: 1593 OSSL_LIB_CTX_free(libctx); 1594 EVP_PKEY_free(pkey); 1595 EC_KEY_free(eckey); 1596 OPENSSL_free(pad); 1597 BN_free(priv); 1598 BN_free(x); 1599 BN_free(y); 1600 1601 return ret; 1602 } 1603 # endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1604 #endif /* OPENSSL_NO_EC */ 1605 1606 static int test_EVP_PKEY_sign(int tst) 1607 { 1608 int ret = 0; 1609 EVP_PKEY *pkey = NULL; 1610 unsigned char *sig = NULL; 1611 size_t sig_len = 0, shortsig_len = 1; 1612 EVP_PKEY_CTX *ctx = NULL; 1613 unsigned char tbs[] = { 1614 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1615 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1616 }; 1617 1618 if (tst == 0) { 1619 if (!TEST_ptr(pkey = load_example_rsa_key())) 1620 goto out; 1621 } else if (tst == 1) { 1622 #ifndef OPENSSL_NO_DSA 1623 if (!TEST_ptr(pkey = load_example_dsa_key())) 1624 goto out; 1625 #else 1626 ret = 1; 1627 goto out; 1628 #endif 1629 } else { 1630 #ifndef OPENSSL_NO_EC 1631 if (!TEST_ptr(pkey = load_example_ec_key())) 1632 goto out; 1633 #else 1634 ret = 1; 1635 goto out; 1636 #endif 1637 } 1638 1639 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1640 if (!TEST_ptr(ctx) 1641 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1642 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1643 sizeof(tbs)), 0)) 1644 goto out; 1645 sig = OPENSSL_malloc(sig_len); 1646 if (!TEST_ptr(sig) 1647 /* Test sending a signature buffer that is too short is rejected */ 1648 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1649 sizeof(tbs)), 0) 1650 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1651 0) 1652 /* Test the signature round-trips */ 1653 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1654 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1655 0)) 1656 goto out; 1657 1658 ret = 1; 1659 out: 1660 EVP_PKEY_CTX_free(ctx); 1661 OPENSSL_free(sig); 1662 EVP_PKEY_free(pkey); 1663 return ret; 1664 } 1665 1666 #ifndef OPENSSL_NO_DEPRECATED_3_0 1667 static int test_EVP_PKEY_sign_with_app_method(int tst) 1668 { 1669 int ret = 0; 1670 EVP_PKEY *pkey = NULL; 1671 RSA *rsa = NULL; 1672 RSA_METHOD *rsa_meth = NULL; 1673 #ifndef OPENSSL_NO_DSA 1674 DSA *dsa = NULL; 1675 DSA_METHOD *dsa_meth = NULL; 1676 #endif 1677 unsigned char *sig = NULL; 1678 size_t sig_len = 0, shortsig_len = 1; 1679 EVP_PKEY_CTX *ctx = NULL; 1680 unsigned char tbs[] = { 1681 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1682 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1683 }; 1684 1685 if (tst == 0) { 1686 if (!TEST_ptr(pkey = load_example_rsa_key())) 1687 goto out; 1688 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1689 goto out; 1690 1691 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1692 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1693 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1694 goto out; 1695 rsa = NULL; /* now owned by the pkey */ 1696 } else { 1697 #ifndef OPENSSL_NO_DSA 1698 if (!TEST_ptr(pkey = load_example_dsa_key())) 1699 goto out; 1700 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1701 goto out; 1702 1703 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1704 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1705 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1706 goto out; 1707 dsa = NULL; /* now owned by the pkey */ 1708 #else 1709 ret = 1; 1710 goto out; 1711 #endif 1712 } 1713 1714 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1715 if (!TEST_ptr(ctx) 1716 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1717 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1718 sizeof(tbs)), 0)) 1719 goto out; 1720 sig = OPENSSL_malloc(sig_len); 1721 if (!TEST_ptr(sig) 1722 /* Test sending a signature buffer that is too short is rejected */ 1723 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1724 sizeof(tbs)), 0) 1725 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1726 0) 1727 /* Test the signature round-trips */ 1728 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1729 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1730 0)) 1731 goto out; 1732 1733 ret = 1; 1734 out: 1735 EVP_PKEY_CTX_free(ctx); 1736 OPENSSL_free(sig); 1737 EVP_PKEY_free(pkey); 1738 RSA_free(rsa); 1739 RSA_meth_free(rsa_meth); 1740 #ifndef OPENSSL_NO_DSA 1741 DSA_free(dsa); 1742 DSA_meth_free(dsa_meth); 1743 #endif 1744 return ret; 1745 } 1746 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1747 1748 /* 1749 * n = 0 => test using legacy cipher 1750 * n = 1 => test using fetched cipher 1751 */ 1752 static int test_EVP_Enveloped(int n) 1753 { 1754 int ret = 0; 1755 EVP_CIPHER_CTX *ctx = NULL; 1756 EVP_PKEY *keypair = NULL; 1757 unsigned char *kek = NULL; 1758 unsigned char iv[EVP_MAX_IV_LENGTH]; 1759 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1760 int len, kek_len, ciphertext_len, plaintext_len; 1761 unsigned char ciphertext[32], plaintext[16]; 1762 EVP_CIPHER *type = NULL; 1763 1764 if (nullprov != NULL) 1765 return TEST_skip("Test does not support a non-default library context"); 1766 1767 if (n == 0) 1768 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1769 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1770 testpropq))) 1771 goto err; 1772 1773 if (!TEST_ptr(keypair = load_example_rsa_key()) 1774 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1775 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1776 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1777 &keypair, 1)) 1778 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1779 msg, sizeof(msg))) 1780 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1781 &len))) 1782 goto err; 1783 1784 ciphertext_len += len; 1785 1786 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1787 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1788 ciphertext, ciphertext_len)) 1789 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1790 goto err; 1791 1792 plaintext_len += len; 1793 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1794 goto err; 1795 1796 ret = 1; 1797 err: 1798 if (n != 0) 1799 EVP_CIPHER_free(type); 1800 OPENSSL_free(kek); 1801 EVP_PKEY_free(keypair); 1802 EVP_CIPHER_CTX_free(ctx); 1803 return ret; 1804 } 1805 1806 /* 1807 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1808 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1809 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1810 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1811 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1812 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1813 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1814 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1815 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1816 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1817 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1818 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1819 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1820 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1821 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1822 * Test 15-29: Same as above with reinitialization 1823 */ 1824 static int test_EVP_DigestSignInit(int tst) 1825 { 1826 int ret = 0; 1827 EVP_PKEY *pkey = NULL; 1828 unsigned char *sig = NULL, *sig2 = NULL; 1829 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1830 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1831 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1832 BIO *mdbio = NULL, *membio = NULL; 1833 size_t written; 1834 const EVP_MD *md; 1835 EVP_MD *mdexp = NULL; 1836 int reinit = 0; 1837 1838 if (nullprov != NULL) 1839 return TEST_skip("Test does not support a non-default library context"); 1840 1841 if (tst >= 15) { 1842 reinit = 1; 1843 tst -= 15; 1844 } 1845 1846 if (tst >= 6 && tst <= 8) { 1847 membio = BIO_new(BIO_s_mem()); 1848 mdbio = BIO_new(BIO_f_md()); 1849 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1850 goto out; 1851 BIO_push(mdbio, membio); 1852 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1853 goto out; 1854 } else { 1855 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1856 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1857 goto out; 1858 } 1859 1860 if (tst % 3 == 0) { 1861 if (!TEST_ptr(pkey = load_example_rsa_key())) 1862 goto out; 1863 } else if (tst % 3 == 1) { 1864 #ifndef OPENSSL_NO_DSA 1865 if (!TEST_ptr(pkey = load_example_dsa_key())) 1866 goto out; 1867 #else 1868 ret = 1; 1869 goto out; 1870 #endif 1871 } else { 1872 if (!TEST_ptr(pkey = load_example_hmac_key())) 1873 goto out; 1874 } 1875 1876 if (tst >= 3 && tst <= 5) 1877 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1878 else 1879 md = EVP_sha256(); 1880 1881 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1882 goto out; 1883 1884 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1885 goto out; 1886 1887 if (tst >= 6 && tst <= 8) { 1888 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1889 goto out; 1890 } else if (tst < 6) { 1891 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1892 goto out; 1893 } 1894 1895 if (tst >= 9) { 1896 /* Determine the size of the signature. */ 1897 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1898 sizeof(kMsg))) 1899 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1900 goto out; 1901 if (tst <= 11) { 1902 /* Test that supply a short sig buffer fails */ 1903 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1904 sizeof(kMsg)))) 1905 goto out; 1906 /* 1907 * We end here because once EVP_DigestSign() has failed you should 1908 * not call it again without re-initing the ctx 1909 */ 1910 ret = 1; 1911 goto out; 1912 } 1913 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1914 sizeof(kMsg)))) 1915 goto out; 1916 } else { 1917 /* Determine the size of the signature. */ 1918 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1919 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1920 /* 1921 * Trying to create a signature with a deliberately short 1922 * buffer should fail. 1923 */ 1924 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1925 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1926 goto out; 1927 } 1928 1929 /* 1930 * Ensure that the signature round-trips (Verification isn't supported for 1931 * HMAC via EVP_DigestVerify*) 1932 */ 1933 if (tst % 3 != 2) { 1934 if (tst >= 6 && tst <= 8) { 1935 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1936 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1937 goto out; 1938 } 1939 1940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1941 NULL, pkey))) 1942 goto out; 1943 1944 if (tst >= 6 && tst <= 8) { 1945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1946 goto out; 1947 } else { 1948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1949 sizeof(kMsg)))) 1950 goto out; 1951 } 1952 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1953 goto out; 1954 1955 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1956 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1957 goto out; 1958 } else { 1959 /* 1960 * For HMAC a doubled call to DigestSignFinal should produce the same 1961 * value as finalization should not happen. 1962 */ 1963 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1964 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1965 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1966 goto out; 1967 1968 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1969 goto out; 1970 } 1971 1972 ret = 1; 1973 1974 out: 1975 BIO_free(membio); 1976 BIO_free(mdbio); 1977 EVP_MD_CTX_free(a_md_ctx); 1978 EVP_MD_CTX_free(a_md_ctx_verify); 1979 EVP_PKEY_free(pkey); 1980 OPENSSL_free(sig); 1981 OPENSSL_free(sig2); 1982 EVP_MD_free(mdexp); 1983 1984 return ret; 1985 } 1986 1987 static int test_EVP_DigestVerifyInit(void) 1988 { 1989 int ret = 0; 1990 EVP_PKEY *pkey = NULL; 1991 EVP_MD_CTX *md_ctx = NULL; 1992 1993 if (nullprov != NULL) 1994 return TEST_skip("Test does not support a non-default library context"); 1995 1996 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1997 || !TEST_ptr(pkey = load_example_rsa_key())) 1998 goto out; 1999 2000 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 2001 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2002 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2003 sizeof(kSignature)), 0)) 2004 goto out; 2005 2006 /* test with reinitialization */ 2007 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 2008 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2009 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2010 sizeof(kSignature)), 0)) 2011 goto out; 2012 ret = 1; 2013 2014 out: 2015 EVP_MD_CTX_free(md_ctx); 2016 EVP_PKEY_free(pkey); 2017 return ret; 2018 } 2019 2020 #ifndef OPENSSL_NO_EC 2021 static int test_ecdsa_digestsign_keccak(void) 2022 { 2023 int ret = 0; 2024 EVP_PKEY *pkey = NULL; 2025 EVP_MD_CTX *ctx = NULL; 2026 EVP_MD *md = NULL; 2027 2028 if (nullprov != NULL) 2029 return TEST_skip("Test does not support a non-default library context"); 2030 2031 pkey = load_example_ec_key(); 2032 if (!TEST_ptr(pkey)) 2033 goto err; 2034 2035 /* This would not work with FIPS provider so just use NULL libctx */ 2036 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); 2037 if (!TEST_ptr(md)) 2038 goto err; 2039 2040 ctx = EVP_MD_CTX_new(); 2041 if (!TEST_ptr(ctx)) 2042 goto err; 2043 2044 /* 2045 * Just check EVP_DigestSignInit_ex() works. 2046 */ 2047 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 2048 goto err; 2049 2050 ret = 1; 2051 err: 2052 EVP_MD_CTX_free(ctx); 2053 EVP_PKEY_free(pkey); 2054 EVP_MD_free(md); 2055 2056 return ret; 2057 } 2058 #endif 2059 2060 #ifndef OPENSSL_NO_SIPHASH 2061 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 2062 static int test_siphash_digestsign(void) 2063 { 2064 unsigned char key[16]; 2065 unsigned char buf[8], digest[8]; 2066 unsigned char expected[8] = { 2067 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 2068 }; 2069 EVP_PKEY *pkey = NULL; 2070 EVP_MD_CTX *mdctx = NULL; 2071 EVP_PKEY_CTX *ctx = NULL; 2072 int ret = 0; 2073 size_t len = 8; 2074 2075 if (nullprov != NULL) 2076 return TEST_skip("Test does not support a non-default library context"); 2077 2078 memset(buf, 0, 8); 2079 memset(key, 1, 16); 2080 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 2081 key, 16))) 2082 goto out; 2083 2084 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 2085 goto out; 2086 2087 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 2088 goto out; 2089 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 2090 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 2091 8, NULL), 1)) 2092 goto out; 2093 /* reinitialize */ 2094 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 2095 goto out; 2096 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 2097 goto out; 2098 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 2099 goto out; 2100 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 2101 goto out; 2102 2103 ret = 1; 2104 out: 2105 EVP_PKEY_free(pkey); 2106 EVP_MD_CTX_free(mdctx); 2107 return ret; 2108 } 2109 #endif 2110 2111 /* 2112 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 2113 */ 2114 static int test_EVP_Digest(void) 2115 { 2116 int ret = 0; 2117 EVP_MD_CTX *md_ctx = NULL; 2118 unsigned char md[EVP_MAX_MD_SIZE]; 2119 EVP_MD *sha256 = NULL; 2120 EVP_MD *shake256 = NULL; 2121 2122 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2123 goto out; 2124 2125 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 2126 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 2127 goto out; 2128 2129 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2130 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2131 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 2132 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 2133 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 2134 goto out; 2135 2136 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2137 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2138 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 2139 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 2140 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2141 /* 2142 * EVP_DigestInit_ex with NULL type should work on 2143 * pre-initialized context. 2144 */ 2145 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2146 goto out; 2147 2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2150 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 2151 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2153 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2154 goto out; 2155 ret = 1; 2156 2157 out: 2158 EVP_MD_CTX_free(md_ctx); 2159 EVP_MD_free(sha256); 2160 EVP_MD_free(shake256); 2161 return ret; 2162 } 2163 2164 static int test_EVP_md_null(void) 2165 { 2166 int ret = 0; 2167 EVP_MD_CTX *md_ctx = NULL; 2168 const EVP_MD *md_null = EVP_md_null(); 2169 unsigned char md_value[EVP_MAX_MD_SIZE]; 2170 unsigned int md_len = sizeof(md_value); 2171 2172 if (nullprov != NULL) 2173 return TEST_skip("Test does not support a non-default library context"); 2174 2175 if (!TEST_ptr(md_null) 2176 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2177 goto out; 2178 2179 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 2180 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 2181 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 2182 goto out; 2183 2184 if (!TEST_uint_eq(md_len, 0)) 2185 goto out; 2186 2187 ret = 1; 2188 out: 2189 EVP_MD_CTX_free(md_ctx); 2190 return ret; 2191 } 2192 2193 static int test_d2i_AutoPrivateKey(int i) 2194 { 2195 int ret = 0; 2196 const unsigned char *p; 2197 EVP_PKEY *pkey = NULL; 2198 const APK_DATA *ak = &keydata[i]; 2199 const unsigned char *input = ak->kder; 2200 size_t input_len = ak->size; 2201 int expected_id = ak->evptype; 2202 2203 p = input; 2204 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 2205 || !TEST_ptr_eq(p, input + input_len) 2206 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2207 goto done; 2208 2209 ret = 1; 2210 2211 done: 2212 EVP_PKEY_free(pkey); 2213 return ret; 2214 } 2215 2216 #ifndef OPENSSL_NO_EC 2217 2218 static const unsigned char ec_public_sect163k1_validxy[] = { 2219 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2220 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2221 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2222 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 2223 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2224 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2225 }; 2226 2227 static const unsigned char ec_public_sect163k1_badx[] = { 2228 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2229 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2230 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2231 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 2232 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2233 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2234 }; 2235 2236 static const unsigned char ec_public_sect163k1_bady[] = { 2237 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2238 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2239 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2240 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 2241 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2242 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 2243 }; 2244 2245 static struct ec_der_pub_keys_st { 2246 const unsigned char *der; 2247 size_t len; 2248 int valid; 2249 } ec_der_pub_keys[] = { 2250 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 2251 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 2252 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 2253 }; 2254 2255 /* 2256 * Tests the range of the decoded EC char2 public point. 2257 * See ec_GF2m_simple_oct2point(). 