1 /*
2 * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include <openssl/rand.h>
36 #include <crypto/ml_kem.h>
37 #include "testutil.h"
38 #include "internal/nelem.h"
39 #include "internal/sizes.h"
40 #include "crypto/evp.h"
41 #include "fake_rsaprov.h"
42 #include "fake_pipelineprov.h"
43
44 #ifdef STATIC_LEGACY
45 OSSL_provider_init_fn ossl_legacy_provider_init;
46 #endif
47
48 static OSSL_LIB_CTX *testctx = NULL;
49 static char *testpropq = NULL;
50
51 static OSSL_PROVIDER *nullprov = NULL;
52 static OSSL_PROVIDER *deflprov = NULL;
53 static OSSL_PROVIDER *lgcyprov = NULL;
54
55 /*
56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
57 * should never use this key anywhere but in an example.
58 */
59 static const unsigned char kExampleRSAKeyDER[] = {
60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf
111 };
112
113 /* An invalid key whose prime factors exceed modulus n. */
114 static const unsigned char kInvalidRSAKeyDER[] = {
115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
289 0xe2, 0x80
290 };
291
292 /*
293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
294 * should never use this key anywhere but in an example.
295 */
296 #ifndef OPENSSL_NO_DSA
297 static const unsigned char kExampleDSAKeyDER[] = {
298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
335 0x40, 0x48
336 };
337 #endif
338
339 /*
340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
341 * components are not correct.
342 */
343 static const unsigned char kExampleBadRSAKeyDER[] = {
344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce
433 };
434
435 /*
436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
437 * values are 0.
438 */
439 static const unsigned char kExampleBad2RSAKeyDER[] = {
440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
442 0x01, 0x00, 0x02, 0x01, 0x00
443 };
444
445 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
446
447 static const unsigned char kSignature[] = {
448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42
459 };
460
461 /*
462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1
463 * PrivateKeyInfo.
464 */
465 static const unsigned char kExampleRSAKeyPKCS8[] = {
466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf
519 };
520
521 /*
522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2
523 * PrivateKeyInfo (with an optional public key).
524 */
525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = {
526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
579 /* Implicit optional Public key BIT STRING */
580 0x81,
581 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8,
582 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
583 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
584 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
585 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
586 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
587 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
588 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
589 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
590 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
591 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
592 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01
593 };
594
595 #ifndef OPENSSL_NO_EC
596 /*
597 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
598 * structure.
599 */
600 static const unsigned char kExampleECKeyDER[] = {
601 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
602 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
603 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
604 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
605 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
606 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
607 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
608 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
609 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
610 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
611 0xc1
612 };
613
614 static const unsigned char kExampleECKeyPKCS8_v2[] = {
615 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
616 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
617 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
618 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9,
619 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e,
620 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42,
621 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f,
622 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d,
623 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7,
624 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2,
625 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94,
626 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1,
627 /* Optional implicit public key BIT STRING */
628 0x81,
629 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97,
630 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9,
631 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a,
632 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e,
633 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e,
634 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1
635 };
636
637 /*
638 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
639 * structure. The private key is equal to the order and will fail to import
640 */
641 static const unsigned char kExampleBadECKeyDER[] = {
642 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
643 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
644 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
645 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
646 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
647 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
648 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
649 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
650 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
651 };
652
653 /* prime256v1 */
654 static const unsigned char kExampleECPubKeyDER[] = {
655 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
656 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
657 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
658 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
659 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
660 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
661 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
662 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
663 };
664
665 /*
666 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
667 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
668 */
669 static const unsigned char kExampleBadECPubKeyDER[] = {
670 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
671 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
672 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
673 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
674 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
675 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
676 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
677 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
678 };
679
680 static const unsigned char pExampleECParamDER[] = {
681 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
682 };
683
684 #ifndef OPENSSL_NO_ECX
685 static const unsigned char kExampleED25519KeyDER[] = {
686 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
687 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
688 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
689 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
690 };
691
692 static const unsigned char kExampleED25519PubKeyDER[] = {
693 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
694 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
695 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
696 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
697 };
698
699 #ifndef OPENSSL_NO_DEPRECATED_3_0
700 static const unsigned char kExampleX25519KeyDER[] = {
701 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
702 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
703 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
704 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
705 };
706 #endif
707 #endif
708 #endif
709
710 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
711 #ifndef OPENSSL_NO_DEPRECATED_3_0
712 #ifndef OPENSSL_NO_DH
713 static const unsigned char kExampleDHKeyDER[] = {
714 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
715 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
716 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
717 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
718 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
719 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
720 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
721 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
722 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
723 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
724 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
725 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
726 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
727 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
728 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
729 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
730 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
731 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
732 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
733 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
734 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
735 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
736 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
737 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
738 0x2e, 0x87, 0x2a, 0x0b, 0x7a
739 };
740 #endif
741 #endif
742
743 static const unsigned char kCFBDefaultKey[] = {
744 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
745 0x09, 0xCF, 0x4F, 0x3C
746 };
747
748 static const unsigned char kGCMDefaultKey[32] = { 0 };
749
750 static const unsigned char kGCMResetKey[] = {
751 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
752 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
753 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
754 };
755
756 static const unsigned char iCFBIV[] = {
757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
758 0x0C, 0x0D, 0x0E, 0x0F
759 };
760
761 static const unsigned char iGCMDefaultIV[12] = { 0 };
762
763 static const unsigned char iGCMResetIV1[] = {
764 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
765 };
766
767 static const unsigned char iGCMResetIV2[] = {
768 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
769 };
770
771 static const unsigned char cfbPlaintext[] = {
772 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
773 0x73, 0x93, 0x17, 0x2A
774 };
775 static const unsigned char cfbPlaintext_partial[] = {
776 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
777 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96
778 };
779
780 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
781
782 static const unsigned char gcmResetPlaintext[] = {
783 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
784 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
785 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
786 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
787 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
788 };
789
790 static const unsigned char cfbCiphertext[] = {
791 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
792 0xE8, 0x3C, 0xFB, 0x4A
793 };
794
795 static const unsigned char cfbCiphertext_partial[] = {
796 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
797 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
798 };
799
800 static const unsigned char ofbCiphertext_partial[] = {
801 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
802 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
803 };
804
805 static const unsigned char gcmDefaultCiphertext[] = {
806 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
807 0xba, 0xf3, 0x9d, 0x18
808 };
809
810 static const unsigned char gcmResetCiphertext1[] = {
811 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
812 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
813 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
814 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
815 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
816 };
817
818 static const unsigned char gcmResetCiphertext2[] = {
819 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
820 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
821 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
822 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
823 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
824 };
825
826 static const unsigned char gcmAAD[] = {
827 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
828 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
829 };
830
831 static const unsigned char gcmDefaultTag[] = {
832 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
833 0xd4, 0x8a, 0xb9, 0x19
834 };
835
836 static const unsigned char gcmResetTag1[] = {
837 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
838 0xfe, 0x2e, 0xa8, 0xf2
839 };
840
841 static const unsigned char gcmResetTag2[] = {
842 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
843 0xbb, 0x2d, 0x55, 0x1b
844 };
845
846 typedef struct APK_DATA_st {
847 const unsigned char *kder;
848 size_t size;
849 const char *keytype;
850 int evptype;
851 int check;
852 int pub_check;
853 int param_check;
854 int type; /* 0 for private, 1 for public, 2 for params */
855 } APK_DATA;
856
857 static APK_DATA keydata[] = {
858 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA },
859 { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA },
860 #ifndef OPENSSL_NO_EC
861 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC }
862 #endif
863 };
864
865 static APK_DATA keydata_v2[] = {
866 { kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA },
867 #ifndef OPENSSL_NO_EC
868 { kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC }
869 #endif
870 };
871
872 static APK_DATA keycheckdata[] = {
873 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
874 0 },
875 { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
876 0, 1, 1, 0 },
877 { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
878 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 },
879 #ifndef OPENSSL_NO_EC
880 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 },
881 /* group is also associated in our pub key */
882 { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
883 1, 1 },
884 { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
885 2 },
886 #ifndef OPENSSL_NO_ECX
887 { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
888 EVP_PKEY_ED25519, 1, 1, 1, 0 },
889 { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
890 EVP_PKEY_ED25519, 0, 1, 1, 1 },
891 #endif
892 #endif
893 };
894
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)895 static EVP_PKEY *load_example_key(const char *keytype,
896 const unsigned char *data, size_t data_len)
897 {
898 const unsigned char **pdata = &data;
899 EVP_PKEY *pkey = NULL;
900 OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
901 testctx, testpropq);
902
903 /* |pkey| will be NULL on error */
904 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
905 OSSL_DECODER_CTX_free(dctx);
906 return pkey;
907 }
908
load_example_rsa_key(void)909 static EVP_PKEY *load_example_rsa_key(void)
910 {
911 return load_example_key("RSA", kExampleRSAKeyDER,
912 sizeof(kExampleRSAKeyDER));
913 }
914
915 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)916 static EVP_PKEY *load_example_dsa_key(void)
917 {
918 return load_example_key("DSA", kExampleDSAKeyDER,
919 sizeof(kExampleDSAKeyDER));
920 }
921 #endif
922
923 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)924 static EVP_PKEY *load_example_ec_key(void)
925 {
926 return load_example_key("EC", kExampleECKeyDER,
927 sizeof(kExampleECKeyDER));
928 }
929 #endif
930
931 #ifndef OPENSSL_NO_DEPRECATED_3_0
932
make_bad_rsa_pubkey(void)933 static EVP_PKEY *make_bad_rsa_pubkey(void)
934 {
935 RSA *rsa = NULL;
936 BIGNUM *n = NULL, *e = NULL;
937 EVP_PKEY *pkey = NULL;
938
939 /* Deliberately invalid public key: n = 17, e = 17 */
940 if (!TEST_ptr(pkey = EVP_PKEY_new())
941 || !TEST_ptr(rsa = RSA_new())
942 || !TEST_ptr(n = BN_new())
943 || !TEST_ptr(e = BN_new())
944 || !TEST_true(BN_set_word(n, 17))
945 || !TEST_true(BN_set_word(e, 17))
946 || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
947 || !EVP_PKEY_assign_RSA(pkey, rsa))
948 goto err;
949
950 return pkey;
951 err:
952 BN_free(n);
953 BN_free(e);
954 RSA_free(rsa);
955 return NULL;
956 }
957
958 #ifndef OPENSSL_NO_DH
load_example_dh_key(void)959 static EVP_PKEY *load_example_dh_key(void)
960 {
961 return load_example_key("DH", kExampleDHKeyDER,
962 sizeof(kExampleDHKeyDER));
963 }
964 #endif
965
966 #ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)967 static EVP_PKEY *load_example_ed25519_key(void)
968 {
969 return load_example_key("ED25519", kExampleED25519KeyDER,
970 sizeof(kExampleED25519KeyDER));
971 }
972
load_example_x25519_key(void)973 static EVP_PKEY *load_example_x25519_key(void)
974 {
975 return load_example_key("X25519", kExampleX25519KeyDER,
976 sizeof(kExampleX25519KeyDER));
977 }
978 #endif
979 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
980
load_example_hmac_key(void)981 static EVP_PKEY *load_example_hmac_key(void)
982 {
983 EVP_PKEY *pkey = NULL;
984 unsigned char key[] = {
985 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
986 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
987 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
988 };
989
990 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
991 NULL, key, sizeof(key));
992 if (!TEST_ptr(pkey))
993 return NULL;
994
995 return pkey;
996 }
997
test_EVP_set_config_properties(void)998 static int test_EVP_set_config_properties(void)
999 {
1000 char *fetched_properties = NULL;
1001 const char test_propq[] = "test.fizzbuzz=buzzfizz";
1002 int res = 0;
1003
1004 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
1005 if (!TEST_ptr(fetched_properties)
1006 || !TEST_str_eq(fetched_properties, test_propq))
1007 goto err;
1008 OPENSSL_free(fetched_properties);
1009 fetched_properties = NULL;
1010
1011 res = 1;
1012 err:
1013 OPENSSL_free(fetched_properties);
1014 return res;
1015 }
1016
test_EVP_set_default_properties(void)1017 static int test_EVP_set_default_properties(void)
1018 {
1019 OSSL_LIB_CTX *ctx;
1020 EVP_MD *md = NULL;
1021 int res = 0;
1022 char *fetched_properties = NULL;
1023 const char test_propq[] = "provider=fizzbang";
1024 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
1025
1026 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
1027 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1028 goto err;
1029 EVP_MD_free(md);
1030 md = NULL;
1031
1032 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
1033 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
1034 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
1035 goto err;
1036 EVP_MD_free(md);
1037 md = NULL;
1038
1039 fetched_properties = EVP_get1_default_properties(ctx);
1040 if (!TEST_ptr(fetched_properties)
1041 || !TEST_str_eq(fetched_properties, test_propq))
1042 goto err;
1043 OPENSSL_free(fetched_properties);
1044 fetched_properties = NULL;
1045
1046 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
1047 goto err;
1048 fetched_properties = EVP_get1_default_properties(ctx);
1049 if (!TEST_ptr(fetched_properties)
1050 || !TEST_str_eq(fetched_properties, test_fips_propq))
1051 goto err;
1052 OPENSSL_free(fetched_properties);
1053 fetched_properties = NULL;
1054
1055 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
1056 goto err;
1057
1058 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
1059 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
1060 goto err;
1061 res = 1;
1062 err:
1063 OPENSSL_free(fetched_properties);
1064 EVP_MD_free(md);
1065 OSSL_LIB_CTX_free(ctx);
1066 return res;
1067 }
1068
1069 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)1070 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
1071 {
1072 EVP_PKEY_CTX *pctx = NULL;
1073 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
1074
1075 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
1076 goto err;
1077 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
1078 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
1079 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1080 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
1081 params),
1082 0))
1083 goto err;
1084
1085 if (!TEST_ptr(tmp_pkey))
1086 goto err;
1087
1088 pkey = tmp_pkey;
1089 tmp_pkey = NULL;
1090 err:
1091 EVP_PKEY_free(tmp_pkey);
1092 EVP_PKEY_CTX_free(pctx);
1093 return pkey;
1094 }
1095
test_selection(EVP_PKEY * pkey,int selection)1096 static int test_selection(EVP_PKEY *pkey, int selection)
1097 {
1098 int testresult = 0;
1099 int ret;
1100 BIO *bio = BIO_new(BIO_s_mem());
1101
1102 ret = PEM_write_bio_PUBKEY(bio, pkey);
1103 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
1104 if (!TEST_true(ret))
1105 goto err;
1106 } else {
1107 if (!TEST_false(ret))
1108 goto err;
1109 }
1110 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
1111 testctx, NULL);
1112 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
1113 if (!TEST_true(ret))
1114 goto err;
1115 } else {
1116 if (!TEST_false(ret))
1117 goto err;
1118 }
1119
1120 testresult = 1;
1121 err:
1122 BIO_free(bio);
1123
1124 return testresult;
1125 }
1126 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
1127
1128 /*
1129 * Test combinations of private, public, missing and private + public key
1130 * params to ensure they are all accepted
1131 */
1132 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)1133 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1134 {
1135 OSSL_PARAM_BLD *bld = NULL;
1136 OSSL_PARAM *params = NULL;
1137 EVP_PKEY *just_params = NULL;
1138 EVP_PKEY *params_and_priv = NULL;
1139 EVP_PKEY *params_and_pub = NULL;
1140 EVP_PKEY *params_and_keypair = NULL;
1141 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1142 int ret = 0;
1143
1144 /*
1145 * Setup the parameters for our pkey object. For our purposes they don't
1146 * have to actually be *valid* parameters. We just need to set something.
