1 /* 2 * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include <openssl/rand.h> 36 #include <crypto/ml_kem.h> 37 #include "testutil.h" 38 #include "internal/nelem.h" 39 #include "internal/sizes.h" 40 #include "crypto/evp.h" 41 #include "fake_rsaprov.h" 42 #include "fake_pipelineprov.h" 43 44 #ifdef STATIC_LEGACY 45 OSSL_provider_init_fn ossl_legacy_provider_init; 46 #endif 47 48 static OSSL_LIB_CTX *testctx = NULL; 49 static char *testpropq = NULL; 50 51 static OSSL_PROVIDER *nullprov = NULL; 52 static OSSL_PROVIDER *deflprov = NULL; 53 static OSSL_PROVIDER *lgcyprov = NULL; 54 55 /* 56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 57 * should never use this key anywhere but in an example. 58 */ 59 static const unsigned char kExampleRSAKeyDER[] = { 60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 111 }; 112 113 /* An invalid key whose prime factors exceed modulus n. */ 114 static const unsigned char kInvalidRSAKeyDER[] = { 115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, 166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, 174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, 176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, 177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, 183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, 185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, 186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, 187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, 191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, 195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, 196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, 200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, 201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, 203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, 204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, 212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, 218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, 233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, 240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, 245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, 249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, 250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, 256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, 258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, 260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, 261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, 266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, 267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, 269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, 270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, 272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, 273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, 274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, 275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, 276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, 277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, 280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, 288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 289 0xe2, 0x80 290 }; 291 292 /* 293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 294 * should never use this key anywhere but in an example. 295 */ 296 #ifndef OPENSSL_NO_DSA 297 static const unsigned char kExampleDSAKeyDER[] = { 298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 335 0x40, 0x48 336 }; 337 #endif 338 339 /* 340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 341 * components are not correct. 342 */ 343 static const unsigned char kExampleBadRSAKeyDER[] = { 344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce 433 }; 434 435 /* 436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 437 * values are 0. 438 */ 439 static const unsigned char kExampleBad2RSAKeyDER[] = { 440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 442 0x01, 0x00, 0x02, 0x01, 0x00 443 }; 444 445 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 446 447 static const unsigned char kSignature[] = { 448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42 459 }; 460 461 /* 462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 463 * PrivateKeyInfo. 464 */ 465 static const unsigned char kExampleRSAKeyPKCS8[] = { 466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 519 }; 520 521 /* 522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 523 * PrivateKeyInfo (with an optional public key). 524 */ 525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = { 526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 579 /* Implicit optional Public key BIT STRING */ 580 0x81, 581 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 582 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 583 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 584 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 585 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 586 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 587 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 588 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 589 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 590 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 591 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 592 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 593 }; 594 595 #ifndef OPENSSL_NO_EC 596 /* 597 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 598 * structure. 599 */ 600 static const unsigned char kExampleECKeyDER[] = { 601 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 602 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 603 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 604 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 605 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 606 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 607 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 608 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 609 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 610 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 611 0xc1 612 }; 613 614 static const unsigned char kExampleECKeyPKCS8_v2[] = { 615 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 616 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 617 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 618 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 619 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 620 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, 621 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 622 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 623 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 624 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 625 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 626 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, 627 /* Optional implicit public key BIT STRING */ 628 0x81, 629 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 630 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 631 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 632 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 633 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 634 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 635 }; 636 637 /* 638 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 639 * structure. The private key is equal to the order and will fail to import 640 */ 641 static const unsigned char kExampleBadECKeyDER[] = { 642 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 643 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 644 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 645 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 646 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 647 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 648 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 649 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 650 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 651 }; 652 653 /* prime256v1 */ 654 static const unsigned char kExampleECPubKeyDER[] = { 655 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 656 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 657 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 658 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 659 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 660 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 661 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 662 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 663 }; 664 665 /* 666 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 667 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 668 */ 669 static const unsigned char kExampleBadECPubKeyDER[] = { 670 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 671 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 672 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 673 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 674 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 675 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 676 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 677 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 678 }; 679 680 static const unsigned char pExampleECParamDER[] = { 681 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 682 }; 683 684 #ifndef OPENSSL_NO_ECX 685 static const unsigned char kExampleED25519KeyDER[] = { 686 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 687 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 688 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 689 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 690 }; 691 692 static const unsigned char kExampleED25519PubKeyDER[] = { 693 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 694 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 695 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 696 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 697 }; 698 699 #ifndef OPENSSL_NO_DEPRECATED_3_0 700 static const unsigned char kExampleX25519KeyDER[] = { 701 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 702 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 703 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 704 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 705 }; 706 #endif 707 #endif 708 #endif 709 710 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 711 #ifndef OPENSSL_NO_DEPRECATED_3_0 712 #ifndef OPENSSL_NO_DH 713 static const unsigned char kExampleDHKeyDER[] = { 714 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 715 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 716 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 717 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 718 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 719 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 720 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 721 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 722 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 723 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 724 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 725 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 726 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 727 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 728 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 729 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 730 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 731 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 732 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 733 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 734 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 735 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 736 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 737 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 738 0x2e, 0x87, 0x2a, 0x0b, 0x7a 739 }; 740 #endif 741 #endif 742 743 static const unsigned char kCFBDefaultKey[] = { 744 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 745 0x09, 0xCF, 0x4F, 0x3C 746 }; 747 748 static const unsigned char kGCMDefaultKey[32] = { 0 }; 749 750 static const unsigned char kGCMResetKey[] = { 751 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 752 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 753 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 754 }; 755 756 static const unsigned char iCFBIV[] = { 757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 758 0x0C, 0x0D, 0x0E, 0x0F 759 }; 760 761 static const unsigned char iGCMDefaultIV[12] = { 0 }; 762 763 static const unsigned char iGCMResetIV1[] = { 764 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 765 }; 766 767 static const unsigned char iGCMResetIV2[] = { 768 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 769 }; 770 771 static const unsigned char cfbPlaintext[] = { 772 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 773 0x73, 0x93, 0x17, 0x2A 774 }; 775 static const unsigned char cfbPlaintext_partial[] = { 776 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 777 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96 778 }; 779 780 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 781 782 static const unsigned char gcmResetPlaintext[] = { 783 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 784 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 785 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 786 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 787 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 788 }; 789 790 static const unsigned char cfbCiphertext[] = { 791 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 792 0xE8, 0x3C, 0xFB, 0x4A 793 }; 794 795 static const unsigned char cfbCiphertext_partial[] = { 796 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 797 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 798 }; 799 800 static const unsigned char ofbCiphertext_partial[] = { 801 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 802 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 803 }; 804 805 static const unsigned char gcmDefaultCiphertext[] = { 806 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 807 0xba, 0xf3, 0x9d, 0x18 808 }; 809 810 static const unsigned char gcmResetCiphertext1[] = { 811 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 812 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 813 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 814 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 815 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 816 }; 817 818 static const unsigned char gcmResetCiphertext2[] = { 819 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 820 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 821 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 822 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 823 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 824 }; 825 826 static const unsigned char gcmAAD[] = { 827 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 828 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 829 }; 830 831 static const unsigned char gcmDefaultTag[] = { 832 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 833 0xd4, 0x8a, 0xb9, 0x19 834 }; 835 836 static const unsigned char gcmResetTag1[] = { 837 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 838 0xfe, 0x2e, 0xa8, 0xf2 839 }; 840 841 static const unsigned char gcmResetTag2[] = { 842 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 843 0xbb, 0x2d, 0x55, 0x1b 844 }; 845 846 typedef struct APK_DATA_st { 847 const unsigned char *kder; 848 size_t size; 849 const char *keytype; 850 int evptype; 851 int check; 852 int pub_check; 853 int param_check; 854 int type; /* 0 for private, 1 for public, 2 for params */ 855 } APK_DATA; 856 857 static APK_DATA keydata[] = { 858 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA }, 859 { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA }, 860 #ifndef OPENSSL_NO_EC 861 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC } 862 #endif 863 }; 864 865 static APK_DATA keydata_v2[] = { 866 { kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA }, 867 #ifndef OPENSSL_NO_EC 868 { kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC } 869 #endif 870 }; 871 872 static APK_DATA keycheckdata[] = { 873 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 874 0 }, 875 { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 876 0, 1, 1, 0 }, 877 { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 878 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 }, 879 #ifndef OPENSSL_NO_EC 880 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 }, 881 /* group is also associated in our pub key */ 882 { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 883 1, 1 }, 884 { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 885 2 }, 886 #ifndef OPENSSL_NO_ECX 887 { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 888 EVP_PKEY_ED25519, 1, 1, 1, 0 }, 889 { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 890 EVP_PKEY_ED25519, 0, 1, 1, 1 }, 891 #endif 892 #endif 893 }; 894 895 static EVP_PKEY *load_example_key(const char *keytype, 896 const unsigned char *data, size_t data_len) 897 { 898 const unsigned char **pdata = &data; 899 EVP_PKEY *pkey = NULL; 900 OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 901 testctx, testpropq); 902 903 /* |pkey| will be NULL on error */ 904 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 905 OSSL_DECODER_CTX_free(dctx); 906 return pkey; 907 } 908 909 static EVP_PKEY *load_example_rsa_key(void) 910 { 911 return load_example_key("RSA", kExampleRSAKeyDER, 912 sizeof(kExampleRSAKeyDER)); 913 } 914 915 #ifndef OPENSSL_NO_DSA 916 static EVP_PKEY *load_example_dsa_key(void) 917 { 918 return load_example_key("DSA", kExampleDSAKeyDER, 919 sizeof(kExampleDSAKeyDER)); 920 } 921 #endif 922 923 #ifndef OPENSSL_NO_EC 924 static EVP_PKEY *load_example_ec_key(void) 925 { 926 return load_example_key("EC", kExampleECKeyDER, 927 sizeof(kExampleECKeyDER)); 928 } 929 #endif 930 931 #ifndef OPENSSL_NO_DEPRECATED_3_0 932 933 static EVP_PKEY *make_bad_rsa_pubkey(void) 934 { 935 RSA *rsa = NULL; 936 BIGNUM *n = NULL, *e = NULL; 937 EVP_PKEY *pkey = NULL; 938 939 /* Deliberately invalid public key: n = 17, e = 17 */ 940 if (!TEST_ptr(pkey = EVP_PKEY_new()) 941 || !TEST_ptr(rsa = RSA_new()) 942 || !TEST_ptr(n = BN_new()) 943 || !TEST_ptr(e = BN_new()) 944 || !TEST_true(BN_set_word(n, 17)) 945 || !TEST_true(BN_set_word(e, 17)) 946 || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) 947 || !EVP_PKEY_assign_RSA(pkey, rsa)) 948 goto err; 949 950 return pkey; 951 err: 952 BN_free(n); 953 BN_free(e); 954 RSA_free(rsa); 955 return NULL; 956 } 957 958 #ifndef OPENSSL_NO_DH 959 static EVP_PKEY *load_example_dh_key(void) 960 { 961 return load_example_key("DH", kExampleDHKeyDER, 962 sizeof(kExampleDHKeyDER)); 963 } 964 #endif 965 966 #ifndef OPENSSL_NO_ECX 967 static EVP_PKEY *load_example_ed25519_key(void) 968 { 969 return load_example_key("ED25519", kExampleED25519KeyDER, 970 sizeof(kExampleED25519KeyDER)); 971 } 972 973 static EVP_PKEY *load_example_x25519_key(void) 974 { 975 return load_example_key("X25519", kExampleX25519KeyDER, 976 sizeof(kExampleX25519KeyDER)); 977 } 978 #endif 979 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 980 981 static EVP_PKEY *load_example_hmac_key(void) 982 { 983 EVP_PKEY *pkey = NULL; 984 unsigned char key[] = { 985 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 986 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 987 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 988 }; 989 990 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 991 NULL, key, sizeof(key)); 992 if (!TEST_ptr(pkey)) 993 return NULL; 994 995 return pkey; 996 } 997 998 static int test_EVP_set_config_properties(void) 999 { 1000 char *fetched_properties = NULL; 1001 const char test_propq[] = "test.fizzbuzz=buzzfizz"; 1002 int res = 0; 1003 1004 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); 1005 if (!TEST_ptr(fetched_properties) 1006 || !TEST_str_eq(fetched_properties, test_propq)) 1007 goto err; 1008 OPENSSL_free(fetched_properties); 1009 fetched_properties = NULL; 1010 1011 res = 1; 1012 err: 1013 OPENSSL_free(fetched_properties); 1014 return res; 1015 } 1016 1017 static int test_EVP_set_default_properties(void) 1018 { 1019 OSSL_LIB_CTX *ctx; 1020 EVP_MD *md = NULL; 1021 int res = 0; 1022 char *fetched_properties = NULL; 1023 const char test_propq[] = "provider=fizzbang"; 1024 const char test_fips_propq[] = "fips=yes,provider=fizzbang"; 1025 1026 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 1027 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1028 goto err; 1029 EVP_MD_free(md); 1030 md = NULL; 1031 1032 if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) 1033 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 1034 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 1035 goto err; 1036 EVP_MD_free(md); 1037 md = NULL; 1038 1039 fetched_properties = EVP_get1_default_properties(ctx); 1040 if (!TEST_ptr(fetched_properties) 1041 || !TEST_str_eq(fetched_properties, test_propq)) 1042 goto err; 1043 OPENSSL_free(fetched_properties); 1044 fetched_properties = NULL; 1045 1046 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) 1047 goto err; 1048 fetched_properties = EVP_get1_default_properties(ctx); 1049 if (!TEST_ptr(fetched_properties) 1050 || !TEST_str_eq(fetched_properties, test_fips_propq)) 1051 goto err; 1052 OPENSSL_free(fetched_properties); 1053 fetched_properties = NULL; 1054 1055 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) 1056 goto err; 1057 1058 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 1059 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1060 goto err; 1061 res = 1; 1062 err: 1063 OPENSSL_free(fetched_properties); 1064 EVP_MD_free(md); 1065 OSSL_LIB_CTX_free(ctx); 1066 return res; 1067 } 1068 1069 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1070 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 1071 { 1072 EVP_PKEY_CTX *pctx = NULL; 1073 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 1074 1075 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 1076 goto err; 1077 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ 1078 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) 1079 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 1080 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 1081 params), 1082 0)) 1083 goto err; 1084 1085 if (!TEST_ptr(tmp_pkey)) 1086 goto err; 1087 1088 pkey = tmp_pkey; 1089 tmp_pkey = NULL; 1090 err: 1091 EVP_PKEY_free(tmp_pkey); 1092 EVP_PKEY_CTX_free(pctx); 1093 return pkey; 1094 } 1095 1096 static int test_selection(EVP_PKEY *pkey, int selection) 1097 { 1098 int testresult = 0; 1099 int ret; 1100 BIO *bio = BIO_new(BIO_s_mem()); 1101 1102 ret = PEM_write_bio_PUBKEY(bio, pkey); 1103 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 1104 if (!TEST_true(ret)) 1105 goto err; 1106 } else { 1107 if (!TEST_false(ret)) 1108 goto err; 1109 } 1110 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 1111 testctx, NULL); 1112 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 1113 if (!TEST_true(ret)) 1114 goto err; 1115 } else { 1116 if (!TEST_false(ret)) 1117 goto err; 1118 } 1119 1120 testresult = 1; 1121 err: 1122 BIO_free(bio); 1123 1124 return testresult; 1125 } 1126 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 1127 1128 /* 1129 * Test combinations of private, public, missing and private + public key 1130 * params to ensure they are all accepted 1131 */ 1132 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 1133 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 1134 { 1135 OSSL_PARAM_BLD *bld = NULL; 1136 OSSL_PARAM *params = NULL; 1137 EVP_PKEY *just_params = NULL; 1138 EVP_PKEY *params_and_priv = NULL; 1139 EVP_PKEY *params_and_pub = NULL; 1140 EVP_PKEY *params_and_keypair = NULL; 1141 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 1142 int ret = 0; 1143 1144 /* 1145 * Setup the parameters for our pkey object. For our purposes they don't 1146 * have to actually be *valid* parameters. We just need to set something. 