2258 */ 2259 static int test_invalide_ec_char2_pub_range_decode(int id) 2260 { 2261 int ret = 0; 2262 EVP_PKEY *pkey; 2263 2264 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 2265 ec_der_pub_keys[id].len); 2266 2267 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 2268 || TEST_ptr_null(pkey); 2269 EVP_PKEY_free(pkey); 2270 return ret; 2271 } 2272 2273 static int test_EVP_PKCS82PKEY(void) 2274 { 2275 int ret = 0; 2276 const unsigned char *derp = kExampleBadECKeyDER; 2277 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2278 EVP_PKEY *pkey = NULL; 2279 2280 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 2281 sizeof(kExampleBadECKeyDER)))) 2282 goto done; 2283 2284 if (!TEST_ptr_eq(derp, 2285 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 2286 goto done; 2287 2288 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 2289 goto done; 2290 2291 ret = 1; 2292 2293 done: 2294 PKCS8_PRIV_KEY_INFO_free(p8inf); 2295 EVP_PKEY_free(pkey); 2296 2297 return ret; 2298 } 2299 2300 #endif 2301 2302 static int test_EVP_PKCS82PKEY_v2(int i) 2303 { 2304 int ret = 0; 2305 const unsigned char *p; 2306 const APK_DATA *ak = &keydata_v2[i]; 2307 const unsigned char *input = ak->kder; 2308 size_t input_len = ak->size; 2309 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2310 2311 /* Can we parse PKCS#8 v2, ignoring the public key for now? */ 2312 p = input; 2313 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); 2314 if (!TEST_ptr(p8inf) 2315 || !TEST_true(p == input + input_len)) 2316 goto done; 2317 2318 ret = 1; 2319 done: 2320 PKCS8_PRIV_KEY_INFO_free(p8inf); 2321 return ret; 2322 } 2323 2324 /* Tests loading a bad key in PKCS8 format */ 2325 static int test_EVP_PKCS82PKEY_wrong_tag(void) 2326 { 2327 EVP_PKEY *pkey = NULL; 2328 EVP_PKEY *pkey2 = NULL; 2329 BIO *membio = NULL; 2330 char *membuf = NULL; 2331 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2332 int ok = 0; 2333 2334 if (testctx != NULL) 2335 /* test not supported with non-default context */ 2336 return 1; 2337 2338 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2339 || !TEST_ptr(pkey = load_example_rsa_key()) 2340 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2341 NULL, 0, NULL, NULL), 2342 0) 2343 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 2344 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 2345 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 2346 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 2347 goto done; 2348 } 2349 2350 ok = 1; 2351 done: 2352 EVP_PKEY_free(pkey); 2353 EVP_PKEY_free(pkey2); 2354 PKCS8_PRIV_KEY_INFO_free(p8inf); 2355 BIO_free_all(membio); 2356 return ok; 2357 } 2358 2359 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 2360 static int test_privatekey_to_pkcs8(void) 2361 { 2362 EVP_PKEY *pkey = NULL; 2363 BIO *membio = NULL; 2364 char *membuf = NULL; 2365 long membuf_len = 0; 2366 int ok = 0; 2367 2368 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2369 || !TEST_ptr(pkey = load_example_rsa_key()) 2370 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2371 NULL, 0, NULL, NULL), 2372 0) 2373 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 2374 || !TEST_ptr(membuf) 2375 || !TEST_mem_eq(membuf, (size_t)membuf_len, 2376 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 2377 /* 2378 * We try to write PEM as well, just to see that it doesn't err, but 2379 * assume that the result is correct. 2380 */ 2381 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 2382 NULL, 0, NULL, NULL), 2383 0)) 2384 goto done; 2385 2386 ok = 1; 2387 done: 2388 EVP_PKEY_free(pkey); 2389 BIO_free_all(membio); 2390 return ok; 2391 } 2392 2393 #ifndef OPENSSL_NO_EC 2394 static const struct { 2395 int encoding; 2396 const char *encoding_name; 2397 } ec_encodings[] = { 2398 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 2399 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 2400 }; 2401 2402 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 2403 { 2404 const OSSL_PARAM *p; 2405 const char *enc_name = NULL; 2406 int *enc = arg; 2407 size_t i; 2408 2409 *enc = -1; 2410 2411 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 2412 OSSL_PKEY_PARAM_EC_ENCODING)) 2413 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 2414 return 0; 2415 2416 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 2417 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 2418 *enc = ec_encodings[i].encoding; 2419 break; 2420 } 2421 } 2422 2423 return (*enc != -1); 2424 } 2425 2426 static int test_EC_keygen_with_enc(int idx) 2427 { 2428 EVP_PKEY *params = NULL, *key = NULL; 2429 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 2430 int enc; 2431 int ret = 0; 2432 2433 enc = ec_encodings[idx].encoding; 2434 2435 /* Create key parameters */ 2436 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 2437 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 2438 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 2439 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 2440 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 2441 || !TEST_ptr(params)) 2442 goto done; 2443 2444 /* Create key */ 2445 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 2446 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2447 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 2448 || !TEST_ptr(key)) 2449 goto done; 2450 2451 /* Check that the encoding got all the way into the key */ 2452 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 2453 ec_export_get_encoding_cb, &enc)) 2454 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 2455 goto done; 2456 2457 ret = 1; 2458 done: 2459 EVP_PKEY_free(key); 2460 EVP_PKEY_free(params); 2461 EVP_PKEY_CTX_free(kctx); 2462 EVP_PKEY_CTX_free(pctx); 2463 return ret; 2464 } 2465 #endif 2466 2467 #if !defined(OPENSSL_NO_SM2) 2468 2469 static int test_EVP_SM2_verify(void) 2470 { 2471 const char *pubkey = 2472 "-----BEGIN PUBLIC KEY-----\n" 2473 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 2474 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 2475 "-----END PUBLIC KEY-----\n"; 2476 2477 const char *msg = "message digest"; 2478 const char *id = "ALICE123@YAHOO.COM"; 2479 2480 const uint8_t signature[] = { 2481 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 2482 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 2483 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 2484 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 2485 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 2486 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 2487 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 2488 }; 2489 2490 int rc = 0; 2491 BIO *bio = NULL; 2492 EVP_PKEY *pkey = NULL; 2493 EVP_MD_CTX *mctx = NULL; 2494 EVP_PKEY_CTX *pctx = NULL; 2495 EVP_MD *sm3 = NULL; 2496 2497 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 2498 if (!TEST_true(bio != NULL)) 2499 goto done; 2500 2501 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 2502 if (!TEST_true(pkey != NULL)) 2503 goto done; 2504 2505 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 2506 goto done; 2507 2508 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 2509 goto done; 2510 2511 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2512 goto done; 2513 2514 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 2515 2516 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 2517 goto done; 2518 2519 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 2520 goto done; 2521 2522 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 2523 goto done; 2524 2525 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2526 goto done; 2527 2528 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2529 goto done; 2530 rc = 1; 2531 2532 done: 2533 BIO_free(bio); 2534 EVP_PKEY_free(pkey); 2535 EVP_PKEY_CTX_free(pctx); 2536 EVP_MD_CTX_free(mctx); 2537 EVP_MD_free(sm3); 2538 return rc; 2539 } 2540 2541 static int test_EVP_SM2(void) 2542 { 2543 int ret = 0; 2544 EVP_PKEY *pkey = NULL; 2545 EVP_PKEY *pkeyparams = NULL; 2546 EVP_PKEY_CTX *pctx = NULL; 2547 EVP_PKEY_CTX *kctx = NULL; 2548 EVP_PKEY_CTX *sctx = NULL; 2549 size_t sig_len = 0; 2550 unsigned char *sig = NULL; 2551 EVP_MD_CTX *md_ctx = NULL; 2552 EVP_MD_CTX *md_ctx_verify = NULL; 2553 EVP_PKEY_CTX *cctx = NULL; 2554 EVP_MD *check_md = NULL; 2555 2556 uint8_t ciphertext[128]; 2557 size_t ctext_len = sizeof(ciphertext); 2558 2559 uint8_t plaintext[8]; 2560 size_t ptext_len = sizeof(plaintext); 2561 2562 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 2563 2564 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2565 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2566 int i; 2567 char mdname[OSSL_MAX_NAME_SIZE]; 2568 2569 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2570 "SM2", testpropq))) 2571 goto done; 2572 2573 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2574 goto done; 2575 2576 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2577 goto done; 2578 2579 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2580 goto done; 2581 2582 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2583 pkeyparams, testpropq))) 2584 goto done; 2585 2586 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2587 goto done; 2588 2589 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2590 goto done; 2591 2592 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2593 goto done; 2594 2595 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2596 goto done; 2597 2598 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2599 goto done; 2600 2601 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2602 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2603 2604 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2605 goto done; 2606 2607 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2608 goto done; 2609 2610 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2611 goto done; 2612 2613 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2614 goto done; 2615 2616 /* Determine the size of the signature. */ 2617 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2618 goto done; 2619 2620 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2621 goto done; 2622 2623 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2624 goto done; 2625 2626 /* Ensure that the signature round-trips. */ 2627 2628 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2629 pkey))) 2630 goto done; 2631 2632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2633 goto done; 2634 2635 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2636 goto done; 2637 2638 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2639 goto done; 2640 2641 /* 2642 * Try verify again with non-matching 0 length id but ensure that it can 2643 * be set on the context and overrides the previous value. 2644 */ 2645 2646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2647 pkey))) 2648 goto done; 2649 2650 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2651 goto done; 2652 2653 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2654 goto done; 2655 2656 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2657 goto done; 2658 2659 /* now check encryption/decryption */ 2660 2661 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2662 mdname, sizeof(mdname)); 2663 for (i = 0; i < 2; i++) { 2664 const char *mdnames[] = { 2665 #ifndef OPENSSL_NO_SM3 2666 "SM3", 2667 #else 2668 NULL, 2669 #endif 2670 "SHA2-256" }; 2671 EVP_PKEY_CTX_free(cctx); 2672 2673 if (mdnames[i] == NULL) 2674 continue; 2675 2676 sparams[0] = 2677 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2678 (char *)mdnames[i], 0); 2679 2680 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2681 pkey, testpropq))) 2682 goto done; 2683 2684 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2685 goto done; 2686 2687 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2688 goto done; 2689 2690 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2691 sizeof(kMsg)))) 2692 goto done; 2693 2694 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2695 goto done; 2696 2697 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2698 goto done; 2699 2700 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2701 ctext_len), 0)) 2702 goto done; 2703 2704 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2705 goto done; 2706 2707 /* 2708 * Test we're still using the digest we think we are. 2709 * Because of aliases, the easiest is to fetch the digest and 2710 * check the name with EVP_MD_is_a(). 2711 */ 2712 EVP_MD_free(check_md); 2713 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2714 goto done; 2715 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2716 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2717 goto done; 2718 } 2719 2720 if (!TEST_true(ptext_len == sizeof(kMsg))) 2721 goto done; 2722 2723 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2724 goto done; 2725 } 2726 2727 ret = 1; 2728 done: 2729 EVP_PKEY_CTX_free(pctx); 2730 EVP_PKEY_CTX_free(kctx); 2731 EVP_PKEY_CTX_free(sctx); 2732 EVP_PKEY_CTX_free(cctx); 2733 EVP_PKEY_free(pkey); 2734 EVP_PKEY_free(pkeyparams); 2735 EVP_MD_CTX_free(md_ctx); 2736 EVP_MD_CTX_free(md_ctx_verify); 2737 EVP_MD_free(check_md); 2738 OPENSSL_free(sig); 2739 return ret; 2740 } 2741 2742 #endif 2743 2744 #ifndef OPENSSL_NO_ML_KEM 2745 static const uint8_t ml_kem_seed[] = { 2746 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 2747 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, 2748 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, 2749 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 2750 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 2751 0x87, 0x2b, 0xfb, 0x8f 2752 }; 2753 static const uint8_t ml_kem_512_pubkey[] = { 2754 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 2755 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, 2756 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, 2757 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, 2758 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, 2759 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, 2760 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, 2761 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, 2762 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, 2763 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, 2764 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, 2765 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, 2766 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, 2767 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, 2768 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, 2769 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, 2770 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, 2771 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, 2772 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, 2773 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, 2774 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, 2775 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, 2776 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, 2777 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, 2778 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, 2779 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, 2780 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, 2781 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, 2782 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, 2783 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, 2784 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, 2785 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, 2786 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, 2787 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, 2788 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, 2789 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, 2790 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, 2791 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, 2792 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, 2793 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, 2794 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, 2795 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, 2796 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, 2797 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, 2798 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, 2799 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, 2800 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, 2801 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, 2802 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, 2803 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, 2804 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, 2805 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, 2806 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, 2807 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, 2808 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, 2809 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, 2810 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, 2811 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, 2812 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, 2813 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, 2814 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, 2815 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, 2816 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, 2817 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, 2818 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, 2819 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 2820 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 2821 }; 2822 static const uint8_t ml_kem_768_pubkey[] = { 2823 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 2824 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, 2825 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, 2826 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, 2827 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, 2828 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, 2829 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, 2830 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, 2831 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, 2832 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, 2833 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, 2834 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, 2835 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, 2836 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, 2837 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, 2838 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, 2839 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, 2840 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, 2841 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, 2842 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, 2843 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, 2844 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, 2845 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, 2846 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, 2847 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, 2848 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, 2849 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, 2850 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, 2851 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, 2852 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, 2853 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, 2854 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, 2855 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, 2856 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, 2857 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, 2858 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, 2859 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, 2860 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, 2861 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, 2862 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, 2863 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, 2864 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, 2865 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, 2866 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, 2867 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, 2868 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, 2869 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, 2870 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, 2871 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, 2872 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, 2873 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, 2874 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, 2875 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, 2876 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, 2877 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, 2878 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, 2879 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, 2880 