1147 */
1148 if (!TEST_ptr(p = BN_new())
1149 || !TEST_ptr(q = BN_new())
1150 || !TEST_ptr(g = BN_new())
1151 || !TEST_ptr(pub = BN_new())
1152 || !TEST_ptr(priv = BN_new()))
1153 goto err;
1154
1155 /* Test !priv and !pub */
1156 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1157 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1158 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1159 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1160 goto err;
1161 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1162 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1163 goto err;
1164
1165 OSSL_PARAM_free(params);
1166 OSSL_PARAM_BLD_free(bld);
1167 params = NULL;
1168 bld = NULL;
1169
1170 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1171 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1172 goto err;
1173
1174 /* Test priv and !pub */
1175 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1176 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1177 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1178 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1179 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1180 priv)))
1181 goto err;
1182 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1183 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1184 goto err;
1185
1186 OSSL_PARAM_free(params);
1187 OSSL_PARAM_BLD_free(bld);
1188 params = NULL;
1189 bld = NULL;
1190
1191 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1192 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1193 goto err;
1194
1195 /* Test !priv and pub */
1196 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1197 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1198 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1199 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1200 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1201 pub)))
1202 goto err;
1203 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1204 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1205 goto err;
1206
1207 OSSL_PARAM_free(params);
1208 OSSL_PARAM_BLD_free(bld);
1209 params = NULL;
1210 bld = NULL;
1211
1212 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1213 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1214 goto err;
1215
1216 /* Test priv and pub */
1217 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1218 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1219 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1220 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1221 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1222 pub))
1223 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1224 priv)))
1225 goto err;
1226 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1227 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1228 goto err;
1229
1230 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1231 goto err;
1232
1233 ret = 1;
1234 err:
1235 OSSL_PARAM_free(params);
1236 OSSL_PARAM_BLD_free(bld);
1237 EVP_PKEY_free(just_params);
1238 EVP_PKEY_free(params_and_priv);
1239 EVP_PKEY_free(params_and_pub);
1240 EVP_PKEY_free(params_and_keypair);
1241 BN_free(p);
1242 BN_free(q);
1243 BN_free(g);
1244 BN_free(pub);
1245 BN_free(priv);
1246
1247 return ret;
1248 }
1249 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1250
1251 /*
1252 * Test combinations of private, public, missing and private + public key
1253 * params to ensure they are all accepted for EC keys
1254 */
1255 #ifndef OPENSSL_NO_EC
1256 static unsigned char ec_priv[] = {
1257 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1258 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1259 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1260 };
1261 static unsigned char ec_pub[] = {
1262 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1263 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1264 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1265 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1266 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1267 0x08, 0x09, 0xb8, 0xdb, 0x03
1268 };
1269
test_EC_priv_pub(void)1270 static int test_EC_priv_pub(void)
1271 {
1272 OSSL_PARAM_BLD *bld = NULL;
1273 OSSL_PARAM *params = NULL;
1274 EVP_PKEY *just_params = NULL;
1275 EVP_PKEY *params_and_priv = NULL;
1276 EVP_PKEY *params_and_pub = NULL;
1277 EVP_PKEY *params_and_keypair = NULL;
1278 BIGNUM *priv = NULL;
1279 int ret = 0;
1280 unsigned char *encoded = NULL;
1281 size_t len = 0;
1282 unsigned char buffer[128];
1283
1284 /*
1285 * Setup the parameters for our pkey object. For our purposes they don't
1286 * have to actually be *valid* parameters. We just need to set something.
1287 */
1288 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1289 goto err;
1290
1291 /* Test !priv and !pub */
1292 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1293 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1294 OSSL_PKEY_PARAM_GROUP_NAME,
1295 "P-256", 0)))
1296 goto err;
1297 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1298 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1299 goto err;
1300
1301 OSSL_PARAM_free(params);
1302 OSSL_PARAM_BLD_free(bld);
1303 params = NULL;
1304 bld = NULL;
1305
1306 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1307 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1308 goto err;
1309
1310 /* Test priv and !pub */
1311 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1312 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1313 OSSL_PKEY_PARAM_GROUP_NAME,
1314 "P-256", 0))
1315 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1316 priv)))
1317 goto err;
1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1319 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1320 goto err;
1321
1322 OSSL_PARAM_free(params);
1323 OSSL_PARAM_BLD_free(bld);
1324 params = NULL;
1325 bld = NULL;
1326
1327 /*
1328 * We indicate only parameters here, in spite of having built a key that
1329 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1330 * expected to fail because it does not support exporting a private EC
1331 * key without a corresponding public key
1332 */
1333 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1334 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1335 goto err;
1336
1337 /* Test !priv and pub */
1338 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1339 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1340 OSSL_PKEY_PARAM_GROUP_NAME,
1341 "P-256", 0))
1342 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1343 OSSL_PKEY_PARAM_PUB_KEY,
1344 ec_pub, sizeof(ec_pub))))
1345 goto err;
1346 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1347 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1348 goto err;
1349
1350 OSSL_PARAM_free(params);
1351 OSSL_PARAM_BLD_free(bld);
1352 params = NULL;
1353 bld = NULL;
1354
1355 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1356 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1357 goto err;
1358
1359 /* Test priv and pub */
1360 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1361 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1362 OSSL_PKEY_PARAM_GROUP_NAME,
1363 "P-256", 0))
1364 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1365 OSSL_PKEY_PARAM_PUB_KEY,
1366 ec_pub, sizeof(ec_pub)))
1367 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1368 priv)))
1369 goto err;
1370 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1371 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1372 goto err;
1373
1374 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1375 goto err;
1376
1377 /* Try key equality */
1378 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1379 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1380 0)
1381 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1382 0)
1383 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1384 0)
1385 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1386 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1387 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1388 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1389 goto err;
1390
1391 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1392 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1393 goto err;
1394 OPENSSL_free(encoded);
1395 encoded = NULL;
1396 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1397 OPENSSL_free(encoded);
1398 encoded = NULL;
1399 goto err;
1400 }
1401
1402 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1403 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1404 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1405 buffer, sizeof(buffer), &len),
1406 1)
1407 || !TEST_int_eq(len, 65))
1408 goto err;
1409
1410 len = 0;
1411 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1412 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1413 NULL, 0, &len),
1414 1)
1415 || !TEST_int_eq(len, 65))
1416 goto err;
1417
1418 /* too-short buffer len*/
1419 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1420 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1421 buffer, 10, &len),
1422 0))
1423 goto err;
1424
1425 ret = 1;
1426 err:
1427 OSSL_PARAM_free(params);
1428 OSSL_PARAM_BLD_free(bld);
1429 EVP_PKEY_free(just_params);
1430 EVP_PKEY_free(params_and_priv);
1431 EVP_PKEY_free(params_and_pub);
1432 EVP_PKEY_free(params_and_keypair);
1433 BN_free(priv);
1434
1435 return ret;
1436 }
1437
1438 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1439 static int test_evp_get_ec_pub(void)
1440 {
1441 OSSL_PARAM_BLD *bld = NULL;
1442 OSSL_PARAM *params = NULL;
1443 unsigned char *pad = NULL;
1444 EVP_PKEY *keypair = NULL;
1445 BIGNUM *priv = NULL;
1446 BIGNUM *x = NULL;
1447 BIGNUM *y = NULL;
1448 int ret = 0;
1449
1450 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1451 goto err;
1452
1453 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1454 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1455 OSSL_PKEY_PARAM_GROUP_NAME,
1456 "P-256", 0))
1457 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1458 OSSL_PKEY_PARAM_PUB_KEY,
1459 ec_pub, sizeof(ec_pub)))
1460 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1461 priv)))
1462 goto err;
1463
1464 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1465 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1466 goto err;
1467
1468 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1469 goto err;
1470
1471 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1472 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1473 goto err;
1474
1475 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1476 goto err;
1477
1478 pad[0] = ec_pub[0];
1479 BN_bn2bin(x, &pad[1]);
1480 BN_bn2bin(y, &pad[33]);
1481 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1482 goto err;
1483
1484 ret = 1;
1485
1486 err:
1487 OSSL_PARAM_free(params);
1488 OSSL_PARAM_BLD_free(bld);
1489 EVP_PKEY_free(keypair);
1490 OPENSSL_free(pad);
1491 BN_free(priv);
1492 BN_free(x);
1493 BN_free(y);
1494 return ret;
1495 }
1496
1497 /* Test that using a legacy EC key with only a private key in it works */
1498 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1499 static int test_EC_priv_only_legacy(void)
1500 {
1501 BIGNUM *priv = NULL;
1502 int ret = 0;
1503 EC_KEY *eckey = NULL;
1504 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1505 EVP_MD_CTX *ctx = NULL;
1506
1507 /* Create the low level EC_KEY */
1508 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1509 goto err;
1510
1511 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1512 if (!TEST_ptr(eckey))
1513 goto err;
1514
1515 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1516 goto err;
1517
1518 pkey = EVP_PKEY_new();
1519 if (!TEST_ptr(pkey))
1520 goto err;
1521
1522 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1523 goto err;
1524 eckey = NULL;
1525
1526 for (;;) {
1527 ret = 0;
1528 ctx = EVP_MD_CTX_new();
1529 if (!TEST_ptr(ctx))
1530 goto err;
1531
1532 /*
1533 * The EVP_DigestSignInit function should create the key on the
1534 * provider side which is sufficient for this test.
1535 */
1536 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1537 testpropq, pkey, NULL)))
1538 goto err;
1539 EVP_MD_CTX_free(ctx);
1540 ctx = NULL;
1541
1542 if (dup_pk != NULL)
1543 break;
1544
1545 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1546 goto err;
1547 /* EVP_PKEY_eq() returns -2 with missing public keys */
1548 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1549 EVP_PKEY_free(pkey);
1550 pkey = dup_pk;
1551 if (!ret)
1552 goto err;
1553 }
1554 ret = 1;
1555
1556 err:
1557 EVP_MD_CTX_free(ctx);
1558 EVP_PKEY_free(pkey);
1559 EC_KEY_free(eckey);
1560 BN_free(priv);
1561
1562 return ret;
1563 }
1564
test_evp_get_ec_pub_legacy(void)1565 static int test_evp_get_ec_pub_legacy(void)
1566 {
1567 OSSL_LIB_CTX *libctx = NULL;
1568 unsigned char *pad = NULL;
1569 EVP_PKEY *pkey = NULL;
1570 EC_KEY *eckey = NULL;
1571 BIGNUM *priv = NULL;
1572 BIGNUM *x = NULL;
1573 BIGNUM *y = NULL;
1574 int ret = 0;
1575
1576 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1577 goto err;
1578
1579 /* Create the legacy key */
1580 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1581 NID_X9_62_prime256v1)))
1582 goto err;
1583
1584 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1585 goto err;
1586
1587 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1588 goto err;
1589
1590 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1591 goto err;
1592
1593 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1594 goto err;
1595
1596 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1597 goto err;
1598
1599 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1600 goto err;
1601
1602 /* Transfer the legacy key */
1603 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1604 goto err;
1605 eckey = NULL;
1606
1607 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1608 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1609 goto err;
1610
1611 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1612 goto err;
1613
1614 pad[0] = ec_pub[0];
1615 BN_bn2bin(x, &pad[1]);
1616 BN_bn2bin(y, &pad[33]);
1617
1618 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1619 goto err;
1620
1621 ret = 1;
1622
1623 err:
1624 OSSL_LIB_CTX_free(libctx);
1625 EVP_PKEY_free(pkey);
1626 EC_KEY_free(eckey);
1627 OPENSSL_free(pad);
1628 BN_free(priv);
1629 BN_free(x);
1630 BN_free(y);
1631
1632 return ret;
1633 }
1634 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
1635 #endif /* OPENSSL_NO_EC */
1636
test_EVP_PKEY_sign(int tst)1637 static int test_EVP_PKEY_sign(int tst)
1638 {
1639 int ret = 0;
1640 EVP_PKEY *pkey = NULL;
1641 unsigned char *sig = NULL;
1642 size_t sig_len = 0, shortsig_len = 1;
1643 EVP_PKEY_CTX *ctx = NULL;
1644 unsigned char tbs[] = {
1645 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1646 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1647 };
1648
1649 if (tst == 0) {
1650 if (!TEST_ptr(pkey = load_example_rsa_key()))
1651 goto out;
1652 } else if (tst == 1) {
1653 #ifndef OPENSSL_NO_DSA
1654 if (!TEST_ptr(pkey = load_example_dsa_key()))
1655 goto out;
1656 #else
1657 ret = 1;
1658 goto out;
1659 #endif
1660 } else {
1661 #ifndef OPENSSL_NO_EC
1662 if (!TEST_ptr(pkey = load_example_ec_key()))
1663 goto out;
1664 #else
1665 ret = 1;
1666 goto out;
1667 #endif
1668 }
1669
1670 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1671 if (!TEST_ptr(ctx)
1672 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1673 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1674 sizeof(tbs)),
1675 0))
1676 goto out;
1677 sig = OPENSSL_malloc(sig_len);
1678 if (!TEST_ptr(sig)
1679 /* Test sending a signature buffer that is too short is rejected */
1680 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1681 sizeof(tbs)),
1682 0)
1683 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1684 0)
1685 /* Test the signature round-trips */
1686 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1687 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1688 0))
1689 goto out;
1690
1691 ret = 1;
1692 out:
1693 EVP_PKEY_CTX_free(ctx);
1694 OPENSSL_free(sig);
1695 EVP_PKEY_free(pkey);
1696 return ret;
1697 }
1698
1699 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1700 static int test_EVP_PKEY_sign_with_app_method(int tst)
1701 {
1702 int ret = 0;
1703 EVP_PKEY *pkey = NULL;
1704 RSA *rsa = NULL;
1705 RSA_METHOD *rsa_meth = NULL;
1706 #ifndef OPENSSL_NO_DSA
1707 DSA *dsa = NULL;
1708 DSA_METHOD *dsa_meth = NULL;
1709 #endif
1710 unsigned char *sig = NULL;
1711 size_t sig_len = 0, shortsig_len = 1;
1712 EVP_PKEY_CTX *ctx = NULL;
1713 unsigned char tbs[] = {
1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1716 };
1717
1718 if (tst == 0) {
1719 if (!TEST_ptr(pkey = load_example_rsa_key()))
1720 goto out;
1721 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1722 goto out;
1723
1724 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1725 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1726 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1727 goto out;
1728 rsa = NULL; /* now owned by the pkey */
1729 } else {
1730 #ifndef OPENSSL_NO_DSA
1731 if (!TEST_ptr(pkey = load_example_dsa_key()))
1732 goto out;
1733 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1734 goto out;
1735
1736 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1737 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1738 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1739 goto out;
1740 dsa = NULL; /* now owned by the pkey */
1741 #else
1742 ret = 1;
1743 goto out;
1744 #endif
1745 }
1746
1747 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1748 if (!TEST_ptr(ctx)
1749 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1750 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1751 sizeof(tbs)),
1752 0))
1753 goto out;
1754 sig = OPENSSL_malloc(sig_len);
1755 if (!TEST_ptr(sig)
1756 /* Test sending a signature buffer that is too short is rejected */
1757 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1758 sizeof(tbs)),
1759 0)
1760 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1761 0)
1762 /* Test the signature round-trips */
1763 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1764 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1765 0))
1766 goto out;
1767
1768 ret = 1;
1769 out:
1770 EVP_PKEY_CTX_free(ctx);
1771 OPENSSL_free(sig);
1772 EVP_PKEY_free(pkey);
1773 RSA_free(rsa);
1774 RSA_meth_free(rsa_meth);
1775 #ifndef OPENSSL_NO_DSA
1776 DSA_free(dsa);
1777 DSA_meth_free(dsa_meth);
1778 #endif
1779 return ret;
1780 }
1781 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1782
1783 /*
1784 * n = 0 => test using legacy cipher
1785 * n = 1 => test using fetched cipher
1786 */
test_EVP_Enveloped(int n)1787 static int test_EVP_Enveloped(int n)
1788 {
1789 int ret = 0;
1790 EVP_CIPHER_CTX *ctx = NULL;
1791 EVP_PKEY *keypair = NULL;
1792 unsigned char *kek = NULL;