1147 */ 1148 if (!TEST_ptr(p = BN_new()) 1149 || !TEST_ptr(q = BN_new()) 1150 || !TEST_ptr(g = BN_new()) 1151 || !TEST_ptr(pub = BN_new()) 1152 || !TEST_ptr(priv = BN_new())) 1153 goto err; 1154 1155 /* Test !priv and !pub */ 1156 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1157 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1158 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1159 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 1160 goto err; 1161 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1162 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 1163 goto err; 1164 1165 OSSL_PARAM_free(params); 1166 OSSL_PARAM_BLD_free(bld); 1167 params = NULL; 1168 bld = NULL; 1169 1170 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1171 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1172 goto err; 1173 1174 /* Test priv and !pub */ 1175 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1176 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1177 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1178 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1179 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1180 priv))) 1181 goto err; 1182 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1183 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 1184 goto err; 1185 1186 OSSL_PARAM_free(params); 1187 OSSL_PARAM_BLD_free(bld); 1188 params = NULL; 1189 bld = NULL; 1190 1191 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 1192 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1193 goto err; 1194 1195 /* Test !priv and pub */ 1196 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1197 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1198 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1199 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1200 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1201 pub))) 1202 goto err; 1203 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1204 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 1205 goto err; 1206 1207 OSSL_PARAM_free(params); 1208 OSSL_PARAM_BLD_free(bld); 1209 params = NULL; 1210 bld = NULL; 1211 1212 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1213 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1214 goto err; 1215 1216 /* Test priv and pub */ 1217 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1218 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1219 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1220 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1221 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1222 pub)) 1223 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1224 priv))) 1225 goto err; 1226 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1227 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 1228 goto err; 1229 1230 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1231 goto err; 1232 1233 ret = 1; 1234 err: 1235 OSSL_PARAM_free(params); 1236 OSSL_PARAM_BLD_free(bld); 1237 EVP_PKEY_free(just_params); 1238 EVP_PKEY_free(params_and_priv); 1239 EVP_PKEY_free(params_and_pub); 1240 EVP_PKEY_free(params_and_keypair); 1241 BN_free(p); 1242 BN_free(q); 1243 BN_free(g); 1244 BN_free(pub); 1245 BN_free(priv); 1246 1247 return ret; 1248 } 1249 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 1250 1251 /* 1252 * Test combinations of private, public, missing and private + public key 1253 * params to ensure they are all accepted for EC keys 1254 */ 1255 #ifndef OPENSSL_NO_EC 1256 static unsigned char ec_priv[] = { 1257 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 1258 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 1259 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 1260 }; 1261 static unsigned char ec_pub[] = { 1262 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 1263 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 1264 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 1265 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 1266 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 1267 0x08, 0x09, 0xb8, 0xdb, 0x03 1268 }; 1269 1270 static int test_EC_priv_pub(void) 1271 { 1272 OSSL_PARAM_BLD *bld = NULL; 1273 OSSL_PARAM *params = NULL; 1274 EVP_PKEY *just_params = NULL; 1275 EVP_PKEY *params_and_priv = NULL; 1276 EVP_PKEY *params_and_pub = NULL; 1277 EVP_PKEY *params_and_keypair = NULL; 1278 BIGNUM *priv = NULL; 1279 int ret = 0; 1280 unsigned char *encoded = NULL; 1281 size_t len = 0; 1282 unsigned char buffer[128]; 1283 1284 /* 1285 * Setup the parameters for our pkey object. For our purposes they don't 1286 * have to actually be *valid* parameters. We just need to set something. 1287 */ 1288 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1289 goto err; 1290 1291 /* Test !priv and !pub */ 1292 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1293 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1294 OSSL_PKEY_PARAM_GROUP_NAME, 1295 "P-256", 0))) 1296 goto err; 1297 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1298 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 1299 goto err; 1300 1301 OSSL_PARAM_free(params); 1302 OSSL_PARAM_BLD_free(bld); 1303 params = NULL; 1304 bld = NULL; 1305 1306 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1307 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1308 goto err; 1309 1310 /* Test priv and !pub */ 1311 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1312 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1313 OSSL_PKEY_PARAM_GROUP_NAME, 1314 "P-256", 0)) 1315 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1316 priv))) 1317 goto err; 1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1319 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 1320 goto err; 1321 1322 OSSL_PARAM_free(params); 1323 OSSL_PARAM_BLD_free(bld); 1324 params = NULL; 1325 bld = NULL; 1326 1327 /* 1328 * We indicate only parameters here, in spite of having built a key that 1329 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 1330 * expected to fail because it does not support exporting a private EC 1331 * key without a corresponding public key 1332 */ 1333 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1334 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1335 goto err; 1336 1337 /* Test !priv and pub */ 1338 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1339 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1340 OSSL_PKEY_PARAM_GROUP_NAME, 1341 "P-256", 0)) 1342 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1343 OSSL_PKEY_PARAM_PUB_KEY, 1344 ec_pub, sizeof(ec_pub)))) 1345 goto err; 1346 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1347 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 1348 goto err; 1349 1350 OSSL_PARAM_free(params); 1351 OSSL_PARAM_BLD_free(bld); 1352 params = NULL; 1353 bld = NULL; 1354 1355 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1356 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1357 goto err; 1358 1359 /* Test priv and pub */ 1360 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1361 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1362 OSSL_PKEY_PARAM_GROUP_NAME, 1363 "P-256", 0)) 1364 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1365 OSSL_PKEY_PARAM_PUB_KEY, 1366 ec_pub, sizeof(ec_pub))) 1367 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1368 priv))) 1369 goto err; 1370 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1371 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1372 goto err; 1373 1374 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1375 goto err; 1376 1377 /* Try key equality */ 1378 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1379 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1380 0) 1381 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1382 0) 1383 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1384 0) 1385 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1386 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1387 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1388 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1389 goto err; 1390 1391 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1392 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1393 goto err; 1394 OPENSSL_free(encoded); 1395 encoded = NULL; 1396 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1397 OPENSSL_free(encoded); 1398 encoded = NULL; 1399 goto err; 1400 } 1401 1402 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1403 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1404 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1405 buffer, sizeof(buffer), &len), 1406 1) 1407 || !TEST_int_eq(len, 65)) 1408 goto err; 1409 1410 len = 0; 1411 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1412 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1413 NULL, 0, &len), 1414 1) 1415 || !TEST_int_eq(len, 65)) 1416 goto err; 1417 1418 /* too-short buffer len*/ 1419 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1420 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1421 buffer, 10, &len), 1422 0)) 1423 goto err; 1424 1425 ret = 1; 1426 err: 1427 OSSL_PARAM_free(params); 1428 OSSL_PARAM_BLD_free(bld); 1429 EVP_PKEY_free(just_params); 1430 EVP_PKEY_free(params_and_priv); 1431 EVP_PKEY_free(params_and_pub); 1432 EVP_PKEY_free(params_and_keypair); 1433 BN_free(priv); 1434 1435 return ret; 1436 } 1437 1438 /* Also test that we can read the EC PUB affine coordinates */ 1439 static int test_evp_get_ec_pub(void) 1440 { 1441 OSSL_PARAM_BLD *bld = NULL; 1442 OSSL_PARAM *params = NULL; 1443 unsigned char *pad = NULL; 1444 EVP_PKEY *keypair = NULL; 1445 BIGNUM *priv = NULL; 1446 BIGNUM *x = NULL; 1447 BIGNUM *y = NULL; 1448 int ret = 0; 1449 1450 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1451 goto err; 1452 1453 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1454 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1455 OSSL_PKEY_PARAM_GROUP_NAME, 1456 "P-256", 0)) 1457 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1458 OSSL_PKEY_PARAM_PUB_KEY, 1459 ec_pub, sizeof(ec_pub))) 1460 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1461 priv))) 1462 goto err; 1463 1464 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1465 || !TEST_ptr(keypair = make_key_fromdata("EC", params))) 1466 goto err; 1467 1468 if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) 1469 goto err; 1470 1471 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) 1472 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) 1473 goto err; 1474 1475 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1476 goto err; 1477 1478 pad[0] = ec_pub[0]; 1479 BN_bn2bin(x, &pad[1]); 1480 BN_bn2bin(y, &pad[33]); 1481 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1482 goto err; 1483 1484 ret = 1; 1485 1486 err: 1487 OSSL_PARAM_free(params); 1488 OSSL_PARAM_BLD_free(bld); 1489 EVP_PKEY_free(keypair); 1490 OPENSSL_free(pad); 1491 BN_free(priv); 1492 BN_free(x); 1493 BN_free(y); 1494 return ret; 1495 } 1496 1497 /* Test that using a legacy EC key with only a private key in it works */ 1498 #ifndef OPENSSL_NO_DEPRECATED_3_0 1499 static int test_EC_priv_only_legacy(void) 1500 { 1501 BIGNUM *priv = NULL; 1502 int ret = 0; 1503 EC_KEY *eckey = NULL; 1504 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1505 EVP_MD_CTX *ctx = NULL; 1506 1507 /* Create the low level EC_KEY */ 1508 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1509 goto err; 1510 1511 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1512 if (!TEST_ptr(eckey)) 1513 goto err; 1514 1515 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1516 goto err; 1517 1518 pkey = EVP_PKEY_new(); 1519 if (!TEST_ptr(pkey)) 1520 goto err; 1521 1522 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1523 goto err; 1524 eckey = NULL; 1525 1526 for (;;) { 1527 ret = 0; 1528 ctx = EVP_MD_CTX_new(); 1529 if (!TEST_ptr(ctx)) 1530 goto err; 1531 1532 /* 1533 * The EVP_DigestSignInit function should create the key on the 1534 * provider side which is sufficient for this test. 1535 */ 1536 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1537 testpropq, pkey, NULL))) 1538 goto err; 1539 EVP_MD_CTX_free(ctx); 1540 ctx = NULL; 1541 1542 if (dup_pk != NULL) 1543 break; 1544 1545 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1546 goto err; 1547 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1548 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1549 EVP_PKEY_free(pkey); 1550 pkey = dup_pk; 1551 if (!ret) 1552 goto err; 1553 } 1554 ret = 1; 1555 1556 err: 1557 EVP_MD_CTX_free(ctx); 1558 EVP_PKEY_free(pkey); 1559 EC_KEY_free(eckey); 1560 BN_free(priv); 1561 1562 return ret; 1563 } 1564 1565 static int test_evp_get_ec_pub_legacy(void) 1566 { 1567 OSSL_LIB_CTX *libctx = NULL; 1568 unsigned char *pad = NULL; 1569 EVP_PKEY *pkey = NULL; 1570 EC_KEY *eckey = NULL; 1571 BIGNUM *priv = NULL; 1572 BIGNUM *x = NULL; 1573 BIGNUM *y = NULL; 1574 int ret = 0; 1575 1576 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 1577 goto err; 1578 1579 /* Create the legacy key */ 1580 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, 1581 NID_X9_62_prime256v1))) 1582 goto err; 1583 1584 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1585 goto err; 1586 1587 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1588 goto err; 1589 1590 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) 1591 goto err; 1592 1593 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) 1594 goto err; 1595 1596 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) 1597 goto err; 1598 1599 if (!TEST_ptr(pkey = EVP_PKEY_new())) 1600 goto err; 1601 1602 /* Transfer the legacy key */ 1603 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1604 goto err; 1605 eckey = NULL; 1606 1607 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) 1608 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) 1609 goto err; 1610 1611 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1612 goto err; 1613 1614 pad[0] = ec_pub[0]; 1615 BN_bn2bin(x, &pad[1]); 1616 BN_bn2bin(y, &pad[33]); 1617 1618 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1619 goto err; 1620 1621 ret = 1; 1622 1623 err: 1624 OSSL_LIB_CTX_free(libctx); 1625 EVP_PKEY_free(pkey); 1626 EC_KEY_free(eckey); 1627 OPENSSL_free(pad); 1628 BN_free(priv); 1629 BN_free(x); 1630 BN_free(y); 1631 1632 return ret; 1633 } 1634 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1635 #endif /* OPENSSL_NO_EC */ 1636 1637 static int test_EVP_PKEY_sign(int tst) 1638 { 1639 int ret = 0; 1640 EVP_PKEY *pkey = NULL; 1641 unsigned char *sig = NULL; 1642 size_t sig_len = 0, shortsig_len = 1; 1643 EVP_PKEY_CTX *ctx = NULL; 1644 unsigned char tbs[] = { 1645 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1646 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1647 }; 1648 1649 if (tst == 0) { 1650 if (!TEST_ptr(pkey = load_example_rsa_key())) 1651 goto out; 1652 } else if (tst == 1) { 1653 #ifndef OPENSSL_NO_DSA 1654 if (!TEST_ptr(pkey = load_example_dsa_key())) 1655 goto out; 1656 #else 1657 ret = 1; 1658 goto out; 1659 #endif 1660 } else { 1661 #ifndef OPENSSL_NO_EC 1662 if (!TEST_ptr(pkey = load_example_ec_key())) 1663 goto out; 1664 #else 1665 ret = 1; 1666 goto out; 1667 #endif 1668 } 1669 1670 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1671 if (!TEST_ptr(ctx) 1672 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1673 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1674 sizeof(tbs)), 1675 0)) 1676 goto out; 1677 sig = OPENSSL_malloc(sig_len); 1678 if (!TEST_ptr(sig) 1679 /* Test sending a signature buffer that is too short is rejected */ 1680 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1681 sizeof(tbs)), 1682 0) 1683 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1684 0) 1685 /* Test the signature round-trips */ 1686 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1687 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1688 0)) 1689 goto out; 1690 1691 ret = 1; 1692 out: 1693 EVP_PKEY_CTX_free(ctx); 1694 OPENSSL_free(sig); 1695 EVP_PKEY_free(pkey); 1696 return ret; 1697 } 1698 1699 #ifndef OPENSSL_NO_DEPRECATED_3_0 1700 static int test_EVP_PKEY_sign_with_app_method(int tst) 1701 { 1702 int ret = 0; 1703 EVP_PKEY *pkey = NULL; 1704 RSA *rsa = NULL; 1705 RSA_METHOD *rsa_meth = NULL; 1706 #ifndef OPENSSL_NO_DSA 1707 DSA *dsa = NULL; 1708 DSA_METHOD *dsa_meth = NULL; 1709 #endif 1710 unsigned char *sig = NULL; 1711 size_t sig_len = 0, shortsig_len = 1; 1712 EVP_PKEY_CTX *ctx = NULL; 1713 unsigned char tbs[] = { 1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1716 }; 1717 1718 if (tst == 0) { 1719 if (!TEST_ptr(pkey = load_example_rsa_key())) 1720 goto out; 1721 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1722 goto out; 1723 1724 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1725 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1726 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1727 goto out; 1728 rsa = NULL; /* now owned by the pkey */ 1729 } else { 1730 #ifndef OPENSSL_NO_DSA 1731 if (!TEST_ptr(pkey = load_example_dsa_key())) 1732 goto out; 1733 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1734 goto out; 1735 1736 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1737 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1738 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1739 goto out; 1740 dsa = NULL; /* now owned by the pkey */ 1741 #else 1742 ret = 1; 1743 goto out; 1744 #endif 1745 } 1746 1747 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1748 if (!TEST_ptr(ctx) 1749 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1750 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1751 sizeof(tbs)), 1752 0)) 1753 goto out; 1754 sig = OPENSSL_malloc(sig_len); 1755 if (!TEST_ptr(sig) 1756 /* Test sending a signature buffer that is too short is rejected */ 1757 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1758 sizeof(tbs)), 1759 0) 1760 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1761 0) 1762 /* Test the signature round-trips */ 1763 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1764 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1765 0)) 1766 goto out; 1767 1768 ret = 1; 1769 out: 1770 EVP_PKEY_CTX_free(ctx); 1771 OPENSSL_free(sig); 1772 EVP_PKEY_free(pkey); 1773 RSA_free(rsa); 1774 RSA_meth_free(rsa_meth); 1775 #ifndef OPENSSL_NO_DSA 1776 DSA_free(dsa); 1777 DSA_meth_free(dsa_meth); 1778 #endif 1779 return ret; 1780 } 1781 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1782 1783 /* 1784 * n = 0 => test using legacy cipher 1785 * n = 1 => test using fetched cipher 1786 */ 1787 static int test_EVP_Enveloped(int n) 1788 { 1789 int ret = 0; 1790 EVP_CIPHER_CTX *ctx = NULL; 1791 EVP_PKEY *keypair = NULL; 1792 unsigned char *kek = NULL; 1793 unsigned char iv[EVP_MAX_IV_LENGTH]; 1794 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1795 int len, kek_len, ciphertext_len, plaintext_len; 1796 unsigned char ciphertext[32], plaintext[16]; 1797 EVP_CIPHER *type = NULL; 1798 1799 if (nullprov != NULL) 1800 return TEST_skip("Test does not support a non-default library context"); 1801 1802 if (n == 0) 1803 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1804 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1805 testpropq))) 1806 goto err; 1807 1808 if (!TEST_ptr(keypair = load_example_rsa_key()) 1809 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1810 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1811 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1812 &keypair, 1)) 1813 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1814 msg, sizeof(msg))) 1815 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1816 &len))) 1817 goto err; 1818 1819 ciphertext_len += len; 1820 1821 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1822 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1823 ciphertext, ciphertext_len)) 1824 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1825 goto err; 1826 1827 plaintext_len += len; 1828 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1829 goto err; 1830 1831 ret = 1; 1832 err: 1833 if (n != 0) 1834 EVP_CIPHER_free(type); 1835 OPENSSL_free(kek); 1836 EVP_PKEY_free(keypair); 1837 EVP_CIPHER_CTX_free(ctx); 1838 return ret; 1839 } 1840 1841 /* 1842 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1843 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1844 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1845 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1846 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1847 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1848 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1849 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1850 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1851 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1852 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1853 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1854 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1855 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1856 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1857 * Test 15-29: Same as above with reinitialization 1858 */ 1859 static int test_EVP_DigestSignInit(int tst) 1860 { 1861 int ret = 0; 1862 EVP_PKEY *pkey = NULL; 1863 unsigned char *sig = NULL, *sig2 = NULL; 1864 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1865 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1866 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1867 BIO *mdbio = NULL, *membio = NULL; 1868 size_t written; 1869 const EVP_MD *md; 1870 EVP_MD *mdexp = NULL; 1871 int reinit = 0; 1872 1873 if (nullprov != NULL) 1874 return TEST_skip("Test does not support a non-default library context"); 1875 1876 if (tst >= 15) { 1877 reinit = 1; 1878 tst -= 15; 1879 } 1880 1881 if (tst >= 6 && tst <= 8) { 1882 membio = BIO_new(BIO_s_mem()); 1883 mdbio = BIO_new(BIO_f_md()); 1884 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1885 goto out; 1886 BIO_push(mdbio, membio); 1887 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1888 goto out; 1889 } else { 1890 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1891 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1892 goto out; 1893 } 1894 1895 if (tst % 3 == 0) { 1896 if (!TEST_ptr(pkey = load_example_rsa_key())) 1897 goto out; 1898 } else if (tst % 3 == 1) { 1899 #ifndef OPENSSL_NO_DSA 1900 if (!TEST_ptr(pkey = load_example_dsa_key())) 1901 goto out; 1902 #else 1903 ret = 1; 1904 goto out; 1905 #endif 1906 } else { 1907 if (!TEST_ptr(pkey = load_example_hmac_key())) 1908 goto out; 1909 } 1910 1911 if (tst >= 3 && tst <= 5) 1912 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1913 else 1914 md = EVP_sha256(); 1915 1916 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1917 goto out; 1918 1919 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1920 goto out; 1921 1922 if (tst >= 6 && tst <= 8) { 1923 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1924 goto out; 1925 } else if (tst < 6) { 1926 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1927 goto out; 1928 } 1929 1930 if (tst >= 9) { 1931 /* Determine the size of the signature. */ 1932 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1933 sizeof(kMsg))) 1934 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1935 goto out; 1936 if (tst <= 11) { 1937 /* Test that supply a short sig buffer fails */ 1938 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1939 sizeof(kMsg)))) 1940 goto out; 1941 /* 1942 * We end here because once EVP_DigestSign() has failed you should 1943 * not call it again without re-initing the ctx 1944 */ 1945 ret = 1; 1946 goto out; 1947 } 1948 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1949 sizeof(kMsg)))) 1950 goto out; 1951 } else { 1952 /* Determine the size of the signature. */ 1953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1954 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1955 /* 1956 * Trying to create a signature with a deliberately short 1957 * buffer should fail. 1958 */ 1959 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1960 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1961 goto out; 1962 } 1963 1964 /* 1965 * Ensure that the signature round-trips (Verification isn't supported for 1966 * HMAC via EVP_DigestVerify*) 1967 */ 1968 if (tst % 3 != 2) { 1969 if (tst >= 6 && tst <= 8) { 1970 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1971 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1972 goto out; 1973 } 1974 1975 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1976 NULL, pkey))) 1977 goto out; 1978 1979 if (tst >= 6 && tst <= 8) { 1980 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1981 goto out; 1982 } else { 1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1984 sizeof(kMsg)))) 1985 goto out; 1986 } 1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1988 goto out; 1989 1990 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1991 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1992 goto out; 1993 } else { 1994 /* 1995 * For HMAC a doubled call to DigestSignFinal should produce the same 1996 * value as finalization should not happen. 1997 */ 1998 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1999 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 2000 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 2001 goto out; 2002 2003 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 2004 goto out; 2005 } 2006 2007 ret = 1; 2008 2009 out: 2010 BIO_free(membio); 2011 BIO_free(mdbio); 2012 EVP_MD_CTX_free(a_md_ctx); 2013 EVP_MD_CTX_free(a_md_ctx_verify); 2014 EVP_PKEY_free(pkey); 2015 OPENSSL_free(sig); 2016 OPENSSL_free(sig2); 2017 EVP_MD_free(mdexp); 2018 2019 return ret; 2020 } 2021 2022 static int test_EVP_DigestVerifyInit(void) 2023 { 2024 int ret = 0; 2025 EVP_PKEY *pkey = NULL; 2026 EVP_MD_CTX *md_ctx = NULL; 2027 2028 if (nullprov != NULL) 2029 return TEST_skip("Test does not support a non-default library context"); 2030 2031 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 2032 || !TEST_ptr(pkey = load_example_rsa_key())) 2033 goto out; 2034 2035 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 2036 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2037 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2038 sizeof(kSignature)), 2039 0)) 2040 goto out; 2041 2042 /* test with reinitialization */ 2043 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 2044 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2045 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2046 sizeof(kSignature)), 2047 0)) 2048 goto out; 2049 ret = 1; 2050 2051 out: 2052 EVP_MD_CTX_free(md_ctx); 2053 EVP_PKEY_free(pkey); 2054 return ret; 2055 } 2056 2057 #ifndef OPENSSL_NO_EC 2058 static int test_ecdsa_digestsign_keccak(void) 2059 { 2060 int ret = 0; 2061 EVP_PKEY *pkey = NULL; 2062 EVP_MD_CTX *ctx = NULL; 2063 EVP_MD *md = NULL; 2064 2065 if (nullprov != NULL) 2066 return TEST_skip("Test does not support a non-default library context"); 2067 2068 pkey = load_example_ec_key(); 2069 if (!TEST_ptr(pkey)) 2070 goto err; 2071 2072 /* This would not work with FIPS provider so just use NULL libctx */ 2073 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); 2074 if (!TEST_ptr(md)) 2075 goto err; 2076 2077 ctx = EVP_MD_CTX_new(); 2078 if (!TEST_ptr(ctx)) 2079 goto err; 2080 2081 /* 2082 * Just check EVP_DigestSignInit_ex() works. 