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, 2881 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, 2882 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, 2883 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, 2884 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, 2885 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, 2886 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, 2887 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, 2888 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, 2889 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, 2890 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, 2891 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, 2892 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, 2893 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, 2894 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, 2895 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, 2896 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, 2897 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, 2898 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, 2899 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, 2900 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, 2901 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, 2902 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, 2903 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, 2904 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, 2905 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, 2906 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, 2907 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, 2908 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, 2909 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, 2910 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, 2911 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, 2912 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, 2913 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, 2914 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, 2915 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, 2916 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, 2917 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, 2918 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, 2919 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, 2920 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 2921 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 2922 }; 2923 static const uint8_t ml_kem_1024_pubkey[] = { 2924 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 2925 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, 2926 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, 2927 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, 2928 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, 2929 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, 2930 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, 2931 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, 2932 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, 2933 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, 2934 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, 2935 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, 2936 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, 2937 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, 2938 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, 2939 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, 2940 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, 2941 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, 2942 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, 2943 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, 2944 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, 2945 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, 2946 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, 2947 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, 2948 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, 2949 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, 2950 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, 2951 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, 2952 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, 2953 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, 2954 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, 2955 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, 2956 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, 2957 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, 2958 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, 2959 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, 2960 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, 2961 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, 2962 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, 2963 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, 2964 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, 2965 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, 2966 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, 2967 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, 2968 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, 2969 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, 2970 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, 2971 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, 2972 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, 2973 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, 2974 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, 2975 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, 2976 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, 2977 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, 2978 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, 2979 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, 2980 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, 2981 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, 2982 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, 2983 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, 2984 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, 2985 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, 2986 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, 2987 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, 2988 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, 2989 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, 2990 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, 2991 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, 2992 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, 2993 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, 2994 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, 2995 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, 2996 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, 2997 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, 2998 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, 2999 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, 3000 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, 3001 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, 3002 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, 3003 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, 3004 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, 3005 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, 3006 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, 3007 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, 3008 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, 3009 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, 3010 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, 3011 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, 3012 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, 3013 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, 3014 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, 3015 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, 3016 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, 3017 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, 3018 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, 3019 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, 3020 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, 3021 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, 3022 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, 3023 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, 3024 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, 3025 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, 3026 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, 3027 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, 3028 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, 3029 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, 3030 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, 3031 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, 3032 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, 3033 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, 3034 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, 3035 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, 3036 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, 3037 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, 3038 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, 3039 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, 3040 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, 3041 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, 3042 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, 3043 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, 3044 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, 3045 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, 3046 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, 3047 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, 3048 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, 3049 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, 3050 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, 3051 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, 3052 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, 3053 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 3054 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb 3055 }; 3056 #endif 3057 3058 static struct keys_st { 3059 int type; 3060 const uint8_t *priv; 3061 const uint8_t *pub; 3062 /* If "name" is non-NULL, create via non-legacy _ex() API */ 3063 char *name; 3064 int privlen; 3065 int publen; 3066 } keys[] = { 3067 { 3068 EVP_PKEY_HMAC, 3069 (const uint8_t *)"0123456789", 3070 NULL, 3071 NULL, 10, 0 3072 }, 3073 { 3074 EVP_PKEY_HMAC, (const uint8_t *)"", NULL, 3075 NULL, 0, 0 3076 #ifndef OPENSSL_NO_POLY1305 3077 }, { 3078 EVP_PKEY_POLY1305, 3079 (const uint8_t *)"01234567890123456789012345678901", 3080 NULL, 3081 NULL, 32, 0 3082 #endif 3083 #ifndef OPENSSL_NO_SIPHASH 3084 }, { 3085 EVP_PKEY_SIPHASH, 3086 (const uint8_t *)"0123456789012345", 3087 NULL, 3088 NULL, 16, 0 3089 #endif 3090 }, 3091 #ifndef OPENSSL_NO_ECX 3092 { 3093 EVP_PKEY_X25519, 3094 (const uint8_t *)"01234567890123456789012345678901", 3095 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", 3096 NULL, 32, 32 3097 }, { 3098 EVP_PKEY_ED25519, 3099 (const uint8_t *)"01234567890123456789012345678901", 3100 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", 3101 NULL, 32, 32 3102 }, { 3103 EVP_PKEY_X448, 3104 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", 3105 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", 3106 NULL, 56, 56 3107 }, { 3108 EVP_PKEY_ED448, 3109 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", 3110 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", 3111 NULL, 57, 57 3112 }, 3113 #endif 3114 #ifndef OPENSSL_NO_ML_KEM 3115 { 3116 NID_undef, ml_kem_seed, ml_kem_512_pubkey, 3117 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) 3118 }, { 3119 NID_undef, ml_kem_seed, ml_kem_768_pubkey, 3120 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) 3121 }, { 3122 NID_undef, ml_kem_seed, ml_kem_1024_pubkey, 3123 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) 3124 }, 3125 #endif 3126 }; 3127 3128 #ifndef OPENSSL_NO_ML_KEM 3129 static int 3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, 3131 unsigned char **ret, size_t *retlen) 3132 { 3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3134 EVP_PKEY_CTX *ctx = NULL; 3135 EVP_PKEY *pkey = NULL; 3136 const OSSL_PARAM *p; 3137 OSSL_PARAM *params = NULL; 3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 3139 int ok = 0; 3140 3141 /* Import the seed to generate a key */ 3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); 3143 if (!TEST_ptr(ctx) 3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) 3145 goto done; 3146 parr[0] = OSSL_PARAM_construct_octet_string( 3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); 3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) 3149 goto done; 3150 3151 /* Export the key to get the encoded form */ 3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) 3153 goto done; 3154 3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 3156 if (!TEST_ptr(p) 3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) 3158 goto done; 3159 ok = 1; 3160 3161 done: 3162 EVP_PKEY_free(pkey); 3163 OSSL_PARAM_free(params); 3164 EVP_PKEY_CTX_free(ctx); 3165 return ok; 3166 } 3167 #endif 3168 3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 3170 { 3171 int ret = 0; 3172 uint8_t *buf = NULL; 3173 const uint8_t *in; 3174 uint8_t shortbuf[1]; 3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf); 3176 EVP_PKEY *pkey = NULL; 3177 unsigned char *privalloc = NULL; 3178 const char *name; 3179 3180 /* Check if this algorithm supports public keys */ 3181 if (pub && keys[tst].pub == NULL) 3182 return 1; 3183 3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); 3185 3186 if (pub) { 3187 #ifndef OPENSSL_NO_EC 3188 inlen = keys[tst].publen; 3189 in = keys[tst].pub; 3190 if (uselibctx || keys[tst].name != NULL) { 3191 pkey = EVP_PKEY_new_raw_public_key_ex( 3192 testctx, 3193 name, 3194 NULL, 3195 in, 3196 inlen); 3197 } else { 3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 3199 NULL, 3200 in, 3201 inlen); 3202 } 3203 #else 3204 return 1; 3205 #endif 3206 } else { 3207 inlen = keys[tst].privlen; 3208 in = keys[tst].priv; 3209 #ifndef OPENSSL_NO_ML_KEM 3210 if (in == ml_kem_seed) { 3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, 3212 &privalloc, &inlen))) 3213 goto done; 3214 in = privalloc; 3215 } 3216 #endif 3217 if (uselibctx || keys[tst].name != NULL) { 3218 pkey = EVP_PKEY_new_raw_private_key_ex( 3219 testctx, 3220 name, 3221 NULL, 3222 in, 3223 inlen); 3224 } else { 3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 3226 NULL, 3227 in, 3228 inlen); 3229 } 3230 } 3231 3232 if (!TEST_ptr(pkey) 3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 3236 || !TEST_true(len == inlen)) 3237 goto done; 3238 if (tst != 1) { 3239 /* 3240 * Test that supplying a buffer that is too small fails. Doesn't apply 3241 * to HMAC with a zero length key 3242 */ 3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, 3244 &shortlen))) 3245 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, 3246 &shortlen)))) 3247 goto done; 3248 } 3249 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) 3250 goto done; 3251 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 3252 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 3253 || !TEST_mem_eq(in, inlen, buf, len)) 3254 goto done; 3255 3256 ret = 1; 3257 done: 3258 OPENSSL_free(privalloc); 3259 OPENSSL_free(buf); 3260 EVP_PKEY_free(pkey); 3261 return ret; 3262 } 3263 3264 static int test_set_get_raw_keys(int tst) 3265 { 3266 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 3267 && test_set_get_raw_keys_int(tst, 0, 1) 3268 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 3269 && test_set_get_raw_keys_int(tst, 1, 1); 3270 } 3271 3272 #ifndef OPENSSL_NO_DEPRECATED_3_0 3273 static int pkey_custom_check(EVP_PKEY *pkey) 3274 { 3275 return 0xbeef; 3276 } 3277 3278 static int pkey_custom_pub_check(EVP_PKEY *pkey) 3279 { 3280 return 0xbeef; 3281 } 3282 3283 static int pkey_custom_param_check(EVP_PKEY *pkey) 3284 { 3285 return 0xbeef; 3286 } 3287 3288 static EVP_PKEY_METHOD *custom_pmeth; 3289 #endif 3290 3291 static int test_EVP_PKEY_check(int i) 3292 { 3293 int ret = 0; 3294 EVP_PKEY *pkey = NULL; 3295 EVP_PKEY_CTX *ctx = NULL; 3296 #ifndef OPENSSL_NO_DEPRECATED_3_0 3297 EVP_PKEY_CTX *ctx2 = NULL; 3298 #endif 3299 const APK_DATA *ak = &keycheckdata[i]; 3300 const unsigned char *input = ak->kder; 3301 size_t input_len = ak->size; 3302 int expected_id = ak->evptype; 3303 int expected_check = ak->check; 3304 int expected_pub_check = ak->pub_check; 3305 int expected_param_check = ak->param_check; 3306 int type = ak->type; 3307 3308 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 3309 goto done; 3310 if (type == 0 3311 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 3312 goto done; 3313 3314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 3315 goto done; 3316 3317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 3318 goto done; 3319 3320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 3321 goto done; 3322 3323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 3324 goto done; 3325 3326 #ifndef OPENSSL_NO_DEPRECATED_3_0 3327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 3328 /* assign the pkey directly, as an internal test */ 3329 if (!EVP_PKEY_up_ref(pkey)) 3330 goto done; 3331 3332 ctx2->pkey = pkey; 3333 3334 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 3335 goto done; 3336 3337 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 3338 goto done; 3339 3340 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 3341 goto done; 3342 #endif 3343 3344 ret = 1; 3345 3346 done: 3347 EVP_PKEY_CTX_free(ctx); 3348 #ifndef OPENSSL_NO_DEPRECATED_3_0 3349 EVP_PKEY_CTX_free(ctx2); 3350 #endif 3351 EVP_PKEY_free(pkey); 3352 return ret; 3353 } 3354 3355 #ifndef OPENSSL_NO_CMAC 3356 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 3357 { 3358 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 3359 const char msg[] = "Hello World"; 3360 size_t maclen = AES_BLOCK_SIZE; 3361 int ret = 1; 3362 3363 if (!TEST_ptr(mdctx) 3364 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 3365 testpropq, pkey, NULL)) 3366 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 3367 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 3368 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 3369 ret = 0; 3370 3371 EVP_MD_CTX_free(mdctx); 3372 3373 return ret; 3374 } 3375 static int test_CMAC_keygen(void) 3376 { 3377 static unsigned char key[] = { 3378 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3379 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3380 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 3381 }; 3382 EVP_PKEY_CTX *kctx = NULL; 3383 int ret = 0; 3384 EVP_PKEY *pkey = NULL; 3385 unsigned char mac[AES_BLOCK_SIZE]; 3386 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 3387 unsigned char mac2[AES_BLOCK_SIZE]; 3388 # endif 3389 3390 if (nullprov != NULL) 3391 return TEST_skip("Test does not support a non-default library context"); 3392 3393 /* 3394 * This is a legacy method for CMACs, but should still work. 3395 * This verifies that it works without an ENGINE. 3396 */ 3397 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 3398 3399 /* Test a CMAC key created using the "generated" method */ 3400 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 3401 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3402 EVP_PKEY_CTRL_CIPHER, 3403 0, (void *)EVP_aes_256_cbc()), 0) 3404 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3405 EVP_PKEY_CTRL_SET_MAC_KEY, 3406 sizeof(key), (void *)key), 0) 3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 3408 || !TEST_ptr(pkey) 3409 || !TEST_true(get_cmac_val(pkey, mac))) 3410 goto done; 3411 3412 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 3413 EVP_PKEY_free(pkey); 3414 3415 /* 3416 * Test a CMAC key using the direct method, and compare with the mac 3417 * created above. 