1793 unsigned char iv[EVP_MAX_IV_LENGTH];
1794 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1795 int len, kek_len, ciphertext_len, plaintext_len;
1796 unsigned char ciphertext[32], plaintext[16];
1797 EVP_CIPHER *type = NULL;
1798
1799 if (nullprov != NULL)
1800 return TEST_skip("Test does not support a non-default library context");
1801
1802 if (n == 0)
1803 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1804 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1805 testpropq)))
1806 goto err;
1807
1808 if (!TEST_ptr(keypair = load_example_rsa_key())
1809 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1810 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1811 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1812 &keypair, 1))
1813 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1814 msg, sizeof(msg)))
1815 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1816 &len)))
1817 goto err;
1818
1819 ciphertext_len += len;
1820
1821 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1822 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1823 ciphertext, ciphertext_len))
1824 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1825 goto err;
1826
1827 plaintext_len += len;
1828 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1829 goto err;
1830
1831 ret = 1;
1832 err:
1833 if (n != 0)
1834 EVP_CIPHER_free(type);
1835 OPENSSL_free(kek);
1836 EVP_PKEY_free(keypair);
1837 EVP_CIPHER_CTX_free(ctx);
1838 return ret;
1839 }
1840
1841 /*
1842 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1843 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1844 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1845 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1846 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1847 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1848 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1849 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1850 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1851 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1852 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1853 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1854 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1855 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1856 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1857 * Test 15-29: Same as above with reinitialization
1858 */
test_EVP_DigestSignInit(int tst)1859 static int test_EVP_DigestSignInit(int tst)
1860 {
1861 int ret = 0;
1862 EVP_PKEY *pkey = NULL;
1863 unsigned char *sig = NULL, *sig2 = NULL;
1864 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1865 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1866 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1867 BIO *mdbio = NULL, *membio = NULL;
1868 size_t written;
1869 const EVP_MD *md;
1870 EVP_MD *mdexp = NULL;
1871 int reinit = 0;
1872
1873 if (nullprov != NULL)
1874 return TEST_skip("Test does not support a non-default library context");
1875
1876 if (tst >= 15) {
1877 reinit = 1;
1878 tst -= 15;
1879 }
1880
1881 if (tst >= 6 && tst <= 8) {
1882 membio = BIO_new(BIO_s_mem());
1883 mdbio = BIO_new(BIO_f_md());
1884 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1885 goto out;
1886 BIO_push(mdbio, membio);
1887 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1888 goto out;
1889 } else {
1890 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1891 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1892 goto out;
1893 }
1894
1895 if (tst % 3 == 0) {
1896 if (!TEST_ptr(pkey = load_example_rsa_key()))
1897 goto out;
1898 } else if (tst % 3 == 1) {
1899 #ifndef OPENSSL_NO_DSA
1900 if (!TEST_ptr(pkey = load_example_dsa_key()))
1901 goto out;
1902 #else
1903 ret = 1;
1904 goto out;
1905 #endif
1906 } else {
1907 if (!TEST_ptr(pkey = load_example_hmac_key()))
1908 goto out;
1909 }
1910
1911 if (tst >= 3 && tst <= 5)
1912 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1913 else
1914 md = EVP_sha256();
1915
1916 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1917 goto out;
1918
1919 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1920 goto out;
1921
1922 if (tst >= 6 && tst <= 8) {
1923 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1924 goto out;
1925 } else if (tst < 6) {
1926 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1927 goto out;
1928 }
1929
1930 if (tst >= 9) {
1931 /* Determine the size of the signature. */
1932 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1933 sizeof(kMsg)))
1934 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1935 goto out;
1936 if (tst <= 11) {
1937 /* Test that supply a short sig buffer fails */
1938 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1939 sizeof(kMsg))))
1940 goto out;
1941 /*
1942 * We end here because once EVP_DigestSign() has failed you should
1943 * not call it again without re-initing the ctx
1944 */
1945 ret = 1;
1946 goto out;
1947 }
1948 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1949 sizeof(kMsg))))
1950 goto out;
1951 } else {
1952 /* Determine the size of the signature. */
1953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1954 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1955 /*
1956 * Trying to create a signature with a deliberately short
1957 * buffer should fail.
1958 */
1959 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1960 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1961 goto out;
1962 }
1963
1964 /*
1965 * Ensure that the signature round-trips (Verification isn't supported for
1966 * HMAC via EVP_DigestVerify*)
1967 */
1968 if (tst % 3 != 2) {
1969 if (tst >= 6 && tst <= 8) {
1970 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1971 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1972 goto out;
1973 }
1974
1975 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1976 NULL, pkey)))
1977 goto out;
1978
1979 if (tst >= 6 && tst <= 8) {
1980 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1981 goto out;
1982 } else {
1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1984 sizeof(kMsg))))
1985 goto out;
1986 }
1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1988 goto out;
1989
1990 /* Multiple calls to EVP_DigestVerifyFinal should work */
1991 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1992 goto out;
1993 } else {
1994 /*
1995 * For HMAC a doubled call to DigestSignFinal should produce the same
1996 * value as finalization should not happen.
1997 */
1998 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1999 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
2000 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
2001 goto out;
2002
2003 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
2004 goto out;
2005 }
2006
2007 ret = 1;
2008
2009 out:
2010 BIO_free(membio);
2011 BIO_free(mdbio);
2012 EVP_MD_CTX_free(a_md_ctx);
2013 EVP_MD_CTX_free(a_md_ctx_verify);
2014 EVP_PKEY_free(pkey);
2015 OPENSSL_free(sig);
2016 OPENSSL_free(sig2);
2017 EVP_MD_free(mdexp);
2018
2019 return ret;
2020 }
2021
test_EVP_DigestVerifyInit(void)2022 static int test_EVP_DigestVerifyInit(void)
2023 {
2024 int ret = 0;
2025 EVP_PKEY *pkey = NULL;
2026 EVP_MD_CTX *md_ctx = NULL;
2027
2028 if (nullprov != NULL)
2029 return TEST_skip("Test does not support a non-default library context");
2030
2031 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
2032 || !TEST_ptr(pkey = load_example_rsa_key()))
2033 goto out;
2034
2035 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
2036 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2037 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2038 sizeof(kSignature)),
2039 0))
2040 goto out;
2041
2042 /* test with reinitialization */
2043 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
2044 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
2045 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
2046 sizeof(kSignature)),
2047 0))
2048 goto out;
2049 ret = 1;
2050
2051 out:
2052 EVP_MD_CTX_free(md_ctx);
2053 EVP_PKEY_free(pkey);
2054 return ret;
2055 }
2056
2057 #ifndef OPENSSL_NO_EC
test_ecdsa_digestsign_keccak(void)2058 static int test_ecdsa_digestsign_keccak(void)
2059 {
2060 int ret = 0;
2061 EVP_PKEY *pkey = NULL;
2062 EVP_MD_CTX *ctx = NULL;
2063 EVP_MD *md = NULL;
2064
2065 if (nullprov != NULL)
2066 return TEST_skip("Test does not support a non-default library context");
2067
2068 pkey = load_example_ec_key();
2069 if (!TEST_ptr(pkey))
2070 goto err;
2071
2072 /* This would not work with FIPS provider so just use NULL libctx */
2073 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL);
2074 if (!TEST_ptr(md))
2075 goto err;
2076
2077 ctx = EVP_MD_CTX_new();
2078 if (!TEST_ptr(ctx))
2079 goto err;
2080
2081 /*
2082 * Just check EVP_DigestSignInit_ex() works.
2083 */
2084 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
2085 goto err;
2086
2087 ret = 1;
2088 err:
2089 EVP_MD_CTX_free(ctx);
2090 EVP_PKEY_free(pkey);
2091 EVP_MD_free(md);
2092
2093 return ret;
2094 }
2095 #endif
2096
2097 #ifndef OPENSSL_NO_SIPHASH
2098 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)2099 static int test_siphash_digestsign(void)
2100 {
2101 unsigned char key[16];
2102 unsigned char buf[8], digest[8];
2103 unsigned char expected[8] = {
2104 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
2105 };
2106 EVP_PKEY *pkey = NULL;
2107 EVP_MD_CTX *mdctx = NULL;
2108 EVP_PKEY_CTX *ctx = NULL;
2109 int ret = 0;
2110 size_t len = 8;
2111
2112 if (nullprov != NULL)
2113 return TEST_skip("Test does not support a non-default library context");
2114
2115 memset(buf, 0, 8);
2116 memset(key, 1, 16);
2117 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
2118 key, 16)))
2119 goto out;
2120
2121 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
2122 goto out;
2123
2124 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
2125 goto out;
2126 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
2127 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
2128 8, NULL),
2129 1))
2130 goto out;
2131 /* reinitialize */
2132 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
2133 goto out;
2134 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
2135 goto out;
2136 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
2137 goto out;
2138 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
2139 goto out;
2140
2141 ret = 1;
2142 out:
2143 EVP_PKEY_free(pkey);
2144 EVP_MD_CTX_free(mdctx);
2145 return ret;
2146 }
2147 #endif
2148
2149 /*
2150 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
2151 */
test_EVP_Digest(void)2152 static int test_EVP_Digest(void)
2153 {
2154 int ret = 0;
2155 EVP_MD_CTX *md_ctx = NULL;
2156 unsigned char md[EVP_MAX_MD_SIZE];
2157 EVP_MD *sha256 = NULL;
2158 EVP_MD *shake256 = NULL;
2159
2160 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2161 goto out;
2162
2163 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
2164 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
2165 goto out;
2166
2167 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2168 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2169 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
2170 /* EVP_DigestFinal resets the EVP_MD_CTX. */
2171 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
2172 goto out;
2173
2174 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
2175 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2176 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
2177 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
2178 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2179 /*
2180 * EVP_DigestInit_ex with NULL type should work on
2181 * pre-initialized context.
2182 */
2183 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2184 goto out;
2185
2186 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2187 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2188 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2189 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2190 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2191 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2192 goto out;
2193 ret = 1;
2194
2195 out:
2196 EVP_MD_CTX_free(md_ctx);
2197 EVP_MD_free(sha256);
2198 EVP_MD_free(shake256);
2199 return ret;
2200 }
2201
test_EVP_md_null(void)2202 static int test_EVP_md_null(void)
2203 {
2204 int ret = 0;
2205 EVP_MD_CTX *md_ctx = NULL;
2206 const EVP_MD *md_null = EVP_md_null();
2207 unsigned char md_value[EVP_MAX_MD_SIZE];
2208 unsigned int md_len = sizeof(md_value);
2209
2210 if (nullprov != NULL)
2211 return TEST_skip("Test does not support a non-default library context");
2212
2213 if (!TEST_ptr(md_null)
2214 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2215 goto out;
2216
2217 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2218 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2219 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2220 goto out;
2221
2222 if (!TEST_uint_eq(md_len, 0))
2223 goto out;
2224
2225 ret = 1;
2226 out:
2227 EVP_MD_CTX_free(md_ctx);
2228 return ret;
2229 }
2230
test_d2i_AutoPrivateKey(int i)2231 static int test_d2i_AutoPrivateKey(int i)
2232 {
2233 int ret = 0;
2234 const unsigned char *p;
2235 EVP_PKEY *pkey = NULL;
2236 const APK_DATA *ak = &keydata[i];
2237 const unsigned char *input = ak->kder;
2238 size_t input_len = ak->size;
2239 int expected_id = ak->evptype;
2240
2241 p = input;
2242 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2243 || !TEST_ptr_eq(p, input + input_len)
2244 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2245 goto done;
2246
2247 ret = 1;
2248
2249 done:
2250 EVP_PKEY_free(pkey);
2251 return ret;
2252 }
2253
2254 #ifndef OPENSSL_NO_EC
2255
2256 static const unsigned char ec_public_sect163k1_validxy[] = {
2257 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2258 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2259 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2260 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2261 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2262 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2263 };
2264
2265 static const unsigned char ec_public_sect163k1_badx[] = {
2266 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2267 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2268 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2269 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2270 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2271 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2272 };
2273
2274 static const unsigned char ec_public_sect163k1_bady[] = {
2275 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2276 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2277 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2278 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2279 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2280 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2281 };
2282
2283 static struct ec_der_pub_keys_st {
2284 const unsigned char *der;
2285 size_t len;
2286 int valid;
2287 } ec_der_pub_keys[] = {
2288 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2289 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2290 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2291 };
2292
2293 /*
2294 * Tests the range of the decoded EC char2 public point.
2295 * See ec_GF2m_simple_oct2point().
2296 */
test_invalide_ec_char2_pub_range_decode(int id)2297 static int test_invalide_ec_char2_pub_range_decode(int id)
2298 {
2299 int ret = 0;
2300 EVP_PKEY *pkey;
2301
2302 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2303 ec_der_pub_keys[id].len);
2304
2305 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2306 || TEST_ptr_null(pkey);
2307 EVP_PKEY_free(pkey);
2308 return ret;
2309 }
2310
test_EVP_PKCS82PKEY(void)2311 static int test_EVP_PKCS82PKEY(void)
2312 {
2313 int ret = 0;
2314 const unsigned char *derp = kExampleBadECKeyDER;
2315 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2316 EVP_PKEY *pkey = NULL;
2317
2318 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2319 sizeof(kExampleBadECKeyDER))))
2320 goto done;
2321
2322 if (!TEST_ptr_eq(derp,
2323 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2324 goto done;
2325
2326 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2327 goto done;
2328
2329 ret = 1;
2330
2331 done:
2332 PKCS8_PRIV_KEY_INFO_free(p8inf);
2333 EVP_PKEY_free(pkey);
2334
2335 return ret;
2336 }
2337
2338 #endif
2339
test_EVP_PKCS82PKEY_v2(int i)2340 static int test_EVP_PKCS82PKEY_v2(int i)
2341 {
2342 int ret = 0;
2343 const unsigned char *p;
2344 const APK_DATA *ak = &keydata_v2[i];
2345 const unsigned char *input = ak->kder;
2346 size_t input_len = ak->size;
2347 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2348
2349 /* Can we parse PKCS#8 v2, ignoring the public key for now? */
2350 p = input;
2351 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len);
2352 if (!TEST_ptr(p8inf)
2353 || !TEST_true(p == input + input_len))
2354 goto done;
2355
2356 ret = 1;
2357 done:
2358 PKCS8_PRIV_KEY_INFO_free(p8inf);
2359 return ret;
2360 }
2361
2362 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY_wrong_tag(void)2363 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2364 {
2365 EVP_PKEY *pkey = NULL;
2366 EVP_PKEY *pkey2 = NULL;
2367 BIO *membio = NULL;
2368 char *membuf = NULL;
2369 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2370 int ok = 0;
2371
2372 if (testctx != NULL)
2373 /* test not supported with non-default context */
2374 return 1;
2375
2376 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2377 || !TEST_ptr(pkey = load_example_rsa_key())
2378 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2379 NULL, 0, NULL, NULL),
2380 0)
2381 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2382 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2383 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2384 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2385 goto done;
2386 }
2387
2388 ok = 1;
2389 done:
2390 EVP_PKEY_free(pkey);
2391 EVP_PKEY_free(pkey2);
2392 PKCS8_PRIV_KEY_INFO_free(p8inf);
2393 BIO_free_all(membio);
2394 return ok;
2395 }
2396
2397 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2398 static int test_privatekey_to_pkcs8(void)
2399 {
2400 EVP_PKEY *pkey = NULL;
2401 BIO *membio = NULL;
2402 char *membuf = NULL;
2403 long membuf_len = 0;
2404 int ok = 0;
2405
2406 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2407 || !TEST_ptr(pkey = load_example_rsa_key())
2408 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2409 NULL, 0, NULL, NULL),
2410 0)
2411 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2412 || !TEST_ptr(membuf)
2413 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2414 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2415 /*
2416 * We try to write PEM as well, just to see that it doesn't err, but
2417 * assume that the result is correct.