2083 */ 2084 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 2085 goto err; 2086 2087 ret = 1; 2088 err: 2089 EVP_MD_CTX_free(ctx); 2090 EVP_PKEY_free(pkey); 2091 EVP_MD_free(md); 2092 2093 return ret; 2094 } 2095 #endif 2096 2097 #ifndef OPENSSL_NO_SIPHASH 2098 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 2099 static int test_siphash_digestsign(void) 2100 { 2101 unsigned char key[16]; 2102 unsigned char buf[8], digest[8]; 2103 unsigned char expected[8] = { 2104 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 2105 }; 2106 EVP_PKEY *pkey = NULL; 2107 EVP_MD_CTX *mdctx = NULL; 2108 EVP_PKEY_CTX *ctx = NULL; 2109 int ret = 0; 2110 size_t len = 8; 2111 2112 if (nullprov != NULL) 2113 return TEST_skip("Test does not support a non-default library context"); 2114 2115 memset(buf, 0, 8); 2116 memset(key, 1, 16); 2117 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 2118 key, 16))) 2119 goto out; 2120 2121 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 2122 goto out; 2123 2124 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 2125 goto out; 2126 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 2127 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 2128 8, NULL), 2129 1)) 2130 goto out; 2131 /* reinitialize */ 2132 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 2133 goto out; 2134 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 2135 goto out; 2136 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 2137 goto out; 2138 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 2139 goto out; 2140 2141 ret = 1; 2142 out: 2143 EVP_PKEY_free(pkey); 2144 EVP_MD_CTX_free(mdctx); 2145 return ret; 2146 } 2147 #endif 2148 2149 /* 2150 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 2151 */ 2152 static int test_EVP_Digest(void) 2153 { 2154 int ret = 0; 2155 EVP_MD_CTX *md_ctx = NULL; 2156 unsigned char md[EVP_MAX_MD_SIZE]; 2157 EVP_MD *sha256 = NULL; 2158 EVP_MD *shake256 = NULL; 2159 2160 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2161 goto out; 2162 2163 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 2164 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 2165 goto out; 2166 2167 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2168 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2169 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 2170 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 2171 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 2172 goto out; 2173 2174 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2175 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2176 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 2177 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 2178 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2179 /* 2180 * EVP_DigestInit_ex with NULL type should work on 2181 * pre-initialized context. 2182 */ 2183 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2184 goto out; 2185 2186 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 2187 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2188 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 2189 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 2190 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2191 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2192 goto out; 2193 ret = 1; 2194 2195 out: 2196 EVP_MD_CTX_free(md_ctx); 2197 EVP_MD_free(sha256); 2198 EVP_MD_free(shake256); 2199 return ret; 2200 } 2201 2202 static int test_EVP_md_null(void) 2203 { 2204 int ret = 0; 2205 EVP_MD_CTX *md_ctx = NULL; 2206 const EVP_MD *md_null = EVP_md_null(); 2207 unsigned char md_value[EVP_MAX_MD_SIZE]; 2208 unsigned int md_len = sizeof(md_value); 2209 2210 if (nullprov != NULL) 2211 return TEST_skip("Test does not support a non-default library context"); 2212 2213 if (!TEST_ptr(md_null) 2214 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2215 goto out; 2216 2217 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 2218 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 2219 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 2220 goto out; 2221 2222 if (!TEST_uint_eq(md_len, 0)) 2223 goto out; 2224 2225 ret = 1; 2226 out: 2227 EVP_MD_CTX_free(md_ctx); 2228 return ret; 2229 } 2230 2231 static int test_d2i_AutoPrivateKey(int i) 2232 { 2233 int ret = 0; 2234 const unsigned char *p; 2235 EVP_PKEY *pkey = NULL; 2236 const APK_DATA *ak = &keydata[i]; 2237 const unsigned char *input = ak->kder; 2238 size_t input_len = ak->size; 2239 int expected_id = ak->evptype; 2240 2241 p = input; 2242 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 2243 || !TEST_ptr_eq(p, input + input_len) 2244 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2245 goto done; 2246 2247 ret = 1; 2248 2249 done: 2250 EVP_PKEY_free(pkey); 2251 return ret; 2252 } 2253 2254 #ifndef OPENSSL_NO_EC 2255 2256 static const unsigned char ec_public_sect163k1_validxy[] = { 2257 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2258 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2259 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2260 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 2261 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2262 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2263 }; 2264 2265 static const unsigned char ec_public_sect163k1_badx[] = { 2266 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2267 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2268 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2269 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 2270 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2271 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2272 }; 2273 2274 static const unsigned char ec_public_sect163k1_bady[] = { 2275 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2276 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2277 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2278 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 2279 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2280 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 2281 }; 2282 2283 static struct ec_der_pub_keys_st { 2284 const unsigned char *der; 2285 size_t len; 2286 int valid; 2287 } ec_der_pub_keys[] = { 2288 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 2289 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 2290 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 2291 }; 2292 2293 /* 2294 * Tests the range of the decoded EC char2 public point. 2295 * See ec_GF2m_simple_oct2point(). 2296 */ 2297 static int test_invalide_ec_char2_pub_range_decode(int id) 2298 { 2299 int ret = 0; 2300 EVP_PKEY *pkey; 2301 2302 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 2303 ec_der_pub_keys[id].len); 2304 2305 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 2306 || TEST_ptr_null(pkey); 2307 EVP_PKEY_free(pkey); 2308 return ret; 2309 } 2310 2311 static int test_EVP_PKCS82PKEY(void) 2312 { 2313 int ret = 0; 2314 const unsigned char *derp = kExampleBadECKeyDER; 2315 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2316 EVP_PKEY *pkey = NULL; 2317 2318 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 2319 sizeof(kExampleBadECKeyDER)))) 2320 goto done; 2321 2322 if (!TEST_ptr_eq(derp, 2323 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 2324 goto done; 2325 2326 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 2327 goto done; 2328 2329 ret = 1; 2330 2331 done: 2332 PKCS8_PRIV_KEY_INFO_free(p8inf); 2333 EVP_PKEY_free(pkey); 2334 2335 return ret; 2336 } 2337 2338 #endif 2339 2340 static int test_EVP_PKCS82PKEY_v2(int i) 2341 { 2342 int ret = 0; 2343 const unsigned char *p; 2344 const APK_DATA *ak = &keydata_v2[i]; 2345 const unsigned char *input = ak->kder; 2346 size_t input_len = ak->size; 2347 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2348 2349 /* Can we parse PKCS#8 v2, ignoring the public key for now? */ 2350 p = input; 2351 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); 2352 if (!TEST_ptr(p8inf) 2353 || !TEST_true(p == input + input_len)) 2354 goto done; 2355 2356 ret = 1; 2357 done: 2358 PKCS8_PRIV_KEY_INFO_free(p8inf); 2359 return ret; 2360 } 2361 2362 /* Tests loading a bad key in PKCS8 format */ 2363 static int test_EVP_PKCS82PKEY_wrong_tag(void) 2364 { 2365 EVP_PKEY *pkey = NULL; 2366 EVP_PKEY *pkey2 = NULL; 2367 BIO *membio = NULL; 2368 char *membuf = NULL; 2369 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2370 int ok = 0; 2371 2372 if (testctx != NULL) 2373 /* test not supported with non-default context */ 2374 return 1; 2375 2376 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2377 || !TEST_ptr(pkey = load_example_rsa_key()) 2378 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2379 NULL, 0, NULL, NULL), 2380 0) 2381 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 2382 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 2383 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 2384 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 2385 goto done; 2386 } 2387 2388 ok = 1; 2389 done: 2390 EVP_PKEY_free(pkey); 2391 EVP_PKEY_free(pkey2); 2392 PKCS8_PRIV_KEY_INFO_free(p8inf); 2393 BIO_free_all(membio); 2394 return ok; 2395 } 2396 2397 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 2398 static int test_privatekey_to_pkcs8(void) 2399 { 2400 EVP_PKEY *pkey = NULL; 2401 BIO *membio = NULL; 2402 char *membuf = NULL; 2403 long membuf_len = 0; 2404 int ok = 0; 2405 2406 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2407 || !TEST_ptr(pkey = load_example_rsa_key()) 2408 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2409 NULL, 0, NULL, NULL), 2410 0) 2411 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 2412 || !TEST_ptr(membuf) 2413 || !TEST_mem_eq(membuf, (size_t)membuf_len, 2414 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 2415 /* 2416 * We try to write PEM as well, just to see that it doesn't err, but 2417 * assume that the result is correct. 2418 */ 2419 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 2420 NULL, 0, NULL, NULL), 2421 0)) 2422 goto done; 2423 2424 ok = 1; 2425 done: 2426 EVP_PKEY_free(pkey); 2427 BIO_free_all(membio); 2428 return ok; 2429 } 2430 2431 #ifndef OPENSSL_NO_EC 2432 static const struct { 2433 int encoding; 2434 const char *encoding_name; 2435 } ec_encodings[] = { 2436 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 2437 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 2438 }; 2439 2440 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 2441 { 2442 const OSSL_PARAM *p; 2443 const char *enc_name = NULL; 2444 int *enc = arg; 2445 size_t i; 2446 2447 *enc = -1; 2448 2449 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 2450 OSSL_PKEY_PARAM_EC_ENCODING)) 2451 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 2452 return 0; 2453 2454 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 2455 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 2456 *enc = ec_encodings[i].encoding; 2457 break; 2458 } 2459 } 2460 2461 return (*enc != -1); 2462 } 2463 2464 static int test_EC_keygen_with_enc(int idx) 2465 { 2466 EVP_PKEY *params = NULL, *key = NULL; 2467 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 2468 int enc; 2469 int ret = 0; 2470 2471 enc = ec_encodings[idx].encoding; 2472 2473 /* Create key parameters */ 2474 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 2475 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 2476 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 2477 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 2478 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 2479 || !TEST_ptr(params)) 2480 goto done; 2481 2482 /* Create key */ 2483 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 2484 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2485 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 2486 || !TEST_ptr(key)) 2487 goto done; 2488 2489 /* Check that the encoding got all the way into the key */ 2490 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 2491 ec_export_get_encoding_cb, &enc)) 2492 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 2493 goto done; 2494 2495 ret = 1; 2496 done: 2497 EVP_PKEY_free(key); 2498 EVP_PKEY_free(params); 2499 EVP_PKEY_CTX_free(kctx); 2500 EVP_PKEY_CTX_free(pctx); 2501 return ret; 2502 } 2503 #endif 2504 2505 #if !defined(OPENSSL_NO_SM2) 2506 2507 static int test_EVP_SM2_verify(void) 2508 { 2509 const char *pubkey = "-----BEGIN PUBLIC KEY-----\n" 2510 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 2511 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 2512 "-----END PUBLIC KEY-----\n"; 2513 2514 const char *msg = "message digest"; 2515 const char *id = "ALICE123@YAHOO.COM"; 2516 2517 const uint8_t signature[] = { 2518 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 2519 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 2520 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 2521 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 2522 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 2523 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 2524 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 2525 }; 2526 2527 int rc = 0; 2528 BIO *bio = NULL; 2529 EVP_PKEY *pkey = NULL; 2530 EVP_MD_CTX *mctx = NULL; 2531 EVP_PKEY_CTX *pctx = NULL; 2532 EVP_MD *sm3 = NULL; 2533 2534 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 2535 if (!TEST_true(bio != NULL)) 2536 goto done; 2537 2538 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 2539 if (!TEST_true(pkey != NULL)) 2540 goto done; 2541 2542 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 2543 goto done; 2544 2545 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 2546 goto done; 2547 2548 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2549 goto done; 2550 2551 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 2552 2553 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 2554 goto done; 2555 2556 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 2557 goto done; 2558 2559 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 2560 goto done; 2561 2562 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2563 goto done; 2564 2565 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2566 goto done; 2567 rc = 1; 2568 2569 done: 2570 BIO_free(bio); 2571 EVP_PKEY_free(pkey); 2572 EVP_PKEY_CTX_free(pctx); 2573 EVP_MD_CTX_free(mctx); 2574 EVP_MD_free(sm3); 2575 return rc; 2576 } 2577 2578 static int test_EVP_SM2(void) 2579 { 2580 int ret = 0; 2581 EVP_PKEY *pkey = NULL; 2582 EVP_PKEY *pkeyparams = NULL; 2583 EVP_PKEY_CTX *pctx = NULL; 2584 EVP_PKEY_CTX *kctx = NULL; 2585 EVP_PKEY_CTX *sctx = NULL; 2586 size_t sig_len = 0; 2587 unsigned char *sig = NULL; 2588 EVP_MD_CTX *md_ctx = NULL; 2589 EVP_MD_CTX *md_ctx_verify = NULL; 2590 EVP_PKEY_CTX *cctx = NULL; 2591 EVP_MD *check_md = NULL; 2592 2593 uint8_t ciphertext[128]; 2594 size_t ctext_len = sizeof(ciphertext); 2595 2596 uint8_t plaintext[8]; 2597 size_t ptext_len = sizeof(plaintext); 2598 2599 uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; 2600 2601 OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2602 OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2603 int i; 2604 char mdname[OSSL_MAX_NAME_SIZE]; 2605 2606 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2607 "SM2", testpropq))) 2608 goto done; 2609 2610 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2611 goto done; 2612 2613 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2614 goto done; 2615 2616 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2617 goto done; 2618 2619 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2620 pkeyparams, testpropq))) 2621 goto done; 2622 2623 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2624 goto done; 2625 2626 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2627 goto done; 2628 2629 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2630 goto done; 2631 2632 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2633 goto done; 2634 2635 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2636 goto done; 2637 2638 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2639 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2640 2641 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2642 goto done; 2643 2644 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2645 goto done; 2646 2647 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2648 goto done; 2649 2650 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2651 goto done; 2652 2653 /* Determine the size of the signature. */ 2654 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2655 goto done; 2656 2657 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2658 goto done; 2659 2660 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2661 goto done; 2662 2663 /* Ensure that the signature round-trips. */ 2664 2665 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2666 pkey))) 2667 goto done; 2668 2669 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2670 goto done; 2671 2672 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2673 goto done; 2674 2675 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2676 goto done; 2677 2678 /* 2679 * Try verify again with non-matching 0 length id but ensure that it can 2680 * be set on the context and overrides the previous value. 2681 */ 2682 2683 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2684 pkey))) 2685 goto done; 2686 2687 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2688 goto done; 2689 2690 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2691 goto done; 2692 2693 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2694 goto done; 2695 2696 /* now check encryption/decryption */ 2697 2698 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2699 mdname, sizeof(mdname)); 2700 for (i = 0; i < 2; i++) { 2701 const char *mdnames[] = { 2702 #ifndef OPENSSL_NO_SM3 2703 "SM3", 2704 #else 2705 NULL, 2706 #endif 2707 "SHA2-256" 2708 }; 2709 EVP_PKEY_CTX_free(cctx); 2710 2711 if (mdnames[i] == NULL) 2712 continue; 2713 2714 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2715 (char *)mdnames[i], 0); 2716 2717 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2718 pkey, testpropq))) 2719 goto done; 2720 2721 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2722 goto done; 2723 2724 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2725 goto done; 2726 2727 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2728 sizeof(kMsg)))) 2729 goto done; 2730 2731 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2732 goto done; 2733 2734 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2735 goto done; 2736 2737 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2738 ctext_len), 2739 0)) 2740 goto done; 2741 2742 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2743 goto done; 2744 2745 /* 2746 * Test we're still using the digest we think we are. 2747 * Because of aliases, the easiest is to fetch the digest and 2748 * check the name with EVP_MD_is_a(). 2749 */ 2750 EVP_MD_free(check_md); 2751 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2752 goto done; 2753 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2754 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2755 goto done; 2756 } 2757 2758 if (!TEST_true(ptext_len == sizeof(kMsg))) 2759 goto done; 2760 2761 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2762 goto done; 2763 } 2764 2765 ret = 1; 2766 done: 2767 EVP_PKEY_CTX_free(pctx); 2768 EVP_PKEY_CTX_free(kctx); 2769 EVP_PKEY_CTX_free(sctx); 2770 EVP_PKEY_CTX_free(cctx); 2771 EVP_PKEY_free(pkey); 2772 EVP_PKEY_free(pkeyparams); 2773 EVP_MD_CTX_free(md_ctx); 2774 EVP_MD_CTX_free(md_ctx_verify); 2775 EVP_MD_free(check_md); 2776 OPENSSL_free(sig); 2777 return ret; 2778 } 2779 2780 #endif 2781 2782 #ifndef OPENSSL_NO_ML_KEM 2783 static const uint8_t ml_kem_seed[] = { 2784 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 2785 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, 2786 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, 2787 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 2788 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 2789 0x87, 0x2b, 0xfb, 0x8f 2790 }; 2791 static const uint8_t ml_kem_512_pubkey[] = { 2792 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 2793 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, 2794 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, 2795 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, 2796 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, 2797 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, 2798 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, 2799 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, 2800 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, 2801 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, 2802 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, 2803 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, 2804 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, 2805 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, 2806 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, 2807 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, 2808 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, 2809 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, 2810 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, 2811 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, 2812 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, 2813 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, 2814 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, 2815 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, 2816 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, 2817 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, 2818 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, 2819 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, 2820 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, 2821 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, 2822 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, 2823 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, 2824 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, 2825 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, 2826 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, 2827 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, 2828 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, 2829 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, 2830 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, 2831 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, 2832 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, 2833 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, 2834 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, 2835 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, 2836 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, 2837 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, 2838 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, 2839 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, 2840 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, 2841 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, 2842 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, 2843 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, 2844 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, 2845 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, 2846 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, 2847 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, 2848 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, 2849 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, 2850 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, 2851 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, 2852 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, 2853 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, 2854 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, 2855 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, 2856 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, 2857 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 2858 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 2859 }; 2860 static const uint8_t ml_kem_768_pubkey[] = { 2861 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 2862 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, 2863 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, 2864 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, 2865 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, 2866 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, 2867 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, 2868 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, 2869 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, 2870 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, 2871 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, 2872 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, 2873 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, 2874 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, 2875 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, 2876 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, 2877 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, 2878 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, 2879 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, 2880 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, 2881 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, 2882 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, 2883 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, 2884 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, 2885 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, 2886 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, 2887 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, 2888 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, 2889 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, 2890 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, 2891 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, 2892 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, 2893 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, 2894 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, 2895 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, 2896 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, 2897 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, 2898 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, 2899 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, 2900 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, 2901 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, 2902 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, 2903 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, 2904 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, 2905 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, 