3418 */ 3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); 3420 if (!TEST_ptr(pkey) 3421 || !TEST_true(get_cmac_val(pkey, mac2)) 3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 3423 goto done; 3424 # endif 3425 3426 ret = 1; 3427 3428 done: 3429 EVP_PKEY_free(pkey); 3430 EVP_PKEY_CTX_free(kctx); 3431 return ret; 3432 } 3433 #endif 3434 3435 static int test_HKDF(void) 3436 { 3437 EVP_PKEY_CTX *pctx; 3438 unsigned char out[20]; 3439 size_t outlen; 3440 int i, ret = 0; 3441 unsigned char salt[] = "0123456789"; 3442 unsigned char key[] = "012345678901234567890123456789"; 3443 unsigned char info[] = "infostring"; 3444 const unsigned char expected[] = { 3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 3447 }; 3448 size_t expectedlen = sizeof(expected); 3449 3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3451 goto done; 3452 3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 3454 for (i = 0; i < 2; i++) { 3455 outlen = sizeof(out); 3456 memset(out, 0, outlen); 3457 3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3461 sizeof(salt) - 1), 0) 3462 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3463 sizeof(key) - 1), 0) 3464 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3465 sizeof(info) - 1), 0) 3466 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3467 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3468 goto done; 3469 } 3470 3471 ret = 1; 3472 3473 done: 3474 EVP_PKEY_CTX_free(pctx); 3475 3476 return ret; 3477 } 3478 3479 static int test_emptyikm_HKDF(void) 3480 { 3481 EVP_PKEY_CTX *pctx; 3482 unsigned char out[20]; 3483 size_t outlen; 3484 int ret = 0; 3485 unsigned char salt[] = "9876543210"; 3486 unsigned char key[] = ""; 3487 unsigned char info[] = "stringinfo"; 3488 const unsigned char expected[] = { 3489 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 3490 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 3491 }; 3492 size_t expectedlen = sizeof(expected); 3493 3494 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3495 goto done; 3496 3497 outlen = sizeof(out); 3498 memset(out, 0, outlen); 3499 3500 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3501 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3502 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3503 sizeof(salt) - 1), 0) 3504 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3505 sizeof(key) - 1), 0) 3506 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3507 sizeof(info) - 1), 0) 3508 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3509 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3510 goto done; 3511 3512 ret = 1; 3513 3514 done: 3515 EVP_PKEY_CTX_free(pctx); 3516 3517 return ret; 3518 } 3519 3520 static int test_empty_salt_info_HKDF(void) 3521 { 3522 EVP_PKEY_CTX *pctx; 3523 unsigned char out[20]; 3524 size_t outlen; 3525 int ret = 0; 3526 unsigned char salt[] = ""; 3527 unsigned char fake[] = "0123456789"; 3528 unsigned char key[] = "012345678901234567890123456789"; 3529 unsigned char info[] = ""; 3530 const unsigned char expected[] = { 3531 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 3532 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, 3533 }; 3534 size_t expectedlen = sizeof(expected); 3535 3536 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3537 goto done; 3538 3539 outlen = sizeof(out); 3540 memset(out, 0, outlen); 3541 3542 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3543 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3544 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, 3545 sizeof(fake) - 1), 0) 3546 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3547 sizeof(salt) - 1), 0) 3548 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3549 sizeof(key) - 1), 0) 3550 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3551 sizeof(info) - 1), 0) 3552 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3553 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3554 goto done; 3555 3556 ret = 1; 3557 3558 done: 3559 EVP_PKEY_CTX_free(pctx); 3560 3561 return ret; 3562 } 3563 3564 #ifndef OPENSSL_NO_EC 3565 static int test_X509_PUBKEY_inplace(void) 3566 { 3567 int ret = 0; 3568 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 3569 const unsigned char *p = kExampleECPubKeyDER; 3570 size_t input_len = sizeof(kExampleECPubKeyDER); 3571 3572 if (!TEST_ptr(xp)) 3573 goto done; 3574 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 3575 goto done; 3576 3577 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 3578 goto done; 3579 3580 p = kExampleBadECPubKeyDER; 3581 input_len = sizeof(kExampleBadECPubKeyDER); 3582 3583 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 3584 goto done; 3585 3586 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 3587 goto done; 3588 3589 ret = 1; 3590 3591 done: 3592 X509_PUBKEY_free(xp); 3593 return ret; 3594 } 3595 3596 static int test_X509_PUBKEY_dup(void) 3597 { 3598 int ret = 0; 3599 X509_PUBKEY *xp = NULL, *xq = NULL; 3600 const unsigned char *p = kExampleECPubKeyDER; 3601 size_t input_len = sizeof(kExampleECPubKeyDER); 3602 3603 xp = X509_PUBKEY_new_ex(testctx, testpropq); 3604 if (!TEST_ptr(xp) 3605 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 3606 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 3607 || !TEST_ptr_ne(xp, xq)) 3608 goto done; 3609 3610 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 3611 || !TEST_ptr(X509_PUBKEY_get0(xp)) 3612 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 3613 goto done; 3614 3615 X509_PUBKEY_free(xq); 3616 xq = NULL; 3617 p = kExampleBadECPubKeyDER; 3618 input_len = sizeof(kExampleBadECPubKeyDER); 3619 3620 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 3621 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 3622 goto done; 3623 3624 X509_PUBKEY_free(xp); 3625 xp = NULL; 3626 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 3627 goto done; 3628 3629 ret = 1; 3630 3631 done: 3632 X509_PUBKEY_free(xp); 3633 X509_PUBKEY_free(xq); 3634 return ret; 3635 } 3636 #endif /* OPENSSL_NO_EC */ 3637 3638 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 3639 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 3640 { 3641 EVP_MD_CTX *mdctx = NULL; 3642 EVP_PKEY_CTX *ctx = NULL; 3643 const OSSL_PARAM *params; 3644 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 3645 int ret = 0; 3646 const EVP_MD *md; 3647 char mdname[OSSL_MAX_NAME_SIZE]; 3648 char ssl3ms[48]; 3649 3650 /* Initialise a sign operation */ 3651 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 3652 if (!TEST_ptr(ctx) 3653 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 3654 goto err; 3655 3656 /* 3657 * We should be able to query the parameters now. 3658 */ 3659 params = EVP_PKEY_CTX_settable_params(ctx); 3660 if (!TEST_ptr(params) 3661 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3662 OSSL_SIGNATURE_PARAM_DIGEST))) 3663 goto err; 3664 3665 params = EVP_PKEY_CTX_gettable_params(ctx); 3666 if (!TEST_ptr(params) 3667 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3668 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 3669 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3670 OSSL_SIGNATURE_PARAM_DIGEST))) 3671 goto err; 3672 3673 /* 3674 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 3675 * EVP_PKEY_CTX_get_params() 3676 */ 3677 strcpy(mdname, "SHA512"); 3678 param_md = param; 3679 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3680 mdname, 0); 3681 *param++ = OSSL_PARAM_construct_end(); 3682 3683 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 3684 goto err; 3685 3686 mdname[0] = '\0'; 3687 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3688 mdname, sizeof(mdname)); 3689 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 3690 || !TEST_str_eq(mdname, "SHA512")) 3691 goto err; 3692 3693 /* 3694 * Test the TEST_PKEY_CTX_set_signature_md() and 3695 * TEST_PKEY_CTX_get_signature_md() functions 3696 */ 3697 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 3698 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 3699 || !TEST_ptr_eq(md, EVP_sha256())) 3700 goto err; 3701 3702 /* 3703 * Test getting MD parameters via an associated EVP_PKEY_CTX 3704 */ 3705 mdctx = EVP_MD_CTX_new(); 3706 if (!TEST_ptr(mdctx) 3707 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 3708 pkey, NULL))) 3709 goto err; 3710 3711 /* 3712 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 3713 * able to obtain the digest's settable parameters from the provider. 3714 */ 3715 params = EVP_MD_CTX_settable_params(mdctx); 3716 if (!TEST_ptr(params) 3717 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 3718 /* The final key should be NULL */ 3719 || !TEST_ptr_null(params[1].key)) 3720 goto err; 3721 3722 param = ourparams; 3723 memset(ssl3ms, 0, sizeof(ssl3ms)); 3724 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 3725 ssl3ms, sizeof(ssl3ms)); 3726 *param++ = OSSL_PARAM_construct_end(); 3727 3728 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 3729 goto err; 3730 3731 ret = 1; 3732 3733 err: 3734 EVP_MD_CTX_free(mdctx); 3735 EVP_PKEY_CTX_free(ctx); 3736 3737 return ret; 3738 } 3739 3740 #ifndef OPENSSL_NO_DSA 3741 static int test_DSA_get_set_params(void) 3742 { 3743 OSSL_PARAM_BLD *bld = NULL; 3744 OSSL_PARAM *params = NULL; 3745 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 3746 EVP_PKEY_CTX *pctx = NULL; 3747 EVP_PKEY *pkey = NULL; 3748 int ret = 0; 3749 3750 /* 3751 * Setup the parameters for our DSA object. For our purposes they don't 3752 * have to actually be *valid* parameters. We just need to set something. 3753 */ 3754 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 3755 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3756 || !TEST_ptr(p = BN_new()) 3757 || !TEST_ptr(q = BN_new()) 3758 || !TEST_ptr(g = BN_new()) 3759 || !TEST_ptr(pub = BN_new()) 3760 || !TEST_ptr(priv = BN_new())) 3761 goto err; 3762 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 3763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 3764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 3765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 3766 pub)) 3767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 3768 priv))) 3769 goto err; 3770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3771 goto err; 3772 3773 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3774 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3775 params), 0)) 3776 goto err; 3777 3778 if (!TEST_ptr(pkey)) 3779 goto err; 3780 3781 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3782 3783 err: 3784 EVP_PKEY_free(pkey); 3785 EVP_PKEY_CTX_free(pctx); 3786 OSSL_PARAM_free(params); 3787 OSSL_PARAM_BLD_free(bld); 3788 BN_free(p); 3789 BN_free(q); 3790 BN_free(g); 3791 BN_free(pub); 3792 BN_free(priv); 3793 3794 return ret; 3795 } 3796 3797 /* 3798 * Test combinations of private, public, missing and private + public key 3799 * params to ensure they are all accepted 3800 */ 3801 static int test_DSA_priv_pub(void) 3802 { 3803 return test_EVP_PKEY_ffc_priv_pub("DSA"); 3804 } 3805 3806 #endif /* !OPENSSL_NO_DSA */ 3807 3808 static int test_RSA_get_set_params(void) 3809 { 3810 OSSL_PARAM_BLD *bld = NULL; 3811 OSSL_PARAM *params = NULL; 3812 BIGNUM *n = NULL, *e = NULL, *d = NULL; 3813 EVP_PKEY_CTX *pctx = NULL; 3814 EVP_PKEY *pkey = NULL; 3815 int ret = 0; 3816 3817 /* 3818 * Setup the parameters for our RSA object. For our purposes they don't 3819 * have to actually be *valid* parameters. We just need to set something. 3820 */ 3821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 3822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3823 || !TEST_ptr(n = BN_new()) 3824 || !TEST_ptr(e = BN_new()) 3825 || !TEST_ptr(d = BN_new())) 3826 goto err; 3827 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 3828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 3829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 3830 goto err; 3831 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3832 goto err; 3833 3834 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3835 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3836 params), 0)) 3837 goto err; 3838 3839 if (!TEST_ptr(pkey)) 3840 goto err; 3841 3842 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3843 3844 err: 3845 EVP_PKEY_free(pkey); 3846 EVP_PKEY_CTX_free(pctx); 3847 OSSL_PARAM_free(params); 3848 OSSL_PARAM_BLD_free(bld); 3849 BN_free(n); 3850 BN_free(e); 3851 BN_free(d); 3852 3853 return ret; 3854 } 3855 3856 static int test_RSA_OAEP_set_get_params(void) 3857 { 3858 int ret = 0; 3859 EVP_PKEY *key = NULL; 3860 EVP_PKEY_CTX *key_ctx = NULL; 3861 3862 if (nullprov != NULL) 3863 return TEST_skip("Test does not support a non-default library context"); 3864 3865 if (!TEST_ptr(key = load_example_rsa_key()) 3866 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 3867 goto err; 3868 3869 { 3870 int padding = RSA_PKCS1_OAEP_PADDING; 3871 OSSL_PARAM params[4]; 3872 3873 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 3874 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3875 OSSL_DIGEST_NAME_SHA2_256, 0); 3876 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3877 OSSL_DIGEST_NAME_SHA1, 0); 3878 params[3] = OSSL_PARAM_construct_end(); 3879 3880 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) 3881 goto err; 3882 } 3883 { 3884 OSSL_PARAM params[3]; 3885 char oaepmd[30] = { '\0' }; 3886 char mgf1md[30] = { '\0' }; 3887 3888 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3889 oaepmd, sizeof(oaepmd)); 3890 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3891 mgf1md, sizeof(mgf1md)); 3892 params[2] = OSSL_PARAM_construct_end(); 3893 3894 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 3895 goto err; 3896 3897 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 3898 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 3899 goto err; 3900 } 3901 3902 ret = 1; 3903 3904 err: 3905 EVP_PKEY_free(key); 3906 EVP_PKEY_CTX_free(key_ctx); 3907 3908 return ret; 3909 } 3910 3911 /* https://github.com/openssl/openssl/issues/21288 */ 3912 static int test_RSA_OAEP_set_null_label(void) 3913 { 3914 int ret = 0; 3915 EVP_PKEY *key = NULL; 3916 EVP_PKEY_CTX *key_ctx = NULL; 3917 3918 if (!TEST_ptr(key = load_example_rsa_key()) 3919 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 3920 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 3921 goto err; 3922 3923 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 3924 goto err; 3925 3926 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 3927 goto err; 3928 3929 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 3930 goto err; 3931 3932 ret = 1; 3933 3934 err: 3935 EVP_PKEY_free(key); 3936 EVP_PKEY_CTX_free(key_ctx); 3937 3938 return ret; 3939 } 3940 3941 static int test_RSA_encrypt(void) 3942 { 3943 int ret = 0; 3944 EVP_PKEY *pkey = NULL; 3945 EVP_PKEY_CTX *pctx = NULL; 3946 unsigned char *cbuf = NULL, *pbuf = NULL; 3947 size_t clen = 0, plen = 0; 3948 3949 if (!TEST_ptr(pkey = load_example_rsa_key()) 3950 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, 3951 pkey, testpropq)) 3952 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) 3953 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) 3954 || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) 3955 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) 3956 goto done; 3957 3958 /* Require failure when the output buffer is too small */ 3959 plen = clen - 1; 3960 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) 3961 goto done; 3962 /* flush error stack */ 3963 TEST_openssl_errors(); 3964 3965 /* Check decryption of encrypted result */ 3966 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) 3967 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 3968 || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) 3969 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 3970 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) 3971 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) 3972 goto done; 3973 3974 ret = 1; 3975 done: 3976 EVP_PKEY_CTX_free(pctx); 3977 EVP_PKEY_free(pkey); 3978 OPENSSL_free(cbuf); 3979 OPENSSL_free(pbuf); 3980 return ret; 3981 } 3982 3983 #ifndef OPENSSL_NO_DEPRECATED_3_0 3984 static int test_RSA_legacy(void) 3985 { 3986 int ret = 0; 3987 BIGNUM *p = NULL; 3988 BIGNUM *q = NULL; 3989 BIGNUM *n = NULL; 3990 BIGNUM *e = NULL; 3991 BIGNUM *d = NULL; 3992 const EVP_MD *md = EVP_sha256(); 3993 EVP_MD_CTX *ctx = NULL; 3994 EVP_PKEY *pkey = NULL; 3995 RSA *rsa = NULL; 3996 3997 if (nullprov != NULL) 3998 return TEST_skip("Test does not support a non-default library context"); 3999 4000 if (!TEST_ptr(p = BN_dup(BN_value_one())) 4001 || !TEST_ptr(q = BN_dup(BN_value_one())) 4002 || !TEST_ptr(n = BN_dup(BN_value_one())) 4003 || !TEST_ptr(e = BN_dup(BN_value_one())) 4004 || !TEST_ptr(d = BN_dup(BN_value_one()))) 4005 goto err; 4006 4007 if (!TEST_ptr(rsa = RSA_new()) 4008 || !TEST_ptr(pkey = EVP_PKEY_new()) 4009 || !TEST_ptr(ctx = EVP_MD_CTX_new())) 4010 goto err; 4011 4012 if (!TEST_true(RSA_set0_factors(rsa, p, q))) 4013 goto err; 4014 p = NULL; 4015 q = NULL; 4016 4017 if (!TEST_true(RSA_set0_key(rsa, n, e, d))) 4018 goto err; 4019 n = NULL; 4020 e = NULL; 4021 d = NULL; 4022 4023 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) 4024 goto err; 4025 4026 rsa = NULL; 4027 4028 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 4029 goto err; 4030 4031 ret = 1; 4032 4033 err: 4034 RSA_free(rsa); 4035 EVP_MD_CTX_free(ctx); 4036 EVP_PKEY_free(pkey); 4037 BN_free(p); 4038 BN_free(q); 4039 BN_free(n); 4040 BN_free(e); 4041 BN_free(d); 4042 4043 return ret; 4044 } 4045 #endif 4046 4047 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4048 static int test_decrypt_null_chunks(void) 4049 { 4050 EVP_CIPHER_CTX* ctx = NULL; 4051 EVP_CIPHER *cipher = NULL; 4052 const unsigned char key[32] = { 4053 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4054 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4055 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 4056 }; 4057 unsigned char iv[12] = { 4058 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 4059 }; 4060 unsigned char msg[] = "It was the best of times, it was the worst of times"; 4061 unsigned char ciphertext[80]; 4062 unsigned char plaintext[80]; 4063 /* We initialise tmp to a non zero value on purpose */ 4064 int ctlen, ptlen, tmp = 99; 4065 int ret = 0; 4066 const int enc_offset = 10, dec_offset = 20; 4067 4068 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 4069 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4070 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 4071 key, iv)) 4072 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 4073 enc_offset)) 4074 /* Deliberate add a zero length update */ 4075 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 4076 0)) 4077 || !TEST_int_eq(tmp, 0) 4078 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 4079 msg + enc_offset, 4080 sizeof(msg) - enc_offset)) 4081 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 4082 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 4083 || !TEST_int_eq(tmp, 0)) 4084 goto err; 4085 4086 /* Deliberately initialise tmp to a non zero value */ 4087 tmp = 99; 4088 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 4089 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 4090 dec_offset)) 4091 /* 4092 * Deliberately add a zero length update. We also deliberately do 4093 * this at a different offset than for encryption. 