2418 */
2419 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2420 NULL, 0, NULL, NULL),
2421 0))
2422 goto done;
2423
2424 ok = 1;
2425 done:
2426 EVP_PKEY_free(pkey);
2427 BIO_free_all(membio);
2428 return ok;
2429 }
2430
2431 #ifndef OPENSSL_NO_EC
2432 static const struct {
2433 int encoding;
2434 const char *encoding_name;
2435 } ec_encodings[] = {
2436 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2437 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2438 };
2439
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2440 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2441 {
2442 const OSSL_PARAM *p;
2443 const char *enc_name = NULL;
2444 int *enc = arg;
2445 size_t i;
2446
2447 *enc = -1;
2448
2449 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2450 OSSL_PKEY_PARAM_EC_ENCODING))
2451 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2452 return 0;
2453
2454 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2455 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2456 *enc = ec_encodings[i].encoding;
2457 break;
2458 }
2459 }
2460
2461 return (*enc != -1);
2462 }
2463
test_EC_keygen_with_enc(int idx)2464 static int test_EC_keygen_with_enc(int idx)
2465 {
2466 EVP_PKEY *params = NULL, *key = NULL;
2467 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2468 int enc;
2469 int ret = 0;
2470
2471 enc = ec_encodings[idx].encoding;
2472
2473 /* Create key parameters */
2474 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2475 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2476 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2477 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2478 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2479 || !TEST_ptr(params))
2480 goto done;
2481
2482 /* Create key */
2483 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2484 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2485 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2486 || !TEST_ptr(key))
2487 goto done;
2488
2489 /* Check that the encoding got all the way into the key */
2490 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2491 ec_export_get_encoding_cb, &enc))
2492 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2493 goto done;
2494
2495 ret = 1;
2496 done:
2497 EVP_PKEY_free(key);
2498 EVP_PKEY_free(params);
2499 EVP_PKEY_CTX_free(kctx);
2500 EVP_PKEY_CTX_free(pctx);
2501 return ret;
2502 }
2503 #endif
2504
2505 #if !defined(OPENSSL_NO_SM2)
2506
test_EVP_SM2_verify(void)2507 static int test_EVP_SM2_verify(void)
2508 {
2509 const char *pubkey = "-----BEGIN PUBLIC KEY-----\n"
2510 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2511 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2512 "-----END PUBLIC KEY-----\n";
2513
2514 const char *msg = "message digest";
2515 const char *id = "ALICE123@YAHOO.COM";
2516
2517 const uint8_t signature[] = {
2518 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2519 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2520 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2521 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2522 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2523 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2524 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2525 };
2526
2527 int rc = 0;
2528 BIO *bio = NULL;
2529 EVP_PKEY *pkey = NULL;
2530 EVP_MD_CTX *mctx = NULL;
2531 EVP_PKEY_CTX *pctx = NULL;
2532 EVP_MD *sm3 = NULL;
2533
2534 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2535 if (!TEST_true(bio != NULL))
2536 goto done;
2537
2538 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2539 if (!TEST_true(pkey != NULL))
2540 goto done;
2541
2542 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2543 goto done;
2544
2545 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2546 goto done;
2547
2548 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2549 goto done;
2550
2551 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2552
2553 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2554 goto done;
2555
2556 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2557 goto done;
2558
2559 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2560 goto done;
2561
2562 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2563 goto done;
2564
2565 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2566 goto done;
2567 rc = 1;
2568
2569 done:
2570 BIO_free(bio);
2571 EVP_PKEY_free(pkey);
2572 EVP_PKEY_CTX_free(pctx);
2573 EVP_MD_CTX_free(mctx);
2574 EVP_MD_free(sm3);
2575 return rc;
2576 }
2577
test_EVP_SM2(void)2578 static int test_EVP_SM2(void)
2579 {
2580 int ret = 0;
2581 EVP_PKEY *pkey = NULL;
2582 EVP_PKEY *pkeyparams = NULL;
2583 EVP_PKEY_CTX *pctx = NULL;
2584 EVP_PKEY_CTX *kctx = NULL;
2585 EVP_PKEY_CTX *sctx = NULL;
2586 size_t sig_len = 0;
2587 unsigned char *sig = NULL;
2588 EVP_MD_CTX *md_ctx = NULL;
2589 EVP_MD_CTX *md_ctx_verify = NULL;
2590 EVP_PKEY_CTX *cctx = NULL;
2591 EVP_MD *check_md = NULL;
2592
2593 uint8_t ciphertext[128];
2594 size_t ctext_len = sizeof(ciphertext);
2595
2596 uint8_t plaintext[8];
2597 size_t ptext_len = sizeof(plaintext);
2598
2599 uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
2600
2601 OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2602 OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2603 int i;
2604 char mdname[OSSL_MAX_NAME_SIZE];
2605
2606 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2607 "SM2", testpropq)))
2608 goto done;
2609
2610 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2611 goto done;
2612
2613 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2614 goto done;
2615
2616 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2617 goto done;
2618
2619 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2620 pkeyparams, testpropq)))
2621 goto done;
2622
2623 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2624 goto done;
2625
2626 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2627 goto done;
2628
2629 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2630 goto done;
2631
2632 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2633 goto done;
2634
2635 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2636 goto done;
2637
2638 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2639 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2640
2641 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2642 goto done;
2643
2644 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2645 goto done;
2646
2647 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2648 goto done;
2649
2650 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2651 goto done;
2652
2653 /* Determine the size of the signature. */
2654 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2655 goto done;
2656
2657 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2658 goto done;
2659
2660 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2661 goto done;
2662
2663 /* Ensure that the signature round-trips. */
2664
2665 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2666 pkey)))
2667 goto done;
2668
2669 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2670 goto done;
2671
2672 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2673 goto done;
2674
2675 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2676 goto done;
2677
2678 /*
2679 * Try verify again with non-matching 0 length id but ensure that it can
2680 * be set on the context and overrides the previous value.
2681 */
2682
2683 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2684 pkey)))
2685 goto done;
2686
2687 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2688 goto done;
2689
2690 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2691 goto done;
2692
2693 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2694 goto done;
2695
2696 /* now check encryption/decryption */
2697
2698 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2699 mdname, sizeof(mdname));
2700 for (i = 0; i < 2; i++) {
2701 const char *mdnames[] = {
2702 #ifndef OPENSSL_NO_SM3
2703 "SM3",
2704 #else
2705 NULL,
2706 #endif
2707 "SHA2-256"
2708 };
2709 EVP_PKEY_CTX_free(cctx);
2710
2711 if (mdnames[i] == NULL)
2712 continue;
2713
2714 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2715 (char *)mdnames[i], 0);
2716
2717 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2718 pkey, testpropq)))
2719 goto done;
2720
2721 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2722 goto done;
2723
2724 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2725 goto done;
2726
2727 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2728 sizeof(kMsg))))
2729 goto done;
2730
2731 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2732 goto done;
2733
2734 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2735 goto done;
2736
2737 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2738 ctext_len),
2739 0))
2740 goto done;
2741
2742 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2743 goto done;
2744
2745 /*
2746 * Test we're still using the digest we think we are.
2747 * Because of aliases, the easiest is to fetch the digest and
2748 * check the name with EVP_MD_is_a().
2749 */
2750 EVP_MD_free(check_md);
2751 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2752 goto done;
2753 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2754 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2755 goto done;
2756 }
2757
2758 if (!TEST_true(ptext_len == sizeof(kMsg)))
2759 goto done;
2760
2761 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2762 goto done;
2763 }
2764
2765 ret = 1;
2766 done:
2767 EVP_PKEY_CTX_free(pctx);
2768 EVP_PKEY_CTX_free(kctx);
2769 EVP_PKEY_CTX_free(sctx);
2770 EVP_PKEY_CTX_free(cctx);
2771 EVP_PKEY_free(pkey);
2772 EVP_PKEY_free(pkeyparams);
2773 EVP_MD_CTX_free(md_ctx);
2774 EVP_MD_CTX_free(md_ctx_verify);
2775 EVP_MD_free(check_md);
2776 OPENSSL_free(sig);
2777 return ret;
2778 }
2779
2780 #endif
2781
2782 #ifndef OPENSSL_NO_ML_KEM
2783 static const uint8_t ml_kem_seed[] = {
2784 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4,
2785 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
2786 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79,
2787 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
2788 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b,
2789 0x87, 0x2b, 0xfb, 0x8f
2790 };
2791 static const uint8_t ml_kem_512_pubkey[] = {
2792 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
2793 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
2794 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26,
2795 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
2796 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19,
2797 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
2798 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36,
2799 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
2800 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb,
2801 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
2802 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3,
2803 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
2804 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8,
2805 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
2806 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82,
2807 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
2808 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b,
2809 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
2810 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74,
2811 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
2812 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07,
2813 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
2814 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92,
2815 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
2816 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55,
2817 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
2818 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a,
2819 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
2820 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f,
2821 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
2822 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3,
2823 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
2824 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b,
2825 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
2826 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a,
2827 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
2828 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50,
2829 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
2830 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6,
2831 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
2832 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13,
2833 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
2834 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22,
2835 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
2836 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27,
2837 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
2838 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06,
2839 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
2840 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f,
2841 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
2842 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a,
2843 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
2844 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a,
2845 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
2846 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a,
2847 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
2848 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d,
2849 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
2850 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77,
2851 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
2852 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e,
2853 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
2854 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8,
2855 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
2856 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae,
2857 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
2858 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
2859 };
2860 static const uint8_t ml_kem_768_pubkey[] = {
2861 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
2862 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
2863 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13,
2864 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
2865 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25,
2866 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
2867 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce,
2868 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
2869 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e,
2870 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
2871 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56,
2872 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
2873 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba,
2874 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
2875 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74,
2876 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
2877 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49,
2878 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
2879 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74,
2880 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
2881 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0,
2882 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
2883 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b,
2884 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
2885 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf,
2886 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
2887 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53,
2888 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
2889 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc,
2890 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
2891 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19,
2892 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
2893 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a,
2894 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
2895 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7,
2896 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
2897 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5,
2898 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
2899 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51,
2900 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
2901 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf,
2902 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
2903 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48,
2904 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
2905 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a,
2906 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
2907 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7,
2908 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
2909 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28,
2910 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
2911 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11,
2912 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
2913 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0,
2914 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
2915 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f,
2916 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
2917 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7,
2918 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
2919 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e,
2920 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
2921 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68,
2922 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
2923 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82,
2924 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
2925 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d,
2926 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
2927 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e,
2928 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
2929 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce,
2930 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
2931 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d,
2932 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
2933 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48,
2934 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
2935 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b,
2936 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
2937 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97,
2938 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
2939 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac,
2940 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
2941 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1,
2942 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
2943 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62,
2944 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
2945 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f,
2946 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
2947 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd,
2948 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
2949 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd,
2950 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
2951 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63,
2952 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
2953 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82,
2954 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
2955 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e,
2956 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
2957 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb,
2958 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
2959 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
2960 };
2961 static const uint8_t ml_kem_1024_pubkey[] = {
2962 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
2963 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
2964 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18,
2965 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
2966 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33,
2967 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
2968 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45,
2969 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
2970 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45,
2971 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
2972 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06,
2973 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
2974 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d,
2975 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
2976 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97,
2977 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
2978 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80,
2979 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
2980 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d,
2981 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
2982 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7,
2983 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
2984 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7,
2985 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
2986 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc,
2987 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
2988 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39,
2989 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
2990 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5,
2991 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
2992 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89,
2993 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
2994 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1,
2995 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
2996 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca,
2997 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
2998 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b,
2999 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
3000 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50,
3001 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