2906 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, 2907 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, 2908 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, 2909 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, 2910 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, 2911 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, 2912 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, 2913 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, 2914 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, 2915 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, 2916 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, 2917 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, 2918 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, 2919 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, 2920 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, 2921 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, 2922 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, 2923 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, 2924 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, 2925 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, 2926 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, 2927 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, 2928 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, 2929 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, 2930 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, 2931 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, 2932 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, 2933 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, 2934 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, 2935 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, 2936 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, 2937 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, 2938 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, 2939 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, 2940 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, 2941 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, 2942 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, 2943 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, 2944 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, 2945 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, 2946 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, 2947 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, 2948 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, 2949 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, 2950 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, 2951 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, 2952 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, 2953 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, 2954 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, 2955 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, 2956 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, 2957 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, 2958 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 2959 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 2960 }; 2961 static const uint8_t ml_kem_1024_pubkey[] = { 2962 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 2963 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, 2964 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, 2965 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, 2966 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, 2967 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, 2968 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, 2969 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, 2970 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, 2971 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, 2972 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, 2973 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, 2974 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, 2975 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, 2976 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, 2977 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, 2978 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, 2979 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, 2980 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, 2981 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, 2982 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, 2983 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, 2984 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, 2985 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, 2986 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, 2987 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, 2988 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, 2989 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, 2990 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, 2991 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, 2992 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, 2993 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, 2994 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, 2995 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, 2996 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, 2997 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, 2998 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, 2999 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, 3000 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, 3001 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, 3002 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, 3003 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, 3004 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, 3005 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, 3006 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, 3007 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, 3008 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, 3009 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, 3010 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, 3011 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, 3012 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, 3013 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, 3014 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, 3015 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, 3016 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, 3017 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, 3018 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, 3019 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, 3020 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, 3021 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, 3022 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, 3023 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, 3024 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, 3025 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, 3026 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, 3027 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, 3028 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, 3029 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, 3030 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, 3031 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, 3032 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, 3033 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, 3034 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, 3035 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, 3036 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, 3037 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, 3038 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, 3039 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, 3040 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, 3041 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, 3042 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, 3043 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, 3044 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, 3045 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, 3046 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, 3047 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, 3048 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, 3049 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, 3050 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, 3051 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, 3052 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, 3053 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, 3054 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, 3055 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, 3056 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, 3057 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, 3058 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, 3059 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, 3060 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, 3061 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, 3062 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, 3063 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, 3064 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, 3065 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, 3066 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, 3067 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, 3068 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, 3069 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, 3070 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, 3071 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, 3072 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, 3073 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, 3074 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, 3075 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, 3076 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, 3077 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, 3078 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, 3079 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, 3080 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, 3081 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, 3082 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, 3083 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, 3084 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, 3085 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, 3086 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, 3087 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, 3088 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, 3089 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, 3090 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, 3091 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 3092 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb 3093 }; 3094 #endif 3095 3096 static struct keys_st { 3097 int type; 3098 const uint8_t *priv; 3099 const uint8_t *pub; 3100 /* If "name" is non-NULL, create via non-legacy _ex() API */ 3101 char *name; 3102 int privlen; 3103 int publen; 3104 } keys[] = { 3105 { EVP_PKEY_HMAC, 3106 (const uint8_t *)"0123456789", 3107 NULL, 3108 NULL, 10, 0 }, 3109 { EVP_PKEY_HMAC, (const uint8_t *)"", NULL, 3110 NULL, 0, 0 3111 #ifndef OPENSSL_NO_POLY1305 3112 }, 3113 { EVP_PKEY_POLY1305, 3114 (const uint8_t *)"01234567890123456789012345678901", 3115 NULL, 3116 NULL, 32, 0 3117 #endif 3118 #ifndef OPENSSL_NO_SIPHASH 3119 }, 3120 { EVP_PKEY_SIPHASH, 3121 (const uint8_t *)"0123456789012345", 3122 NULL, 3123 NULL, 16, 0 3124 #endif 3125 }, 3126 #ifndef OPENSSL_NO_ECX 3127 { EVP_PKEY_X25519, 3128 (const uint8_t *)"01234567890123456789012345678901", 3129 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", 3130 NULL, 32, 32 }, 3131 { EVP_PKEY_ED25519, 3132 (const uint8_t *)"01234567890123456789012345678901", 3133 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", 3134 NULL, 32, 32 }, 3135 { EVP_PKEY_X448, 3136 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", 3137 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", 3138 NULL, 56, 56 }, 3139 { EVP_PKEY_ED448, 3140 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", 3141 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", 3142 NULL, 57, 57 }, 3143 #endif 3144 #ifndef OPENSSL_NO_ML_KEM 3145 { NID_undef, ml_kem_seed, ml_kem_512_pubkey, 3146 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) }, 3147 { NID_undef, ml_kem_seed, ml_kem_768_pubkey, 3148 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) }, 3149 { NID_undef, ml_kem_seed, ml_kem_1024_pubkey, 3150 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) }, 3151 #endif 3152 }; 3153 3154 #ifndef OPENSSL_NO_ML_KEM 3155 static int 3156 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, 3157 unsigned char **ret, size_t *retlen) 3158 { 3159 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3160 EVP_PKEY_CTX *ctx = NULL; 3161 EVP_PKEY *pkey = NULL; 3162 const OSSL_PARAM *p; 3163 OSSL_PARAM *params = NULL; 3164 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 3165 int ok = 0; 3166 3167 /* Import the seed to generate a key */ 3168 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); 3169 if (!TEST_ptr(ctx) 3170 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) 3171 goto done; 3172 parr[0] = OSSL_PARAM_construct_octet_string( 3173 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); 3174 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) 3175 goto done; 3176 3177 /* Export the key to get the encoded form */ 3178 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) 3179 goto done; 3180 3181 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 3182 if (!TEST_ptr(p) 3183 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) 3184 goto done; 3185 ok = 1; 3186 3187 done: 3188 EVP_PKEY_free(pkey); 3189 OSSL_PARAM_free(params); 3190 EVP_PKEY_CTX_free(ctx); 3191 return ok; 3192 } 3193 #endif 3194 3195 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 3196 { 3197 int ret = 0; 3198 uint8_t *buf = NULL; 3199 const uint8_t *in; 3200 uint8_t shortbuf[1]; 3201 size_t inlen, len = 0, shortlen = sizeof(shortbuf); 3202 EVP_PKEY *pkey = NULL; 3203 unsigned char *privalloc = NULL; 3204 const char *name; 3205 3206 /* Check if this algorithm supports public keys */ 3207 if (pub && keys[tst].pub == NULL) 3208 return 1; 3209 3210 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); 3211 3212 if (pub) { 3213 #ifndef OPENSSL_NO_EC 3214 inlen = keys[tst].publen; 3215 in = keys[tst].pub; 3216 if (uselibctx || keys[tst].name != NULL) { 3217 pkey = EVP_PKEY_new_raw_public_key_ex( 3218 testctx, 3219 name, 3220 NULL, 3221 in, 3222 inlen); 3223 } else { 3224 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 3225 NULL, 3226 in, 3227 inlen); 3228 } 3229 #else 3230 return 1; 3231 #endif 3232 } else { 3233 inlen = keys[tst].privlen; 3234 in = keys[tst].priv; 3235 #ifndef OPENSSL_NO_ML_KEM 3236 if (in == ml_kem_seed) { 3237 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, 3238 &privalloc, &inlen))) 3239 goto done; 3240 in = privalloc; 3241 } 3242 #endif 3243 if (uselibctx || keys[tst].name != NULL) { 3244 pkey = EVP_PKEY_new_raw_private_key_ex( 3245 testctx, 3246 name, 3247 NULL, 3248 in, 3249 inlen); 3250 } else { 3251 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 3252 NULL, 3253 in, 3254 inlen); 3255 } 3256 } 3257 3258 if (!TEST_ptr(pkey) 3259 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 3260 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 3261 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 3262 || !TEST_true(len == inlen)) 3263 goto done; 3264 if (tst != 1) { 3265 /* 3266 * Test that supplying a buffer that is too small fails. Doesn't apply 3267 * to HMAC with a zero length key 3268 */ 3269 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen))) 3270 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen)))) 3271 goto done; 3272 } 3273 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) 3274 goto done; 3275 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 3276 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 3277 || !TEST_mem_eq(in, inlen, buf, len)) 3278 goto done; 3279 3280 ret = 1; 3281 done: 3282 OPENSSL_free(privalloc); 3283 OPENSSL_free(buf); 3284 EVP_PKEY_free(pkey); 3285 return ret; 3286 } 3287 3288 static int test_set_get_raw_keys(int tst) 3289 { 3290 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 3291 && test_set_get_raw_keys_int(tst, 0, 1) 3292 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 3293 && test_set_get_raw_keys_int(tst, 1, 1); 3294 } 3295 3296 #ifndef OPENSSL_NO_DEPRECATED_3_0 3297 static int pkey_custom_check(EVP_PKEY *pkey) 3298 { 3299 return 0xbeef; 3300 } 3301 3302 static int pkey_custom_pub_check(EVP_PKEY *pkey) 3303 { 3304 return 0xbeef; 3305 } 3306 3307 static int pkey_custom_param_check(EVP_PKEY *pkey) 3308 { 3309 return 0xbeef; 3310 } 3311 3312 static EVP_PKEY_METHOD *custom_pmeth; 3313 #endif 3314 3315 static int test_EVP_PKEY_check(int i) 3316 { 3317 int ret = 0; 3318 EVP_PKEY *pkey = NULL; 3319 EVP_PKEY_CTX *ctx = NULL; 3320 #ifndef OPENSSL_NO_DEPRECATED_3_0 3321 EVP_PKEY_CTX *ctx2 = NULL; 3322 #endif 3323 const APK_DATA *ak = &keycheckdata[i]; 3324 const unsigned char *input = ak->kder; 3325 size_t input_len = ak->size; 3326 int expected_id = ak->evptype; 3327 int expected_check = ak->check; 3328 int expected_pub_check = ak->pub_check; 3329 int expected_param_check = ak->param_check; 3330 int type = ak->type; 3331 3332 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 3333 goto done; 3334 if (type == 0 3335 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 3336 goto done; 3337 3338 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 3339 goto done; 3340 3341 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 3342 goto done; 3343 3344 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 3345 goto done; 3346 3347 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 3348 goto done; 3349 3350 #ifndef OPENSSL_NO_DEPRECATED_3_0 3351 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 3352 /* assign the pkey directly, as an internal test */ 3353 if (!EVP_PKEY_up_ref(pkey)) 3354 goto done; 3355 3356 ctx2->pkey = pkey; 3357 3358 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 3359 goto done; 3360 3361 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 3362 goto done; 3363 3364 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 3365 goto done; 3366 #endif 3367 3368 ret = 1; 3369 3370 done: 3371 EVP_PKEY_CTX_free(ctx); 3372 #ifndef OPENSSL_NO_DEPRECATED_3_0 3373 EVP_PKEY_CTX_free(ctx2); 3374 #endif 3375 EVP_PKEY_free(pkey); 3376 return ret; 3377 } 3378 3379 #ifndef OPENSSL_NO_CMAC 3380 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 3381 { 3382 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 3383 const char msg[] = "Hello World"; 3384 size_t maclen = AES_BLOCK_SIZE; 3385 int ret = 1; 3386 3387 if (!TEST_ptr(mdctx) 3388 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 3389 testpropq, pkey, NULL)) 3390 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 3391 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 3392 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 3393 ret = 0; 3394 3395 EVP_MD_CTX_free(mdctx); 3396 3397 return ret; 3398 } 3399 static int test_CMAC_keygen(void) 3400 { 3401 static unsigned char key[] = { 3402 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3403 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3404 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 3405 }; 3406 EVP_PKEY_CTX *kctx = NULL; 3407 int ret = 0; 3408 EVP_PKEY *pkey = NULL; 3409 unsigned char mac[AES_BLOCK_SIZE]; 3410 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3411 unsigned char mac2[AES_BLOCK_SIZE]; 3412 #endif 3413 3414 if (nullprov != NULL) 3415 return TEST_skip("Test does not support a non-default library context"); 3416 3417 /* 3418 * This is a legacy method for CMACs, but should still work. 3419 * This verifies that it works without an ENGINE. 3420 */ 3421 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 3422 3423 /* Test a CMAC key created using the "generated" method */ 3424 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 3425 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3426 EVP_PKEY_CTRL_CIPHER, 3427 0, (void *)EVP_aes_256_cbc()), 3428 0) 3429 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3430 EVP_PKEY_CTRL_SET_MAC_KEY, 3431 sizeof(key), (void *)key), 3432 0) 3433 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 3434 || !TEST_ptr(pkey) 3435 || !TEST_true(get_cmac_val(pkey, mac))) 3436 goto done; 3437 3438 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3439 EVP_PKEY_free(pkey); 3440 3441 /* 3442 * Test a CMAC key using the direct method, and compare with the mac 3443 * created above. 3444 */ 3445 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); 3446 if (!TEST_ptr(pkey) 3447 || !TEST_true(get_cmac_val(pkey, mac2)) 3448 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 3449 goto done; 3450 #endif 3451 3452 ret = 1; 3453 3454 done: 3455 EVP_PKEY_free(pkey); 3456 EVP_PKEY_CTX_free(kctx); 3457 return ret; 3458 } 3459 #endif 3460 3461 static int test_HKDF(void) 3462 { 3463 EVP_PKEY_CTX *pctx; 3464 unsigned char out[20]; 3465 size_t outlen; 3466 int i, ret = 0; 3467 unsigned char salt[] = "0123456789"; 3468 unsigned char key[] = "012345678901234567890123456789"; 3469 unsigned char info[] = "infostring"; 3470 const unsigned char expected[] = { 3471 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 3472 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 3473 }; 3474 size_t expectedlen = sizeof(expected); 3475 3476 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3477 goto done; 3478 3479 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 3480 for (i = 0; i < 2; i++) { 3481 outlen = sizeof(out); 3482 memset(out, 0, outlen); 3483 3484 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3485 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3486 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3487 sizeof(salt) - 1), 3488 0) 3489 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3490 sizeof(key) - 1), 3491 0) 3492 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3493 sizeof(info) - 1), 3494 0) 3495 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3496 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3497 goto done; 3498 } 3499 3500 ret = 1; 3501 3502 done: 3503 EVP_PKEY_CTX_free(pctx); 3504 3505 return ret; 3506 } 3507 3508 static int test_emptyikm_HKDF(void) 3509 { 3510 EVP_PKEY_CTX *pctx; 3511 unsigned char out[20]; 3512 size_t outlen; 3513 int ret = 0; 3514 unsigned char salt[] = "9876543210"; 3515 unsigned char key[] = ""; 3516 unsigned char info[] = "stringinfo"; 3517 const unsigned char expected[] = { 3518 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 3519 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 3520 }; 3521 size_t expectedlen = sizeof(expected); 3522 3523 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3524 goto done; 3525 3526 outlen = sizeof(out); 3527 memset(out, 0, outlen); 3528 3529 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3530 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3531 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3532 sizeof(salt) - 1), 3533 0) 3534 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3535 sizeof(key) - 1), 3536 0) 3537 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3538 sizeof(info) - 1), 3539 0) 3540 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3541 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3542 goto done; 3543 3544 ret = 1; 3545 3546 done: 3547 EVP_PKEY_CTX_free(pctx); 3548 3549 return ret; 3550 } 3551 3552 static int test_empty_salt_info_HKDF(void) 3553 { 3554 EVP_PKEY_CTX *pctx; 3555 unsigned char out[20]; 3556 size_t outlen; 3557 int ret = 0; 3558 unsigned char salt[] = ""; 3559 unsigned char fake[] = "0123456789"; 3560 unsigned char key[] = "012345678901234567890123456789"; 3561 unsigned char info[] = ""; 3562 const unsigned char expected[] = { 3563 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 3564 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06 3565 }; 3566 size_t expectedlen = sizeof(expected); 3567 3568 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3569 goto done; 3570 3571 outlen = sizeof(out); 3572 memset(out, 0, outlen); 3573 3574 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3575 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3576 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, 3577 sizeof(fake) - 1), 3578 0) 3579 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3580 sizeof(salt) - 1), 3581 0) 3582 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3583 sizeof(key) - 1), 3584 0) 3585 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3586 sizeof(info) - 1), 3587 0) 3588 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3589 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3590 goto done; 3591 3592 ret = 1; 3593 3594 done: 3595 EVP_PKEY_CTX_free(pctx); 3596 3597 return ret; 3598 } 3599 3600 #ifndef OPENSSL_NO_EC 3601 static int test_X509_PUBKEY_inplace(void) 3602 { 3603 int ret = 0; 3604 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 3605 const unsigned char *p = kExampleECPubKeyDER; 3606 size_t input_len = sizeof(kExampleECPubKeyDER); 3607 3608 if (!TEST_ptr(xp)) 3609 goto done; 3610 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 3611 goto done; 3612 3613 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 3614 goto done; 3615 3616 p = kExampleBadECPubKeyDER; 3617 input_len = sizeof(kExampleBadECPubKeyDER); 3618 3619 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 3620 goto done; 3621 3622 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 3623 goto done; 3624 3625 ret = 1; 3626 3627 done: 3628 X509_PUBKEY_free(xp); 3629 return ret; 3630 } 3631 3632 static int test_X509_PUBKEY_dup(void) 3633 { 3634 int ret = 0; 3635 X509_PUBKEY *xp = NULL, *xq = NULL; 3636 const unsigned char *p = kExampleECPubKeyDER; 3637 size_t input_len = sizeof(kExampleECPubKeyDER); 3638 3639 xp = X509_PUBKEY_new_ex(testctx, testpropq); 3640 if (!TEST_ptr(xp) 3641 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 3642 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 3643 || !TEST_ptr_ne(xp, xq)) 3644 goto done; 3645 3646 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 3647 || !TEST_ptr(X509_PUBKEY_get0(xp)) 3648 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 3649 goto done; 3650 3651 X509_PUBKEY_free(xq); 3652 xq = NULL; 3653 p = kExampleBadECPubKeyDER; 3654 input_len = sizeof(kExampleBadECPubKeyDER); 3655 3656 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 3657 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 3658 goto done; 3659 3660 X509_PUBKEY_free(xp); 3661 xp = NULL; 3662 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 3663 goto done; 3664 3665 ret = 1; 3666 3667 done: 3668 X509_PUBKEY_free(xp); 3669 X509_PUBKEY_free(xq); 3670 return ret; 3671 } 3672 #endif /* OPENSSL_NO_EC */ 3673 3674 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 3675 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 3676 { 3677 EVP_MD_CTX *mdctx = NULL; 3678 EVP_PKEY_CTX *ctx = NULL; 3679 const OSSL_PARAM *params; 3680 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 3681 int ret = 0; 3682 const EVP_MD *md; 3683 char mdname[OSSL_MAX_NAME_SIZE]; 3684 char ssl3ms[48]; 3685 3686 /* Initialise a sign operation */ 3687 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 3688 if (!TEST_ptr(ctx) 3689 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 3690 goto err; 3691 3692 /* 3693 * We should be able to query the parameters now. 3694 */ 3695 params = EVP_PKEY_CTX_settable_params(ctx); 3696 if (!TEST_ptr(params) 3697 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3698 OSSL_SIGNATURE_PARAM_DIGEST))) 3699 goto err; 3700 3701 params = EVP_PKEY_CTX_gettable_params(ctx); 3702 if (!TEST_ptr(params) 3703 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3704 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 3705 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3706 OSSL_SIGNATURE_PARAM_DIGEST))) 3707 goto err; 3708 3709 /* 3710 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 3711 * EVP_PKEY_CTX_get_params() 3712 */ 3713 strcpy(mdname, "SHA512"); 3714 param_md = param; 3715 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3716 mdname, 0); 3717 *param++ = OSSL_PARAM_construct_end(); 3718 3719 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 3720 goto err; 3721 3722 mdname[0] = '\0'; 3723 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3724 mdname, sizeof(mdname)); 3725 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 3726 || !TEST_str_eq(mdname, "SHA512")) 3727 goto err; 3728 3729 /* 3730 * Test the TEST_PKEY_CTX_set_signature_md() and 3731 * TEST_PKEY_CTX_get_signature_md() functions 3732 */ 3733 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 3734 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 3735 || !TEST_ptr_eq(md, EVP_sha256())) 3736 goto err; 3737 3738 /* 3739 * Test getting MD parameters via an associated EVP_PKEY_CTX 3740 */ 3741 mdctx = EVP_MD_CTX_new(); 3742 if (!TEST_ptr(mdctx) 3743 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 3744 pkey, NULL))) 3745 goto err; 3746 3747 /* 3748 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 3749 * able to obtain the digest's settable parameters from the provider. 