4094 */ 4095 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 4096 0)) 4097 || !TEST_int_eq(tmp, 0) 4098 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 4099 ciphertext + dec_offset, 4100 ctlen - dec_offset)) 4101 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 4102 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 4103 || !TEST_int_eq(tmp, 0) 4104 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 4105 goto err; 4106 4107 ret = 1; 4108 err: 4109 EVP_CIPHER_CTX_free(ctx); 4110 EVP_CIPHER_free(cipher); 4111 return ret; 4112 } 4113 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 4114 4115 #ifndef OPENSSL_NO_DH 4116 /* 4117 * Test combinations of private, public, missing and private + public key 4118 * params to ensure they are all accepted 4119 */ 4120 static int test_DH_priv_pub(void) 4121 { 4122 return test_EVP_PKEY_ffc_priv_pub("DH"); 4123 } 4124 4125 # ifndef OPENSSL_NO_DEPRECATED_3_0 4126 static int test_EVP_PKEY_set1_DH(void) 4127 { 4128 DH *x942dh = NULL, *noqdh = NULL; 4129 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 4130 int ret = 0; 4131 BIGNUM *p, *g = NULL; 4132 BIGNUM *pubkey = NULL; 4133 unsigned char pub[2048 / 8]; 4134 size_t len = 0; 4135 4136 if (!TEST_ptr(p = BN_new()) 4137 || !TEST_ptr(g = BN_new()) 4138 || !TEST_ptr(pubkey = BN_new()) 4139 || !TEST_true(BN_set_word(p, 9999)) 4140 || !TEST_true(BN_set_word(g, 2)) 4141 || !TEST_true(BN_set_word(pubkey, 4321)) 4142 || !TEST_ptr(noqdh = DH_new()) 4143 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 4144 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 4145 || !TEST_ptr(pubkey = BN_new()) 4146 || !TEST_true(BN_set_word(pubkey, 4321))) 4147 goto err; 4148 p = g = NULL; 4149 4150 x942dh = DH_get_2048_256(); 4151 pkey1 = EVP_PKEY_new(); 4152 pkey2 = EVP_PKEY_new(); 4153 if (!TEST_ptr(x942dh) 4154 || !TEST_ptr(noqdh) 4155 || !TEST_ptr(pkey1) 4156 || !TEST_ptr(pkey2) 4157 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 4158 goto err; 4159 pubkey = NULL; 4160 4161 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 4162 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 4163 goto err; 4164 4165 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 4166 &pubkey)) 4167 || !TEST_ptr(pubkey)) 4168 goto err; 4169 4170 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 4171 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 4172 goto err; 4173 4174 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 4175 OSSL_PKEY_PARAM_PUB_KEY, 4176 pub, sizeof(pub), &len)) 4177 || !TEST_size_t_ne(len, 0)) 4178 goto err; 4179 4180 ret = 1; 4181 err: 4182 BN_free(p); 4183 BN_free(g); 4184 BN_free(pubkey); 4185 EVP_PKEY_free(pkey1); 4186 EVP_PKEY_free(pkey2); 4187 DH_free(x942dh); 4188 DH_free(noqdh); 4189 4190 return ret; 4191 } 4192 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 4193 #endif /* !OPENSSL_NO_DH */ 4194 4195 /* 4196 * We test what happens with an empty template. For the sake of this test, 4197 * the template must be ignored, and we know that's the case for RSA keys 4198 * (this might arguably be a misfeature, but that's what we currently do, 4199 * even in provider code, since that's how the legacy RSA implementation 4200 * does things) 4201 */ 4202 static int test_keygen_with_empty_template(int n) 4203 { 4204 EVP_PKEY_CTX *ctx = NULL; 4205 EVP_PKEY *pkey = NULL; 4206 EVP_PKEY *tkey = NULL; 4207 int ret = 0; 4208 4209 if (nullprov != NULL) 4210 return TEST_skip("Test does not support a non-default library context"); 4211 4212 switch (n) { 4213 case 0: 4214 /* We do test with no template at all as well */ 4215 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 4216 goto err; 4217 break; 4218 case 1: 4219 /* Here we create an empty RSA key that serves as our template */ 4220 if (!TEST_ptr(tkey = EVP_PKEY_new()) 4221 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 4222 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 4223 goto err; 4224 break; 4225 } 4226 4227 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4228 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 4229 goto err; 4230 4231 ret = 1; 4232 err: 4233 EVP_PKEY_CTX_free(ctx); 4234 EVP_PKEY_free(pkey); 4235 EVP_PKEY_free(tkey); 4236 return ret; 4237 } 4238 4239 /* 4240 * Test that we fail if we attempt to use an algorithm that is not available 4241 * in the current library context (unless we are using an algorithm that 4242 * should be made available via legacy codepaths). 4243 * 4244 * 0: RSA 4245 * 1: SM2 4246 */ 4247 static int test_pkey_ctx_fail_without_provider(int tst) 4248 { 4249 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 4250 OSSL_PROVIDER *tmpnullprov = NULL; 4251 EVP_PKEY_CTX *pctx = NULL; 4252 const char *keytype = NULL; 4253 int expect_null = 0; 4254 int ret = 0; 4255 4256 if (!TEST_ptr(tmpctx)) 4257 goto err; 4258 4259 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 4260 if (!TEST_ptr(tmpnullprov)) 4261 goto err; 4262 4263 /* 4264 * We check for certain algos in the null provider. 4265 * If an algo is expected to have a provider keymgmt, constructing an 4266 * EVP_PKEY_CTX is expected to fail (return NULL). 4267 * Otherwise, if it's expected to have legacy support, constructing an 4268 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 4269 */ 4270 switch (tst) { 4271 case 0: 4272 keytype = "RSA"; 4273 expect_null = 1; 4274 break; 4275 case 1: 4276 keytype = "SM2"; 4277 expect_null = 1; 4278 #ifdef OPENSSL_NO_EC 4279 TEST_info("EC disable, skipping SM2 check..."); 4280 goto end; 4281 #endif 4282 #ifdef OPENSSL_NO_SM2 4283 TEST_info("SM2 disable, skipping SM2 check..."); 4284 goto end; 4285 #endif 4286 break; 4287 default: 4288 TEST_error("No test for case %d", tst); 4289 goto err; 4290 } 4291 4292 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 4293 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 4294 goto err; 4295 4296 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 4297 end: 4298 #endif 4299 ret = 1; 4300 4301 err: 4302 EVP_PKEY_CTX_free(pctx); 4303 OSSL_PROVIDER_unload(tmpnullprov); 4304 OSSL_LIB_CTX_free(tmpctx); 4305 return ret; 4306 } 4307 4308 static int test_rand_agglomeration(void) 4309 { 4310 EVP_RAND *rand; 4311 EVP_RAND_CTX *ctx; 4312 OSSL_PARAM params[3], *p = params; 4313 int res; 4314 unsigned int step = 7; 4315 static unsigned char seed[] = "It does not matter how slowly you go " 4316 "as long as you do not stop."; 4317 unsigned char out[sizeof(seed)]; 4318 4319 if (!TEST_int_ne(sizeof(seed) % step, 0) 4320 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 4321 return 0; 4322 ctx = EVP_RAND_CTX_new(rand, NULL); 4323 EVP_RAND_free(rand); 4324 if (!TEST_ptr(ctx)) 4325 return 0; 4326 4327 memset(out, 0, sizeof(out)); 4328 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 4329 seed, sizeof(seed)); 4330 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 4331 *p = OSSL_PARAM_construct_end(); 4332 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 4333 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 4334 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 4335 EVP_RAND_CTX_free(ctx); 4336 return res; 4337 } 4338 4339 /* 4340 * Test that we correctly return the original or "running" IV after 4341 * an encryption operation. 4342 * Run multiple times for some different relevant algorithms/modes. 4343 */ 4344 static int test_evp_iv_aes(int idx) 4345 { 4346 int ret = 0; 4347 EVP_CIPHER_CTX *ctx = NULL; 4348 unsigned char key[16] = { 4349 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 4350 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 4351 }; 4352 unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 4353 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4354 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4355 }; 4356 static const unsigned char msg[] = { 4357 1, 2, 3, 4, 5, 6, 7, 8, 4358 9, 10, 11, 12, 13, 14, 15, 16 4359 }; 4360 unsigned char ciphertext[32], oiv[16], iv[16]; 4361 unsigned char *ref_iv; 4362 unsigned char cbc_state[16] = { 4363 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 4364 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e 4365 }; 4366 4367 unsigned char ofb_state[16] = { 4368 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 4369 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd 4370 }; 4371 unsigned char cfb_state[16] = { 4372 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 4373 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed 4374 }; 4375 unsigned char gcm_state[12] = { 4376 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4377 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4378 }; 4379 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; 4380 #ifndef OPENSSL_NO_OCB 4381 unsigned char ocb_state[12] = { 4382 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4383 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4384 }; 4385 #endif 4386 int len = sizeof(ciphertext); 4387 size_t ivlen, ref_len; 4388 const EVP_CIPHER *type = NULL; 4389 int iv_reset = 0; 4390 4391 if (nullprov != NULL && idx < 6) 4392 return TEST_skip("Test does not support a non-default library context"); 4393 4394 switch (idx) { 4395 case 0: 4396 type = EVP_aes_128_cbc(); 4397 /* FALLTHROUGH */ 4398 case 6: 4399 type = (type != NULL) ? type : 4400 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 4401 ref_iv = cbc_state; 4402 ref_len = sizeof(cbc_state); 4403 iv_reset = 1; 4404 break; 4405 case 1: 4406 type = EVP_aes_128_ofb(); 4407 /* FALLTHROUGH */ 4408 case 7: 4409 type = (type != NULL) ? type : 4410 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 4411 ref_iv = ofb_state; 4412 ref_len = sizeof(ofb_state); 4413 iv_reset = 1; 4414 break; 4415 case 2: 4416 type = EVP_aes_128_cfb(); 4417 /* FALLTHROUGH */ 4418 case 8: 4419 type = (type != NULL) ? type : 4420 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 4421 ref_iv = cfb_state; 4422 ref_len = sizeof(cfb_state); 4423 iv_reset = 1; 4424 break; 4425 case 3: 4426 type = EVP_aes_128_gcm(); 4427 /* FALLTHROUGH */ 4428 case 9: 4429 type = (type != NULL) ? type : 4430 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 4431 ref_iv = gcm_state; 4432 ref_len = sizeof(gcm_state); 4433 break; 4434 case 4: 4435 type = EVP_aes_128_ccm(); 4436 /* FALLTHROUGH */ 4437 case 10: 4438 type = (type != NULL) ? type : 4439 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 4440 ref_iv = ccm_state; 4441 ref_len = sizeof(ccm_state); 4442 break; 4443 #ifdef OPENSSL_NO_OCB 4444 case 5: 4445 case 11: 4446 return 1; 4447 #else 4448 case 5: 4449 type = EVP_aes_128_ocb(); 4450 /* FALLTHROUGH */ 4451 case 11: 4452 type = (type != NULL) ? type : 4453 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 4454 ref_iv = ocb_state; 4455 ref_len = sizeof(ocb_state); 4456 break; 4457 #endif 4458 default: 4459 return 0; 4460 } 4461 4462 if (!TEST_ptr(type) 4463 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4464 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4465 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4466 (int)sizeof(msg))) 4467 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4468 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4469 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4470 goto err; 4471 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4472 4473 if (!TEST_int_gt(ivlen, 0)) 4474 goto err; 4475 4476 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4477 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4478 goto err; 4479 4480 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 4481 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4482 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4483 goto err; 4484 if (iv_reset) { 4485 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4486 goto err; 4487 } else { 4488 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 4489 goto err; 4490 } 4491 4492 ret = 1; 4493 err: 4494 EVP_CIPHER_CTX_free(ctx); 4495 if (idx >= 6) 4496 EVP_CIPHER_free((EVP_CIPHER *)type); 4497 return ret; 4498 } 4499 4500 #ifndef OPENSSL_NO_DES 4501 static int test_evp_iv_des(int idx) 4502 { 4503 int ret = 0; 4504 EVP_CIPHER_CTX *ctx = NULL; 4505 static const unsigned char key[24] = { 4506 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 4507 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 4508 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4509 }; 4510 static const unsigned char init_iv[8] = { 4511 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4512 }; 4513 static const unsigned char msg[] = { 4514 1, 2, 3, 4, 5, 6, 7, 8, 4515 9, 10, 11, 12, 13, 14, 15, 16 4516 }; 4517 unsigned char ciphertext[32], oiv[8], iv[8]; 4518 unsigned const char *ref_iv; 4519 static const unsigned char cbc_state_des[8] = { 4520 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 4521 }; 4522 static const unsigned char cbc_state_3des[8] = { 4523 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 4524 }; 4525 static const unsigned char ofb_state_des[8] = { 4526 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 4527 }; 4528 static const unsigned char ofb_state_3des[8] = { 4529 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 4530 }; 4531 static const unsigned char cfb_state_des[8] = { 4532 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 4533 }; 4534 static const unsigned char cfb_state_3des[8] = { 4535 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 4536 }; 4537 int len = sizeof(ciphertext); 4538 size_t ivlen, ref_len; 4539 EVP_CIPHER *type = NULL; 4540 4541 if (lgcyprov == NULL && idx < 3) 4542 return TEST_skip("Test requires legacy provider to be loaded"); 4543 4544 switch (idx) { 4545 case 0: 4546 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 4547 ref_iv = cbc_state_des; 4548 ref_len = sizeof(cbc_state_des); 4549 break; 4550 case 1: 4551 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 4552 ref_iv = ofb_state_des; 4553 ref_len = sizeof(ofb_state_des); 4554 break; 4555 case 2: 4556 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 4557 ref_iv = cfb_state_des; 4558 ref_len = sizeof(cfb_state_des); 4559 break; 4560 case 3: 4561 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 4562 ref_iv = cbc_state_3des; 4563 ref_len = sizeof(cbc_state_3des); 4564 break; 4565 case 4: 4566 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 4567 ref_iv = ofb_state_3des; 4568 ref_len = sizeof(ofb_state_3des); 4569 break; 4570 case 5: 4571 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 4572 ref_iv = cfb_state_3des; 4573 ref_len = sizeof(cfb_state_3des); 4574 break; 4575 default: 4576 return 0; 4577 } 4578 4579 if (!TEST_ptr(type) 4580 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4581 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4582 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4583 (int)sizeof(msg))) 4584 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4585 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4586 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4587 goto err; 4588 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4589 4590 if (!TEST_int_gt(ivlen, 0)) 4591 goto err; 4592 4593 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4594 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4595 goto err; 4596 4597 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4598 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4599 goto err; 4600 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4601 goto err; 4602 4603 ret = 1; 4604 err: 4605 EVP_CIPHER_CTX_free(ctx); 4606 EVP_CIPHER_free(type); 4607 return ret; 4608 } 4609 #endif 4610 4611 #ifndef OPENSSL_NO_BF 4612 static int test_evp_bf_default_keylen(int idx) 4613 { 4614 int ret = 0; 4615 static const char *algos[4] = { 4616 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 4617 }; 4618 int ivlen[4] = { 0, 8, 8, 8 }; 4619 EVP_CIPHER *cipher = NULL; 4620 4621 if (lgcyprov == NULL) 4622 return TEST_skip("Test requires legacy provider to be loaded"); 4623 4624 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 4625 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 4626 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 4627 goto err; 4628 4629 ret = 1; 4630 err: 4631 EVP_CIPHER_free(cipher); 4632 return ret; 4633 } 4634 #endif 4635 4636 #ifndef OPENSSL_NO_EC 4637 static int ecpub_nids[] = { 4638 NID_brainpoolP256r1, NID_X9_62_prime256v1, 4639 NID_secp384r1, NID_secp521r1, 4640 # ifndef OPENSSL_NO_EC2M 4641 NID_sect233k1, NID_sect233r1, NID_sect283r1, 4642 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 4643 # endif 4644 NID_brainpoolP384r1, NID_brainpoolP512r1 4645 }; 4646 4647 static int test_ecpub(int idx) 4648 { 4649 int ret = 0, len, savelen; 4650 int nid; 4651 unsigned char buf[1024]; 4652 unsigned char *p; 4653 EVP_PKEY *pkey = NULL; 4654 EVP_PKEY_CTX *ctx = NULL; 4655 # ifndef OPENSSL_NO_DEPRECATED_3_0 4656 const unsigned char *q; 4657 EVP_PKEY *pkey2 = NULL; 4658 EC_KEY *ec = NULL; 4659 # endif 4660 4661 if (nullprov != NULL) 4662 return TEST_skip("Test does not support a non-default library context"); 4663 4664 nid = ecpub_nids[idx]; 4665 4666 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 4667 if (!TEST_ptr(ctx) 4668 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4669 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 4670 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 4671 goto done; 4672 len = i2d_PublicKey(pkey, NULL); 4673 savelen = len; 4674 if (!TEST_int_ge(len, 1) 4675 || !TEST_int_lt(len, 1024)) 4676 goto done; 4677 p = buf; 4678 len = i2d_PublicKey(pkey, &p); 4679 if (!TEST_int_ge(len, 1) 4680 || !TEST_int_eq(len, savelen)) 4681 goto done; 4682 4683 # ifndef OPENSSL_NO_DEPRECATED_3_0 4684 /* Now try to decode the just-created DER. */ 4685 q = buf; 4686 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 4687 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 4688 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 4689 goto done; 4690 /* EC_KEY ownership transferred */ 4691 ec = NULL; 4692 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 4693 goto done; 4694 /* The keys should match. */ 4695 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 4696 goto done; 4697 # endif 4698 4699 ret = 1; 4700 4701 done: 4702 EVP_PKEY_CTX_free(ctx); 4703 EVP_PKEY_free(pkey); 4704 # ifndef OPENSSL_NO_DEPRECATED_3_0 4705 EVP_PKEY_free(pkey2); 4706 EC_KEY_free(ec); 4707 # endif 4708 return ret; 4709 } 4710 #endif 4711 4712 static int test_EVP_rsa_pss_with_keygen_bits(void) 4713 { 4714 int ret = 0; 4715 EVP_PKEY_CTX *ctx = NULL; 4716 EVP_PKEY *pkey = NULL; 4717 EVP_MD *md; 4718 4719 md = EVP_MD_fetch(testctx, "sha256", testpropq); 4720 ret = TEST_ptr(md) 4721 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 4722 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4723 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 4724 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 4725 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 4726 4727 EVP_MD_free(md); 4728 EVP_PKEY_free(pkey); 4729 EVP_PKEY_CTX_free(ctx); 4730 return ret; 4731 } 4732 4733 static int test_EVP_rsa_pss_set_saltlen(void) 4734 { 4735 int ret = 0; 4736 EVP_PKEY *pkey = NULL; 4737 EVP_PKEY_CTX *pkey_ctx = NULL; 4738 EVP_MD *sha256 = NULL; 4739 EVP_MD_CTX *sha256_ctx = NULL; 4740 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 4741 const int test_value = 32; 4742 4743 ret = TEST_ptr(pkey = load_example_rsa_key()) 4744 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 4745 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 4746 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 4747 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 4748 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 4749 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 4750 && TEST_int_eq(saltlen, test_value); 4751 4752 EVP_MD_CTX_free(sha256_ctx); 4753 EVP_PKEY_free(pkey); 4754 EVP_MD_free(sha256); 4755 4756 return ret; 4757 } 4758 4759 static int test_EVP_rsa_invalid_key(void) 4760 { 4761 int ret = 0; 4762 EVP_PKEY *pkey = NULL; 4763 4764 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); 4765 /* we expect to fail to load bogus key */ 4766 ret = !TEST_ptr(pkey); 4767 EVP_PKEY_free(pkey); 4768 4769 return ret; 4770 } 4771 4772 static int success = 1; 4773 static void md_names(const char *name, void *vctx) 4774 { 4775 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 4776 /* Force a namemap update */ 4777 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 4778 4779 if (!TEST_ptr(aes128)) 4780 success = 0; 4781 4782 EVP_CIPHER_free(aes128); 4783 } 4784 4785 /* 4786 * Test that changing the namemap in a user callback works in a names_do_all 4787 * function. 4788 */ 4789 static int test_names_do_all(void) 4790 { 4791 /* We use a custom libctx so that we know the state of the namemap */ 4792 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 4793 EVP_MD *sha256 = NULL; 4794 int testresult = 0; 4795 4796 if (!TEST_ptr(ctx)) 4797 goto err; 4798 4799 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 4800 if (!TEST_ptr(sha256)) 4801 goto err; 4802 4803 /* 4804 * We loop through all the names for a given digest. This should still work 4805 * even if the namemap changes part way through. 