3002 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86,
3003 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
3004 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c,
3005 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
3006 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44,
3007 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
3008 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f,
3009 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
3010 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65,
3011 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
3012 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7,
3013 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
3014 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d,
3015 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
3016 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e,
3017 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
3018 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94,
3019 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
3020 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d,
3021 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
3022 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f,
3023 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
3024 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e,
3025 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
3026 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b,
3027 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
3028 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe,
3029 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
3030 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98,
3031 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
3032 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f,
3033 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
3034 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4,
3035 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
3036 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0,
3037 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
3038 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a,
3039 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
3040 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a,
3041 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
3042 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24,
3043 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
3044 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f,
3045 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
3046 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33,
3047 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
3048 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89,
3049 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
3050 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32,
3051 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
3052 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37,
3053 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
3054 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84,
3055 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
3056 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50,
3057 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
3058 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25,
3059 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
3060 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6,
3061 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
3062 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e,
3063 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
3064 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b,
3065 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
3066 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf,
3067 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
3068 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2,
3069 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
3070 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03,
3071 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
3072 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66,
3073 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
3074 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55,
3075 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
3076 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e,
3077 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
3078 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76,
3079 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
3080 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a,
3081 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
3082 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86,
3083 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
3084 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44,
3085 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
3086 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34,
3087 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
3088 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d,
3089 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
3090 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf,
3091 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
3092 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
3093 };
3094 #endif
3095
3096 static struct keys_st {
3097 int type;
3098 const uint8_t *priv;
3099 const uint8_t *pub;
3100 /* If "name" is non-NULL, create via non-legacy _ex() API */
3101 char *name;
3102 int privlen;
3103 int publen;
3104 } keys[] = {
3105 { EVP_PKEY_HMAC,
3106 (const uint8_t *)"0123456789",
3107 NULL,
3108 NULL, 10, 0 },
3109 { EVP_PKEY_HMAC, (const uint8_t *)"", NULL,
3110 NULL, 0, 0
3111 #ifndef OPENSSL_NO_POLY1305
3112 },
3113 { EVP_PKEY_POLY1305,
3114 (const uint8_t *)"01234567890123456789012345678901",
3115 NULL,
3116 NULL, 32, 0
3117 #endif
3118 #ifndef OPENSSL_NO_SIPHASH
3119 },
3120 { EVP_PKEY_SIPHASH,
3121 (const uint8_t *)"0123456789012345",
3122 NULL,
3123 NULL, 16, 0
3124 #endif
3125 },
3126 #ifndef OPENSSL_NO_ECX
3127 { EVP_PKEY_X25519,
3128 (const uint8_t *)"01234567890123456789012345678901",
3129 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef",
3130 NULL, 32, 32 },
3131 { EVP_PKEY_ED25519,
3132 (const uint8_t *)"01234567890123456789012345678901",
3133 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef",
3134 NULL, 32, 32 },
3135 { EVP_PKEY_X448,
3136 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345",
3137 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd",
3138 NULL, 56, 56 },
3139 { EVP_PKEY_ED448,
3140 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456",
3141 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde",
3142 NULL, 57, 57 },
3143 #endif
3144 #ifndef OPENSSL_NO_ML_KEM
3145 { NID_undef, ml_kem_seed, ml_kem_512_pubkey,
3146 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) },
3147 { NID_undef, ml_kem_seed, ml_kem_768_pubkey,
3148 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) },
3149 { NID_undef, ml_kem_seed, ml_kem_1024_pubkey,
3150 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) },
3151 #endif
3152 };
3153
3154 #ifndef OPENSSL_NO_ML_KEM
3155 static int
ml_kem_seed_to_priv(const char * alg,const unsigned char * seed,int seedlen,unsigned char ** ret,size_t * retlen)3156 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen,
3157 unsigned char **ret, size_t *retlen)
3158 {
3159 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3160 EVP_PKEY_CTX *ctx = NULL;
3161 EVP_PKEY *pkey = NULL;
3162 const OSSL_PARAM *p;
3163 OSSL_PARAM *params = NULL;
3164 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
3165 int ok = 0;
3166
3167 /* Import the seed to generate a key */
3168 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL);
3169 if (!TEST_ptr(ctx)
3170 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0))
3171 goto done;
3172 parr[0] = OSSL_PARAM_construct_octet_string(
3173 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen);
3174 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0))
3175 goto done;
3176
3177 /* Export the key to get the encoded form */
3178 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms)))
3179 goto done;
3180
3181 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
3182 if (!TEST_ptr(p)
3183 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen)))
3184 goto done;
3185 ok = 1;
3186
3187 done:
3188 EVP_PKEY_free(pkey);
3189 OSSL_PARAM_free(params);
3190 EVP_PKEY_CTX_free(ctx);
3191 return ok;
3192 }
3193 #endif
3194
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)3195 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
3196 {
3197 int ret = 0;
3198 uint8_t *buf = NULL;
3199 const uint8_t *in;
3200 uint8_t shortbuf[1];
3201 size_t inlen, len = 0, shortlen = sizeof(shortbuf);
3202 EVP_PKEY *pkey = NULL;
3203 unsigned char *privalloc = NULL;
3204 const char *name;
3205
3206 /* Check if this algorithm supports public keys */
3207 if (pub && keys[tst].pub == NULL)
3208 return 1;
3209
3210 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type);
3211
3212 if (pub) {
3213 #ifndef OPENSSL_NO_EC
3214 inlen = keys[tst].publen;
3215 in = keys[tst].pub;
3216 if (uselibctx || keys[tst].name != NULL) {
3217 pkey = EVP_PKEY_new_raw_public_key_ex(
3218 testctx,
3219 name,
3220 NULL,
3221 in,
3222 inlen);
3223 } else {
3224 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
3225 NULL,
3226 in,
3227 inlen);
3228 }
3229 #else
3230 return 1;
3231 #endif
3232 } else {
3233 inlen = keys[tst].privlen;
3234 in = keys[tst].priv;
3235 #ifndef OPENSSL_NO_ML_KEM
3236 if (in == ml_kem_seed) {
3237 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen,
3238 &privalloc, &inlen)))
3239 goto done;
3240 in = privalloc;
3241 }
3242 #endif
3243 if (uselibctx || keys[tst].name != NULL) {
3244 pkey = EVP_PKEY_new_raw_private_key_ex(
3245 testctx,
3246 name,
3247 NULL,
3248 in,
3249 inlen);
3250 } else {
3251 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
3252 NULL,
3253 in,
3254 inlen);
3255 }
3256 }
3257
3258 if (!TEST_ptr(pkey)
3259 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
3260 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
3261 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
3262 || !TEST_true(len == inlen))
3263 goto done;
3264 if (tst != 1) {
3265 /*
3266 * Test that supplying a buffer that is too small fails. Doesn't apply
3267 * to HMAC with a zero length key
3268 */
3269 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen)))
3270 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen))))
3271 goto done;
3272 }
3273 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len)))
3274 goto done;
3275 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
3276 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
3277 || !TEST_mem_eq(in, inlen, buf, len))
3278 goto done;
3279
3280 ret = 1;
3281 done:
3282 OPENSSL_free(privalloc);
3283 OPENSSL_free(buf);
3284 EVP_PKEY_free(pkey);
3285 return ret;
3286 }
3287
test_set_get_raw_keys(int tst)3288 static int test_set_get_raw_keys(int tst)
3289 {
3290 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
3291 && test_set_get_raw_keys_int(tst, 0, 1)
3292 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
3293 && test_set_get_raw_keys_int(tst, 1, 1);
3294 }
3295
3296 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)3297 static int pkey_custom_check(EVP_PKEY *pkey)
3298 {
3299 return 0xbeef;
3300 }
3301
pkey_custom_pub_check(EVP_PKEY * pkey)3302 static int pkey_custom_pub_check(EVP_PKEY *pkey)
3303 {
3304 return 0xbeef;
3305 }
3306
pkey_custom_param_check(EVP_PKEY * pkey)3307 static int pkey_custom_param_check(EVP_PKEY *pkey)
3308 {
3309 return 0xbeef;
3310 }
3311
3312 static EVP_PKEY_METHOD *custom_pmeth;
3313 #endif
3314
test_EVP_PKEY_check(int i)3315 static int test_EVP_PKEY_check(int i)
3316 {
3317 int ret = 0;
3318 EVP_PKEY *pkey = NULL;
3319 EVP_PKEY_CTX *ctx = NULL;
3320 #ifndef OPENSSL_NO_DEPRECATED_3_0
3321 EVP_PKEY_CTX *ctx2 = NULL;
3322 #endif
3323 const APK_DATA *ak = &keycheckdata[i];
3324 const unsigned char *input = ak->kder;
3325 size_t input_len = ak->size;
3326 int expected_id = ak->evptype;
3327 int expected_check = ak->check;
3328 int expected_pub_check = ak->pub_check;
3329 int expected_param_check = ak->param_check;
3330 int type = ak->type;
3331
3332 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
3333 goto done;
3334 if (type == 0
3335 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
3336 goto done;
3337
3338 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
3339 goto done;
3340
3341 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
3342 goto done;
3343
3344 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
3345 goto done;
3346
3347 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
3348 goto done;
3349
3350 #ifndef OPENSSL_NO_DEPRECATED_3_0
3351 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
3352 /* assign the pkey directly, as an internal test */
3353 if (!EVP_PKEY_up_ref(pkey))
3354 goto done;
3355
3356 ctx2->pkey = pkey;
3357
3358 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
3359 goto done;
3360
3361 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
3362 goto done;
3363
3364 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
3365 goto done;
3366 #endif
3367
3368 ret = 1;
3369
3370 done:
3371 EVP_PKEY_CTX_free(ctx);
3372 #ifndef OPENSSL_NO_DEPRECATED_3_0
3373 EVP_PKEY_CTX_free(ctx2);
3374 #endif
3375 EVP_PKEY_free(pkey);
3376 return ret;
3377 }
3378
3379 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)3380 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
3381 {
3382 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
3383 const char msg[] = "Hello World";
3384 size_t maclen = AES_BLOCK_SIZE;
3385 int ret = 1;
3386
3387 if (!TEST_ptr(mdctx)
3388 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
3389 testpropq, pkey, NULL))
3390 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
3391 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
3392 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
3393 ret = 0;
3394
3395 EVP_MD_CTX_free(mdctx);
3396
3397 return ret;
3398 }
test_CMAC_keygen(void)3399 static int test_CMAC_keygen(void)
3400 {
3401 static unsigned char key[] = {
3402 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3403 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3404 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3405 };
3406 EVP_PKEY_CTX *kctx = NULL;
3407 int ret = 0;
3408 EVP_PKEY *pkey = NULL;
3409 unsigned char mac[AES_BLOCK_SIZE];
3410 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3411 unsigned char mac2[AES_BLOCK_SIZE];
3412 #endif
3413
3414 if (nullprov != NULL)
3415 return TEST_skip("Test does not support a non-default library context");
3416
3417 /*
3418 * This is a legacy method for CMACs, but should still work.
3419 * This verifies that it works without an ENGINE.
3420 */
3421 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
3422
3423 /* Test a CMAC key created using the "generated" method */
3424 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
3425 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3426 EVP_PKEY_CTRL_CIPHER,
3427 0, (void *)EVP_aes_256_cbc()),
3428 0)
3429 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
3430 EVP_PKEY_CTRL_SET_MAC_KEY,
3431 sizeof(key), (void *)key),
3432 0)
3433 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
3434 || !TEST_ptr(pkey)
3435 || !TEST_true(get_cmac_val(pkey, mac)))
3436 goto done;
3437
3438 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3439 EVP_PKEY_free(pkey);
3440
3441 /*
3442 * Test a CMAC key using the direct method, and compare with the mac
3443 * created above.
3444 */
3445 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
3446 if (!TEST_ptr(pkey)
3447 || !TEST_true(get_cmac_val(pkey, mac2))
3448 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
3449 goto done;
3450 #endif
3451
3452 ret = 1;
3453
3454 done:
3455 EVP_PKEY_free(pkey);
3456 EVP_PKEY_CTX_free(kctx);
3457 return ret;
3458 }
3459 #endif
3460
test_HKDF(void)3461 static int test_HKDF(void)
3462 {
3463 EVP_PKEY_CTX *pctx;
3464 unsigned char out[20];
3465 size_t outlen;
3466 int i, ret = 0;
3467 unsigned char salt[] = "0123456789";
3468 unsigned char key[] = "012345678901234567890123456789";
3469 unsigned char info[] = "infostring";
3470 const unsigned char expected[] = {
3471 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
3472 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
3473 };
3474 size_t expectedlen = sizeof(expected);
3475
3476 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3477 goto done;
3478
3479 /* We do this twice to test reuse of the EVP_PKEY_CTX */
3480 for (i = 0; i < 2; i++) {
3481 outlen = sizeof(out);
3482 memset(out, 0, outlen);
3483
3484 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3485 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3486 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3487 sizeof(salt) - 1),
3488 0)
3489 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3490 sizeof(key) - 1),
3491 0)
3492 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3493 sizeof(info) - 1),
3494 0)
3495 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3496 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3497 goto done;
3498 }
3499
3500 ret = 1;
3501
3502 done:
3503 EVP_PKEY_CTX_free(pctx);
3504
3505 return ret;
3506 }
3507
test_emptyikm_HKDF(void)3508 static int test_emptyikm_HKDF(void)
3509 {
3510 EVP_PKEY_CTX *pctx;
3511 unsigned char out[20];
3512 size_t outlen;
3513 int ret = 0;
3514 unsigned char salt[] = "9876543210";
3515 unsigned char key[] = "";
3516 unsigned char info[] = "stringinfo";
3517 const unsigned char expected[] = {
3518 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
3519 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
3520 };
3521 size_t expectedlen = sizeof(expected);
3522
3523 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3524 goto done;
3525
3526 outlen = sizeof(out);
3527 memset(out, 0, outlen);
3528
3529 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3530 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3531 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3532 sizeof(salt) - 1),
3533 0)
3534 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3535 sizeof(key) - 1),
3536 0)
3537 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3538 sizeof(info) - 1),
3539 0)
3540 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3541 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3542 goto done;
3543
3544 ret = 1;
3545
3546 done:
3547 EVP_PKEY_CTX_free(pctx);
3548
3549 return ret;
3550 }
3551
test_empty_salt_info_HKDF(void)3552 static int test_empty_salt_info_HKDF(void)
3553 {
3554 EVP_PKEY_CTX *pctx;
3555 unsigned char out[20];
3556 size_t outlen;
3557 int ret = 0;
3558 unsigned char salt[] = "";
3559 unsigned char fake[] = "0123456789";
3560 unsigned char key[] = "012345678901234567890123456789";
3561 unsigned char info[] = "";
3562 const unsigned char expected[] = {
3563 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
3564 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06
3565 };
3566 size_t expectedlen = sizeof(expected);
3567
3568 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
3569 goto done;
3570
3571 outlen = sizeof(out);
3572 memset(out, 0, outlen);
3573
3574 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
3575 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
3576 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
3577 sizeof(fake) - 1),
3578 0)
3579 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
3580 sizeof(salt) - 1),
3581 0)
3582 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
3583 sizeof(key) - 1),
3584 0)
3585 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
3586 sizeof(info) - 1),
3587 0)
3588 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
3589 || !TEST_mem_eq(out, outlen, expected, expectedlen))
3590 goto done;
3591
3592 ret = 1;
3593
3594 done:
3595 EVP_PKEY_CTX_free(pctx);
3596
3597 return ret;
3598 }
3599
3600 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)3601 static int test_X509_PUBKEY_inplace(void)
3602 {
3603 int ret = 0;
3604 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
3605 const unsigned char *p = kExampleECPubKeyDER;
3606 size_t input_len = sizeof(kExampleECPubKeyDER);
3607
3608 if (!TEST_ptr(xp))
3609 goto done;
3610 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
3611 goto done;
3612
3613 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3614 goto done;
3615
3616 p = kExampleBadECPubKeyDER;
3617 input_len = sizeof(kExampleBadECPubKeyDER);
3618
3619 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3620 goto done;
3621
3622 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3623 goto done;
3624
3625 ret = 1;
3626
3627 done:
3628 X509_PUBKEY_free(xp);
3629 return ret;
3630 }
3631
test_X509_PUBKEY_dup(void)3632 static int test_X509_PUBKEY_dup(void)
3633 {
3634 int ret = 0;
3635 X509_PUBKEY *xp = NULL, *xq = NULL;
3636 const unsigned char *p = kExampleECPubKeyDER;
3637 size_t input_len = sizeof(kExampleECPubKeyDER);
3638
3639 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3640 if (!TEST_ptr(xp)
3641 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3642 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3643 || !TEST_ptr_ne(xp, xq))
3644 goto done;
3645
3646 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3647 || !TEST_ptr(X509_PUBKEY_get0(xp))
3648 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3649 goto done;
3650
3651 X509_PUBKEY_free(xq);
3652 xq = NULL;
3653 p = kExampleBadECPubKeyDER;
3654 input_len = sizeof(kExampleBadECPubKeyDER);
3655
3656 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3657 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3658 goto done;
3659
3660 X509_PUBKEY_free(xp);
3661 xp = NULL;
3662 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3663 goto done;
3664
3665 ret = 1;
3666
3667 done:
3668 X509_PUBKEY_free(xp);
3669 X509_PUBKEY_free(xq);
3670 return ret;
3671 }
3672 #endif /* OPENSSL_NO_EC */
3673
3674 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3675 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3676 {
3677 EVP_MD_CTX *mdctx = NULL;
3678 EVP_PKEY_CTX *ctx = NULL;
3679 const OSSL_PARAM *params;
3680 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3681 int ret = 0;
3682 const EVP_MD *md;
3683 char mdname[OSSL_MAX_NAME_SIZE];
3684 char ssl3ms[48];
3685
3686 /* Initialise a sign operation */
3687 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3688 if (!TEST_ptr(ctx)
3689 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3690 goto err;
3691
3692 /*
3693 * We should be able to query the parameters now.