3750 */ 3751 params = EVP_MD_CTX_settable_params(mdctx); 3752 if (!TEST_ptr(params) 3753 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 3754 /* The final key should be NULL */ 3755 || !TEST_ptr_null(params[1].key)) 3756 goto err; 3757 3758 param = ourparams; 3759 memset(ssl3ms, 0, sizeof(ssl3ms)); 3760 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 3761 ssl3ms, sizeof(ssl3ms)); 3762 *param++ = OSSL_PARAM_construct_end(); 3763 3764 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 3765 goto err; 3766 3767 ret = 1; 3768 3769 err: 3770 EVP_MD_CTX_free(mdctx); 3771 EVP_PKEY_CTX_free(ctx); 3772 3773 return ret; 3774 } 3775 3776 #ifndef OPENSSL_NO_DSA 3777 static int test_DSA_get_set_params(void) 3778 { 3779 OSSL_PARAM_BLD *bld = NULL; 3780 OSSL_PARAM *params = NULL; 3781 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 3782 EVP_PKEY_CTX *pctx = NULL; 3783 EVP_PKEY *pkey = NULL; 3784 int ret = 0; 3785 3786 /* 3787 * Setup the parameters for our DSA object. For our purposes they don't 3788 * have to actually be *valid* parameters. We just need to set something. 3789 */ 3790 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 3791 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3792 || !TEST_ptr(p = BN_new()) 3793 || !TEST_ptr(q = BN_new()) 3794 || !TEST_ptr(g = BN_new()) 3795 || !TEST_ptr(pub = BN_new()) 3796 || !TEST_ptr(priv = BN_new())) 3797 goto err; 3798 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 3799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 3800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 3801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 3802 pub)) 3803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 3804 priv))) 3805 goto err; 3806 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3807 goto err; 3808 3809 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3810 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3811 params), 3812 0)) 3813 goto err; 3814 3815 if (!TEST_ptr(pkey)) 3816 goto err; 3817 3818 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3819 3820 err: 3821 EVP_PKEY_free(pkey); 3822 EVP_PKEY_CTX_free(pctx); 3823 OSSL_PARAM_free(params); 3824 OSSL_PARAM_BLD_free(bld); 3825 BN_free(p); 3826 BN_free(q); 3827 BN_free(g); 3828 BN_free(pub); 3829 BN_free(priv); 3830 3831 return ret; 3832 } 3833 3834 /* 3835 * Test combinations of private, public, missing and private + public key 3836 * params to ensure they are all accepted 3837 */ 3838 static int test_DSA_priv_pub(void) 3839 { 3840 return test_EVP_PKEY_ffc_priv_pub("DSA"); 3841 } 3842 3843 #endif /* !OPENSSL_NO_DSA */ 3844 3845 static int test_RSA_get_set_params(void) 3846 { 3847 OSSL_PARAM_BLD *bld = NULL; 3848 OSSL_PARAM *params = NULL; 3849 BIGNUM *n = NULL, *e = NULL, *d = NULL; 3850 EVP_PKEY_CTX *pctx = NULL; 3851 EVP_PKEY *pkey = NULL; 3852 int ret = 0; 3853 3854 /* 3855 * Setup the parameters for our RSA object. For our purposes they don't 3856 * have to actually be *valid* parameters. We just need to set something. 3857 */ 3858 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 3859 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3860 || !TEST_ptr(n = BN_new()) 3861 || !TEST_ptr(e = BN_new()) 3862 || !TEST_ptr(d = BN_new())) 3863 goto err; 3864 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 3865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 3866 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 3867 goto err; 3868 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3869 goto err; 3870 3871 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3872 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3873 params), 3874 0)) 3875 goto err; 3876 3877 if (!TEST_ptr(pkey)) 3878 goto err; 3879 3880 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3881 3882 err: 3883 EVP_PKEY_free(pkey); 3884 EVP_PKEY_CTX_free(pctx); 3885 OSSL_PARAM_free(params); 3886 OSSL_PARAM_BLD_free(bld); 3887 BN_free(n); 3888 BN_free(e); 3889 BN_free(d); 3890 3891 return ret; 3892 } 3893 3894 static int test_RSA_OAEP_set_get_params(void) 3895 { 3896 int ret = 0; 3897 EVP_PKEY *key = NULL; 3898 EVP_PKEY_CTX *key_ctx = NULL; 3899 3900 if (nullprov != NULL) 3901 return TEST_skip("Test does not support a non-default library context"); 3902 3903 if (!TEST_ptr(key = load_example_rsa_key()) 3904 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 3905 goto err; 3906 3907 { 3908 int padding = RSA_PKCS1_OAEP_PADDING; 3909 OSSL_PARAM params[4]; 3910 3911 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 3912 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3913 OSSL_DIGEST_NAME_SHA2_256, 0); 3914 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3915 OSSL_DIGEST_NAME_SHA1, 0); 3916 params[3] = OSSL_PARAM_construct_end(); 3917 3918 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0)) 3919 goto err; 3920 } 3921 { 3922 OSSL_PARAM params[3]; 3923 char oaepmd[30] = { '\0' }; 3924 char mgf1md[30] = { '\0' }; 3925 3926 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3927 oaepmd, sizeof(oaepmd)); 3928 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3929 mgf1md, sizeof(mgf1md)); 3930 params[2] = OSSL_PARAM_construct_end(); 3931 3932 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 3933 goto err; 3934 3935 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 3936 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 3937 goto err; 3938 } 3939 3940 ret = 1; 3941 3942 err: 3943 EVP_PKEY_free(key); 3944 EVP_PKEY_CTX_free(key_ctx); 3945 3946 return ret; 3947 } 3948 3949 /* https://github.com/openssl/openssl/issues/21288 */ 3950 static int test_RSA_OAEP_set_null_label(void) 3951 { 3952 int ret = 0; 3953 EVP_PKEY *key = NULL; 3954 EVP_PKEY_CTX *key_ctx = NULL; 3955 3956 if (!TEST_ptr(key = load_example_rsa_key()) 3957 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 3958 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 3959 goto err; 3960 3961 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 3962 goto err; 3963 3964 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 3965 goto err; 3966 3967 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 3968 goto err; 3969 3970 ret = 1; 3971 3972 err: 3973 EVP_PKEY_free(key); 3974 EVP_PKEY_CTX_free(key_ctx); 3975 3976 return ret; 3977 } 3978 3979 static int test_RSA_encrypt(void) 3980 { 3981 int ret = 0; 3982 EVP_PKEY *pkey = NULL; 3983 EVP_PKEY_CTX *pctx = NULL; 3984 unsigned char *cbuf = NULL, *pbuf = NULL; 3985 size_t clen = 0, plen = 0; 3986 3987 if (!TEST_ptr(pkey = load_example_rsa_key()) 3988 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, 3989 pkey, testpropq)) 3990 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) 3991 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) 3992 || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) 3993 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) 3994 goto done; 3995 3996 /* Require failure when the output buffer is too small */ 3997 plen = clen - 1; 3998 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) 3999 goto done; 4000 /* flush error stack */ 4001 TEST_openssl_errors(); 4002 4003 /* Check decryption of encrypted result */ 4004 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) 4005 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 4006 || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) 4007 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 4008 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) 4009 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) 4010 goto done; 4011 4012 ret = 1; 4013 done: 4014 EVP_PKEY_CTX_free(pctx); 4015 EVP_PKEY_free(pkey); 4016 OPENSSL_free(cbuf); 4017 OPENSSL_free(pbuf); 4018 return ret; 4019 } 4020 4021 #ifndef OPENSSL_NO_DEPRECATED_3_0 4022 static int test_RSA_legacy(void) 4023 { 4024 int ret = 0; 4025 BIGNUM *p = NULL; 4026 BIGNUM *q = NULL; 4027 BIGNUM *n = NULL; 4028 BIGNUM *e = NULL; 4029 BIGNUM *d = NULL; 4030 const EVP_MD *md = EVP_sha256(); 4031 EVP_MD_CTX *ctx = NULL; 4032 EVP_PKEY *pkey = NULL; 4033 RSA *rsa = NULL; 4034 4035 if (nullprov != NULL) 4036 return TEST_skip("Test does not support a non-default library context"); 4037 4038 if (!TEST_ptr(p = BN_dup(BN_value_one())) 4039 || !TEST_ptr(q = BN_dup(BN_value_one())) 4040 || !TEST_ptr(n = BN_dup(BN_value_one())) 4041 || !TEST_ptr(e = BN_dup(BN_value_one())) 4042 || !TEST_ptr(d = BN_dup(BN_value_one()))) 4043 goto err; 4044 4045 if (!TEST_ptr(rsa = RSA_new()) 4046 || !TEST_ptr(pkey = EVP_PKEY_new()) 4047 || !TEST_ptr(ctx = EVP_MD_CTX_new())) 4048 goto err; 4049 4050 if (!TEST_true(RSA_set0_factors(rsa, p, q))) 4051 goto err; 4052 p = NULL; 4053 q = NULL; 4054 4055 if (!TEST_true(RSA_set0_key(rsa, n, e, d))) 4056 goto err; 4057 n = NULL; 4058 e = NULL; 4059 d = NULL; 4060 4061 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) 4062 goto err; 4063 4064 rsa = NULL; 4065 4066 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 4067 goto err; 4068 4069 ret = 1; 4070 4071 err: 4072 RSA_free(rsa); 4073 EVP_MD_CTX_free(ctx); 4074 EVP_PKEY_free(pkey); 4075 BN_free(p); 4076 BN_free(q); 4077 BN_free(n); 4078 BN_free(e); 4079 BN_free(d); 4080 4081 return ret; 4082 } 4083 #endif 4084 4085 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4086 static int test_decrypt_null_chunks(void) 4087 { 4088 EVP_CIPHER_CTX *ctx = NULL; 4089 EVP_CIPHER *cipher = NULL; 4090 const unsigned char key[32] = { 4091 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4092 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4093 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 4094 }; 4095 unsigned char iv[12] = { 4096 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 4097 }; 4098 unsigned char msg[] = "It was the best of times, it was the worst of times"; 4099 unsigned char ciphertext[80]; 4100 unsigned char plaintext[80]; 4101 /* We initialise tmp to a non zero value on purpose */ 4102 int ctlen, ptlen, tmp = 99; 4103 int ret = 0; 4104 const int enc_offset = 10, dec_offset = 20; 4105 4106 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 4107 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4108 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 4109 key, iv)) 4110 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 4111 enc_offset)) 4112 /* Deliberate add a zero length update */ 4113 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 4114 0)) 4115 || !TEST_int_eq(tmp, 0) 4116 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 4117 msg + enc_offset, 4118 sizeof(msg) - enc_offset)) 4119 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 4120 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 4121 || !TEST_int_eq(tmp, 0)) 4122 goto err; 4123 4124 /* Deliberately initialise tmp to a non zero value */ 4125 tmp = 99; 4126 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 4127 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 4128 dec_offset)) 4129 /* 4130 * Deliberately add a zero length update. We also deliberately do 4131 * this at a different offset than for encryption. 4132 */ 4133 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 4134 0)) 4135 || !TEST_int_eq(tmp, 0) 4136 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 4137 ciphertext + dec_offset, 4138 ctlen - dec_offset)) 4139 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 4140 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 4141 || !TEST_int_eq(tmp, 0) 4142 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 4143 goto err; 4144 4145 ret = 1; 4146 err: 4147 EVP_CIPHER_CTX_free(ctx); 4148 EVP_CIPHER_free(cipher); 4149 return ret; 4150 } 4151 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 4152 4153 #ifndef OPENSSL_NO_DH 4154 /* 4155 * Test combinations of private, public, missing and private + public key 4156 * params to ensure they are all accepted 4157 */ 4158 static int test_DH_priv_pub(void) 4159 { 4160 return test_EVP_PKEY_ffc_priv_pub("DH"); 4161 } 4162 4163 #ifndef OPENSSL_NO_DEPRECATED_3_0 4164 static int test_EVP_PKEY_set1_DH(void) 4165 { 4166 DH *x942dh = NULL, *noqdh = NULL; 4167 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 4168 int ret = 0; 4169 BIGNUM *p, *g = NULL; 4170 BIGNUM *pubkey = NULL; 4171 unsigned char pub[2048 / 8]; 4172 size_t len = 0; 4173 4174 if (!TEST_ptr(p = BN_new()) 4175 || !TEST_ptr(g = BN_new()) 4176 || !TEST_ptr(pubkey = BN_new()) 4177 || !TEST_true(BN_set_word(p, 9999)) 4178 || !TEST_true(BN_set_word(g, 2)) 4179 || !TEST_true(BN_set_word(pubkey, 4321)) 4180 || !TEST_ptr(noqdh = DH_new()) 4181 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 4182 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 4183 || !TEST_ptr(pubkey = BN_new()) 4184 || !TEST_true(BN_set_word(pubkey, 4321))) 4185 goto err; 4186 p = g = NULL; 4187 4188 x942dh = DH_get_2048_256(); 4189 pkey1 = EVP_PKEY_new(); 4190 pkey2 = EVP_PKEY_new(); 4191 if (!TEST_ptr(x942dh) 4192 || !TEST_ptr(noqdh) 4193 || !TEST_ptr(pkey1) 4194 || !TEST_ptr(pkey2) 4195 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 4196 goto err; 4197 pubkey = NULL; 4198 4199 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 4200 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 4201 goto err; 4202 4203 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 4204 &pubkey)) 4205 || !TEST_ptr(pubkey)) 4206 goto err; 4207 4208 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 4209 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 4210 goto err; 4211 4212 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 4213 OSSL_PKEY_PARAM_PUB_KEY, 4214 pub, sizeof(pub), &len)) 4215 || !TEST_size_t_ne(len, 0)) 4216 goto err; 4217 4218 ret = 1; 4219 err: 4220 BN_free(p); 4221 BN_free(g); 4222 BN_free(pubkey); 4223 EVP_PKEY_free(pkey1); 4224 EVP_PKEY_free(pkey2); 4225 DH_free(x942dh); 4226 DH_free(noqdh); 4227 4228 return ret; 4229 } 4230 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 4231 #endif /* !OPENSSL_NO_DH */ 4232 4233 /* 4234 * We test what happens with an empty template. For the sake of this test, 4235 * the template must be ignored, and we know that's the case for RSA keys 4236 * (this might arguably be a misfeature, but that's what we currently do, 4237 * even in provider code, since that's how the legacy RSA implementation 4238 * does things) 4239 */ 4240 static int test_keygen_with_empty_template(int n) 4241 { 4242 EVP_PKEY_CTX *ctx = NULL; 4243 EVP_PKEY *pkey = NULL; 4244 EVP_PKEY *tkey = NULL; 4245 int ret = 0; 4246 4247 if (nullprov != NULL) 4248 return TEST_skip("Test does not support a non-default library context"); 4249 4250 switch (n) { 4251 case 0: 4252 /* We do test with no template at all as well */ 4253 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 4254 goto err; 4255 break; 4256 case 1: 4257 /* Here we create an empty RSA key that serves as our template */ 4258 if (!TEST_ptr(tkey = EVP_PKEY_new()) 4259 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 4260 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 4261 goto err; 4262 break; 4263 } 4264 4265 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4266 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 4267 goto err; 4268 4269 ret = 1; 4270 err: 4271 EVP_PKEY_CTX_free(ctx); 4272 EVP_PKEY_free(pkey); 4273 EVP_PKEY_free(tkey); 4274 return ret; 4275 } 4276 4277 /* 4278 * Test that we fail if we attempt to use an algorithm that is not available 4279 * in the current library context (unless we are using an algorithm that 4280 * should be made available via legacy codepaths). 4281 * 4282 * 0: RSA 4283 * 1: SM2 4284 */ 4285 static int test_pkey_ctx_fail_without_provider(int tst) 4286 { 4287 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 4288 OSSL_PROVIDER *tmpnullprov = NULL; 4289 EVP_PKEY_CTX *pctx = NULL; 4290 const char *keytype = NULL; 4291 int expect_null = 0; 4292 int ret = 0; 4293 4294 if (!TEST_ptr(tmpctx)) 4295 goto err; 4296 4297 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 4298 if (!TEST_ptr(tmpnullprov)) 4299 goto err; 4300 4301 /* 4302 * We check for certain algos in the null provider. 4303 * If an algo is expected to have a provider keymgmt, constructing an 4304 * EVP_PKEY_CTX is expected to fail (return NULL). 4305 * Otherwise, if it's expected to have legacy support, constructing an 4306 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 4307 */ 4308 switch (tst) { 4309 case 0: 4310 keytype = "RSA"; 4311 expect_null = 1; 4312 break; 4313 case 1: 4314 keytype = "SM2"; 4315 expect_null = 1; 4316 #ifdef OPENSSL_NO_EC 4317 TEST_info("EC disable, skipping SM2 check..."); 4318 goto end; 4319 #endif 4320 #ifdef OPENSSL_NO_SM2 4321 TEST_info("SM2 disable, skipping SM2 check..."); 4322 goto end; 4323 #endif 4324 break; 4325 default: 4326 TEST_error("No test for case %d", tst); 4327 goto err; 4328 } 4329 4330 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 4331 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 4332 goto err; 4333 4334 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 4335 end: 4336 #endif 4337 ret = 1; 4338 4339 err: 4340 EVP_PKEY_CTX_free(pctx); 4341 OSSL_PROVIDER_unload(tmpnullprov); 4342 OSSL_LIB_CTX_free(tmpctx); 4343 return ret; 4344 } 4345 4346 static int test_rand_agglomeration(void) 4347 { 4348 EVP_RAND *rand; 4349 EVP_RAND_CTX *ctx; 4350 OSSL_PARAM params[3], *p = params; 4351 int res; 4352 unsigned int step = 7; 4353 static unsigned char seed[] = "It does not matter how slowly you go " 4354 "as long as you do not stop."; 4355 unsigned char out[sizeof(seed)]; 4356 4357 if (!TEST_int_ne(sizeof(seed) % step, 0) 4358 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 4359 return 0; 4360 ctx = EVP_RAND_CTX_new(rand, NULL); 4361 EVP_RAND_free(rand); 4362 if (!TEST_ptr(ctx)) 4363 return 0; 4364 4365 memset(out, 0, sizeof(out)); 4366 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 4367 seed, sizeof(seed)); 4368 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 4369 *p = OSSL_PARAM_construct_end(); 4370 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 4371 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 4372 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 4373 EVP_RAND_CTX_free(ctx); 4374 return res; 4375 } 4376 4377 /* 4378 * Test that we correctly return the original or "running" IV after 4379 * an encryption operation. 4380 * Run multiple times for some different relevant algorithms/modes. 4381 */ 4382 static int test_evp_iv_aes(int idx) 4383 { 4384 int ret = 0; 4385 EVP_CIPHER_CTX *ctx = NULL; 4386 unsigned char key[16] = { 4387 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 4388 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 4389 }; 4390 unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 4391 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4392 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4393 }; 4394 static const unsigned char msg[] = { 4395 1, 2, 3, 4, 5, 6, 7, 8, 4396 9, 10, 11, 12, 13, 14, 15, 16 4397 }; 4398 unsigned char ciphertext[32], oiv[16], iv[16]; 4399 unsigned char *ref_iv; 4400 unsigned char cbc_state[16] = { 4401 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 4402 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e 4403 }; 4404 4405 unsigned char ofb_state[16] = { 4406 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 4407 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd 4408 }; 4409 unsigned char cfb_state[16] = { 4410 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 4411 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed 4412 }; 4413 unsigned char gcm_state[12] = { 4414 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4415 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4416 }; 4417 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; 4418 #ifndef OPENSSL_NO_OCB 4419 unsigned char ocb_state[12] = { 4420 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4421 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4422 }; 4423 #endif 4424 int len = sizeof(ciphertext); 4425 size_t ivlen, ref_len; 4426 const EVP_CIPHER *type = NULL; 4427 int iv_reset = 0; 4428 4429 if (nullprov != NULL && idx < 6) 4430 return TEST_skip("Test does not support a non-default library context"); 4431 4432 switch (idx) { 4433 case 0: 4434 type = EVP_aes_128_cbc(); 4435 /* FALLTHROUGH */ 4436 case 6: 4437 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 4438 ref_iv = cbc_state; 4439 ref_len = sizeof(cbc_state); 4440 iv_reset = 1; 4441 break; 4442 case 1: 4443 type = EVP_aes_128_ofb(); 4444 /* FALLTHROUGH */ 4445 case 7: 4446 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 4447 ref_iv = ofb_state; 4448 ref_len = sizeof(ofb_state); 4449 iv_reset = 1; 4450 break; 4451 case 2: 4452 type = EVP_aes_128_cfb(); 4453 /* FALLTHROUGH */ 4454 case 8: 4455 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 4456 ref_iv = cfb_state; 4457 ref_len = sizeof(cfb_state); 4458 iv_reset = 1; 4459 break; 4460 case 3: 4461 type = EVP_aes_128_gcm(); 4462 /* FALLTHROUGH */ 4463 case 9: 4464 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 4465 ref_iv = gcm_state; 4466 ref_len = sizeof(gcm_state); 4467 break; 4468 case 4: 4469 type = EVP_aes_128_ccm(); 4470 /* FALLTHROUGH */ 4471 case 10: 4472 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 4473 ref_iv = ccm_state; 4474 ref_len = sizeof(ccm_state); 4475 break; 4476 #ifdef OPENSSL_NO_OCB 4477 case 5: 4478 case 11: 4479 return 1; 4480 #else 4481 case 5: 4482 type = EVP_aes_128_ocb(); 4483 /* FALLTHROUGH */ 4484 case 11: 4485 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 4486 ref_iv = ocb_state; 4487 ref_len = sizeof(ocb_state); 4488 break; 4489 #endif 4490 default: 4491 return 0; 4492 } 4493 4494 if (!TEST_ptr(type) 4495 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4496 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4497 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4498 (int)sizeof(msg))) 4499 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4500 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4501 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4502 goto err; 4503 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4504 4505 if (!TEST_int_gt(ivlen, 0)) 4506 goto err; 4507 4508 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4509 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4510 goto err; 4511 4512 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 4513 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4514 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4515 goto err; 4516 if (iv_reset) { 4517 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4518 goto err; 4519 } else { 4520 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 4521 goto err; 4522 } 4523 4524 ret = 1; 4525 err: 4526 EVP_CIPHER_CTX_free(ctx); 4527 if (idx >= 6) 4528 EVP_CIPHER_free((EVP_CIPHER *)type); 4529 return ret; 4530 } 4531 4532 #ifndef OPENSSL_NO_DES 4533 static int test_evp_iv_des(int idx) 4534 { 4535 int ret = 0; 4536 EVP_CIPHER_CTX *ctx = NULL; 4537 static const unsigned char key[24] = { 4538 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 4539 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 4540 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4541 }; 4542 static const unsigned char init_iv[8] = { 4543 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4544 }; 4545 static const unsigned char msg[] = { 4546 1, 2, 3, 4, 5, 6, 7, 8, 4547 9, 10, 11, 12, 13, 14, 15, 16 4548 }; 4549 unsigned char ciphertext[32], oiv[8], iv[8]; 4550 unsigned const char *ref_iv; 4551 static const unsigned char cbc_state_des[8] = { 4552 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 4553 }; 4554 static const unsigned char cbc_state_3des[8] = { 4555 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 4556 }; 4557 static const unsigned char ofb_state_des[8] = { 4558 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 4559 }; 4560 static const unsigned char ofb_state_3des[8] = { 4561 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 4562 }; 4563 static const unsigned char cfb_state_des[8] = { 4564 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 4565 }; 4566 static const unsigned char cfb_state_3des[8] = { 4567 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 4568 }; 4569 int len = sizeof(ciphertext); 4570 size_t ivlen, ref_len; 4571 EVP_CIPHER *type = NULL; 4572 4573 if (lgcyprov == NULL && idx < 3) 4574 return TEST_skip("Test requires legacy provider to be loaded"); 4575 4576 switch (idx) { 4577 case 0: 4578 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 4579 ref_iv = cbc_state_des; 4580 ref_len = sizeof(cbc_state_des); 4581 break; 4582 case 1: 4583 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 4584 ref_iv = ofb_state_des; 4585 ref_len = sizeof(ofb_state_des); 4586 break; 4587 case 2: 4588 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 4589 ref_iv = cfb_state_des; 4590 ref_len = sizeof(cfb_state_des); 4591 break; 4592 case 3: 4593 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 4594 ref_iv = cbc_state_3des; 4595 ref_len = sizeof(cbc_state_3des); 4596 break; 4597 case 4: 4598 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 4599 ref_iv = ofb_state_3des; 4600 ref_len = sizeof(ofb_state_3des); 4601 break; 4602 case 5: 4603 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 4604 ref_iv = cfb_state_3des; 4605 ref_len = sizeof(cfb_state_3des); 4606 break; 4607 default: 4608 return 0; 4609 } 4610 4611 if (!TEST_ptr(type) 4612 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4613 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4614 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4615 (int)sizeof(msg))) 4616 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4617 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4618 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4619 goto err; 4620 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4621 4622 if (!TEST_int_gt(ivlen, 0)) 4623 goto err; 4624 4625 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4626 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4627 goto err; 4628 4629 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4630 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4631 goto err; 4632 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4633 goto err; 4634 4635 ret = 1; 4636 err: 4637 EVP_CIPHER_CTX_free(ctx); 4638 EVP_CIPHER_free(type); 4639 return ret; 4640 } 4641 #endif 4642 4643 #ifndef OPENSSL_NO_BF 4644 static int test_evp_bf_default_keylen(int idx) 4645 { 4646 int ret = 0; 4647 static const char *algos[4] = { 4648 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 4649 }; 4650 int ivlen[4] = { 0, 8, 8, 8 }; 4651 EVP_CIPHER *cipher = NULL; 4652 4653 if (lgcyprov == NULL) 4654 return TEST_skip("Test requires legacy provider to be loaded"); 4655 4656 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 4657 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 4658 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 4659 goto err; 4660 4661 ret = 1; 4662 err: 4663 EVP_CIPHER_free(cipher); 4664 return ret; 4665 } 4666 #endif 4667 4668 #ifndef OPENSSL_NO_EC 4669 static int ecpub_nids[] = { 4670 NID_brainpoolP256r1, NID_X9_62_prime256v1, 4671 NID_secp384r1, NID_secp521r1, 4672 #ifndef OPENSSL_NO_EC2M 4673 NID_sect233k1, NID_sect233r1, NID_sect283r1, 4674 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 4675 #endif 4676 NID_brainpoolP384r1, NID_brainpoolP512r1 4677 }; 4678 4679 static int test_ecpub(int idx) 4680 { 4681 int ret = 0, len, savelen; 4682 int nid; 4683 unsigned char buf[1024]; 4684 unsigned char *p; 4685 EVP_PKEY *pkey = NULL; 4686 EVP_PKEY_CTX *ctx = NULL; 4687 #ifndef OPENSSL_NO_DEPRECATED_3_0 4688 const unsigned char *q; 4689 EVP_PKEY *pkey2 = NULL; 4690 EC_KEY *ec = NULL; 4691 #endif 4692 4693 if (nullprov != NULL) 4694 return TEST_skip("Test does not support a non-default library context"); 4695 4696 nid = ecpub_nids[idx]; 4697 4698 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 4699 if (!TEST_ptr(ctx) 4700 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4701 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 4702 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 4703 goto done; 4704 len = i2d_PublicKey(pkey, NULL); 4705 savelen = len; 4706 if (!TEST_int_ge(len, 1) 4707 || !TEST_int_lt(len, 1024)) 4708 goto done; 4709 p = buf; 4710 len = i2d_PublicKey(pkey, &p); 4711 if (!TEST_int_ge(len, 1) 4712 || !TEST_int_eq(len, savelen)) 4713 goto done; 4714 4715 #ifndef OPENSSL_NO_DEPRECATED_3_0 4716 /* Now try to decode the just-created DER. */ 4717 q = buf; 4718 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 4719 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 4720 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 4721 goto done; 4722 /* EC_KEY ownership transferred */ 4723 ec = NULL; 4724 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 4725 goto done; 4726 /* The keys should match. */ 4727 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 4728 goto done; 4729 #endif 4730 4731 ret = 1; 4732 4733 done: 4734 EVP_PKEY_CTX_free(ctx); 4735 EVP_PKEY_free(pkey); 4736 #ifndef OPENSSL_NO_DEPRECATED_3_0 4737 EVP_PKEY_free(pkey2); 4738 EC_KEY_free(ec); 4739 #endif 4740 return ret; 4741 } 4742 #endif 4743 4744 static int test_EVP_rsa_pss_with_keygen_bits(void) 4745 { 4746 int ret = 0; 4747 EVP_PKEY_CTX *ctx = NULL; 4748 EVP_PKEY *pkey = NULL; 4749 EVP_MD *md; 4750 4751 md = EVP_MD_fetch(testctx, "sha256", testpropq); 4752 ret = TEST_ptr(md) 4753 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 4754 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4755 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 4756 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 4757 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 4758 4759 EVP_MD_free(md); 4760 EVP_PKEY_free(pkey); 4761 EVP_PKEY_CTX_free(ctx); 4762 return ret; 4763 } 4764 4765 static int test_EVP_rsa_pss_set_saltlen(void) 4766 { 4767 int ret = 0; 4768 EVP_PKEY *pkey = NULL; 4769 EVP_PKEY_CTX *pkey_ctx = NULL; 4770 EVP_MD *sha256 = NULL; 4771 EVP_MD_CTX *sha256_ctx = NULL; 4772 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 4773 const int test_value = 32; 4774 4775 ret = TEST_ptr(pkey = load_example_rsa_key()) 4776 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 4777 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 4778 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 4779 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 4780 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 4781 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 4782 && TEST_int_eq(saltlen, test_value); 4783 4784 EVP_MD_CTX_free(sha256_ctx); 4785 EVP_PKEY_free(pkey); 4786 EVP_MD_free(sha256); 4787 4788 return ret; 4789 } 4790 4791 static int test_EVP_rsa_invalid_key(void) 4792 { 4793 int ret = 0; 4794 EVP_PKEY *pkey = NULL; 4795 4796 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); 4797 /* we expect to fail to load bogus key */ 4798 ret = !TEST_ptr(pkey); 4799 EVP_PKEY_free(pkey); 4800 4801 return ret; 4802 } 4803 4804 static int success = 1; 4805 static void md_names(const char *name, void *vctx) 4806 { 4807 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 4808 /* Force a namemap update */ 4809 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 4810 4811 if (!TEST_ptr(aes128)) 4812 success = 0; 4813 4814 EVP_CIPHER_free(aes128); 4815 } 4816 4817 /* 4818 * Test that changing the namemap in a user callback works in a names_do_all 4819 * function. 4820 */ 4821 static int test_names_do_all(void) 4822 { 4823 /* We use a custom libctx so that we know the state of the namemap */ 4824 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 4825 EVP_MD *sha256 = NULL; 4826 int testresult = 0; 4827 4828 if (!TEST_ptr(ctx)) 4829 goto err; 4830 4831 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 4832 if (!TEST_ptr(sha256)) 4833 goto err; 4834 4835 /* 4836 * We loop through all the names for a given digest. This should still work 4837 * even if the namemap changes part way through. 4838 */ 4839 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 4840 goto err; 4841 4842 if (!TEST_true(success)) 4843 goto err; 4844 4845 testresult = 1; 4846 err: 4847 EVP_MD_free(sha256); 4848 OSSL_LIB_CTX_free(ctx); 4849 return testresult; 4850 } 4851 4852 typedef struct { 4853 const char *cipher; 4854 const unsigned char *key; 4855 const unsigned char *iv; 4856 const unsigned char *input; 4857 const unsigned char *expected; 4858 const unsigned char *tag; 4859 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 4860 size_t inlen; 4861 size_t expectedlen; 4862 size_t taglen; 4863 int keyfirst; 4864 int initenc; 4865 int finalenc; 4866 } EVP_INIT_TEST_st; 4867 4868 static const EVP_INIT_TEST_st evp_init_tests[] = { 4869 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4870 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4871 0, 1, 0, 1 }, 4872 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4873 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4874 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4875 sizeof(gcmDefaultTag), 1, 0, 1 }, 4876 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4877 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4878 0, 0, 0, 1 }, 4879 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4880 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4881 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4882 sizeof(gcmDefaultTag), 0, 0, 1 }, 4883 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4884 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4885 0, 1, 1, 0 }, 4886 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4887 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4888 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4889 sizeof(gcmDefaultTag), 1, 1, 0 }, 4890 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4891 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4892 0, 0, 1, 0 }, 4893 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4894 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4895 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4896 sizeof(gcmDefaultTag), 0, 1, 0 } 4897 }; 4898 4899 /* use same key, iv and plaintext for cfb and ofb */ 4900 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 4901 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4902 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4903 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 }, 4904 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 4905 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 4906 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 4907 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4908 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4909 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 }, 4910 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 4911 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 4912 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 4913 }; 4914 4915 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 4916 { 4917 int res = 0; 4918 4919 if (t->ivlen != 0) { 4920 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 4921 goto err; 4922 } 4923 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 4924 goto err; 4925 res = 1; 4926 err: 4927 return res; 4928 } 4929 4930 /* 4931 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 4932 * arguments are given one at a time and a final adjustment to the enc 4933 * parameter sets the correct operation. 4934 */ 4935 static int test_evp_init_seq(int idx) 4936 { 4937 int outlen1, outlen2; 4938 int testresult = 0; 4939 unsigned char outbuf[1024]; 4940 unsigned char tag[16]; 4941 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 4942 EVP_CIPHER_CTX *ctx = NULL; 4943 EVP_CIPHER *type = NULL; 4944 size_t taglen = sizeof(tag); 4945 char *errmsg = NULL; 4946 4947 ctx = EVP_CIPHER_CTX_new(); 4948 if (ctx == NULL) { 4949 errmsg = "CTX_ALLOC"; 4950 goto err; 4951 } 4952 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 4953 errmsg = "CIPHER_FETCH"; 4954 goto err; 4955 } 4956 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 4957 errmsg = "EMPTY_ENC_INIT"; 4958 goto err; 4959 } 4960 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4961 errmsg = "PADDING"; 4962 goto err; 4963 } 4964 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4965 errmsg = "KEY_INIT (before iv)"; 4966 goto err; 4967 } 4968 if (!evp_init_seq_set_iv(ctx, t)) { 4969 errmsg = "IV_INIT"; 4970 goto err; 4971 } 4972 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4973 errmsg = "KEY_INIT (after iv)"; 4974 goto err; 4975 } 4976 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 4977 errmsg = "FINAL_ENC_INIT"; 4978 goto err; 4979 } 4980 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4981 errmsg = "CIPHER_UPDATE"; 4982 goto err; 4983 } 4984 if (t->finalenc == 0 && t->tag != NULL) { 4985 /* Set expected tag */ 4986 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 4987 t->taglen, (void *)t->tag), 4988 0)) { 4989 errmsg = "SET_TAG"; 4990 goto err; 4991 } 4992 } 4993 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4994 errmsg = "CIPHER_FINAL"; 4995 goto err; 4996 } 4997 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4998 errmsg = "WRONG_RESULT"; 4999 goto err; 5000 } 5001 if (t->finalenc != 0 && t->tag != NULL) { 5002 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5003 errmsg = "GET_TAG"; 5004 goto err; 5005 } 5006 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 5007 errmsg = "TAG_ERROR"; 5008 goto err; 5009 } 5010 } 5011 testresult = 1; 5012 err: 5013 if (errmsg != NULL) 5014 TEST_info("evp_init_test %d: %s", idx, errmsg); 5015 EVP_CIPHER_CTX_free(ctx); 5016 EVP_CIPHER_free(type); 5017 return testresult; 5018 } 5019 5020 /* 5021 * Test re-initialization of cipher context without changing key or iv. 5022 * The result of both iteration should be the same. 5023 */ 5024 static int test_evp_reinit_seq(int idx) 5025 { 5026 int outlen1, outlen2, outlen_final; 5027 int testresult = 0; 5028 unsigned char outbuf1[1024]; 5029 unsigned char outbuf2[1024]; 5030 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 5031 EVP_CIPHER_CTX *ctx = NULL; 5032 EVP_CIPHER *type = NULL; 5033 5034 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5035 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 5036 /* setup cipher context */ 5037 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 5038 /* first iteration */ 5039 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 5040 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 5041 /* check test results iteration 1 */ 5042 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 5043 /* now re-init the context (same cipher, key and iv) */ 5044 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 5045 /* second iteration */ 5046 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 5047 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 5048 /* check test results iteration 2 */ 5049 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 5050 goto err; 5051 testresult = 1; 5052 err: 5053 EVP_CIPHER_CTX_free(ctx); 5054 EVP_CIPHER_free(type); 5055 return testresult; 5056 } 5057 5058 typedef struct { 5059 const unsigned char *input; 5060 const unsigned char *expected; 5061 size_t inlen; 5062 size_t expectedlen; 5063 int enc; 5064 } EVP_RESET_TEST_st; 5065 5066 static const EVP_RESET_TEST_st evp_reset_tests[] = { 5067 { cfbPlaintext, cfbCiphertext, 5068 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 }, 5069 { cfbCiphertext, cfbPlaintext, 5070 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 } 5071 }; 5072 5073 /* 5074 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 5075 * been used. 5076 */ 5077 static int test_evp_reset(int idx) 5078 { 5079 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 5080 int outlen1, outlen2; 5081 int testresult = 0; 5082 unsigned char outbuf[1024]; 5083 EVP_CIPHER_CTX *ctx = NULL; 5084 EVP_CIPHER *type = NULL; 5085 char *errmsg = NULL; 5086 5087 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5088 errmsg = "CTX_ALLOC"; 5089 goto err; 5090 } 5091 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 5092 errmsg = "CIPHER_FETCH"; 5093 goto err; 5094 } 5095 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5096 errmsg = "CIPHER_INIT"; 5097 goto err; 5098 } 5099 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5100 errmsg = "PADDING"; 5101 goto err; 5102 } 5103 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5104 errmsg = "CIPHER_UPDATE"; 5105 goto err; 5106 } 5107 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5108 errmsg = "CIPHER_FINAL"; 5109 goto err; 5110 } 5111 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5112 errmsg = "WRONG_RESULT"; 5113 goto err; 5114 } 5115 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 5116 errmsg = "CIPHER_REINIT"; 5117 goto err; 5118 } 5119 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5120 errmsg = "CIPHER_UPDATE (reinit)"; 5121 goto err; 5122 } 5123 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5124 errmsg = "CIPHER_FINAL (reinit)"; 5125 goto err; 5126 } 5127 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5128 errmsg = "WRONG_RESULT (reinit)"; 5129 goto err; 5130 } 5131 testresult = 1; 5132 err: 5133 if (errmsg != NULL) 5134 TEST_info("test_evp_reset %d: %s", idx, errmsg); 5135 EVP_CIPHER_CTX_free(ctx); 5136 EVP_CIPHER_free(type); 5137 return testresult; 5138 } 5139 5140 typedef struct { 5141 const char *cipher; 5142 int enc; 5143 } EVP_UPDATED_IV_TEST_st; 5144 5145 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 5146 { "aes-128-cfb", 1 }, 5147 { "aes-128-cfb", 0 }, 5148 { "aes-128-cfb1", 1 }, 5149 { "aes-128-cfb1", 0 }, 5150 { "aes-128-cfb8", 1 }, 5151 { "aes-128-cfb8", 0 }, 5152 { "aes-128-ofb", 1 }, 5153 { "aes-128-ofb", 0 }, 5154 { "aes-128-ctr", 1 }, 5155 { "aes-128-ctr", 0 }, 5156 { "aes-128-cbc", 1 }, 5157 { "aes-128-cbc", 0 } 5158 }; 5159 5160 /* 5161 * Test that the IV in the context is updated during a crypto operation for CFB 5162 * and OFB. 5163 */ 5164 static int test_evp_updated_iv(int idx) 5165 { 5166 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 5167 int outlen1, outlen2; 5168 int testresult = 0; 5169 unsigned char outbuf[1024]; 5170 EVP_CIPHER_CTX *ctx = NULL; 5171 EVP_CIPHER *type = NULL; 5172 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 5173 int iv_len; 5174 char *errmsg = NULL; 5175 5176 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5177 errmsg = "CTX_ALLOC"; 5178 goto err; 5179 } 5180 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 5181 TEST_info("cipher %s not supported, skipping", t->cipher); 5182 goto ok; 5183 } 5184 5185 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5186 errmsg = "CIPHER_INIT"; 5187 goto err; 5188 } 5189 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5190 errmsg = "PADDING"; 5191 goto err; 5192 } 5193 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 5194 errmsg = "CIPHER_UPDATE"; 5195 goto err; 5196 } 5197 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 5198 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 5199 goto err; 5200 } 5201 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); 5202 if (!TEST_int_ge(iv_len, 0)) { 5203 errmsg = "CIPHER_CTX_GET_IV_LEN"; 5204 goto err; 5205 } 5206 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 5207 errmsg = "IV_NOT_UPDATED"; 5208 goto err; 5209 } 5210 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5211 errmsg = "CIPHER_FINAL"; 5212 goto err; 5213 } 5214 ok: 5215 testresult = 1; 5216 err: 5217 if (errmsg != NULL) 5218 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 5219 EVP_CIPHER_CTX_free(ctx); 5220 EVP_CIPHER_free(type); 5221 return testresult; 5222 } 5223 5224 typedef struct { 5225 const unsigned char *iv1; 5226 const unsigned char *iv2; 5227 const unsigned char *expected1; 5228 const unsigned char *expected2; 5229 const unsigned char *tag1; 5230 const unsigned char *tag2; 5231 size_t ivlen1; 5232 size_t ivlen2; 5233 size_t expectedlen1; 5234 size_t expectedlen2; 5235 } TEST_GCM_IV_REINIT_st; 5236 5237 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 5238 { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 5239 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 5240 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) }, 5241 { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 5242 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 5243 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) } 5244 }; 5245 5246 static int test_gcm_reinit(int idx) 5247 { 5248 int outlen1, outlen2, outlen3; 5249 int testresult = 0; 5250 unsigned char outbuf[1024]; 5251 unsigned char tag[16]; 5252 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 5253 EVP_CIPHER_CTX *ctx = NULL; 5254 EVP_CIPHER *type = NULL; 5255 size_t taglen = sizeof(tag); 5256 char *errmsg = NULL; 5257 5258 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5259 errmsg = "CTX_ALLOC"; 5260 goto err; 5261 } 5262 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 5263 errmsg = "CIPHER_FETCH"; 5264 goto err; 5265 } 5266 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 5267 errmsg = "ENC_INIT"; 5268 goto err; 5269 } 5270 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 5271 errmsg = "SET_IVLEN1"; 5272 goto err; 5273 } 5274 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 5275 errmsg = "SET_IV1"; 5276 goto err; 5277 } 5278 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5279 errmsg = "AAD1"; 5280 goto err; 5281 } 5282 EVP_CIPHER_CTX_set_padding(ctx, 0); 5283 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5284 sizeof(gcmResetPlaintext)))) { 5285 errmsg = "CIPHER_UPDATE1"; 5286 goto err; 5287 } 5288 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5289 errmsg = "CIPHER_FINAL1"; 5290 goto err; 5291 } 5292 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 5293 errmsg = "WRONG_RESULT1"; 5294 goto err; 5295 } 5296 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5297 errmsg = "GET_TAG1"; 5298 goto err; 5299 } 5300 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 5301 errmsg = "TAG_ERROR1"; 5302 goto err; 5303 } 5304 /* Now reinit */ 5305 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 5306 errmsg = "SET_IVLEN2"; 5307 goto err; 5308 } 5309 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 5310 errmsg = "SET_IV2"; 5311 goto err; 5312 } 5313 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5314 errmsg = "AAD2"; 5315 goto err; 5316 } 5317 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5318 sizeof(gcmResetPlaintext)))) { 5319 errmsg = "CIPHER_UPDATE2"; 5320 goto err; 5321 } 5322 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5323 errmsg = "CIPHER_FINAL2"; 5324 goto err; 5325 } 5326 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 5327 errmsg = "WRONG_RESULT2"; 5328 goto err; 5329 } 5330 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5331 errmsg = "GET_TAG2"; 5332 goto err; 5333 } 5334 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 5335 errmsg = "TAG_ERROR2"; 5336 goto err; 5337 } 5338 testresult = 1; 5339 err: 5340 if (errmsg != NULL) 5341 TEST_info("evp_init_test %d: %s", idx, errmsg); 5342 EVP_CIPHER_CTX_free(ctx); 5343 EVP_CIPHER_free(type); 5344 return testresult; 5345 } 5346 5347 static const char *ivlen_change_ciphers[] = { 5348 "AES-256-GCM", 5349 #ifndef OPENSSL_NO_OCB 5350 "AES-256-OCB", 5351 #endif 5352 "AES-256-CCM" 5353 }; 5354 5355 /* Negative test for ivlen change after iv being set */ 5356 static int test_ivlen_change(int idx) 5357 { 5358 int outlen; 5359 int res = 0; 5360 unsigned char outbuf[1024]; 5361 static const unsigned char iv[] = { 5362 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5363 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5364 }; 5365 EVP_CIPHER_CTX *ctx = NULL; 5366 EVP_CIPHER *ciph = NULL; 5367 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5368 size_t ivlen = 13; /* non-default IV length */ 5369 5370 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5371 goto err; 5372 5373 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 5374 testpropq))) 5375 goto err; 5376 5377 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 5378 goto err; 5379 5380 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5381 sizeof(gcmDefaultPlaintext)))) 5382 goto err; 5383 5384 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5385 &ivlen); 5386 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5387 goto err; 5388 5389 ERR_set_mark(); 5390 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5391 sizeof(gcmDefaultPlaintext)))) { 5392 ERR_clear_last_mark(); 5393 goto err; 5394 } 5395 ERR_pop_to_mark(); 5396 5397 res = 1; 5398 err: 5399 EVP_CIPHER_CTX_free(ctx); 5400 EVP_CIPHER_free(ciph); 5401 return res; 5402 } 5403 5404 static const char *keylen_change_ciphers[] = { 5405 #ifndef OPENSSL_NO_BF 5406 "BF-ECB", 5407 #endif 5408 #ifndef OPENSSL_NO_CAST 5409 "CAST5-ECB", 5410 #endif 5411 #ifndef OPENSSL_NO_RC2 5412 "RC2-ECB", 5413 #endif 5414 #ifndef OPENSSL_NO_RC4 5415 "RC4", 5416 #endif 5417 #ifndef OPENSSL_NO_RC5 5418 "RC5-ECB", 5419 #endif 