4806 */ 4807 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 4808 goto err; 4809 4810 if (!TEST_true(success)) 4811 goto err; 4812 4813 testresult = 1; 4814 err: 4815 EVP_MD_free(sha256); 4816 OSSL_LIB_CTX_free(ctx); 4817 return testresult; 4818 } 4819 4820 typedef struct { 4821 const char *cipher; 4822 const unsigned char *key; 4823 const unsigned char *iv; 4824 const unsigned char *input; 4825 const unsigned char *expected; 4826 const unsigned char *tag; 4827 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 4828 size_t inlen; 4829 size_t expectedlen; 4830 size_t taglen; 4831 int keyfirst; 4832 int initenc; 4833 int finalenc; 4834 } EVP_INIT_TEST_st; 4835 4836 static const EVP_INIT_TEST_st evp_init_tests[] = { 4837 { 4838 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4839 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4840 0, 1, 0, 1 4841 }, 4842 { 4843 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4844 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4845 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4846 sizeof(gcmDefaultTag), 1, 0, 1 4847 }, 4848 { 4849 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4850 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4851 0, 0, 0, 1 4852 }, 4853 { 4854 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4855 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4856 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4857 sizeof(gcmDefaultTag), 0, 0, 1 4858 }, 4859 { 4860 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4861 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4862 0, 1, 1, 0 4863 }, 4864 { 4865 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4866 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4867 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4868 sizeof(gcmDefaultTag), 1, 1, 0 4869 }, 4870 { 4871 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4872 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4873 0, 0, 1, 0 4874 }, 4875 { 4876 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4877 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4878 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4879 sizeof(gcmDefaultTag), 0, 1, 0 4880 } 4881 }; 4882 4883 /* use same key, iv and plaintext for cfb and ofb */ 4884 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 4885 { 4886 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4887 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4888 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 4889 }, 4890 { 4891 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 4892 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 4893 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 4894 }, 4895 { 4896 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4897 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4898 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 4899 }, 4900 { 4901 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 4902 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 4903 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 4904 }, 4905 }; 4906 4907 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 4908 { 4909 int res = 0; 4910 4911 if (t->ivlen != 0) { 4912 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 4913 goto err; 4914 } 4915 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 4916 goto err; 4917 res = 1; 4918 err: 4919 return res; 4920 } 4921 4922 /* 4923 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 4924 * arguments are given one at a time and a final adjustment to the enc 4925 * parameter sets the correct operation. 4926 */ 4927 static int test_evp_init_seq(int idx) 4928 { 4929 int outlen1, outlen2; 4930 int testresult = 0; 4931 unsigned char outbuf[1024]; 4932 unsigned char tag[16]; 4933 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 4934 EVP_CIPHER_CTX *ctx = NULL; 4935 EVP_CIPHER *type = NULL; 4936 size_t taglen = sizeof(tag); 4937 char *errmsg = NULL; 4938 4939 ctx = EVP_CIPHER_CTX_new(); 4940 if (ctx == NULL) { 4941 errmsg = "CTX_ALLOC"; 4942 goto err; 4943 } 4944 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 4945 errmsg = "CIPHER_FETCH"; 4946 goto err; 4947 } 4948 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 4949 errmsg = "EMPTY_ENC_INIT"; 4950 goto err; 4951 } 4952 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4953 errmsg = "PADDING"; 4954 goto err; 4955 } 4956 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4957 errmsg = "KEY_INIT (before iv)"; 4958 goto err; 4959 } 4960 if (!evp_init_seq_set_iv(ctx, t)) { 4961 errmsg = "IV_INIT"; 4962 goto err; 4963 } 4964 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4965 errmsg = "KEY_INIT (after iv)"; 4966 goto err; 4967 } 4968 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 4969 errmsg = "FINAL_ENC_INIT"; 4970 goto err; 4971 } 4972 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4973 errmsg = "CIPHER_UPDATE"; 4974 goto err; 4975 } 4976 if (t->finalenc == 0 && t->tag != NULL) { 4977 /* Set expected tag */ 4978 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 4979 t->taglen, (void *)t->tag), 0)) { 4980 errmsg = "SET_TAG"; 4981 goto err; 4982 } 4983 } 4984 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4985 errmsg = "CIPHER_FINAL"; 4986 goto err; 4987 } 4988 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4989 errmsg = "WRONG_RESULT"; 4990 goto err; 4991 } 4992 if (t->finalenc != 0 && t->tag != NULL) { 4993 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4994 errmsg = "GET_TAG"; 4995 goto err; 4996 } 4997 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 4998 errmsg = "TAG_ERROR"; 4999 goto err; 5000 } 5001 } 5002 testresult = 1; 5003 err: 5004 if (errmsg != NULL) 5005 TEST_info("evp_init_test %d: %s", idx, errmsg); 5006 EVP_CIPHER_CTX_free(ctx); 5007 EVP_CIPHER_free(type); 5008 return testresult; 5009 } 5010 5011 /* 5012 * Test re-initialization of cipher context without changing key or iv. 5013 * The result of both iteration should be the same. 5014 */ 5015 static int test_evp_reinit_seq(int idx) 5016 { 5017 int outlen1, outlen2, outlen_final; 5018 int testresult = 0; 5019 unsigned char outbuf1[1024]; 5020 unsigned char outbuf2[1024]; 5021 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 5022 EVP_CIPHER_CTX *ctx = NULL; 5023 EVP_CIPHER *type = NULL; 5024 5025 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5026 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 5027 /* setup cipher context */ 5028 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 5029 /* first iteration */ 5030 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 5031 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 5032 /* check test results iteration 1 */ 5033 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 5034 /* now re-init the context (same cipher, key and iv) */ 5035 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 5036 /* second iteration */ 5037 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 5038 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 5039 /* check test results iteration 2 */ 5040 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 5041 goto err; 5042 testresult = 1; 5043 err: 5044 EVP_CIPHER_CTX_free(ctx); 5045 EVP_CIPHER_free(type); 5046 return testresult; 5047 } 5048 5049 typedef struct { 5050 const unsigned char *input; 5051 const unsigned char *expected; 5052 size_t inlen; 5053 size_t expectedlen; 5054 int enc; 5055 } EVP_RESET_TEST_st; 5056 5057 static const EVP_RESET_TEST_st evp_reset_tests[] = { 5058 { 5059 cfbPlaintext, cfbCiphertext, 5060 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 5061 }, 5062 { 5063 cfbCiphertext, cfbPlaintext, 5064 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 5065 } 5066 }; 5067 5068 /* 5069 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 5070 * been used. 5071 */ 5072 static int test_evp_reset(int idx) 5073 { 5074 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 5075 int outlen1, outlen2; 5076 int testresult = 0; 5077 unsigned char outbuf[1024]; 5078 EVP_CIPHER_CTX *ctx = NULL; 5079 EVP_CIPHER *type = NULL; 5080 char *errmsg = NULL; 5081 5082 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5083 errmsg = "CTX_ALLOC"; 5084 goto err; 5085 } 5086 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 5087 errmsg = "CIPHER_FETCH"; 5088 goto err; 5089 } 5090 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5091 errmsg = "CIPHER_INIT"; 5092 goto err; 5093 } 5094 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5095 errmsg = "PADDING"; 5096 goto err; 5097 } 5098 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5099 errmsg = "CIPHER_UPDATE"; 5100 goto err; 5101 } 5102 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5103 errmsg = "CIPHER_FINAL"; 5104 goto err; 5105 } 5106 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5107 errmsg = "WRONG_RESULT"; 5108 goto err; 5109 } 5110 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 5111 errmsg = "CIPHER_REINIT"; 5112 goto err; 5113 } 5114 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5115 errmsg = "CIPHER_UPDATE (reinit)"; 5116 goto err; 5117 } 5118 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5119 errmsg = "CIPHER_FINAL (reinit)"; 5120 goto err; 5121 } 5122 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5123 errmsg = "WRONG_RESULT (reinit)"; 5124 goto err; 5125 } 5126 testresult = 1; 5127 err: 5128 if (errmsg != NULL) 5129 TEST_info("test_evp_reset %d: %s", idx, errmsg); 5130 EVP_CIPHER_CTX_free(ctx); 5131 EVP_CIPHER_free(type); 5132 return testresult; 5133 } 5134 5135 typedef struct { 5136 const char *cipher; 5137 int enc; 5138 } EVP_UPDATED_IV_TEST_st; 5139 5140 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 5141 { 5142 "aes-128-cfb", 1 5143 }, 5144 { 5145 "aes-128-cfb", 0 5146 }, 5147 { 5148 "aes-128-cfb1", 1 5149 }, 5150 { 5151 "aes-128-cfb1", 0 5152 }, 5153 { 5154 "aes-128-cfb8", 1 5155 }, 5156 { 5157 "aes-128-cfb8", 0 5158 }, 5159 { 5160 "aes-128-ofb", 1 5161 }, 5162 { 5163 "aes-128-ofb", 0 5164 }, 5165 { 5166 "aes-128-ctr", 1 5167 }, 5168 { 5169 "aes-128-ctr", 0 5170 }, 5171 { 5172 "aes-128-cbc", 1 5173 }, 5174 { 5175 "aes-128-cbc", 0 5176 } 5177 }; 5178 5179 /* 5180 * Test that the IV in the context is updated during a crypto operation for CFB 5181 * and OFB. 5182 */ 5183 static int test_evp_updated_iv(int idx) 5184 { 5185 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 5186 int outlen1, outlen2; 5187 int testresult = 0; 5188 unsigned char outbuf[1024]; 5189 EVP_CIPHER_CTX *ctx = NULL; 5190 EVP_CIPHER *type = NULL; 5191 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 5192 int iv_len; 5193 char *errmsg = NULL; 5194 5195 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5196 errmsg = "CTX_ALLOC"; 5197 goto err; 5198 } 5199 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 5200 TEST_info("cipher %s not supported, skipping", t->cipher); 5201 goto ok; 5202 } 5203 5204 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5205 errmsg = "CIPHER_INIT"; 5206 goto err; 5207 } 5208 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5209 errmsg = "PADDING"; 5210 goto err; 5211 } 5212 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 5213 errmsg = "CIPHER_UPDATE"; 5214 goto err; 5215 } 5216 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 5217 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 5218 goto err; 5219 } 5220 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); 5221 if (!TEST_int_ge(iv_len,0)) { 5222 errmsg = "CIPHER_CTX_GET_IV_LEN"; 5223 goto err; 5224 } 5225 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 5226 errmsg = "IV_NOT_UPDATED"; 5227 goto err; 5228 } 5229 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5230 errmsg = "CIPHER_FINAL"; 5231 goto err; 5232 } 5233 ok: 5234 testresult = 1; 5235 err: 5236 if (errmsg != NULL) 5237 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 5238 EVP_CIPHER_CTX_free(ctx); 5239 EVP_CIPHER_free(type); 5240 return testresult; 5241 } 5242 5243 typedef struct { 5244 const unsigned char *iv1; 5245 const unsigned char *iv2; 5246 const unsigned char *expected1; 5247 const unsigned char *expected2; 5248 const unsigned char *tag1; 5249 const unsigned char *tag2; 5250 size_t ivlen1; 5251 size_t ivlen2; 5252 size_t expectedlen1; 5253 size_t expectedlen2; 5254 } TEST_GCM_IV_REINIT_st; 5255 5256 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 5257 { 5258 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 5259 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 5260 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 5261 }, 5262 { 5263 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 5264 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 5265 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 5266 } 5267 }; 5268 5269 static int test_gcm_reinit(int idx) 5270 { 5271 int outlen1, outlen2, outlen3; 5272 int testresult = 0; 5273 unsigned char outbuf[1024]; 5274 unsigned char tag[16]; 5275 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 5276 EVP_CIPHER_CTX *ctx = NULL; 5277 EVP_CIPHER *type = NULL; 5278 size_t taglen = sizeof(tag); 5279 char *errmsg = NULL; 5280 5281 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5282 errmsg = "CTX_ALLOC"; 5283 goto err; 5284 } 5285 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 5286 errmsg = "CIPHER_FETCH"; 5287 goto err; 5288 } 5289 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 5290 errmsg = "ENC_INIT"; 5291 goto err; 5292 } 5293 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 5294 errmsg = "SET_IVLEN1"; 5295 goto err; 5296 } 5297 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 5298 errmsg = "SET_IV1"; 5299 goto err; 5300 } 5301 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5302 errmsg = "AAD1"; 5303 goto err; 5304 } 5305 EVP_CIPHER_CTX_set_padding(ctx, 0); 5306 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5307 sizeof(gcmResetPlaintext)))) { 5308 errmsg = "CIPHER_UPDATE1"; 5309 goto err; 5310 } 5311 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5312 errmsg = "CIPHER_FINAL1"; 5313 goto err; 5314 } 5315 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 5316 errmsg = "WRONG_RESULT1"; 5317 goto err; 5318 } 5319 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5320 errmsg = "GET_TAG1"; 5321 goto err; 5322 } 5323 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 5324 errmsg = "TAG_ERROR1"; 5325 goto err; 5326 } 5327 /* Now reinit */ 5328 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 5329 errmsg = "SET_IVLEN2"; 5330 goto err; 5331 } 5332 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 5333 errmsg = "SET_IV2"; 5334 goto err; 5335 } 5336 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5337 errmsg = "AAD2"; 5338 goto err; 5339 } 5340 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5341 sizeof(gcmResetPlaintext)))) { 5342 errmsg = "CIPHER_UPDATE2"; 5343 goto err; 5344 } 5345 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5346 errmsg = "CIPHER_FINAL2"; 5347 goto err; 5348 } 5349 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 5350 errmsg = "WRONG_RESULT2"; 5351 goto err; 5352 } 5353 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5354 errmsg = "GET_TAG2"; 5355 goto err; 5356 } 5357 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 5358 errmsg = "TAG_ERROR2"; 5359 goto err; 5360 } 5361 testresult = 1; 5362 err: 5363 if (errmsg != NULL) 5364 TEST_info("evp_init_test %d: %s", idx, errmsg); 5365 EVP_CIPHER_CTX_free(ctx); 5366 EVP_CIPHER_free(type); 5367 return testresult; 5368 } 5369 5370 static const char *ivlen_change_ciphers[] = { 5371 "AES-256-GCM", 5372 #ifndef OPENSSL_NO_OCB 5373 "AES-256-OCB", 5374 #endif 5375 "AES-256-CCM" 5376 }; 5377 5378 /* Negative test for ivlen change after iv being set */ 5379 static int test_ivlen_change(int idx) 5380 { 5381 int outlen; 5382 int res = 0; 5383 unsigned char outbuf[1024]; 5384 static const unsigned char iv[] = { 5385 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5386 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5387 }; 5388 EVP_CIPHER_CTX *ctx = NULL; 5389 EVP_CIPHER *ciph = NULL; 5390 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5391 size_t ivlen = 13; /* non-default IV length */ 5392 5393 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5394 goto err; 5395 5396 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 5397 testpropq))) 5398 goto err; 5399 5400 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 5401 goto err; 5402 5403 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5404 sizeof(gcmDefaultPlaintext)))) 5405 goto err; 5406 5407 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5408 &ivlen); 5409 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5410 goto err; 5411 5412 ERR_set_mark(); 5413 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5414 sizeof(gcmDefaultPlaintext)))) { 5415 ERR_clear_last_mark(); 5416 goto err; 5417 } 5418 ERR_pop_to_mark(); 5419 5420 res = 1; 5421 err: 5422 EVP_CIPHER_CTX_free(ctx); 5423 EVP_CIPHER_free(ciph); 5424 return res; 5425 } 5426 5427 static const char *keylen_change_ciphers[] = { 5428 #ifndef OPENSSL_NO_BF 5429 "BF-ECB", 5430 #endif 5431 #ifndef OPENSSL_NO_CAST 5432 "CAST5-ECB", 5433 #endif 5434 #ifndef OPENSSL_NO_RC2 5435 "RC2-ECB", 5436 #endif 5437 #ifndef OPENSSL_NO_RC4 5438 "RC4", 5439 #endif 5440 #ifndef OPENSSL_NO_RC5 5441 "RC5-ECB", 5442 #endif 5443 NULL 5444 }; 5445 5446 /* Negative test for keylen change after key was set */ 5447 static int test_keylen_change(int idx) 5448 { 5449 int outlen; 5450 int res = 0; 5451 unsigned char outbuf[1024]; 5452 static const unsigned char key[] = { 5453 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5454 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5455 }; 5456 EVP_CIPHER_CTX *ctx = NULL; 5457 EVP_CIPHER *ciph = NULL; 5458 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5459 size_t keylen = 12; /* non-default key length */ 5460 5461 if (lgcyprov == NULL) 5462 return TEST_skip("Test requires legacy provider to be loaded"); 5463 5464 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5465 goto err; 5466 5467 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 5468 testpropq))) 5469 goto err; 5470 5471 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 5472 goto err; 5473 5474 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5475 sizeof(gcmDefaultPlaintext)))) 5476 goto err; 5477 5478 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5479 &keylen); 5480 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5481 goto err; 5482 5483 ERR_set_mark(); 5484 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5485 sizeof(gcmDefaultPlaintext)))) { 5486 ERR_clear_last_mark(); 5487 goto err; 5488 } 5489 ERR_pop_to_mark(); 5490 5491 res = 1; 5492 err: 5493 EVP_CIPHER_CTX_free(ctx); 5494 EVP_CIPHER_free(ciph); 5495 return res; 5496 } 5497 5498 #ifndef OPENSSL_NO_DEPRECATED_3_0 5499 static EVP_PKEY_METHOD *custom_pmeth = NULL; 5500 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 5501 5502 # define EVP_PKEY_CTRL_MY_COMMAND 9999 5503 5504 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 5505 { 5506 int (*pinit)(EVP_PKEY_CTX *ctx); 5507 5508 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 5509 return pinit(ctx); 5510 } 5511 5512 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 5513 { 5514 void (*pcleanup)(EVP_PKEY_CTX *ctx); 5515 5516 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 5517 pcleanup(ctx); 5518 } 5519 5520 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 5521 size_t *outlen, const unsigned char *in, 5522 size_t inlen) 5523 { 5524 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 5525 const unsigned char *tbs, size_t tbslen); 5526 5527 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 5528 return psign(ctx, out, outlen, in, inlen); 5529 } 5530 5531 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 5532 size_t *siglen, const unsigned char *tbs, 5533 size_t tbslen) 5534 { 5535 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 5536 const unsigned char *tbs, size_t tbslen); 5537 5538 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 5539 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 5540 } 5541 5542 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 5543 size_t *keylen) 5544 { 5545 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 5546 5547 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 5548 return pderive(ctx, key, keylen); 5549 } 5550 5551 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 5552 { 5553 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 5554 5555 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 5556 return pcopy(dst, src); 5557 } 5558 5559 static int ctrl_called; 5560 5561 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 5562 { 5563 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 5564 5565 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 5566 5567 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 5568 ctrl_called = 1; 5569 return 1; 5570 } 5571 5572 return pctrl(ctx, type, p1, p2); 5573 } 5574 5575 static int test_custom_pmeth(int