3694 */
3695 params = EVP_PKEY_CTX_settable_params(ctx);
3696 if (!TEST_ptr(params)
3697 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3698 OSSL_SIGNATURE_PARAM_DIGEST)))
3699 goto err;
3700
3701 params = EVP_PKEY_CTX_gettable_params(ctx);
3702 if (!TEST_ptr(params)
3703 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3704 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3705 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3706 OSSL_SIGNATURE_PARAM_DIGEST)))
3707 goto err;
3708
3709 /*
3710 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3711 * EVP_PKEY_CTX_get_params()
3712 */
3713 strcpy(mdname, "SHA512");
3714 param_md = param;
3715 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3716 mdname, 0);
3717 *param++ = OSSL_PARAM_construct_end();
3718
3719 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3720 goto err;
3721
3722 mdname[0] = '\0';
3723 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3724 mdname, sizeof(mdname));
3725 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3726 || !TEST_str_eq(mdname, "SHA512"))
3727 goto err;
3728
3729 /*
3730 * Test the TEST_PKEY_CTX_set_signature_md() and
3731 * TEST_PKEY_CTX_get_signature_md() functions
3732 */
3733 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3734 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3735 || !TEST_ptr_eq(md, EVP_sha256()))
3736 goto err;
3737
3738 /*
3739 * Test getting MD parameters via an associated EVP_PKEY_CTX
3740 */
3741 mdctx = EVP_MD_CTX_new();
3742 if (!TEST_ptr(mdctx)
3743 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3744 pkey, NULL)))
3745 goto err;
3746
3747 /*
3748 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3749 * able to obtain the digest's settable parameters from the provider.
3750 */
3751 params = EVP_MD_CTX_settable_params(mdctx);
3752 if (!TEST_ptr(params)
3753 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3754 /* The final key should be NULL */
3755 || !TEST_ptr_null(params[1].key))
3756 goto err;
3757
3758 param = ourparams;
3759 memset(ssl3ms, 0, sizeof(ssl3ms));
3760 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3761 ssl3ms, sizeof(ssl3ms));
3762 *param++ = OSSL_PARAM_construct_end();
3763
3764 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3765 goto err;
3766
3767 ret = 1;
3768
3769 err:
3770 EVP_MD_CTX_free(mdctx);
3771 EVP_PKEY_CTX_free(ctx);
3772
3773 return ret;
3774 }
3775
3776 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3777 static int test_DSA_get_set_params(void)
3778 {
3779 OSSL_PARAM_BLD *bld = NULL;
3780 OSSL_PARAM *params = NULL;
3781 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3782 EVP_PKEY_CTX *pctx = NULL;
3783 EVP_PKEY *pkey = NULL;
3784 int ret = 0;
3785
3786 /*
3787 * Setup the parameters for our DSA object. For our purposes they don't
3788 * have to actually be *valid* parameters. We just need to set something.
3789 */
3790 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3791 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3792 || !TEST_ptr(p = BN_new())
3793 || !TEST_ptr(q = BN_new())
3794 || !TEST_ptr(g = BN_new())
3795 || !TEST_ptr(pub = BN_new())
3796 || !TEST_ptr(priv = BN_new()))
3797 goto err;
3798 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3802 pub))
3803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3804 priv)))
3805 goto err;
3806 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3807 goto err;
3808
3809 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3810 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3811 params),
3812 0))
3813 goto err;
3814
3815 if (!TEST_ptr(pkey))
3816 goto err;
3817
3818 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3819
3820 err:
3821 EVP_PKEY_free(pkey);
3822 EVP_PKEY_CTX_free(pctx);
3823 OSSL_PARAM_free(params);
3824 OSSL_PARAM_BLD_free(bld);
3825 BN_free(p);
3826 BN_free(q);
3827 BN_free(g);
3828 BN_free(pub);
3829 BN_free(priv);
3830
3831 return ret;
3832 }
3833
3834 /*
3835 * Test combinations of private, public, missing and private + public key
3836 * params to ensure they are all accepted
3837 */
test_DSA_priv_pub(void)3838 static int test_DSA_priv_pub(void)
3839 {
3840 return test_EVP_PKEY_ffc_priv_pub("DSA");
3841 }
3842
3843 #endif /* !OPENSSL_NO_DSA */
3844
test_RSA_get_set_params(void)3845 static int test_RSA_get_set_params(void)
3846 {
3847 OSSL_PARAM_BLD *bld = NULL;
3848 OSSL_PARAM *params = NULL;
3849 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3850 EVP_PKEY_CTX *pctx = NULL;
3851 EVP_PKEY *pkey = NULL;
3852 int ret = 0;
3853
3854 /*
3855 * Setup the parameters for our RSA object. For our purposes they don't
3856 * have to actually be *valid* parameters. We just need to set something.
3857 */
3858 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3859 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3860 || !TEST_ptr(n = BN_new())
3861 || !TEST_ptr(e = BN_new())
3862 || !TEST_ptr(d = BN_new()))
3863 goto err;
3864 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3866 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3867 goto err;
3868 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3869 goto err;
3870
3871 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3872 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3873 params),
3874 0))
3875 goto err;
3876
3877 if (!TEST_ptr(pkey))
3878 goto err;
3879
3880 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3881
3882 err:
3883 EVP_PKEY_free(pkey);
3884 EVP_PKEY_CTX_free(pctx);
3885 OSSL_PARAM_free(params);
3886 OSSL_PARAM_BLD_free(bld);
3887 BN_free(n);
3888 BN_free(e);
3889 BN_free(d);
3890
3891 return ret;
3892 }
3893
test_RSA_OAEP_set_get_params(void)3894 static int test_RSA_OAEP_set_get_params(void)
3895 {
3896 int ret = 0;
3897 EVP_PKEY *key = NULL;
3898 EVP_PKEY_CTX *key_ctx = NULL;
3899
3900 if (nullprov != NULL)
3901 return TEST_skip("Test does not support a non-default library context");
3902
3903 if (!TEST_ptr(key = load_example_rsa_key())
3904 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3905 goto err;
3906
3907 {
3908 int padding = RSA_PKCS1_OAEP_PADDING;
3909 OSSL_PARAM params[4];
3910
3911 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3912 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3913 OSSL_DIGEST_NAME_SHA2_256, 0);
3914 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3915 OSSL_DIGEST_NAME_SHA1, 0);
3916 params[3] = OSSL_PARAM_construct_end();
3917
3918 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0))
3919 goto err;
3920 }
3921 {
3922 OSSL_PARAM params[3];
3923 char oaepmd[30] = { '\0' };
3924 char mgf1md[30] = { '\0' };
3925
3926 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3927 oaepmd, sizeof(oaepmd));
3928 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3929 mgf1md, sizeof(mgf1md));
3930 params[2] = OSSL_PARAM_construct_end();
3931
3932 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3933 goto err;
3934
3935 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3936 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3937 goto err;
3938 }
3939
3940 ret = 1;
3941
3942 err:
3943 EVP_PKEY_free(key);
3944 EVP_PKEY_CTX_free(key_ctx);
3945
3946 return ret;
3947 }
3948
3949 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3950 static int test_RSA_OAEP_set_null_label(void)
3951 {
3952 int ret = 0;
3953 EVP_PKEY *key = NULL;
3954 EVP_PKEY_CTX *key_ctx = NULL;
3955
3956 if (!TEST_ptr(key = load_example_rsa_key())
3957 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3958 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3959 goto err;
3960
3961 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3962 goto err;
3963
3964 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3965 goto err;
3966
3967 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3968 goto err;
3969
3970 ret = 1;
3971
3972 err:
3973 EVP_PKEY_free(key);
3974 EVP_PKEY_CTX_free(key_ctx);
3975
3976 return ret;
3977 }
3978
test_RSA_encrypt(void)3979 static int test_RSA_encrypt(void)
3980 {
3981 int ret = 0;
3982 EVP_PKEY *pkey = NULL;
3983 EVP_PKEY_CTX *pctx = NULL;
3984 unsigned char *cbuf = NULL, *pbuf = NULL;
3985 size_t clen = 0, plen = 0;
3986
3987 if (!TEST_ptr(pkey = load_example_rsa_key())
3988 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx,
3989 pkey, testpropq))
3990 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)
3991 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)
3992 || !TEST_ptr(cbuf = OPENSSL_malloc(clen))
3993 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0))
3994 goto done;
3995
3996 /* Require failure when the output buffer is too small */
3997 plen = clen - 1;
3998 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0))
3999 goto done;
4000 /* flush error stack */
4001 TEST_openssl_errors();
4002
4003 /* Check decryption of encrypted result */
4004 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0)
4005 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
4006 || !TEST_ptr(pbuf = OPENSSL_malloc(plen))
4007 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
4008 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg))
4009 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0))
4010 goto done;
4011
4012 ret = 1;
4013 done:
4014 EVP_PKEY_CTX_free(pctx);
4015 EVP_PKEY_free(pkey);
4016 OPENSSL_free(cbuf);
4017 OPENSSL_free(pbuf);
4018 return ret;
4019 }
4020
4021 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)4022 static int test_RSA_legacy(void)
4023 {
4024 int ret = 0;
4025 BIGNUM *p = NULL;
4026 BIGNUM *q = NULL;
4027 BIGNUM *n = NULL;
4028 BIGNUM *e = NULL;
4029 BIGNUM *d = NULL;
4030 const EVP_MD *md = EVP_sha256();
4031 EVP_MD_CTX *ctx = NULL;
4032 EVP_PKEY *pkey = NULL;
4033 RSA *rsa = NULL;
4034
4035 if (nullprov != NULL)
4036 return TEST_skip("Test does not support a non-default library context");
4037
4038 if (!TEST_ptr(p = BN_dup(BN_value_one()))
4039 || !TEST_ptr(q = BN_dup(BN_value_one()))
4040 || !TEST_ptr(n = BN_dup(BN_value_one()))
4041 || !TEST_ptr(e = BN_dup(BN_value_one()))
4042 || !TEST_ptr(d = BN_dup(BN_value_one())))
4043 goto err;
4044
4045 if (!TEST_ptr(rsa = RSA_new())
4046 || !TEST_ptr(pkey = EVP_PKEY_new())
4047 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
4048 goto err;
4049
4050 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
4051 goto err;
4052 p = NULL;
4053 q = NULL;
4054
4055 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
4056 goto err;
4057 n = NULL;
4058 e = NULL;
4059 d = NULL;
4060
4061 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
4062 goto err;
4063
4064 rsa = NULL;
4065
4066 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
4067 goto err;
4068
4069 ret = 1;
4070
4071 err:
4072 RSA_free(rsa);
4073 EVP_MD_CTX_free(ctx);
4074 EVP_PKEY_free(pkey);
4075 BN_free(p);
4076 BN_free(q);
4077 BN_free(n);
4078 BN_free(e);
4079 BN_free(d);
4080
4081 return ret;
4082 }
4083 #endif
4084
4085 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)4086 static int test_decrypt_null_chunks(void)
4087 {
4088 EVP_CIPHER_CTX *ctx = NULL;
4089 EVP_CIPHER *cipher = NULL;
4090 const unsigned char key[32] = {
4091 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4092 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4093 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
4094 };
4095 unsigned char iv[12] = {
4096 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
4097 };
4098 unsigned char msg[] = "It was the best of times, it was the worst of times";
4099 unsigned char ciphertext[80];
4100 unsigned char plaintext[80];
4101 /* We initialise tmp to a non zero value on purpose */
4102 int ctlen, ptlen, tmp = 99;
4103 int ret = 0;
4104 const int enc_offset = 10, dec_offset = 20;
4105
4106 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
4107 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4108 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
4109 key, iv))
4110 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
4111 enc_offset))
4112 /* Deliberate add a zero length update */
4113 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
4114 0))
4115 || !TEST_int_eq(tmp, 0)
4116 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
4117 msg + enc_offset,
4118 sizeof(msg) - enc_offset))
4119 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
4120 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
4121 || !TEST_int_eq(tmp, 0))
4122 goto err;
4123
4124 /* Deliberately initialise tmp to a non zero value */
4125 tmp = 99;
4126 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
4127 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
4128 dec_offset))
4129 /*
4130 * Deliberately add a zero length update. We also deliberately do
4131 * this at a different offset than for encryption.
4132 */
4133 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
4134 0))
4135 || !TEST_int_eq(tmp, 0)
4136 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
4137 ciphertext + dec_offset,
4138 ctlen - dec_offset))
4139 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
4140 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
4141 || !TEST_int_eq(tmp, 0)
4142 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
4143 goto err;
4144
4145 ret = 1;
4146 err:
4147 EVP_CIPHER_CTX_free(ctx);
4148 EVP_CIPHER_free(cipher);
4149 return ret;
4150 }
4151 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
4152
4153 #ifndef OPENSSL_NO_DH
4154 /*
4155 * Test combinations of private, public, missing and private + public key
4156 * params to ensure they are all accepted
4157 */
test_DH_priv_pub(void)4158 static int test_DH_priv_pub(void)
4159 {
4160 return test_EVP_PKEY_ffc_priv_pub("DH");
4161 }
4162
4163 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)4164 static int test_EVP_PKEY_set1_DH(void)
4165 {
4166 DH *x942dh = NULL, *noqdh = NULL;
4167 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
4168 int ret = 0;
4169 BIGNUM *p, *g = NULL;
4170 BIGNUM *pubkey = NULL;
4171 unsigned char pub[2048 / 8];
4172 size_t len = 0;
4173
4174 if (!TEST_ptr(p = BN_new())
4175 || !TEST_ptr(g = BN_new())
4176 || !TEST_ptr(pubkey = BN_new())
4177 || !TEST_true(BN_set_word(p, 9999))
4178 || !TEST_true(BN_set_word(g, 2))
4179 || !TEST_true(BN_set_word(pubkey, 4321))
4180 || !TEST_ptr(noqdh = DH_new())
4181 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
4182 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
4183 || !TEST_ptr(pubkey = BN_new())
4184 || !TEST_true(BN_set_word(pubkey, 4321)))
4185 goto err;
4186 p = g = NULL;
4187
4188 x942dh = DH_get_2048_256();
4189 pkey1 = EVP_PKEY_new();
4190 pkey2 = EVP_PKEY_new();
4191 if (!TEST_ptr(x942dh)
4192 || !TEST_ptr(noqdh)
4193 || !TEST_ptr(pkey1)
4194 || !TEST_ptr(pkey2)
4195 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
4196 goto err;
4197 pubkey = NULL;
4198
4199 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
4200 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
4201 goto err;
4202
4203 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
4204 &pubkey))
4205 || !TEST_ptr(pubkey))
4206 goto err;
4207
4208 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
4209 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
4210 goto err;
4211
4212 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
4213 OSSL_PKEY_PARAM_PUB_KEY,
4214 pub, sizeof(pub), &len))
4215 || !TEST_size_t_ne(len, 0))
4216 goto err;
4217
4218 ret = 1;
4219 err:
4220 BN_free(p);
4221 BN_free(g);
4222 BN_free(pubkey);
4223 EVP_PKEY_free(pkey1);
4224 EVP_PKEY_free(pkey2);
4225 DH_free(x942dh);
4226 DH_free(noqdh);
4227
4228 return ret;
4229 }
4230 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4231 #endif /* !OPENSSL_NO_DH */
4232
4233 /*
4234 * We test what happens with an empty template. For the sake of this test,
4235 * the template must be ignored, and we know that's the case for RSA keys
4236 * (this might arguably be a misfeature, but that's what we currently do,
4237 * even in provider code, since that's how the legacy RSA implementation
4238 * does things)
4239 */
test_keygen_with_empty_template(int n)4240 static int test_keygen_with_empty_template(int n)
4241 {
4242 EVP_PKEY_CTX *ctx = NULL;
4243 EVP_PKEY *pkey = NULL;
4244 EVP_PKEY *tkey = NULL;
4245 int ret = 0;
4246
4247 if (nullprov != NULL)
4248 return TEST_skip("Test does not support a non-default library context");
4249
4250 switch (n) {
4251 case 0:
4252 /* We do test with no template at all as well */
4253 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
4254 goto err;
4255 break;
4256 case 1:
4257 /* Here we create an empty RSA key that serves as our template */
4258 if (!TEST_ptr(tkey = EVP_PKEY_new())
4259 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
4260 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
4261 goto err;
4262 break;
4263 }
4264
4265 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4266 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
4267 goto err;
4268
4269 ret = 1;
4270 err:
4271 EVP_PKEY_CTX_free(ctx);
4272 EVP_PKEY_free(pkey);
4273 EVP_PKEY_free(tkey);
4274 return ret;
4275 }
4276
4277 /*
4278 * Test that we fail if we attempt to use an algorithm that is not available
4279 * in the current library context (unless we are using an algorithm that
4280 * should be made available via legacy codepaths).