5420 NULL 5421 }; 5422 5423 /* Negative test for keylen change after key was set */ 5424 static int test_keylen_change(int idx) 5425 { 5426 int outlen; 5427 int res = 0; 5428 unsigned char outbuf[1024]; 5429 static const unsigned char key[] = { 5430 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5431 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5432 }; 5433 EVP_CIPHER_CTX *ctx = NULL; 5434 EVP_CIPHER *ciph = NULL; 5435 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5436 size_t keylen = 12; /* non-default key length */ 5437 5438 if (lgcyprov == NULL) 5439 return TEST_skip("Test requires legacy provider to be loaded"); 5440 5441 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5442 goto err; 5443 5444 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 5445 testpropq))) 5446 goto err; 5447 5448 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 5449 goto err; 5450 5451 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5452 sizeof(gcmDefaultPlaintext)))) 5453 goto err; 5454 5455 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5456 &keylen); 5457 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5458 goto err; 5459 5460 ERR_set_mark(); 5461 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5462 sizeof(gcmDefaultPlaintext)))) { 5463 ERR_clear_last_mark(); 5464 goto err; 5465 } 5466 ERR_pop_to_mark(); 5467 5468 res = 1; 5469 err: 5470 EVP_CIPHER_CTX_free(ctx); 5471 EVP_CIPHER_free(ciph); 5472 return res; 5473 } 5474 5475 #ifndef OPENSSL_NO_DEPRECATED_3_0 5476 static EVP_PKEY_METHOD *custom_pmeth = NULL; 5477 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 5478 5479 #define EVP_PKEY_CTRL_MY_COMMAND 9999 5480 5481 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 5482 { 5483 int (*pinit)(EVP_PKEY_CTX *ctx); 5484 5485 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 5486 return pinit(ctx); 5487 } 5488 5489 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 5490 { 5491 void (*pcleanup)(EVP_PKEY_CTX *ctx); 5492 5493 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 5494 pcleanup(ctx); 5495 } 5496 5497 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 5498 size_t *outlen, const unsigned char *in, 5499 size_t inlen) 5500 { 5501 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 5502 const unsigned char *tbs, size_t tbslen); 5503 5504 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 5505 return psign(ctx, out, outlen, in, inlen); 5506 } 5507 5508 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 5509 size_t *siglen, const unsigned char *tbs, 5510 size_t tbslen) 5511 { 5512 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 5513 const unsigned char *tbs, size_t tbslen); 5514 5515 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 5516 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 5517 } 5518 5519 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 5520 size_t *keylen) 5521 { 5522 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 5523 5524 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 5525 return pderive(ctx, key, keylen); 5526 } 5527 5528 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 5529 { 5530 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 5531 5532 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 5533 return pcopy(dst, src); 5534 } 5535 5536 static int ctrl_called; 5537 5538 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 5539 { 5540 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 5541 5542 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 5543 5544 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 5545 ctrl_called = 1; 5546 return 1; 5547 } 5548 5549 return pctrl(ctx, type, p1, p2); 5550 } 5551 5552 static int test_custom_pmeth(int idx) 5553 { 5554 EVP_PKEY_CTX *pctx = NULL; 5555 EVP_MD_CTX *ctx = NULL; 5556 EVP_PKEY *pkey = NULL; 5557 int id, orig_id, orig_flags; 5558 int testresult = 0; 5559 size_t reslen; 5560 unsigned char *res = NULL; 5561 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 5562 const EVP_MD *md = EVP_sha256(); 5563 int doderive = 0; 5564 5565 ctrl_called = 0; 5566 5567 /* We call deprecated APIs so this test doesn't support a custom libctx */ 5568 if (testctx != NULL) 5569 return 1; 5570 5571 switch (idx) { 5572 case 0: 5573 case 6: 5574 id = EVP_PKEY_RSA; 5575 pkey = load_example_rsa_key(); 5576 break; 5577 case 1: 5578 case 7: 5579 #ifndef OPENSSL_NO_DSA 5580 id = EVP_PKEY_DSA; 5581 pkey = load_example_dsa_key(); 5582 break; 5583 #else 5584 return 1; 5585 #endif 5586 case 2: 5587 case 8: 5588 #ifndef OPENSSL_NO_EC 5589 id = EVP_PKEY_EC; 5590 pkey = load_example_ec_key(); 5591 break; 5592 #else 5593 return 1; 5594 #endif 5595 case 3: 5596 case 9: 5597 #ifndef OPENSSL_NO_ECX 5598 id = EVP_PKEY_ED25519; 5599 md = NULL; 5600 pkey = load_example_ed25519_key(); 5601 break; 5602 #else 5603 return 1; 5604 #endif 5605 case 4: 5606 case 10: 5607 #ifndef OPENSSL_NO_DH 5608 id = EVP_PKEY_DH; 5609 doderive = 1; 5610 pkey = load_example_dh_key(); 5611 break; 5612 #else 5613 return 1; 5614 #endif 5615 case 5: 5616 case 11: 5617 #ifndef OPENSSL_NO_ECX 5618 id = EVP_PKEY_X25519; 5619 doderive = 1; 5620 pkey = load_example_x25519_key(); 5621 break; 5622 #else 5623 return 1; 5624 #endif 5625 default: 5626 TEST_error("Should not happen"); 5627 goto err; 5628 } 5629 5630 if (!TEST_ptr(pkey)) 5631 goto err; 5632 5633 if (idx < 6) { 5634 if (!TEST_true(evp_pkey_is_provided(pkey))) 5635 goto err; 5636 } else { 5637 EVP_PKEY *tmp = pkey; 5638 5639 /* Convert to a legacy key */ 5640 pkey = EVP_PKEY_new(); 5641 if (!TEST_ptr(pkey)) { 5642 pkey = tmp; 5643 goto err; 5644 } 5645 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 5646 EVP_PKEY_free(tmp); 5647 goto err; 5648 } 5649 EVP_PKEY_free(tmp); 5650 if (!TEST_true(evp_pkey_is_legacy(pkey))) 5651 goto err; 5652 } 5653 5654 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 5655 || !TEST_ptr(pkey)) 5656 goto err; 5657 5658 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 5659 if (!TEST_int_eq(orig_id, id) 5660 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 5661 goto err; 5662 5663 if (id == EVP_PKEY_ED25519) { 5664 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 5665 } 5666 if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 5667 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 5668 } else { 5669 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 5670 } 5671 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 5672 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 5673 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 5674 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 5675 } 5676 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 5677 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 5678 goto err; 5679 5680 if (doderive) { 5681 pctx = EVP_PKEY_CTX_new(pkey, NULL); 5682 if (!TEST_ptr(pctx) 5683 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 5684 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5685 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5686 1) 5687 || !TEST_int_eq(ctrl_called, 1) 5688 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 5689 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 5690 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 5691 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 5692 goto err; 5693 } else { 5694 ctx = EVP_MD_CTX_new(); 5695 reslen = EVP_PKEY_size(pkey); 5696 res = OPENSSL_malloc(reslen); 5697 if (!TEST_ptr(ctx) 5698 || !TEST_ptr(res) 5699 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 5700 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5701 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5702 1) 5703 || !TEST_int_eq(ctrl_called, 1)) 5704 goto err; 5705 5706 if (id == EVP_PKEY_ED25519) { 5707 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 5708 goto err; 5709 } else { 5710 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 5711 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 5712 goto err; 5713 } 5714 } 5715 5716 testresult = 1; 5717 err: 5718 OPENSSL_free(res); 5719 EVP_MD_CTX_free(ctx); 5720 if (doderive) 5721 EVP_PKEY_CTX_free(pctx); 5722 EVP_PKEY_free(pkey); 5723 EVP_PKEY_meth_remove(custom_pmeth); 5724 EVP_PKEY_meth_free(custom_pmeth); 5725 custom_pmeth = NULL; 5726 return testresult; 5727 } 5728 5729 static int test_evp_md_cipher_meth(void) 5730 { 5731 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 5732 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 5733 int testresult = 0; 5734 5735 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 5736 goto err; 5737 5738 testresult = 1; 5739 5740 err: 5741 EVP_MD_meth_free(md); 5742 EVP_CIPHER_meth_free(ciph); 5743 5744 return testresult; 5745 } 5746 5747 typedef struct { 5748 int data; 5749 } custom_dgst_ctx; 5750 5751 static int custom_md_init_called = 0; 5752 static int custom_md_cleanup_called = 0; 5753 5754 static int custom_md_init(EVP_MD_CTX *ctx) 5755 { 5756 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5757 5758 if (p == NULL) 5759 return 0; 5760 5761 custom_md_init_called++; 5762 return 1; 5763 } 5764 5765 static int custom_md_cleanup(EVP_MD_CTX *ctx) 5766 { 5767 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5768 5769 if (p == NULL) 5770 /* Nothing to do */ 5771 return 1; 5772 5773 custom_md_cleanup_called++; 5774 return 1; 5775 } 5776 5777 static int test_custom_md_meth(void) 5778 { 5779 ASN1_OBJECT *o = NULL; 5780 EVP_MD_CTX *mdctx = NULL; 5781 EVP_MD *tmp = NULL; 5782 char mess[] = "Test Message\n"; 5783 unsigned char md_value[EVP_MAX_MD_SIZE]; 5784 unsigned int md_len; 5785 int testresult = 0; 5786 int nid; 5787 5788 /* 5789 * We are testing deprecated functions. We don't support a non-default 5790 * library context in this test. 5791 */ 5792 if (testctx != NULL) 5793 return TEST_skip("Non-default libctx"); 5794 5795 custom_md_init_called = custom_md_cleanup_called = 0; 5796 5797 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 5798 if (!TEST_int_ne(nid, NID_undef)) 5799 goto err; 5800 tmp = EVP_MD_meth_new(nid, NID_undef); 5801 if (!TEST_ptr(tmp)) 5802 goto err; 5803 5804 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 5805 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 5806 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 5807 sizeof(custom_dgst_ctx)))) 5808 goto err; 5809 5810 mdctx = EVP_MD_CTX_new(); 5811 if (!TEST_ptr(mdctx) 5812 /* 5813 * Initing our custom md and then initing another md should 5814 * result in the init and cleanup functions of the custom md 5815 * being called. 5816 */ 5817 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 5818 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 5819 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 5820 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 5821 || !TEST_int_eq(custom_md_init_called, 1) 5822 || !TEST_int_eq(custom_md_cleanup_called, 1)) 5823 goto err; 5824 5825 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 5826 "custom-md", "custom-md"), 5827 NID_undef) 5828 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 5829 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 5830 goto err; 5831 5832 o = ASN1_OBJECT_create(nid, (unsigned char *)"\53\6\1\4\1\201\201\134\274\373\122\1", 12, 5833 "custom-md", "custom-md"); 5834 if (!TEST_int_eq(OBJ_add_object(o), nid)) 5835 goto err; 5836 5837 testresult = 1; 5838 err: 5839 ASN1_OBJECT_free(o); 5840 EVP_MD_CTX_free(mdctx); 5841 EVP_MD_meth_free(tmp); 5842 return testresult; 5843 } 5844 5845 typedef struct { 5846 int data; 5847 } custom_ciph_ctx; 5848 5849 static int custom_ciph_init_called = 0; 5850 static int custom_ciph_cleanup_called = 0; 5851 5852 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 5853 const unsigned char *iv, int enc) 5854 { 5855 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5856 5857 if (p == NULL) 5858 return 0; 5859 5860 custom_ciph_init_called++; 5861 return 1; 5862 } 5863 5864 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 5865 { 5866 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5867 5868 if (p == NULL) 5869 /* Nothing to do */ 5870 return 1; 5871 5872 custom_ciph_cleanup_called++; 5873 return 1; 5874 } 5875 5876 static int test_custom_ciph_meth(void) 5877 { 5878 EVP_CIPHER_CTX *ciphctx = NULL; 5879 EVP_CIPHER *tmp = NULL; 5880 int testresult = 0; 5881 int nid; 5882 5883 /* 5884 * We are testing deprecated functions. We don't support a non-default 5885 * library context in this test. 5886 */ 5887 if (testctx != NULL) 5888 return TEST_skip("Non-default libctx"); 5889 5890 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 5891 5892 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 5893 if (!TEST_int_ne(nid, NID_undef)) 5894 goto err; 5895 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 5896 if (!TEST_ptr(tmp)) 5897 goto err; 5898 5899 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 5900 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 5901 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 5902 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 5903 sizeof(custom_ciph_ctx)))) 5904 goto err; 5905 5906 ciphctx = EVP_CIPHER_CTX_new(); 5907 if (!TEST_ptr(ciphctx) 5908 /* 5909 * Initing our custom cipher and then initing another cipher 5910 * should result in the init and cleanup functions of the custom 5911 * cipher being called. 5912 */ 5913 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 5914 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 5915 NULL, NULL, 1)) 5916 || !TEST_int_eq(custom_ciph_init_called, 1) 5917 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 5918 goto err; 5919 5920 testresult = 1; 5921 err: 5922 EVP_CIPHER_CTX_free(ciphctx); 5923 EVP_CIPHER_meth_free(tmp); 5924 return testresult; 5925 } 5926 5927 static int test_rsasve_kem_with_invalid_pub_key(void) 5928 { 5929 RSA *rsa = NULL; 5930 EVP_PKEY *pkey = NULL; 5931 EVP_PKEY_CTX *ctx = NULL; 5932 unsigned char *ct = NULL; 5933 unsigned char *secret = NULL; 5934 size_t ctlen = 0, secretlen = 0; 5935 int testresult = 0; 5936 5937 if (nullprov != NULL) { 5938 testresult = TEST_skip("Test does not support a non-default library context"); 5939 goto err; 5940 } 5941 5942 if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) 5943 goto err; 5944 5945 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) 5946 || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) 5947 || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) 5948 || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) 5949 || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) 5950 || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) 5951 goto err; 5952 5953 if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) 5954 goto err; 5955 5956 testresult = 1; 5957 5958 err: 5959 OPENSSL_free(secret); 5960 OPENSSL_free(ct); 5961 EVP_PKEY_CTX_free(ctx); 5962 RSA_free(rsa); 5963 EVP_PKEY_free(pkey); 5964 return testresult; 5965 } 5966 5967 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 5968 /* Test we can create a signature keys with an associated ENGINE */ 5969 static int test_signatures_with_engine(int tst) 5970 { 5971 ENGINE *e; 5972 const char *engine_id = "dasync"; 5973 EVP_PKEY *pkey = NULL; 5974 const unsigned char badcmackey[] = { 0x00, 0x01 }; 5975 const unsigned char cmackey[] = { 5976 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5977 0x0c, 0x0d, 0x0e, 0x0f 5978 }; 5979 const unsigned char ed25519key[] = { 5980 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5981 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 5983 }; 5984 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5985 int testresult = 0; 5986 EVP_MD_CTX *ctx = NULL; 5987 unsigned char *mac = NULL; 5988 size_t maclen = 0; 5989 int ret; 5990 5991 #ifdef OPENSSL_NO_CMAC 5992 /* Skip CMAC tests in a no-cmac build */ 5993 if (tst <= 1) 5994 return 1; 5995 #endif 5996 #ifdef OPENSSL_NO_ECX 5997 /* Skip ECX tests in a no-ecx build */ 5998 if (tst == 2) 5999 return 1; 6000 #endif 6001 6002 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6003 return 0; 6004 6005 if (!TEST_true(ENGINE_init(e))) { 6006 ENGINE_free(e); 6007 return 0; 6008 } 6009 6010 switch (tst) { 6011 case 0: 6012 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 6013 EVP_aes_128_cbc()); 6014 break; 6015 case 1: 6016 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 6017 EVP_aes_128_cbc()); 6018 break; 6019 case 2: 6020 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 6021 sizeof(ed25519key)); 6022 break; 6023 default: 6024 TEST_error("Invalid test case"); 6025 goto err; 6026 } 6027 if (!TEST_ptr(pkey)) 6028 goto err; 6029 6030 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6031 goto err; 6032 6033 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 6034 pkey); 6035 if (tst == 0) { 6036 if (!TEST_true(ret)) 6037 goto err; 6038 6039 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 6040 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 6041 goto err; 6042 6043 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6044 goto err; 6045 6046 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 6047 goto err; 6048 } else { 6049 /* We used a bad key. We expect a failure here */ 6050 if (!TEST_false(ret)) 6051 goto err; 6052 } 6053 6054 testresult = 1; 6055 err: 6056 EVP_MD_CTX_free(ctx); 6057 OPENSSL_free(mac); 6058 EVP_PKEY_free(pkey); 6059 ENGINE_finish(e); 6060 ENGINE_free(e); 6061 6062 return testresult; 6063 } 6064 6065 static int test_cipher_with_engine(void) 6066 { 6067 ENGINE *e; 6068 const char *engine_id = "dasync"; 6069 const unsigned char keyiv[] = { 6070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6071 0x0c, 0x0d, 0x0e, 0x0f 6072 }; 6073 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6074 int testresult = 0; 6075 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 6076 unsigned char buf[AES_BLOCK_SIZE]; 6077 int len = 0; 6078 6079 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6080 return 0; 6081 6082 if (!TEST_true(ENGINE_init(e))) { 6083 ENGINE_free(e); 6084 return 0; 6085 } 6086 6087 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6088 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 6089 goto err; 6090 6091 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 6092 goto err; 6093 6094 /* Copy the ctx, and complete the operation with the new ctx */ 6095 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 6096 goto err; 6097 6098 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 6099 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 6100 goto err; 6101 6102 testresult = 1; 6103 err: 6104 EVP_CIPHER_CTX_free(ctx); 6105 EVP_CIPHER_CTX_free(ctx2); 6106 ENGINE_finish(e); 6107 ENGINE_free(e); 6108 6109 return testresult; 6110 } 6111 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 6112 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 6113 6114 #ifndef OPENSSL_NO_ECX 6115 static int ecxnids[] = { 6116 NID_X25519, 6117 NID_X448, 6118 NID_ED25519, 6119 NID_ED448 6120 }; 6121 6122 /* Test that creating ECX keys with a short private key fails as expected */ 6123 static int test_ecx_short_keys(int tst) 6124 { 6125 unsigned char ecxkeydata = 1; 6126 EVP_PKEY *pkey; 6127 6128 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 6129 NULL, &ecxkeydata, 1); 6130 if (!TEST_ptr_null(pkey)) { 6131 EVP_PKEY_free(pkey); 6132 return 0; 6133 } 6134 6135 return 1; 6136 } 6137 #endif 6138 6139 typedef enum OPTION_choice { 6140 OPT_ERR = -1, 6141 OPT_EOF = 0, 6142 OPT_CONTEXT, 6143 OPT_CONFIG_FILE, 6144 OPT_TEST_ENUM 6145 } OPTION_CHOICE; 6146 6147 const OPTIONS *test_get_options(void) 6148 { 6149 static const OPTIONS options[] = { 6150 OPT_TEST_OPTIONS_DEFAULT_USAGE, 6151 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 6152 { "config", OPT_CONFIG_FILE, '<', 6153 "The configuration file to use for the libctx" }, 6154 { NULL } 6155 }; 6156 return options; 6157 } 6158 6159 #ifndef OPENSSL_NO_ECX 6160 /* Test that trying to sign with a public key errors out gracefully */ 6161 static int test_ecx_not_private_key(int tst) 6162 { 6163 EVP_PKEY *pkey = NULL; 6164 6165 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6166 int testresult = 0; 6167 EVP_MD_CTX *ctx = NULL; 6168 unsigned char *mac = NULL; 6169 size_t maclen = 0; 6170 const uint8_t *pubkey; 6171 size_t pubkeylen; 6172 6173 switch (keys[tst].type) { 6174 case NID_X25519: 6175 case NID_X448: 6176 case NID_undef: 6177 return TEST_skip("signing not supported for X25519/X448/ML-KEM"); 6178 } 6179 6180 /* Check if this algorithm supports public keys */ 6181 if (keys[tst].pub == NULL) 6182 return TEST_skip("no public key present"); 6183 6184 pubkey = keys[tst].pub; 6185 pubkeylen = keys[tst].publen; 6186 6187 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 6188 NULL, pubkey, pubkeylen); 6189 if (!TEST_ptr(pkey)) 6190 goto err; 6191 6192 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6193 goto err; 6194 6195 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 6196 goto check_err; 6197 6198 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 6199 goto check_err; 6200 6201 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6202 goto err; 6203 6204 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 6205 goto err; 6206 6207 check_err: 6208 /* 6209 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 6210 * but we relax the check to allow error also thrown by 6211 * EVP_DigestSignInit and EVP_DigestSign. 6212 */ 6213 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 6214 testresult = 1; 6215 ERR_clear_error(); 6216 } 6217 6218 err: 6219 EVP_MD_CTX_free(ctx); 6220 OPENSSL_free(mac); 6221 EVP_PKEY_free(pkey); 6222 6223 return testresult; 6224 } 6225 #endif /* OPENSSL_NO_ECX */ 6226 6227 static int test_sign_continuation(void) 6228 { 6229 OSSL_PROVIDER *fake_rsa = NULL; 6230 int testresult = 0; 6231 EVP_PKEY *pkey = NULL; 6232 EVP_PKEY_CTX *pctx = NULL; 6233 EVP_MD_CTX *mctx = NULL; 6234 const char sigbuf[] = "To Be Signed"; 6235 unsigned char signature[256]; 6236 size_t siglen = 256; 6237 static int nodupnum = 1; 6238 static const OSSL_PARAM nodup_params[] = { 6239 OSSL_PARAM_int("NO_DUP", &nodupnum), 6240 OSSL_PARAM_END 6241 }; 6242 6243 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) 6244 return 0; 6245 6246 /* Construct a pkey using precise propq to use our provider */ 6247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", 6248 "provider=fake-rsa")) 6249 || !TEST_true(EVP_PKEY_fromdata_init(pctx)) 6250 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) 6251 || !TEST_ptr(pkey)) 6252 goto end; 6253 6254 /* First test it continues (classic behavior) */ 6255 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6256 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6257 NULL, pkey, NULL)) 6258 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6259 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6260 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6261 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) 6262 goto end; 6263 6264 EVP_MD_CTX_free(mctx); 6265 6266 /* try again but failing the continuation */ 6267 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6268 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6269 NULL, pkey, nodup_params)) 6270 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6271 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6272 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6273 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) 6274 goto end; 6275 6276 testresult = 1; 6277 6278 end: 6279 EVP_MD_CTX_free(mctx); 6280 EVP_PKEY_free(pkey); 6281 EVP_PKEY_CTX_free(pctx); 6282 fake_rsa_finish(fake_rsa); 6283 return testresult; 6284 } 6285 6286 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6287 const unsigned char *gcm_iv, size_t gcm_ivlen, 6288 const unsigned char *gcm_pt, size_t gcm_pt_s, 6289 const unsigned char *gcm_aad, size_t gcm_aad_s, 6290 const unsigned char *gcm_ct, size_t gcm_ct_s, 6291 const unsigned char *gcm_tag, size_t gcm_tag_s) 6292 { 6293 int ret = 0; 6294 EVP_CIPHER_CTX *ctx; 6295 EVP_CIPHER *cipher = NULL; 6296 int outlen, tmplen; 6297 unsigned char outbuf[1024]; 6298 unsigned char outtag[16]; 6299 OSSL_PARAM params[2] = { 6300 OSSL_PARAM_END, OSSL_PARAM_END 6301 }; 6302 6303 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6304 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 6305 goto err; 6306 6307 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6308 &gcm_ivlen); 6309 6310 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6311 || (gcm_aad != NULL 6312 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6313 gcm_aad, gcm_aad_s))) 6314 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6315 gcm_pt, gcm_pt_s)) 6316 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6317 goto err; 6318 6319 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6320 outtag, sizeof(outtag)); 6321 6322 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 6323 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 6324 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 6325 goto err; 6326 6327 ret = 1; 6328 err: 6329 EVP_CIPHER_free(cipher); 6330 EVP_CIPHER_CTX_free(ctx); 6331 6332 return ret; 6333 } 6334 6335 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6336 const unsigned char *gcm_iv, size_t gcm_ivlen, 6337 const unsigned char *gcm_pt, size_t gcm_pt_s, 6338 const unsigned char *gcm_aad, size_t gcm_aad_s, 6339 const unsigned char *gcm_ct, size_t gcm_ct_s, 6340 const unsigned char *gcm_tag, size_t gcm_tag_s) 6341 { 6342 int ret = 0; 6343 EVP_CIPHER_CTX *ctx; 6344 EVP_CIPHER *cipher = NULL; 6345 int outlen; 6346 unsigned char outbuf[1024]; 6347 OSSL_PARAM params[2] = { 6348 OSSL_PARAM_END, OSSL_PARAM_END 6349 }; 6350 6351 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6352 goto err; 6353 6354 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 6355 goto err; 6356 6357 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6358 &gcm_ivlen); 6359 6360 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6361 || (gcm_aad != NULL 6362 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 6363 gcm_aad, gcm_aad_s))) 6364 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6365 gcm_ct, gcm_ct_s)) 6366 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 6367 goto err; 6368 6369 