idx) 5576 { 5577 EVP_PKEY_CTX *pctx = NULL; 5578 EVP_MD_CTX *ctx = NULL; 5579 EVP_PKEY *pkey = NULL; 5580 int id, orig_id, orig_flags; 5581 int testresult = 0; 5582 size_t reslen; 5583 unsigned char *res = NULL; 5584 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 5585 const EVP_MD *md = EVP_sha256(); 5586 int doderive = 0; 5587 5588 ctrl_called = 0; 5589 5590 /* We call deprecated APIs so this test doesn't support a custom libctx */ 5591 if (testctx != NULL) 5592 return 1; 5593 5594 switch (idx) { 5595 case 0: 5596 case 6: 5597 id = EVP_PKEY_RSA; 5598 pkey = load_example_rsa_key(); 5599 break; 5600 case 1: 5601 case 7: 5602 # ifndef OPENSSL_NO_DSA 5603 id = EVP_PKEY_DSA; 5604 pkey = load_example_dsa_key(); 5605 break; 5606 # else 5607 return 1; 5608 # endif 5609 case 2: 5610 case 8: 5611 # ifndef OPENSSL_NO_EC 5612 id = EVP_PKEY_EC; 5613 pkey = load_example_ec_key(); 5614 break; 5615 # else 5616 return 1; 5617 # endif 5618 case 3: 5619 case 9: 5620 # ifndef OPENSSL_NO_ECX 5621 id = EVP_PKEY_ED25519; 5622 md = NULL; 5623 pkey = load_example_ed25519_key(); 5624 break; 5625 # else 5626 return 1; 5627 # endif 5628 case 4: 5629 case 10: 5630 # ifndef OPENSSL_NO_DH 5631 id = EVP_PKEY_DH; 5632 doderive = 1; 5633 pkey = load_example_dh_key(); 5634 break; 5635 # else 5636 return 1; 5637 # endif 5638 case 5: 5639 case 11: 5640 # ifndef OPENSSL_NO_ECX 5641 id = EVP_PKEY_X25519; 5642 doderive = 1; 5643 pkey = load_example_x25519_key(); 5644 break; 5645 # else 5646 return 1; 5647 # endif 5648 default: 5649 TEST_error("Should not happen"); 5650 goto err; 5651 } 5652 5653 if (!TEST_ptr(pkey)) 5654 goto err; 5655 5656 if (idx < 6) { 5657 if (!TEST_true(evp_pkey_is_provided(pkey))) 5658 goto err; 5659 } else { 5660 EVP_PKEY *tmp = pkey; 5661 5662 /* Convert to a legacy key */ 5663 pkey = EVP_PKEY_new(); 5664 if (!TEST_ptr(pkey)) { 5665 pkey = tmp; 5666 goto err; 5667 } 5668 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 5669 EVP_PKEY_free(tmp); 5670 goto err; 5671 } 5672 EVP_PKEY_free(tmp); 5673 if (!TEST_true(evp_pkey_is_legacy(pkey))) 5674 goto err; 5675 } 5676 5677 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 5678 || !TEST_ptr(pkey)) 5679 goto err; 5680 5681 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 5682 if (!TEST_int_eq(orig_id, id) 5683 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 5684 goto err; 5685 5686 if (id == EVP_PKEY_ED25519) { 5687 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 5688 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 5689 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 5690 } else { 5691 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 5692 } 5693 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 5694 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 5695 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 5696 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 5697 } 5698 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 5699 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 5700 goto err; 5701 5702 if (doderive) { 5703 pctx = EVP_PKEY_CTX_new(pkey, NULL); 5704 if (!TEST_ptr(pctx) 5705 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 5706 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5707 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5708 1) 5709 || !TEST_int_eq(ctrl_called, 1) 5710 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 5711 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 5712 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 5713 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 5714 goto err; 5715 } else { 5716 ctx = EVP_MD_CTX_new(); 5717 reslen = EVP_PKEY_size(pkey); 5718 res = OPENSSL_malloc(reslen); 5719 if (!TEST_ptr(ctx) 5720 || !TEST_ptr(res) 5721 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 5722 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5723 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5724 1) 5725 || !TEST_int_eq(ctrl_called, 1)) 5726 goto err; 5727 5728 if (id == EVP_PKEY_ED25519) { 5729 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 5730 goto err; 5731 } else { 5732 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 5733 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 5734 goto err; 5735 } 5736 } 5737 5738 testresult = 1; 5739 err: 5740 OPENSSL_free(res); 5741 EVP_MD_CTX_free(ctx); 5742 if (doderive) 5743 EVP_PKEY_CTX_free(pctx); 5744 EVP_PKEY_free(pkey); 5745 EVP_PKEY_meth_remove(custom_pmeth); 5746 EVP_PKEY_meth_free(custom_pmeth); 5747 custom_pmeth = NULL; 5748 return testresult; 5749 } 5750 5751 static int test_evp_md_cipher_meth(void) 5752 { 5753 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 5754 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 5755 int testresult = 0; 5756 5757 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 5758 goto err; 5759 5760 testresult = 1; 5761 5762 err: 5763 EVP_MD_meth_free(md); 5764 EVP_CIPHER_meth_free(ciph); 5765 5766 return testresult; 5767 } 5768 5769 typedef struct { 5770 int data; 5771 } custom_dgst_ctx; 5772 5773 static int custom_md_init_called = 0; 5774 static int custom_md_cleanup_called = 0; 5775 5776 static int custom_md_init(EVP_MD_CTX *ctx) 5777 { 5778 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5779 5780 if (p == NULL) 5781 return 0; 5782 5783 custom_md_init_called++; 5784 return 1; 5785 } 5786 5787 static int custom_md_cleanup(EVP_MD_CTX *ctx) 5788 { 5789 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5790 5791 if (p == NULL) 5792 /* Nothing to do */ 5793 return 1; 5794 5795 custom_md_cleanup_called++; 5796 return 1; 5797 } 5798 5799 static int test_custom_md_meth(void) 5800 { 5801 ASN1_OBJECT *o = NULL; 5802 EVP_MD_CTX *mdctx = NULL; 5803 EVP_MD *tmp = NULL; 5804 char mess[] = "Test Message\n"; 5805 unsigned char md_value[EVP_MAX_MD_SIZE]; 5806 unsigned int md_len; 5807 int testresult = 0; 5808 int nid; 5809 5810 /* 5811 * We are testing deprecated functions. We don't support a non-default 5812 * library context in this test. 5813 */ 5814 if (testctx != NULL) 5815 return TEST_skip("Non-default libctx"); 5816 5817 custom_md_init_called = custom_md_cleanup_called = 0; 5818 5819 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 5820 if (!TEST_int_ne(nid, NID_undef)) 5821 goto err; 5822 tmp = EVP_MD_meth_new(nid, NID_undef); 5823 if (!TEST_ptr(tmp)) 5824 goto err; 5825 5826 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 5827 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 5828 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 5829 sizeof(custom_dgst_ctx)))) 5830 goto err; 5831 5832 mdctx = EVP_MD_CTX_new(); 5833 if (!TEST_ptr(mdctx) 5834 /* 5835 * Initing our custom md and then initing another md should 5836 * result in the init and cleanup functions of the custom md 5837 * being called. 5838 */ 5839 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 5840 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 5841 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 5842 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 5843 || !TEST_int_eq(custom_md_init_called, 1) 5844 || !TEST_int_eq(custom_md_cleanup_called, 1)) 5845 goto err; 5846 5847 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 5848 "custom-md", "custom-md"), NID_undef) 5849 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 5850 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 5851 goto err; 5852 5853 o = ASN1_OBJECT_create(nid, (unsigned char *) 5854 "\53\6\1\4\1\201\201\134\274\373\122\1", 12, 5855 "custom-md", "custom-md"); 5856 if (!TEST_int_eq(OBJ_add_object(o), nid)) 5857 goto err; 5858 5859 testresult = 1; 5860 err: 5861 ASN1_OBJECT_free(o); 5862 EVP_MD_CTX_free(mdctx); 5863 EVP_MD_meth_free(tmp); 5864 return testresult; 5865 } 5866 5867 typedef struct { 5868 int data; 5869 } custom_ciph_ctx; 5870 5871 static int custom_ciph_init_called = 0; 5872 static int custom_ciph_cleanup_called = 0; 5873 5874 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 5875 const unsigned char *iv, int enc) 5876 { 5877 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5878 5879 if (p == NULL) 5880 return 0; 5881 5882 custom_ciph_init_called++; 5883 return 1; 5884 } 5885 5886 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 5887 { 5888 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5889 5890 if (p == NULL) 5891 /* Nothing to do */ 5892 return 1; 5893 5894 custom_ciph_cleanup_called++; 5895 return 1; 5896 } 5897 5898 static int test_custom_ciph_meth(void) 5899 { 5900 EVP_CIPHER_CTX *ciphctx = NULL; 5901 EVP_CIPHER *tmp = NULL; 5902 int testresult = 0; 5903 int nid; 5904 5905 /* 5906 * We are testing deprecated functions. We don't support a non-default 5907 * library context in this test. 5908 */ 5909 if (testctx != NULL) 5910 return TEST_skip("Non-default libctx"); 5911 5912 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 5913 5914 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 5915 if (!TEST_int_ne(nid, NID_undef)) 5916 goto err; 5917 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 5918 if (!TEST_ptr(tmp)) 5919 goto err; 5920 5921 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 5922 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 5923 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 5924 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 5925 sizeof(custom_ciph_ctx)))) 5926 goto err; 5927 5928 ciphctx = EVP_CIPHER_CTX_new(); 5929 if (!TEST_ptr(ciphctx) 5930 /* 5931 * Initing our custom cipher and then initing another cipher 5932 * should result in the init and cleanup functions of the custom 5933 * cipher being called. 5934 */ 5935 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 5936 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 5937 NULL, NULL, 1)) 5938 || !TEST_int_eq(custom_ciph_init_called, 1) 5939 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 5940 goto err; 5941 5942 testresult = 1; 5943 err: 5944 EVP_CIPHER_CTX_free(ciphctx); 5945 EVP_CIPHER_meth_free(tmp); 5946 return testresult; 5947 } 5948 5949 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 5950 /* Test we can create a signature keys with an associated ENGINE */ 5951 static int test_signatures_with_engine(int tst) 5952 { 5953 ENGINE *e; 5954 const char *engine_id = "dasync"; 5955 EVP_PKEY *pkey = NULL; 5956 const unsigned char badcmackey[] = { 0x00, 0x01 }; 5957 const unsigned char cmackey[] = { 5958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5959 0x0c, 0x0d, 0x0e, 0x0f 5960 }; 5961 const unsigned char ed25519key[] = { 5962 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5963 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5964 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 5965 }; 5966 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5967 int testresult = 0; 5968 EVP_MD_CTX *ctx = NULL; 5969 unsigned char *mac = NULL; 5970 size_t maclen = 0; 5971 int ret; 5972 5973 # ifdef OPENSSL_NO_CMAC 5974 /* Skip CMAC tests in a no-cmac build */ 5975 if (tst <= 1) 5976 return 1; 5977 # endif 5978 # ifdef OPENSSL_NO_ECX 5979 /* Skip ECX tests in a no-ecx build */ 5980 if (tst == 2) 5981 return 1; 5982 # endif 5983 5984 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 5985 return 0; 5986 5987 if (!TEST_true(ENGINE_init(e))) { 5988 ENGINE_free(e); 5989 return 0; 5990 } 5991 5992 switch (tst) { 5993 case 0: 5994 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 5995 EVP_aes_128_cbc()); 5996 break; 5997 case 1: 5998 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 5999 EVP_aes_128_cbc()); 6000 break; 6001 case 2: 6002 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 6003 sizeof(ed25519key)); 6004 break; 6005 default: 6006 TEST_error("Invalid test case"); 6007 goto err; 6008 } 6009 if (!TEST_ptr(pkey)) 6010 goto err; 6011 6012 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6013 goto err; 6014 6015 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 6016 pkey); 6017 if (tst == 0) { 6018 if (!TEST_true(ret)) 6019 goto err; 6020 6021 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 6022 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 6023 goto err; 6024 6025 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6026 goto err; 6027 6028 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 6029 goto err; 6030 } else { 6031 /* We used a bad key. We expect a failure here */ 6032 if (!TEST_false(ret)) 6033 goto err; 6034 } 6035 6036 testresult = 1; 6037 err: 6038 EVP_MD_CTX_free(ctx); 6039 OPENSSL_free(mac); 6040 EVP_PKEY_free(pkey); 6041 ENGINE_finish(e); 6042 ENGINE_free(e); 6043 6044 return testresult; 6045 } 6046 6047 static int test_cipher_with_engine(void) 6048 { 6049 ENGINE *e; 6050 const char *engine_id = "dasync"; 6051 const unsigned char keyiv[] = { 6052 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6053 0x0c, 0x0d, 0x0e, 0x0f 6054 }; 6055 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6056 int testresult = 0; 6057 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 6058 unsigned char buf[AES_BLOCK_SIZE]; 6059 int len = 0; 6060 6061 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6062 return 0; 6063 6064 if (!TEST_true(ENGINE_init(e))) { 6065 ENGINE_free(e); 6066 return 0; 6067 } 6068 6069 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6070 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 6071 goto err; 6072 6073 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 6074 goto err; 6075 6076 /* Copy the ctx, and complete the operation with the new ctx */ 6077 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 6078 goto err; 6079 6080 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 6081 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 6082 goto err; 6083 6084 testresult = 1; 6085 err: 6086 EVP_CIPHER_CTX_free(ctx); 6087 EVP_CIPHER_CTX_free(ctx2); 6088 ENGINE_finish(e); 6089 ENGINE_free(e); 6090 6091 return testresult; 6092 } 6093 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 6094 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 6095 6096 #ifndef OPENSSL_NO_ECX 6097 static int ecxnids[] = { 6098 NID_X25519, 6099 NID_X448, 6100 NID_ED25519, 6101 NID_ED448 6102 }; 6103 6104 /* Test that creating ECX keys with a short private key fails as expected */ 6105 static int test_ecx_short_keys(int tst) 6106 { 6107 unsigned char ecxkeydata = 1; 6108 EVP_PKEY *pkey; 6109 6110 6111 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 6112 NULL, &ecxkeydata, 1); 6113 if (!TEST_ptr_null(pkey)) { 6114 EVP_PKEY_free(pkey); 6115 return 0; 6116 } 6117 6118 return 1; 6119 } 6120 #endif 6121 6122 typedef enum OPTION_choice { 6123 OPT_ERR = -1, 6124 OPT_EOF = 0, 6125 OPT_CONTEXT, 6126 OPT_CONFIG_FILE, 6127 OPT_TEST_ENUM 6128 } OPTION_CHOICE; 6129 6130 const OPTIONS *test_get_options(void) 6131 { 6132 static const OPTIONS options[] = { 6133 OPT_TEST_OPTIONS_DEFAULT_USAGE, 6134 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 6135 { "config", OPT_CONFIG_FILE, '<', 6136 "The configuration file to use for the libctx" }, 6137 { NULL } 6138 }; 6139 return options; 6140 } 6141 6142 #ifndef OPENSSL_NO_ECX 6143 /* Test that trying to sign with a public key errors out gracefully */ 6144 static int test_ecx_not_private_key(int tst) 6145 { 6146 EVP_PKEY *pkey = NULL; 6147 6148 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6149 int testresult = 0; 6150 EVP_MD_CTX *ctx = NULL; 6151 unsigned char *mac = NULL; 6152 size_t maclen = 0; 6153 const uint8_t *pubkey; 6154 size_t pubkeylen; 6155 6156 switch (keys[tst].type) { 6157 case NID_X25519: 6158 case NID_X448: 6159 case NID_undef: 6160 return TEST_skip("signing not supported for X25519/X448/ML-KEM"); 6161 } 6162 6163 /* Check if this algorithm supports public keys */ 6164 if (keys[tst].pub == NULL) 6165 return TEST_skip("no public key present"); 6166 6167 pubkey = keys[tst].pub; 6168 pubkeylen = keys[tst].publen; 6169 6170 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 6171 NULL, pubkey, pubkeylen); 6172 if (!TEST_ptr(pkey)) 6173 goto err; 6174 6175 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6176 goto err; 6177 6178 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 6179 goto check_err; 6180 6181 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 6182 goto check_err; 6183 6184 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6185 goto err; 6186 6187 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 6188 goto err; 6189 6190 check_err: 6191 /* 6192 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 6193 * but we relax the check to allow error also thrown by 6194 * EVP_DigestSignInit and EVP_DigestSign. 6195 */ 6196 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 6197 testresult = 1; 6198 ERR_clear_error(); 6199 } 6200 6201 err: 6202 EVP_MD_CTX_free(ctx); 6203 OPENSSL_free(mac); 6204 EVP_PKEY_free(pkey); 6205 6206 return testresult; 6207 } 6208 #endif /* OPENSSL_NO_ECX */ 6209 6210 static int test_sign_continuation(void) 6211 { 6212 OSSL_PROVIDER *fake_rsa = NULL; 6213 int testresult = 0; 6214 EVP_PKEY *pkey = NULL; 6215 EVP_PKEY_CTX *pctx = NULL; 6216 EVP_MD_CTX *mctx = NULL; 6217 const char sigbuf[] = "To Be Signed"; 6218 unsigned char signature[256]; 6219 size_t siglen = 256; 6220 static int nodupnum = 1; 6221 static const OSSL_PARAM nodup_params[] = { 6222 OSSL_PARAM_int("NO_DUP", &nodupnum), 6223 OSSL_PARAM_END 6224 }; 6225 6226 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) 6227 return 0; 6228 6229 /* Construct a pkey using precise propq to use our provider */ 6230 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", 6231 "provider=fake-rsa")) 6232 || !TEST_true(EVP_PKEY_fromdata_init(pctx)) 6233 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) 6234 || !TEST_ptr(pkey)) 6235 goto end; 6236 6237 /* First test it continues (classic behavior) */ 6238 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6239 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6240 NULL, pkey, NULL)) 6241 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6242 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6243 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6244 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) 6245 goto end; 6246 6247 EVP_MD_CTX_free(mctx); 6248 6249 /* try again but failing the continuation */ 6250 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6251 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6252 NULL, pkey, nodup_params)) 6253 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6254 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6255 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6256 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) 6257 goto end; 6258 6259 testresult = 1; 6260 6261 end: 6262 EVP_MD_CTX_free(mctx); 6263 EVP_PKEY_free(pkey); 6264 EVP_PKEY_CTX_free(pctx); 6265 fake_rsa_finish(fake_rsa); 6266 return testresult; 6267 } 6268 6269 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6270 const unsigned char *gcm_iv, size_t gcm_ivlen, 6271 const unsigned char *gcm_pt, size_t gcm_pt_s, 6272 const unsigned char *gcm_aad, size_t gcm_aad_s, 6273 const unsigned char *gcm_ct, size_t gcm_ct_s, 6274 const unsigned char *gcm_tag, size_t gcm_tag_s) 6275 { 6276 int ret = 0; 6277 EVP_CIPHER_CTX *ctx; 6278 EVP_CIPHER *cipher = NULL; 6279 int outlen, tmplen; 6280 unsigned char outbuf[1024]; 6281 unsigned char outtag[16]; 6282 OSSL_PARAM params[2] = { 6283 OSSL_PARAM_END, OSSL_PARAM_END 6284 }; 6285 6286 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6287 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 6288 goto err; 6289 6290 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6291 &gcm_ivlen); 6292 6293 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6294 || (gcm_aad != NULL 6295 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6296 gcm_aad, gcm_aad_s))) 6297 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6298 gcm_pt, gcm_pt_s)) 6299 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6300 goto err; 6301 6302 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6303 outtag, sizeof(outtag)); 6304 6305 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 6306 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 6307 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 6308 goto err; 6309 6310 ret = 1; 6311 err: 6312 EVP_CIPHER_free(cipher); 6313 EVP_CIPHER_CTX_free(ctx); 6314 6315 return ret; 6316 } 6317 6318 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6319 const unsigned char *gcm_iv, size_t gcm_ivlen, 6320 const unsigned char *gcm_pt, size_t gcm_pt_s, 6321 const unsigned char *gcm_aad, size_t gcm_aad_s, 6322 const unsigned char *gcm_ct, size_t gcm_ct_s, 6323 const unsigned char *gcm_tag, size_t gcm_tag_s) 6324 { 6325 int ret = 0; 6326 EVP_CIPHER_CTX *ctx; 6327 EVP_CIPHER *cipher = NULL; 6328 int outlen; 6329 unsigned char outbuf[1024]; 6330 OSSL_PARAM params[2] = { 6331 OSSL_PARAM_END, OSSL_PARAM_END 6332 }; 6333 6334 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6335 goto err; 6336 6337 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 6338 goto err; 6339 6340 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6341 &gcm_ivlen); 6342 6343 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6344 || (gcm_aad != NULL 6345 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 6346 gcm_aad, gcm_aad_s))) 6347 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6348 gcm_ct, gcm_ct_s)) 6349 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 6350 goto err; 6351 6352 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6353 (void*)gcm_tag, gcm_tag_s); 6354 6355 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6356 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 6357 goto err; 6358 6359 ret = 1; 6360 err: 6361 EVP_CIPHER_free(cipher); 6362 EVP_CIPHER_CTX_free(ctx); 6363 6364 return ret; 6365 } 6366 6367 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 6368 { 6369 /* AES-GCM test data obtained from NIST public test vectors */ 6370 static const unsigned char gcm_key[] = { 6371 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 6372 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 6373 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, 6374 }; 6375 static const unsigned char gcm_iv[] = { 6376 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 6377 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 6378 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 6379 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 6380 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 6381 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 6382 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 6383 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 6384 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 6385 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 6386 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, 6387 }; 6388 static const unsigned char gcm_pt[] = { 6389 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 6390 0x4f, 0xe3, 0x6f, 0x81, 6391 }; 6392 static const unsigned char gcm_ct[] = { 6393 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 6394 0xe2, 0xd0, 0xec, 0xed, 6395 }; 6396 static const unsigned char gcm_tag[] = { 6397 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 6398 0xdb, 0x99, 0x6c, 0x21, 6399 }; 6400 6401 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6402 gcm_pt, sizeof(gcm_pt), NULL, 0, 6403 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 6404 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6405 gcm_pt, sizeof(gcm_pt), NULL, 0, 6406 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 6407 } 6408 6409 #ifndef OPENSSL_NO_RC4 6410 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6411 const unsigned char *rc4_pt, size_t rc4_pt_s, 6412 const unsigned char *rc4_ct, size_t rc4_ct_s) 6413 { 6414 int ret = 0; 6415 EVP_CIPHER_CTX *ctx; 6416 EVP_CIPHER *cipher = NULL; 6417 int outlen, tmplen; 6418 unsigned char outbuf[1024]; 6419 OSSL_PARAM params[2] = { 6420 OSSL_PARAM_END, OSSL_PARAM_END 6421 }; 6422 6423 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6424 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 6425 goto err; 6426 6427 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6428 &rc4_key_s); 6429 6430 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6431 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6432 rc4_pt, rc4_pt_s)) 6433 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6434 goto err; 6435 6436 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 6437 goto err; 6438 6439 ret = 1; 6440 err: 6441 EVP_CIPHER_free(cipher); 6442 EVP_CIPHER_CTX_free(ctx); 6443 6444 return ret; 6445 } 6446 6447 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6448 const unsigned char *rc4_pt, size_t rc4_pt_s, 6449 const unsigned char *rc4_ct, size_t rc4_ct_s) 6450 { 6451 int ret = 0; 6452 EVP_CIPHER_CTX *ctx; 6453 EVP_CIPHER *cipher = NULL; 6454 int outlen; 6455 unsigned char outbuf[1024]; 6456 OSSL_PARAM params[2] = { 6457 OSSL_PARAM_END, OSSL_PARAM_END 6458 }; 6459 6460 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6461 goto err; 6462 6463 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 6464 goto err; 6465 6466 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6467 &rc4_key_s); 6468 6469 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6470 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6471 rc4_ct, rc4_ct_s)) 6472 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 6473 goto err; 6474 6475 ret = 1; 6476 err: 6477 EVP_CIPHER_free(cipher); 6478 EVP_CIPHER_CTX_free(ctx); 6479 6480 return ret; 6481 } 6482 6483 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 6484 { 6485 /* RC4 test data obtained from RFC 6229 */ 6486 static const struct { 6487 unsigned char key[5]; 6488 unsigned char padding[11]; 6489 } rc4_key = { 6490 { /* Five bytes of key material */ 6491 0x83, 0x32, 0x22, 0x77, 0x2a, 6492 }, 6493 { /* Random padding to 16 bytes */ 6494 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 6495 } 6496 }; 6497 static const unsigned char rc4_pt[] = { 6498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 6500 }; 6501 static const unsigned char rc4_ct[] = { 6502 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 6503 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 6504 }; 6505 6506 if (lgcyprov == NULL) 6507 return TEST_skip("Test requires legacy provider to be loaded"); 6508 6509 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 6510 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 6511 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 6512 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 6513 } 6514 #endif 6515 6516 static int test_invalid_ctx_for_digest(void) 6517 { 6518 int ret; 6519 EVP_MD_CTX *mdctx; 6520 6521 mdctx = EVP_MD_CTX_new(); 6522 if (!TEST_ptr(mdctx)) 6523 return 0; 6524 6525 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 6526 ret = 0; 6527 else 6528 ret = 1; 6529 6530 EVP_MD_CTX_free(mdctx); 6531 6532 return ret; 6533 } 6534 6535 static int test_evp_cipher_pipeline(void) 6536 { 6537 OSSL_PROVIDER *fake_pipeline = NULL; 6538 int testresult = 0; 6539 EVP_CIPHER *cipher = NULL; 6540 EVP_CIPHER *pipeline_cipher = NULL; 6541 EVP_CIPHER_CTX *ctx = NULL; 6542 unsigned char key[32]; 6543 size_t keylen = 32; 6544 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; 6545 size_t taglen = EVP_GCM_TLS_TAG_LEN; 6546 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; 6547 unsigned char *plaintext_array[EVP_MAX_PIPES]; 6548 unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; 6549 void **aead_tags = (void **)&tag_array; 6550 unsigned char *temp[EVP_MAX_PIPES]; 6551 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; 6552 size_t ciphertextlen_array[EVP_MAX_PIPES]; 6553 size_t inlen_array[EVP_MAX_PIPES]; 6554 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 6555 unsigned char *ciphertext, *exp_plaintext, *tag; 6556 size_t numpipes, plaintextlen, i; 6557 6558 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) 6559 return 0; 6560 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6561 "provider=fake-pipeline")) 6562 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6563 "provider!=fake-pipeline")) 6564 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6565 goto end; 6566 memset(key, 0x01, sizeof(key)); 6567 6568 /* Negative tests */ 6569 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) 6570 goto end; 6571 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) 6572 goto end; 6573 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6574 key, keylen, 6575 EVP_MAX_PIPES + 1, NULL, 0))) 6576 goto end; 6577 6578 /* Positive tests */ 6579 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { 6580 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { 6581 size_t ciphertextlen = 0; 6582 int outlen = 0; 6583 6584 /* Cleanup to be able to error out */ 6585 memset(iv_array, 0, sizeof(iv_array)); 6586 memset(plaintext_array, 0, sizeof(plaintext_array)); 6587 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); 6588 memset(tag_array, 0, sizeof(tag_array)); 6589 ciphertext = NULL; 6590 exp_plaintext = NULL; 6591 tag = NULL; 6592 6593 /* Allocate fresh buffers with exact size to catch buffer overwrites */ 6594 for (i = 0; i < numpipes; i++) { 6595 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) 6596 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) 6597 || !TEST_ptr(ciphertext_array_p[i] = 6598 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6599 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) 6600 goto err; 6601 6602 memset(iv_array[i], i + 33, ivlen); 6603 memset(plaintext_array[i], i + 1, plaintextlen); 6604 inlen_array[i] = plaintextlen; 6605 outlen_array[i] = 0; 6606 ciphertextlen_array[i] = 0; 6607 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; 6608 } 6609 if (!TEST_ptr(ciphertext = 6610 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6611 || !TEST_ptr(tag = OPENSSL_malloc(taglen)) 6612 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) 6613 goto err; 6614 6615 /* Encrypt using pipeline API */ 6616 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6617 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) 6618 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6619 key, keylen, numpipes, 6620 (const unsigned char **)iv_array, 6621 ivlen)) 6622 /* reuse plaintext for AAD as it won't affect test */ 6623 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6624 (const unsigned char **)plaintext_array, 6625 inlen_array)) 6626 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, 6627 outlen_array, outsize_array, 6628 (const unsigned char **)plaintext_array, 6629 inlen_array))) 6630 goto err; 6631 6632 for (i = 0; i < numpipes; i++) { 6633 ciphertextlen_array[i] = outlen_array[i]; 6634 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; 6635 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; 6636 } 6637 6638 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6639 goto err; 6640 6641 for (i = 0; i < numpipes; i++) 6642 ciphertextlen_array[i] += outlen_array[i]; 6643 6644 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6645 (void **)&aead_tags, taglen); 6646 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6647 goto err; 6648 6649 /* Encrypt using non-pipeline API and compare */ 6650 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) 6651 goto err; 6652 6653 for (i = 0; i < numpipes; i++) { 6654 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) 6655 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6656 plaintext_array[i], 6657 plaintextlen)) 6658 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, 6659 plaintext_array[i], 6660 plaintextlen))) 6661 goto err; 6662 ciphertextlen = outlen; 6663 6664 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) 6665 goto err; 6666 ciphertextlen += outlen; 6667 6668 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6669 (void *)tag, taglen); 6670 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6671 goto err; 6672 6673 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], 6674 ciphertext, ciphertextlen) 6675 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) 6676 goto err; 6677 } 6678 6679 for (i = 0; i < numpipes; i++) 6680 outsize_array[i] = plaintextlen; 6681 6682 /* Decrypt using pipeline API and compare */ 6683 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6684 (void **)&aead_tags, taglen); 6685 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6686 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) 6687 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, 6688 key, keylen, numpipes, 6689 (const unsigned char **)iv_array, 6690 ivlen)) 6691 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6692 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6693 (const unsigned char **)plaintext_array, 6694 inlen_array)) 6695 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, 6696 outlen_array, outsize_array, 6697 (const unsigned char **)ciphertext_array_p, 6698 ciphertextlen_array))) 6699 goto err; 6700 6701 for (i = 0; i < numpipes; i++) { 6702 temp[i] = plaintext_array[i] + outlen_array[i]; 6703 outsize_array[i] = outsize_array[i] - outlen_array[i]; 6704 } 6705 6706 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6707 goto err; 6708 6709 for (i = 0; i < numpipes; i++) { 6710 memset(exp_plaintext, i + 1, plaintextlen); 6711 if (!TEST_mem_eq(plaintext_array[i], plaintextlen, 6712 exp_plaintext, plaintextlen)) 6713 goto err; 6714 } 6715 6716 for (i = 0; i < numpipes; i++) { 6717 OPENSSL_free(iv_array[i]); 6718 OPENSSL_free(plaintext_array[i]); 6719 OPENSSL_free(ciphertext_array_p[i]); 6720 OPENSSL_free(tag_array[i]); 6721 } 6722 OPENSSL_free(exp_plaintext); 6723 OPENSSL_free(ciphertext); 6724 OPENSSL_free(tag); 6725 } 6726 } 6727 6728 testresult = 1; 6729 goto end; 6730 6731 err: 6732 for (i = 0; i < numpipes; i++) { 6733 OPENSSL_free(iv_array[i]); 6734 OPENSSL_free(plaintext_array[i]); 6735 OPENSSL_free(ciphertext_array_p[i]); 6736 OPENSSL_free(tag_array[i]); 6737 } 6738 OPENSSL_free(exp_plaintext); 6739 OPENSSL_free(ciphertext); 6740 OPENSSL_free(tag); 6741 end: 6742 EVP_CIPHER_CTX_free(ctx); 6743 EVP_CIPHER_free(cipher); 6744 EVP_CIPHER_free(pipeline_cipher); 6745 fake_pipeline_finish(fake_pipeline); 6746 return testresult; 6747 } 6748 6749 int setup_tests(void) 6750 { 6751 char *config_file = NULL; 6752 OPTION_CHOICE o; 6753 6754 while ((o = opt_next()) != OPT_EOF) { 6755 switch (o) { 6756 case OPT_CONTEXT: 6757 /* Set up an alternate library context */ 6758 testctx = OSSL_LIB_CTX_new(); 6759 if (!TEST_ptr(testctx)) 6760 return 0; 6761 #ifdef STATIC_LEGACY 6762 /* 6763 * This test is always statically linked against libcrypto. We must not 6764 * attempt to load legacy.so that might be dynamically linked against 6765 * libcrypto. Instead we use a built-in version of the legacy provider. 6766 */ 6767 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 6768 return 0; 6769 #endif 6770 /* Swap the libctx to test non-default context only */ 6771 nullprov = OSSL_PROVIDER_load(NULL, "null"); 6772 deflprov = OSSL_PROVIDER_load(testctx, "default"); 6773 #ifndef OPENSSL_SYS_TANDEM 6774 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 6775 #endif 6776 break; 6777 case OPT_CONFIG_FILE: 6778 config_file = opt_arg(); 6779 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) 6780 return 0; 6781 break; 6782 case OPT_TEST_CASES: 6783 break; 6784 default: 6785 return 0; 6786 } 6787 } 6788 6789 if (config_file != NULL) { 6790 ADD_TEST(test_EVP_set_config_properties); 6791 return 1; 6792 } 6793 6794 ADD_TEST(test_EVP_set_default_properties); 6795 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 6796 ADD_TEST(test_EVP_DigestVerifyInit); 6797 #ifndef OPENSSL_NO_EC 6798 ADD_TEST(test_ecdsa_digestsign_keccak); 6799 #endif 6800 #ifndef OPENSSL_NO_SIPHASH 6801 ADD_TEST(test_siphash_digestsign); 6802 #endif 6803 ADD_TEST(test_EVP_Digest); 6804 ADD_TEST(test_EVP_md_null); 6805 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 6806 #ifndef OPENSSL_NO_DEPRECATED_3_0 6807 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 6808 #endif 6809 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 6810 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 6811 ADD_TEST(test_privatekey_to_pkcs8); 6812 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 6813 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); 6814 #ifndef OPENSSL_NO_EC 6815 ADD_TEST(test_EVP_PKCS82PKEY); 6816 #endif 6817 #ifndef OPENSSL_NO_EC 6818 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 6819 #endif 6820 #if !defined(OPENSSL_NO_SM2) 6821 ADD_TEST(test_EVP_SM2); 6822 ADD_TEST(test_EVP_SM2_verify); 6823 #endif 6824 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 6825 #ifndef OPENSSL_NO_DEPRECATED_3_0 6826 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 6827 if (!TEST_ptr(custom_pmeth)) 6828 return 0; 6829 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 6830 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 6831 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 6832 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 6833 return 0; 6834 #endif 6835 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 6836 #ifndef OPENSSL_NO_CMAC 6837 ADD_TEST(test_CMAC_keygen); 6838 #endif 6839 ADD_TEST(test_HKDF); 6840 ADD_TEST(test_emptyikm_HKDF); 6841 ADD_TEST(test_empty_salt_info_HKDF); 6842 #ifndef OPENSSL_NO_EC 6843 ADD_TEST(test_X509_PUBKEY_inplace); 6844 ADD_TEST(test_X509_PUBKEY_dup); 6845 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 6846 OSSL_NELEM(ec_der_pub_keys)); 6847 #endif 6848 #ifndef OPENSSL_NO_DSA 6849 ADD_TEST(test_DSA_get_set_params); 6850 ADD_TEST(test_DSA_priv_pub); 6851 #endif 6852 ADD_TEST(test_RSA_get_set_params); 6853 ADD_TEST(test_RSA_OAEP_set_get_params); 6854 ADD_TEST(test_RSA_OAEP_set_null_label); 6855 ADD_TEST(test_RSA_encrypt); 6856 #ifndef OPENSSL_NO_DEPRECATED_3_0 6857 ADD_TEST(test_RSA_legacy); 6858 #endif 6859 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 6860 ADD_TEST(test_decrypt_null_chunks); 6861 #endif 6862 #ifndef OPENSSL_NO_DH 6863 ADD_TEST(test_DH_priv_pub); 6864 # ifndef OPENSSL_NO_DEPRECATED_3_0 6865 ADD_TEST(test_EVP_PKEY_set1_DH); 6866 # endif 6867 #endif 6868 #ifndef OPENSSL_NO_EC 6869 ADD_TEST(test_EC_priv_pub); 6870 ADD_TEST(test_evp_get_ec_pub); 6871 # ifndef OPENSSL_NO_DEPRECATED_3_0 6872 ADD_TEST(test_EC_priv_only_legacy); 6873 ADD_TEST(test_evp_get_ec_pub_legacy); 6874 # endif 6875 #endif 6876 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 6877 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 6878 6879 ADD_TEST(test_rand_agglomeration); 6880 ADD_ALL_TESTS(test_evp_iv_aes, 12); 6881 #ifndef OPENSSL_NO_DES 6882 ADD_ALL_TESTS(test_evp_iv_des, 6); 6883 #endif 6884 #ifndef OPENSSL_NO_BF 6885 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 6886 #endif 6887 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 6888 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 6889 ADD_TEST(test_EVP_rsa_invalid_key); 6890 #ifndef OPENSSL_NO_EC 6891 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 6892 #endif 6893 6894 ADD_TEST(test_names_do_all); 6895 6896 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 6897 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 6898 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 6899 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 6900 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 6901 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 6902 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 6903 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 6904 6905 #ifndef OPENSSL_NO_DEPRECATED_3_0 6906 ADD_ALL_TESTS(test_custom_pmeth, 12); 6907 ADD_TEST(test_evp_md_cipher_meth); 6908 ADD_TEST(test_custom_md_meth); 6909 ADD_TEST(test_custom_ciph_meth); 6910 6911 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 6912 /* Tests only support the default libctx */ 6913 if (testctx == NULL) { 6914 # ifndef OPENSSL_NO_EC 6915 ADD_ALL_TESTS(test_signatures_with_engine, 3); 6916 # else 6917 ADD_ALL_TESTS(test_signatures_with_engine, 2); 6918 # endif 6919 ADD_TEST(test_cipher_with_engine); 6920 } 6921 # endif 6922 #endif 6923 6924 #ifndef OPENSSL_NO_ECX 6925 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 6926 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 6927 #endif 6928 6929 ADD_TEST(test_sign_continuation); 6930 6931 /* Test cases for CVE-2023-5363 */ 6932 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 6933 #ifndef OPENSSL_NO_RC4 6934 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 6935 #endif 6936 6937 ADD_TEST(test_invalid_ctx_for_digest); 6938 6939 ADD_TEST(test_evp_cipher_pipeline); 6940 6941 return 1; 6942 } 6943 6944 void cleanup_tests(void) 6945 { 6946 OSSL_PROVIDER_unload(nullprov); 6947 OSSL_PROVIDER_unload(deflprov); 6948 #ifndef OPENSSL_SYS_TANDEM 6949 OSSL_PROVIDER_unload(lgcyprov); 6950 #endif 6951 OSSL_LIB_CTX_free(testctx); 6952 } 6953