4281 *
4282 * 0: RSA
4283 * 1: SM2
4284 */
test_pkey_ctx_fail_without_provider(int tst)4285 static int test_pkey_ctx_fail_without_provider(int tst)
4286 {
4287 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
4288 OSSL_PROVIDER *tmpnullprov = NULL;
4289 EVP_PKEY_CTX *pctx = NULL;
4290 const char *keytype = NULL;
4291 int expect_null = 0;
4292 int ret = 0;
4293
4294 if (!TEST_ptr(tmpctx))
4295 goto err;
4296
4297 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
4298 if (!TEST_ptr(tmpnullprov))
4299 goto err;
4300
4301 /*
4302 * We check for certain algos in the null provider.
4303 * If an algo is expected to have a provider keymgmt, constructing an
4304 * EVP_PKEY_CTX is expected to fail (return NULL).
4305 * Otherwise, if it's expected to have legacy support, constructing an
4306 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
4307 */
4308 switch (tst) {
4309 case 0:
4310 keytype = "RSA";
4311 expect_null = 1;
4312 break;
4313 case 1:
4314 keytype = "SM2";
4315 expect_null = 1;
4316 #ifdef OPENSSL_NO_EC
4317 TEST_info("EC disable, skipping SM2 check...");
4318 goto end;
4319 #endif
4320 #ifdef OPENSSL_NO_SM2
4321 TEST_info("SM2 disable, skipping SM2 check...");
4322 goto end;
4323 #endif
4324 break;
4325 default:
4326 TEST_error("No test for case %d", tst);
4327 goto err;
4328 }
4329
4330 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
4331 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
4332 goto err;
4333
4334 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
4335 end:
4336 #endif
4337 ret = 1;
4338
4339 err:
4340 EVP_PKEY_CTX_free(pctx);
4341 OSSL_PROVIDER_unload(tmpnullprov);
4342 OSSL_LIB_CTX_free(tmpctx);
4343 return ret;
4344 }
4345
test_rand_agglomeration(void)4346 static int test_rand_agglomeration(void)
4347 {
4348 EVP_RAND *rand;
4349 EVP_RAND_CTX *ctx;
4350 OSSL_PARAM params[3], *p = params;
4351 int res;
4352 unsigned int step = 7;
4353 static unsigned char seed[] = "It does not matter how slowly you go "
4354 "as long as you do not stop.";
4355 unsigned char out[sizeof(seed)];
4356
4357 if (!TEST_int_ne(sizeof(seed) % step, 0)
4358 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
4359 return 0;
4360 ctx = EVP_RAND_CTX_new(rand, NULL);
4361 EVP_RAND_free(rand);
4362 if (!TEST_ptr(ctx))
4363 return 0;
4364
4365 memset(out, 0, sizeof(out));
4366 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
4367 seed, sizeof(seed));
4368 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
4369 *p = OSSL_PARAM_construct_end();
4370 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
4371 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
4372 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
4373 EVP_RAND_CTX_free(ctx);
4374 return res;
4375 }
4376
4377 /*
4378 * Test that we correctly return the original or "running" IV after
4379 * an encryption operation.
4380 * Run multiple times for some different relevant algorithms/modes.
4381 */
test_evp_iv_aes(int idx)4382 static int test_evp_iv_aes(int idx)
4383 {
4384 int ret = 0;
4385 EVP_CIPHER_CTX *ctx = NULL;
4386 unsigned char key[16] = {
4387 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
4388 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
4389 };
4390 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
4391 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4392 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4393 };
4394 static const unsigned char msg[] = {
4395 1, 2, 3, 4, 5, 6, 7, 8,
4396 9, 10, 11, 12, 13, 14, 15, 16
4397 };
4398 unsigned char ciphertext[32], oiv[16], iv[16];
4399 unsigned char *ref_iv;
4400 unsigned char cbc_state[16] = {
4401 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
4402 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
4403 };
4404
4405 unsigned char ofb_state[16] = {
4406 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
4407 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
4408 };
4409 unsigned char cfb_state[16] = {
4410 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
4411 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
4412 };
4413 unsigned char gcm_state[12] = {
4414 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4415 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4416 };
4417 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
4418 #ifndef OPENSSL_NO_OCB
4419 unsigned char ocb_state[12] = {
4420 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
4421 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
4422 };
4423 #endif
4424 int len = sizeof(ciphertext);
4425 size_t ivlen, ref_len;
4426 const EVP_CIPHER *type = NULL;
4427 int iv_reset = 0;
4428
4429 if (nullprov != NULL && idx < 6)
4430 return TEST_skip("Test does not support a non-default library context");
4431
4432 switch (idx) {
4433 case 0:
4434 type = EVP_aes_128_cbc();
4435 /* FALLTHROUGH */
4436 case 6:
4437 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
4438 ref_iv = cbc_state;
4439 ref_len = sizeof(cbc_state);
4440 iv_reset = 1;
4441 break;
4442 case 1:
4443 type = EVP_aes_128_ofb();
4444 /* FALLTHROUGH */
4445 case 7:
4446 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
4447 ref_iv = ofb_state;
4448 ref_len = sizeof(ofb_state);
4449 iv_reset = 1;
4450 break;
4451 case 2:
4452 type = EVP_aes_128_cfb();
4453 /* FALLTHROUGH */
4454 case 8:
4455 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
4456 ref_iv = cfb_state;
4457 ref_len = sizeof(cfb_state);
4458 iv_reset = 1;
4459 break;
4460 case 3:
4461 type = EVP_aes_128_gcm();
4462 /* FALLTHROUGH */
4463 case 9:
4464 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
4465 ref_iv = gcm_state;
4466 ref_len = sizeof(gcm_state);
4467 break;
4468 case 4:
4469 type = EVP_aes_128_ccm();
4470 /* FALLTHROUGH */
4471 case 10:
4472 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
4473 ref_iv = ccm_state;
4474 ref_len = sizeof(ccm_state);
4475 break;
4476 #ifdef OPENSSL_NO_OCB
4477 case 5:
4478 case 11:
4479 return 1;
4480 #else
4481 case 5:
4482 type = EVP_aes_128_ocb();
4483 /* FALLTHROUGH */
4484 case 11:
4485 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
4486 ref_iv = ocb_state;
4487 ref_len = sizeof(ocb_state);
4488 break;
4489 #endif
4490 default:
4491 return 0;
4492 }
4493
4494 if (!TEST_ptr(type)
4495 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4496 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4497 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4498 (int)sizeof(msg)))
4499 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4500 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4501 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4502 goto err;
4503 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4504
4505 if (!TEST_int_gt(ivlen, 0))
4506 goto err;
4507
4508 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4509 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4510 goto err;
4511
4512 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
4513 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4514 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4515 goto err;
4516 if (iv_reset) {
4517 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4518 goto err;
4519 } else {
4520 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
4521 goto err;
4522 }
4523
4524 ret = 1;
4525 err:
4526 EVP_CIPHER_CTX_free(ctx);
4527 if (idx >= 6)
4528 EVP_CIPHER_free((EVP_CIPHER *)type);
4529 return ret;
4530 }
4531
4532 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)4533 static int test_evp_iv_des(int idx)
4534 {
4535 int ret = 0;
4536 EVP_CIPHER_CTX *ctx = NULL;
4537 static const unsigned char key[24] = {
4538 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
4539 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
4540 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4541 };
4542 static const unsigned char init_iv[8] = {
4543 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
4544 };
4545 static const unsigned char msg[] = {
4546 1, 2, 3, 4, 5, 6, 7, 8,
4547 9, 10, 11, 12, 13, 14, 15, 16
4548 };
4549 unsigned char ciphertext[32], oiv[8], iv[8];
4550 unsigned const char *ref_iv;
4551 static const unsigned char cbc_state_des[8] = {
4552 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
4553 };
4554 static const unsigned char cbc_state_3des[8] = {
4555 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
4556 };
4557 static const unsigned char ofb_state_des[8] = {
4558 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
4559 };
4560 static const unsigned char ofb_state_3des[8] = {
4561 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
4562 };
4563 static const unsigned char cfb_state_des[8] = {
4564 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
4565 };
4566 static const unsigned char cfb_state_3des[8] = {
4567 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
4568 };
4569 int len = sizeof(ciphertext);
4570 size_t ivlen, ref_len;
4571 EVP_CIPHER *type = NULL;
4572
4573 if (lgcyprov == NULL && idx < 3)
4574 return TEST_skip("Test requires legacy provider to be loaded");
4575
4576 switch (idx) {
4577 case 0:
4578 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
4579 ref_iv = cbc_state_des;
4580 ref_len = sizeof(cbc_state_des);
4581 break;
4582 case 1:
4583 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
4584 ref_iv = ofb_state_des;
4585 ref_len = sizeof(ofb_state_des);
4586 break;
4587 case 2:
4588 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
4589 ref_iv = cfb_state_des;
4590 ref_len = sizeof(cfb_state_des);
4591 break;
4592 case 3:
4593 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
4594 ref_iv = cbc_state_3des;
4595 ref_len = sizeof(cbc_state_3des);
4596 break;
4597 case 4:
4598 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
4599 ref_iv = ofb_state_3des;
4600 ref_len = sizeof(ofb_state_3des);
4601 break;
4602 case 5:
4603 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
4604 ref_iv = cfb_state_3des;
4605 ref_len = sizeof(cfb_state_3des);
4606 break;
4607 default:
4608 return 0;
4609 }
4610
4611 if (!TEST_ptr(type)
4612 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
4613 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
4614 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
4615 (int)sizeof(msg)))
4616 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
4617 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
4618 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
4619 goto err;
4620 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
4621
4622 if (!TEST_int_gt(ivlen, 0))
4623 goto err;
4624
4625 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
4626 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
4627 goto err;
4628
4629 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
4630 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
4631 goto err;
4632 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
4633 goto err;
4634
4635 ret = 1;
4636 err:
4637 EVP_CIPHER_CTX_free(ctx);
4638 EVP_CIPHER_free(type);
4639 return ret;
4640 }
4641 #endif
4642
4643 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)4644 static int test_evp_bf_default_keylen(int idx)
4645 {
4646 int ret = 0;
4647 static const char *algos[4] = {
4648 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
4649 };
4650 int ivlen[4] = { 0, 8, 8, 8 };
4651 EVP_CIPHER *cipher = NULL;
4652
4653 if (lgcyprov == NULL)
4654 return TEST_skip("Test requires legacy provider to be loaded");
4655
4656 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4657 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4658 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4659 goto err;
4660
4661 ret = 1;
4662 err:
4663 EVP_CIPHER_free(cipher);
4664 return ret;
4665 }
4666 #endif
4667
4668 #ifndef OPENSSL_NO_EC
4669 static int ecpub_nids[] = {
4670 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4671 NID_secp384r1, NID_secp521r1,
4672 #ifndef OPENSSL_NO_EC2M
4673 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4674 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4675 #endif
4676 NID_brainpoolP384r1, NID_brainpoolP512r1
4677 };
4678
test_ecpub(int idx)4679 static int test_ecpub(int idx)
4680 {
4681 int ret = 0, len, savelen;
4682 int nid;
4683 unsigned char buf[1024];
4684 unsigned char *p;
4685 EVP_PKEY *pkey = NULL;
4686 EVP_PKEY_CTX *ctx = NULL;
4687 #ifndef OPENSSL_NO_DEPRECATED_3_0
4688 const unsigned char *q;
4689 EVP_PKEY *pkey2 = NULL;
4690 EC_KEY *ec = NULL;
4691 #endif
4692
4693 if (nullprov != NULL)
4694 return TEST_skip("Test does not support a non-default library context");
4695
4696 nid = ecpub_nids[idx];
4697
4698 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4699 if (!TEST_ptr(ctx)
4700 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4701 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4702 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4703 goto done;
4704 len = i2d_PublicKey(pkey, NULL);
4705 savelen = len;
4706 if (!TEST_int_ge(len, 1)
4707 || !TEST_int_lt(len, 1024))
4708 goto done;
4709 p = buf;
4710 len = i2d_PublicKey(pkey, &p);
4711 if (!TEST_int_ge(len, 1)
4712 || !TEST_int_eq(len, savelen))
4713 goto done;
4714
4715 #ifndef OPENSSL_NO_DEPRECATED_3_0
4716 /* Now try to decode the just-created DER. */
4717 q = buf;
4718 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4719 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4720 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4721 goto done;
4722 /* EC_KEY ownership transferred */
4723 ec = NULL;
4724 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4725 goto done;
4726 /* The keys should match. */
4727 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4728 goto done;
4729 #endif
4730
4731 ret = 1;
4732
4733 done:
4734 EVP_PKEY_CTX_free(ctx);
4735 EVP_PKEY_free(pkey);
4736 #ifndef OPENSSL_NO_DEPRECATED_3_0
4737 EVP_PKEY_free(pkey2);
4738 EC_KEY_free(ec);
4739 #endif
4740 return ret;
4741 }
4742 #endif
4743
test_EVP_rsa_pss_with_keygen_bits(void)4744 static int test_EVP_rsa_pss_with_keygen_bits(void)
4745 {
4746 int ret = 0;
4747 EVP_PKEY_CTX *ctx = NULL;
4748 EVP_PKEY *pkey = NULL;
4749 EVP_MD *md;
4750
4751 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4752 ret = TEST_ptr(md)
4753 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4754 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4755 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4756 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4757 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4758
4759 EVP_MD_free(md);
4760 EVP_PKEY_free(pkey);
4761 EVP_PKEY_CTX_free(ctx);
4762 return ret;
4763 }
4764
test_EVP_rsa_pss_set_saltlen(void)4765 static int test_EVP_rsa_pss_set_saltlen(void)
4766 {
4767 int ret = 0;
4768 EVP_PKEY *pkey = NULL;
4769 EVP_PKEY_CTX *pkey_ctx = NULL;
4770 EVP_MD *sha256 = NULL;
4771 EVP_MD_CTX *sha256_ctx = NULL;
4772 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4773 const int test_value = 32;
4774
4775 ret = TEST_ptr(pkey = load_example_rsa_key())
4776 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4777 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4778 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4779 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4780 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4781 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4782 && TEST_int_eq(saltlen, test_value);
4783
4784 EVP_MD_CTX_free(sha256_ctx);
4785 EVP_PKEY_free(pkey);
4786 EVP_MD_free(sha256);
4787
4788 return ret;
4789 }
4790
test_EVP_rsa_invalid_key(void)4791 static int test_EVP_rsa_invalid_key(void)
4792 {
4793 int ret = 0;
4794 EVP_PKEY *pkey = NULL;
4795
4796 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4797 /* we expect to fail to load bogus key */
4798 ret = !TEST_ptr(pkey);
4799 EVP_PKEY_free(pkey);
4800
4801 return ret;
4802 }
4803
4804 static int success = 1;
md_names(const char * name,void * vctx)4805 static void md_names(const char *name, void *vctx)
4806 {
4807 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4808 /* Force a namemap update */
4809 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4810
4811 if (!TEST_ptr(aes128))
4812 success = 0;
4813
4814 EVP_CIPHER_free(aes128);
4815 }
4816
4817 /*
4818 * Test that changing the namemap in a user callback works in a names_do_all
4819 * function.