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6370 (void *)gcm_tag, gcm_tag_s); 6371 6372 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6373 || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 6374 goto err; 6375 6376 ret = 1; 6377 err: 6378 EVP_CIPHER_free(cipher); 6379 EVP_CIPHER_CTX_free(ctx); 6380 6381 return ret; 6382 } 6383 6384 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 6385 { 6386 /* AES-GCM test data obtained from NIST public test vectors */ 6387 static const unsigned char gcm_key[] = { 6388 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 6389 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 6390 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b 6391 }; 6392 static const unsigned char gcm_iv[] = { 6393 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 6394 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 6395 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 6396 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 6397 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 6398 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 6399 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 6400 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 6401 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 6402 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 6403 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d 6404 }; 6405 static const unsigned char gcm_pt[] = { 6406 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 6407 0x4f, 0xe3, 0x6f, 0x81 6408 }; 6409 static const unsigned char gcm_ct[] = { 6410 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 6411 0xe2, 0xd0, 0xec, 0xed 6412 }; 6413 static const unsigned char gcm_tag[] = { 6414 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 6415 0xdb, 0x99, 0x6c, 0x21 6416 }; 6417 6418 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6419 gcm_pt, sizeof(gcm_pt), NULL, 0, 6420 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 6421 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6422 gcm_pt, sizeof(gcm_pt), NULL, 0, 6423 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 6424 } 6425 6426 #ifndef OPENSSL_NO_RC4 6427 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6428 const unsigned char *rc4_pt, size_t rc4_pt_s, 6429 const unsigned char *rc4_ct, size_t rc4_ct_s) 6430 { 6431 int ret = 0; 6432 EVP_CIPHER_CTX *ctx; 6433 EVP_CIPHER *cipher = NULL; 6434 int outlen, tmplen; 6435 unsigned char outbuf[1024]; 6436 OSSL_PARAM params[2] = { 6437 OSSL_PARAM_END, OSSL_PARAM_END 6438 }; 6439 6440 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6441 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 6442 goto err; 6443 6444 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6445 &rc4_key_s); 6446 6447 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6448 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6449 rc4_pt, rc4_pt_s)) 6450 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6451 goto err; 6452 6453 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 6454 goto err; 6455 6456 ret = 1; 6457 err: 6458 EVP_CIPHER_free(cipher); 6459 EVP_CIPHER_CTX_free(ctx); 6460 6461 return ret; 6462 } 6463 6464 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6465 const unsigned char *rc4_pt, size_t rc4_pt_s, 6466 const unsigned char *rc4_ct, size_t rc4_ct_s) 6467 { 6468 int ret = 0; 6469 EVP_CIPHER_CTX *ctx; 6470 EVP_CIPHER *cipher = NULL; 6471 int outlen; 6472 unsigned char outbuf[1024]; 6473 OSSL_PARAM params[2] = { 6474 OSSL_PARAM_END, OSSL_PARAM_END 6475 }; 6476 6477 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6478 goto err; 6479 6480 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 6481 goto err; 6482 6483 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6484 &rc4_key_s); 6485 6486 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6487 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6488 rc4_ct, rc4_ct_s)) 6489 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 6490 goto err; 6491 6492 ret = 1; 6493 err: 6494 EVP_CIPHER_free(cipher); 6495 EVP_CIPHER_CTX_free(ctx); 6496 6497 return ret; 6498 } 6499 6500 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 6501 { 6502 /* RC4 test data obtained from RFC 6229 */ 6503 static const struct { 6504 unsigned char key[5]; 6505 unsigned char padding[11]; 6506 } rc4_key = { 6507 { /* Five bytes of key material */ 6508 0x83, 0x32, 0x22, 0x77, 0x2a }, 6509 { /* Random padding to 16 bytes */ 6510 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 } 6511 }; 6512 static const unsigned char rc4_pt[] = { 6513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6514 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 6515 }; 6516 static const unsigned char rc4_ct[] = { 6517 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 6518 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 6519 }; 6520 6521 if (lgcyprov == NULL) 6522 return TEST_skip("Test requires legacy provider to be loaded"); 6523 6524 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 6525 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 6526 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 6527 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 6528 } 6529 #endif 6530 6531 static int test_aes_gcm_siv_empty_data(void) 6532 { 6533 unsigned char key[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 6534 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 }; 6535 unsigned char nonce[12] = { 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 6536 0x22, 0x33, 0x44, 0x55 }; 6537 unsigned char aad[33] = "this AAD was never authenticated"; 6538 unsigned char zero_tag[16] = { 0 }; 6539 unsigned char real_tag[16]; 6540 unsigned char out[16]; 6541 int outl, ret = 0; 6542 EVP_CIPHER_CTX *ctx = NULL; 6543 EVP_CIPHER *c = EVP_CIPHER_fetch(NULL, "AES-128-GCM-SIV", NULL); 6544 6545 if (c == NULL) { 6546 return TEST_skip("AES-128-GCM-SIV cipher is not available"); 6547 } 6548 6549 /* Compute the CORRECT tag for (key,nonce,aad,pt="") via encrypt */ 6550 ctx = EVP_CIPHER_CTX_new(); 6551 if (!TEST_ptr(ctx) 6552 || !TEST_true(EVP_EncryptInit_ex2(ctx, c, key, nonce, NULL)) 6553 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) /* AAD */ 6554 || !TEST_true(EVP_EncryptUpdate(ctx, out, &outl, aad, 0)) /* empty PT, out!=NULL */ 6555 || !TEST_true(EVP_EncryptFinal_ex(ctx, out, &outl)) 6556 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, real_tag))) 6557 goto err; 6558 EVP_CIPHER_CTX_free(ctx); 6559 6560 /* SANITY: decrypt with CORRECT tag and an explicit empty-PT Update */ 6561 ctx = EVP_CIPHER_CTX_new(); 6562 if (!TEST_ptr(ctx) 6563 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6564 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, real_tag)) 6565 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) 6566 || !TEST_true(EVP_DecryptUpdate(ctx, out, &outl, aad, 0)) /* force aes_gcm_siv_decrypt(len=0) */ 6567 || !TEST_true(EVP_DecryptFinal_ex(ctx, out, &outl))) 6568 goto err; 6569 EVP_CIPHER_CTX_free(ctx); 6570 6571 /* FORGERY A: AAD only, NO ciphertext Update, ALL-ZERO tag */ 6572 ctx = EVP_CIPHER_CTX_new(); 6573 if (!TEST_ptr(ctx) 6574 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6575 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, zero_tag)) 6576 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) /* AAD only, out==NULL */ 6577 || !TEST_false(EVP_DecryptFinal_ex(ctx, out, &outl))) 6578 goto err; 6579 EVP_CIPHER_CTX_free(ctx); 6580 6581 /* FORGERY B: no AAD, no Update at all, ALL-ZERO tag */ 6582 ctx = EVP_CIPHER_CTX_new(); 6583 if (!TEST_ptr(ctx) 6584 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6585 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, zero_tag)) 6586 || !TEST_false(EVP_DecryptFinal_ex(ctx, out, &outl))) 6587 goto err; 6588 EVP_CIPHER_CTX_free(ctx); 6589 6590 /* CONTROL: AAD only, NO ciphertext Update, CORRECT tag */ 6591 ctx = EVP_CIPHER_CTX_new(); 6592 if (!TEST_ptr(ctx) 6593 || !TEST_true(EVP_DecryptInit_ex2(ctx, c, key, nonce, NULL)) 6594 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, real_tag)) 6595 || !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) 6596 || !TEST_true(EVP_DecryptFinal_ex(ctx, out, &outl))) 6597 goto err; 6598 EVP_CIPHER_CTX_free(ctx); 6599 ctx = NULL; 6600 6601 ret = 1; 6602 err: 6603 EVP_CIPHER_CTX_free(ctx); 6604 6605 EVP_CIPHER_free(c); 6606 return ret; 6607 } 6608 6609 /* 6610 * AES-SIV reuse-without-rekey: 6611 * msg1: legit non-empty CT, tag verifies, final_ret=0 6612 * msg2: no reinit (or reinit with key=NULL), set forged tag, 6613 * AAD only, DecryptFinal -> does stale final_ret leak through? 6614 */ 6615 static int test_aes_siv_ctx_reuse(void) 6616 { 6617 unsigned char key[32] = { 7 }; /* AES-128-SIV => 2*16 */ 6618 unsigned char pt[9] = "payload!"; 6619 unsigned char ct[9], tagbuf[16], out[16], zero16[16] = { 0 }; 6620 unsigned char aad[14] = "forged header"; 6621 int outl, ret = 0; 6622 EVP_CIPHER_CTX *e = NULL, *d = NULL; 6623 EVP_CIPHER *c = EVP_CIPHER_fetch(NULL, "AES-128-SIV", NULL); 6624 6625 if (c == NULL) { 6626 return TEST_skip("AES-128-SIV cipher is not available"); 6627 } 6628 6629 /* produce a valid (ct,tag) for msg1 */ 6630 e = EVP_CIPHER_CTX_new(); 6631 if (!TEST_ptr(e) 6632 || !TEST_true(EVP_EncryptInit_ex2(e, c, key, NULL, NULL)) 6633 || !TEST_true(EVP_EncryptUpdate(e, NULL, &outl, (unsigned char *)"hdr1", 4)) 6634 || !TEST_true(EVP_EncryptUpdate(e, ct, &outl, pt, sizeof(pt))) 6635 || !TEST_true(EVP_EncryptFinal_ex(e, out, &outl)) 6636 || !TEST_true(EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_AEAD_GET_TAG, 16, tagbuf))) { 6637 EVP_CIPHER_CTX_free(e); 6638 goto err; 6639 } 6640 EVP_CIPHER_CTX_free(e); 6641 6642 /* msg1 decrypt */ 6643 d = EVP_CIPHER_CTX_new(); 6644 if (!TEST_ptr(d) 6645 || !TEST_true(EVP_DecryptInit_ex2(d, c, key, NULL, NULL)) 6646 || !TEST_true(EVP_CIPHER_CTX_ctrl(d, EVP_CTRL_AEAD_SET_TAG, 16, tagbuf)) 6647 || !TEST_true(EVP_DecryptUpdate(d, NULL, &outl, (unsigned char *)"hdr1", 4)) 6648 || !TEST_true(EVP_DecryptUpdate(d, out, &outl, ct, sizeof(ct))) 6649 || !TEST_true(EVP_DecryptFinal_ex(d, out, &outl))) 6650 goto err; 6651 6652 /* msg2 on SAME ctx, reinit with key=NULL => initkey skipped, final_ret should be reset */ 6653 if (!TEST_true(EVP_DecryptInit_ex2(d, NULL, NULL, NULL, NULL)) 6654 || !TEST_true(EVP_CIPHER_CTX_ctrl(d, EVP_CTRL_AEAD_SET_TAG, 16, zero16)) 6655 || !TEST_true(EVP_DecryptUpdate(d, NULL, &outl, aad, sizeof(aad))) /* forged AAD */ 6656 || !TEST_false(EVP_DecryptFinal_ex(d, out, &outl))) 6657 goto err; 6658 6659 ret = 1; 6660 6661 err: 6662 EVP_CIPHER_CTX_free(d); 6663 EVP_CIPHER_free(c); 6664 return ret; 6665 } 6666 6667 static int test_invalid_ctx_for_digest(void) 6668 { 6669 int ret; 6670 EVP_MD_CTX *mdctx; 6671 6672 mdctx = EVP_MD_CTX_new(); 6673 if (!TEST_ptr(mdctx)) 6674 return 0; 6675 6676 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 6677 ret = 0; 6678 else 6679 ret = 1; 6680 6681 EVP_MD_CTX_free(mdctx); 6682 6683 return ret; 6684 } 6685 6686 static int test_evp_cipher_negative_length(void) 6687 { 6688 EVP_CIPHER_CTX *ctx = NULL; 6689 EVP_CIPHER *cipher = NULL; 6690 unsigned char key[16] = { 0 }; 6691 unsigned char iv[16] = { 0 }; 6692 unsigned char buffer[32] = { 0 }; 6693 int outl = 0; 6694 int ret = 0; 6695 6696 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6697 goto end; 6698 6699 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq))) 6700 goto end; 6701 6702 /* Initialize encryption context */ 6703 if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) 6704 goto end; 6705 6706 /* Test EVP_EncryptUpdate with negative length - should fail */ 6707 if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) 6708 goto end; 6709 6710 /* Reinitialize for decryption */ 6711 if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) 6712 goto end; 6713 6714 /* Test EVP_DecryptUpdate with negative length - should fail */ 6715 if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) 6716 goto end; 6717 6718 ret = 1; 6719 end: 6720 EVP_CIPHER_free(cipher); 6721 EVP_CIPHER_CTX_free(ctx); 6722 return ret; 6723 } 6724 6725 static int test_evp_cipher_pipeline(void) 6726 { 6727 OSSL_PROVIDER *fake_pipeline = NULL; 6728 int testresult = 0; 6729 EVP_CIPHER *cipher = NULL; 6730 EVP_CIPHER *pipeline_cipher = NULL; 6731 EVP_CIPHER_CTX *ctx = NULL; 6732 unsigned char key[32]; 6733 size_t keylen = 32; 6734 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; 6735 size_t taglen = EVP_GCM_TLS_TAG_LEN; 6736 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; 6737 unsigned char *plaintext_array[EVP_MAX_PIPES]; 6738 unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; 6739 void **aead_tags = (void **)&tag_array; 6740 unsigned char *temp[EVP_MAX_PIPES]; 6741 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; 6742 size_t ciphertextlen_array[EVP_MAX_PIPES]; 6743 size_t inlen_array[EVP_MAX_PIPES]; 6744 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 6745 unsigned char *ciphertext, *exp_plaintext, *tag; 6746 size_t numpipes, plaintextlen, i; 6747 6748 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) 6749 return 0; 6750 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6751 "provider=fake-pipeline")) 6752 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6753 "provider!=fake-pipeline")) 6754 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6755 goto end; 6756 memset(key, 0x01, sizeof(key)); 6757 6758 /* Negative tests */ 6759 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) 6760 goto end; 6761 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) 6762 goto end; 6763 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6764 key, keylen, 6765 EVP_MAX_PIPES + 1, NULL, 0))) 6766 goto end; 6767 6768 /* Positive tests */ 6769 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { 6770 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { 6771 size_t ciphertextlen = 0; 6772 int outlen = 0; 6773 6774 /* Cleanup to be able to error out */ 6775 memset(iv_array, 0, sizeof(iv_array)); 6776 memset(plaintext_array, 0, sizeof(plaintext_array)); 6777 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); 6778 memset(tag_array, 0, sizeof(tag_array)); 6779 ciphertext = NULL; 6780 exp_plaintext = NULL; 6781 tag = NULL; 6782 6783 /* Allocate fresh buffers with exact size to catch buffer overwrites */ 6784 for (i = 0; i < numpipes; i++) { 6785 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) 6786 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) 6787 || !TEST_ptr(ciphertext_array_p[i] = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6788 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) 6789 goto err; 6790 6791 memset(iv_array[i], i + 33, ivlen); 6792 memset(plaintext_array[i], i + 1, plaintextlen); 6793 inlen_array[i] = plaintextlen; 6794 outlen_array[i] = 0; 6795 ciphertextlen_array[i] = 0; 6796 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; 6797 } 6798 if (!TEST_ptr(ciphertext = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6799 || !TEST_ptr(tag = OPENSSL_malloc(taglen)) 6800 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) 6801 goto err; 6802 6803 /* Encrypt using pipeline API */ 6804 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6805 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) 6806 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6807 key, keylen, numpipes, 6808 (const unsigned char **)iv_array, 6809 ivlen)) 6810 /* reuse plaintext for AAD as it won't affect test */ 6811 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6812 (const unsigned char **)plaintext_array, 6813 inlen_array)) 6814 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, 6815 outlen_array, outsize_array, 6816 (const unsigned char **)plaintext_array, 6817 inlen_array))) 6818 goto err; 6819 6820 for (i = 0; i < numpipes; i++) { 6821 ciphertextlen_array[i] = outlen_array[i]; 6822 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; 6823 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; 6824 } 6825 6826 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6827 goto err; 6828 6829 for (i = 0; i < numpipes; i++) 6830 ciphertextlen_array[i] += outlen_array[i]; 6831 6832 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6833 (void **)&aead_tags, taglen); 6834 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6835 goto err; 6836 6837 /* Encrypt using non-pipeline API and compare */ 6838 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) 6839 goto err; 6840 6841 for (i = 0; i < numpipes; i++) { 6842 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) 6843 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6844 plaintext_array[i], 6845 plaintextlen)) 6846 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, 6847 plaintext_array[i], 6848 plaintextlen))) 6849 goto err; 6850 ciphertextlen = outlen; 6851 6852 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) 6853 goto err; 6854 ciphertextlen += outlen; 6855 6856 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6857 (void *)tag, taglen); 6858 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6859 goto err; 6860 6861 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], 6862 ciphertext, ciphertextlen) 6863 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) 6864 goto err; 6865 } 6866 6867 for (i = 0; i < numpipes; i++) 6868 outsize_array[i] = plaintextlen; 6869 6870 /* Decrypt using pipeline API and compare */ 6871 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6872 (void **)&aead_tags, taglen); 6873 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6874 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) 6875 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, 6876 key, keylen, numpipes, 6877 (const unsigned char **)iv_array, 6878 ivlen)) 6879 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6880 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6881 (const unsigned char **)plaintext_array, 6882 inlen_array)) 6883 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, 6884 outlen_array, outsize_array, 6885 (const unsigned char **)ciphertext_array_p, 6886 ciphertextlen_array))) 6887 goto err; 6888 6889 for (i = 0; i < numpipes; i++) { 6890 temp[i] = plaintext_array[i] + outlen_array[i]; 6891 outsize_array[i] = outsize_array[i] - outlen_array[i]; 6892 } 6893 6894 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6895 goto err; 6896 6897 for (i = 0; i < numpipes; i++) { 6898 memset(exp_plaintext, i + 1, plaintextlen); 6899 if (!TEST_mem_eq(plaintext_array[i], plaintextlen, 6900 exp_plaintext, plaintextlen)) 6901 goto err; 6902 } 6903 6904 for (i = 0; i < numpipes; i++) { 6905 OPENSSL_free(iv_array[i]); 6906 OPENSSL_free(plaintext_array[i]); 6907 OPENSSL_free(ciphertext_array_p[i]); 6908 OPENSSL_free(tag_array[i]); 6909 } 6910 OPENSSL_free(exp_plaintext); 6911 OPENSSL_free(ciphertext); 6912 OPENSSL_free(tag); 6913 } 6914 } 6915 6916 testresult = 1; 6917 goto end; 6918 6919 err: 6920 for (i = 0; i < numpipes; i++) { 6921 OPENSSL_free(iv_array[i]); 6922 OPENSSL_free(plaintext_array[i]); 6923 OPENSSL_free(ciphertext_array_p[i]); 6924 OPENSSL_free(tag_array[i]); 6925 } 6926 OPENSSL_free(exp_plaintext); 6927 OPENSSL_free(ciphertext); 6928 OPENSSL_free(tag); 6929 end: 6930 EVP_CIPHER_CTX_free(ctx); 6931 EVP_CIPHER_free(cipher); 6932 EVP_CIPHER_free(pipeline_cipher); 6933 fake_pipeline_finish(fake_pipeline); 6934 return testresult; 6935 } 6936 6937 int setup_tests(void) 6938 { 6939 char *config_file = NULL; 6940 OPTION_CHOICE o; 6941 6942 while ((o = opt_next()) != OPT_EOF) { 6943 switch (o) { 6944 case OPT_CONTEXT: 6945 /* Set up an alternate library context */ 6946 testctx = OSSL_LIB_CTX_new(); 6947 if (!TEST_ptr(testctx)) 6948 return 0; 6949 #ifdef STATIC_LEGACY 6950 /* 6951 * This test is always statically linked against libcrypto. We must not 6952 * attempt to load legacy.so that might be dynamically linked against 6953 * libcrypto. Instead we use a built-in version of the legacy provider. 6954 */ 6955 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 6956 return 0; 6957 #endif 6958 /* Swap the libctx to test non-default context only */ 6959 nullprov = OSSL_PROVIDER_load(NULL, "null"); 6960 deflprov = OSSL_PROVIDER_load(testctx, "default"); 6961 #ifndef OPENSSL_SYS_TANDEM 6962 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 6963 #endif 6964 break; 6965 case OPT_CONFIG_FILE: 6966 config_file = opt_arg(); 6967 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) 6968 return 0; 6969 break; 6970 case OPT_TEST_CASES: 6971 break; 6972 default: 6973 return 0; 6974 } 6975 } 6976 6977 if (config_file != NULL) { 6978 ADD_TEST(test_EVP_set_config_properties); 6979 return 1; 6980 } 6981 6982 ADD_TEST(test_EVP_set_default_properties); 6983 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 6984 ADD_TEST(test_EVP_DigestVerifyInit); 6985 #ifndef OPENSSL_NO_EC 6986 ADD_TEST(test_ecdsa_digestsign_keccak); 6987 #endif 6988 #ifndef OPENSSL_NO_SIPHASH 6989 ADD_TEST(test_siphash_digestsign); 6990 #endif 6991 ADD_TEST(test_EVP_Digest); 6992 ADD_TEST(test_EVP_md_null); 6993 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 6994 #ifndef OPENSSL_NO_DEPRECATED_3_0 6995 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 6996 #endif 6997 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 6998 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 6999 ADD_TEST(test_privatekey_to_pkcs8); 7000 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 7001 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); 7002 #ifndef OPENSSL_NO_EC 7003 ADD_TEST(test_EVP_PKCS82PKEY); 7004 #endif 7005 #ifndef OPENSSL_NO_EC 7006 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 7007 #endif 7008 #if !defined(OPENSSL_NO_SM2) 7009 ADD_TEST(test_EVP_SM2); 7010 ADD_TEST(test_EVP_SM2_verify); 7011 #endif 7012 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 7013 #ifndef OPENSSL_NO_DEPRECATED_3_0 7014 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 7015 if (!TEST_ptr(custom_pmeth)) 7016 return 0; 7017 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 7018 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 7019 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 7020 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 7021 return 0; 7022 #endif 7023 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 7024 #ifndef OPENSSL_NO_CMAC 7025 ADD_TEST(test_CMAC_keygen); 7026 #endif 7027 ADD_TEST(test_HKDF); 7028 ADD_TEST(test_emptyikm_HKDF); 7029 ADD_TEST(test_empty_salt_info_HKDF); 7030 #ifndef OPENSSL_NO_EC 7031 ADD_TEST(test_X509_PUBKEY_inplace); 7032 ADD_TEST(test_X509_PUBKEY_dup); 7033 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 7034 OSSL_NELEM(ec_der_pub_keys)); 7035 #endif 7036 #ifndef OPENSSL_NO_DSA 7037 ADD_TEST(test_DSA_get_set_params); 7038 ADD_TEST(test_DSA_priv_pub); 7039 #endif 7040 ADD_TEST(test_RSA_get_set_params); 7041 ADD_TEST(test_RSA_OAEP_set_get_params); 7042 ADD_TEST(test_RSA_OAEP_set_null_label); 7043 ADD_TEST(test_RSA_encrypt); 7044 #ifndef OPENSSL_NO_DEPRECATED_3_0 7045 ADD_TEST(test_RSA_legacy); 7046 #endif 7047 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 7048 ADD_TEST(test_decrypt_null_chunks); 7049 #endif 7050 #ifndef OPENSSL_NO_DH 7051 ADD_TEST(test_DH_priv_pub); 7052 #ifndef OPENSSL_NO_DEPRECATED_3_0 7053 ADD_TEST(test_EVP_PKEY_set1_DH); 7054 #endif 7055 #endif 7056 #ifndef OPENSSL_NO_EC 7057 ADD_TEST(test_EC_priv_pub); 7058 ADD_TEST(test_evp_get_ec_pub); 7059 #ifndef OPENSSL_NO_DEPRECATED_3_0 7060 ADD_TEST(test_EC_priv_only_legacy); 7061 ADD_TEST(test_evp_get_ec_pub_legacy); 7062 #endif 7063 #endif 7064 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 7065 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 7066 7067 ADD_TEST(test_rand_agglomeration); 7068 ADD_ALL_TESTS(test_evp_iv_aes, 12); 7069 #ifndef OPENSSL_NO_DES 7070 ADD_ALL_TESTS(test_evp_iv_des, 6); 7071 #endif 7072 #ifndef OPENSSL_NO_BF 7073 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 7074 #endif 7075 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 7076 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 7077 ADD_TEST(test_EVP_rsa_invalid_key); 7078 #ifndef OPENSSL_NO_EC 7079 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 7080 #endif 7081 7082 ADD_TEST(test_names_do_all); 7083 7084 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 7085 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 7086 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 7087 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 7088 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 7089 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 7090 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 7091 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 7092 7093 #ifndef OPENSSL_NO_DEPRECATED_3_0 7094 ADD_ALL_TESTS(test_custom_pmeth, 12); 7095 ADD_TEST(test_evp_md_cipher_meth); 7096 ADD_TEST(test_custom_md_meth); 7097 ADD_TEST(test_custom_ciph_meth); 7098 ADD_TEST(test_rsasve_kem_with_invalid_pub_key); 7099 7100 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 7101 /* Tests only support the default libctx */ 7102 if (testctx == NULL) { 7103 #ifndef OPENSSL_NO_EC 7104 ADD_ALL_TESTS(test_signatures_with_engine, 3); 7105 #else 7106 ADD_ALL_TESTS(test_signatures_with_engine, 2); 7107 #endif 7108 ADD_TEST(test_cipher_with_engine); 7109 } 7110 #endif 7111 #endif 7112 7113 #ifndef OPENSSL_NO_ECX 7114 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 7115 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 7116 #endif 7117 7118 ADD_TEST(test_sign_continuation); 7119 7120 /* Test cases for CVE-2023-5363 */ 7121 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 7122 #ifndef OPENSSL_NO_RC4 7123 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 7124 #endif 7125 7126 /* Test cases for CVE-2026-45446 */ 7127 ADD_TEST(test_aes_gcm_siv_empty_data); 7128 ADD_TEST(test_aes_siv_ctx_reuse); 7129 7130 ADD_TEST(test_invalid_ctx_for_digest); 7131 7132 ADD_TEST(test_evp_cipher_negative_length); 7133 7134 ADD_TEST(test_evp_cipher_pipeline); 7135 7136 return 1; 7137 } 7138 7139 void cleanup_tests(void) 7140 { 7141 OSSL_PROVIDER_unload(nullprov); 7142 OSSL_PROVIDER_unload(deflprov); 7143 #ifndef OPENSSL_SYS_TANDEM 7144 OSSL_PROVIDER_unload(lgcyprov); 7145 #endif 7146 OSSL_LIB_CTX_free(testctx); 7147 } 7148