4820 */
test_names_do_all(void)4821 static int test_names_do_all(void)
4822 {
4823 /* We use a custom libctx so that we know the state of the namemap */
4824 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4825 EVP_MD *sha256 = NULL;
4826 int testresult = 0;
4827
4828 if (!TEST_ptr(ctx))
4829 goto err;
4830
4831 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4832 if (!TEST_ptr(sha256))
4833 goto err;
4834
4835 /*
4836 * We loop through all the names for a given digest. This should still work
4837 * even if the namemap changes part way through.
4838 */
4839 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4840 goto err;
4841
4842 if (!TEST_true(success))
4843 goto err;
4844
4845 testresult = 1;
4846 err:
4847 EVP_MD_free(sha256);
4848 OSSL_LIB_CTX_free(ctx);
4849 return testresult;
4850 }
4851
4852 typedef struct {
4853 const char *cipher;
4854 const unsigned char *key;
4855 const unsigned char *iv;
4856 const unsigned char *input;
4857 const unsigned char *expected;
4858 const unsigned char *tag;
4859 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4860 size_t inlen;
4861 size_t expectedlen;
4862 size_t taglen;
4863 int keyfirst;
4864 int initenc;
4865 int finalenc;
4866 } EVP_INIT_TEST_st;
4867
4868 static const EVP_INIT_TEST_st evp_init_tests[] = {
4869 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4870 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4871 0, 1, 0, 1 },
4872 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4873 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4874 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4875 sizeof(gcmDefaultTag), 1, 0, 1 },
4876 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4877 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4878 0, 0, 0, 1 },
4879 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4880 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4881 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4882 sizeof(gcmDefaultTag), 0, 0, 1 },
4883 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4884 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4885 0, 1, 1, 0 },
4886 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4887 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4888 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4889 sizeof(gcmDefaultTag), 1, 1, 0 },
4890 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4891 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4892 0, 0, 1, 0 },
4893 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4894 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4895 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4896 sizeof(gcmDefaultTag), 0, 1, 0 }
4897 };
4898
4899 /* use same key, iv and plaintext for cfb and ofb */
4900 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4901 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4902 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4903 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 },
4904 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4905 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4906 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 },
4907 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4908 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4909 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 },
4910 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4911 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4912 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 },
4913 };
4914
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4915 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4916 {
4917 int res = 0;
4918
4919 if (t->ivlen != 0) {
4920 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4921 goto err;
4922 }
4923 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4924 goto err;
4925 res = 1;
4926 err:
4927 return res;
4928 }
4929
4930 /*
4931 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4932 * arguments are given one at a time and a final adjustment to the enc
4933 * parameter sets the correct operation.
4934 */
test_evp_init_seq(int idx)4935 static int test_evp_init_seq(int idx)
4936 {
4937 int outlen1, outlen2;
4938 int testresult = 0;
4939 unsigned char outbuf[1024];
4940 unsigned char tag[16];
4941 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4942 EVP_CIPHER_CTX *ctx = NULL;
4943 EVP_CIPHER *type = NULL;
4944 size_t taglen = sizeof(tag);
4945 char *errmsg = NULL;
4946
4947 ctx = EVP_CIPHER_CTX_new();
4948 if (ctx == NULL) {
4949 errmsg = "CTX_ALLOC";
4950 goto err;
4951 }
4952 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4953 errmsg = "CIPHER_FETCH";
4954 goto err;
4955 }
4956 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4957 errmsg = "EMPTY_ENC_INIT";
4958 goto err;
4959 }
4960 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4961 errmsg = "PADDING";
4962 goto err;
4963 }
4964 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4965 errmsg = "KEY_INIT (before iv)";
4966 goto err;
4967 }
4968 if (!evp_init_seq_set_iv(ctx, t)) {
4969 errmsg = "IV_INIT";
4970 goto err;
4971 }
4972 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4973 errmsg = "KEY_INIT (after iv)";
4974 goto err;
4975 }
4976 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4977 errmsg = "FINAL_ENC_INIT";
4978 goto err;
4979 }
4980 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4981 errmsg = "CIPHER_UPDATE";
4982 goto err;
4983 }
4984 if (t->finalenc == 0 && t->tag != NULL) {
4985 /* Set expected tag */
4986 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4987 t->taglen, (void *)t->tag),
4988 0)) {
4989 errmsg = "SET_TAG";
4990 goto err;
4991 }
4992 }
4993 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4994 errmsg = "CIPHER_FINAL";
4995 goto err;
4996 }
4997 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4998 errmsg = "WRONG_RESULT";
4999 goto err;
5000 }
5001 if (t->finalenc != 0 && t->tag != NULL) {
5002 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5003 errmsg = "GET_TAG";
5004 goto err;
5005 }
5006 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
5007 errmsg = "TAG_ERROR";
5008 goto err;
5009 }
5010 }
5011 testresult = 1;
5012 err:
5013 if (errmsg != NULL)
5014 TEST_info("evp_init_test %d: %s", idx, errmsg);
5015 EVP_CIPHER_CTX_free(ctx);
5016 EVP_CIPHER_free(type);
5017 return testresult;
5018 }
5019
5020 /*
5021 * Test re-initialization of cipher context without changing key or iv.
5022 * The result of both iteration should be the same.
5023 */
test_evp_reinit_seq(int idx)5024 static int test_evp_reinit_seq(int idx)
5025 {
5026 int outlen1, outlen2, outlen_final;
5027 int testresult = 0;
5028 unsigned char outbuf1[1024];
5029 unsigned char outbuf2[1024];
5030 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
5031 EVP_CIPHER_CTX *ctx = NULL;
5032 EVP_CIPHER *type = NULL;
5033
5034 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5035 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
5036 /* setup cipher context */
5037 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
5038 /* first iteration */
5039 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
5040 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
5041 /* check test results iteration 1 */
5042 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
5043 /* now re-init the context (same cipher, key and iv) */
5044 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
5045 /* second iteration */
5046 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
5047 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
5048 /* check test results iteration 2 */
5049 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
5050 goto err;
5051 testresult = 1;
5052 err:
5053 EVP_CIPHER_CTX_free(ctx);
5054 EVP_CIPHER_free(type);
5055 return testresult;
5056 }
5057
5058 typedef struct {
5059 const unsigned char *input;
5060 const unsigned char *expected;
5061 size_t inlen;
5062 size_t expectedlen;
5063 int enc;
5064 } EVP_RESET_TEST_st;
5065
5066 static const EVP_RESET_TEST_st evp_reset_tests[] = {
5067 { cfbPlaintext, cfbCiphertext,
5068 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 },
5069 { cfbCiphertext, cfbPlaintext,
5070 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 }
5071 };
5072
5073 /*
5074 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
5075 * been used.
5076 */
test_evp_reset(int idx)5077 static int test_evp_reset(int idx)
5078 {
5079 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
5080 int outlen1, outlen2;
5081 int testresult = 0;
5082 unsigned char outbuf[1024];
5083 EVP_CIPHER_CTX *ctx = NULL;
5084 EVP_CIPHER *type = NULL;
5085 char *errmsg = NULL;
5086
5087 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5088 errmsg = "CTX_ALLOC";
5089 goto err;
5090 }
5091 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
5092 errmsg = "CIPHER_FETCH";
5093 goto err;
5094 }
5095 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5096 errmsg = "CIPHER_INIT";
5097 goto err;
5098 }
5099 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5100 errmsg = "PADDING";
5101 goto err;
5102 }
5103 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5104 errmsg = "CIPHER_UPDATE";
5105 goto err;
5106 }
5107 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5108 errmsg = "CIPHER_FINAL";
5109 goto err;
5110 }
5111 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5112 errmsg = "WRONG_RESULT";
5113 goto err;
5114 }
5115 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
5116 errmsg = "CIPHER_REINIT";
5117 goto err;
5118 }
5119 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
5120 errmsg = "CIPHER_UPDATE (reinit)";
5121 goto err;
5122 }
5123 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5124 errmsg = "CIPHER_FINAL (reinit)";
5125 goto err;
5126 }
5127 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
5128 errmsg = "WRONG_RESULT (reinit)";
5129 goto err;
5130 }
5131 testresult = 1;
5132 err:
5133 if (errmsg != NULL)
5134 TEST_info("test_evp_reset %d: %s", idx, errmsg);
5135 EVP_CIPHER_CTX_free(ctx);
5136 EVP_CIPHER_free(type);
5137 return testresult;
5138 }
5139
5140 typedef struct {
5141 const char *cipher;
5142 int enc;
5143 } EVP_UPDATED_IV_TEST_st;
5144
5145 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
5146 { "aes-128-cfb", 1 },
5147 { "aes-128-cfb", 0 },
5148 { "aes-128-cfb1", 1 },
5149 { "aes-128-cfb1", 0 },
5150 { "aes-128-cfb8", 1 },
5151 { "aes-128-cfb8", 0 },
5152 { "aes-128-ofb", 1 },
5153 { "aes-128-ofb", 0 },
5154 { "aes-128-ctr", 1 },
5155 { "aes-128-ctr", 0 },
5156 { "aes-128-cbc", 1 },
5157 { "aes-128-cbc", 0 }
5158 };
5159
5160 /*
5161 * Test that the IV in the context is updated during a crypto operation for CFB
5162 * and OFB.
5163 */
test_evp_updated_iv(int idx)5164 static int test_evp_updated_iv(int idx)
5165 {
5166 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
5167 int outlen1, outlen2;
5168 int testresult = 0;
5169 unsigned char outbuf[1024];
5170 EVP_CIPHER_CTX *ctx = NULL;
5171 EVP_CIPHER *type = NULL;
5172 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
5173 int iv_len;
5174 char *errmsg = NULL;
5175
5176 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5177 errmsg = "CTX_ALLOC";
5178 goto err;
5179 }
5180 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
5181 TEST_info("cipher %s not supported, skipping", t->cipher);
5182 goto ok;
5183 }
5184
5185 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
5186 errmsg = "CIPHER_INIT";
5187 goto err;
5188 }
5189 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
5190 errmsg = "PADDING";
5191 goto err;
5192 }
5193 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
5194 errmsg = "CIPHER_UPDATE";
5195 goto err;
5196 }
5197 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
5198 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
5199 goto err;
5200 }
5201 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
5202 if (!TEST_int_ge(iv_len, 0)) {
5203 errmsg = "CIPHER_CTX_GET_IV_LEN";
5204 goto err;
5205 }
5206 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
5207 errmsg = "IV_NOT_UPDATED";
5208 goto err;
5209 }
5210 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5211 errmsg = "CIPHER_FINAL";
5212 goto err;
5213 }
5214 ok:
5215 testresult = 1;
5216 err:
5217 if (errmsg != NULL)
5218 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
5219 EVP_CIPHER_CTX_free(ctx);
5220 EVP_CIPHER_free(type);
5221 return testresult;
5222 }
5223
5224 typedef struct {
5225 const unsigned char *iv1;
5226 const unsigned char *iv2;
5227 const unsigned char *expected1;
5228 const unsigned char *expected2;
5229 const unsigned char *tag1;
5230 const unsigned char *tag2;
5231 size_t ivlen1;
5232 size_t ivlen2;
5233 size_t expectedlen1;
5234 size_t expectedlen2;
5235 } TEST_GCM_IV_REINIT_st;
5236
5237 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
5238 { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
5239 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
5240 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) },
5241 { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
5242 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
5243 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) }
5244 };
5245
test_gcm_reinit(int idx)5246 static int test_gcm_reinit(int idx)
5247 {
5248 int outlen1, outlen2, outlen3;
5249 int testresult = 0;
5250 unsigned char outbuf[1024];
5251 unsigned char tag[16];
5252 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
5253 EVP_CIPHER_CTX *ctx = NULL;
5254 EVP_CIPHER *type = NULL;
5255 size_t taglen = sizeof(tag);
5256 char *errmsg = NULL;
5257
5258 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
5259 errmsg = "CTX_ALLOC";
5260 goto err;
5261 }
5262 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
5263 errmsg = "CIPHER_FETCH";
5264 goto err;
5265 }
5266 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
5267 errmsg = "ENC_INIT";
5268 goto err;
5269 }
5270 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
5271 errmsg = "SET_IVLEN1";
5272 goto err;
5273 }
5274 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
5275 errmsg = "SET_IV1";
5276 goto err;
5277 }
5278 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5279 errmsg = "AAD1";
5280 goto err;
5281 }
5282 EVP_CIPHER_CTX_set_padding(ctx, 0);
5283 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5284 sizeof(gcmResetPlaintext)))) {
5285 errmsg = "CIPHER_UPDATE1";
5286 goto err;
5287 }
5288 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5289 errmsg = "CIPHER_FINAL1";
5290 goto err;
5291 }
5292 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
5293 errmsg = "WRONG_RESULT1";
5294 goto err;
5295 }
5296 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5297 errmsg = "GET_TAG1";
5298 goto err;
5299 }
5300 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
5301 errmsg = "TAG_ERROR1";
5302 goto err;
5303 }
5304 /* Now reinit */
5305 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
5306 errmsg = "SET_IVLEN2";
5307 goto err;
5308 }
5309 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
5310 errmsg = "SET_IV2";
5311 goto err;
5312 }
5313 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
5314 errmsg = "AAD2";
5315 goto err;
5316 }
5317 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
5318 sizeof(gcmResetPlaintext)))) {
5319 errmsg = "CIPHER_UPDATE2";
5320 goto err;
5321 }
5322 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
5323 errmsg = "CIPHER_FINAL2";
5324 goto err;
5325 }
5326 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
5327 errmsg = "WRONG_RESULT2";
5328 goto err;
5329 }
5330 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
5331 errmsg = "GET_TAG2";
5332 goto err;
5333 }
5334 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
5335 errmsg = "TAG_ERROR2";
5336 goto err;
5337 }
5338 testresult = 1;
5339 err:
5340 if (errmsg != NULL)
5341 TEST_info("evp_init_test %d: %s", idx, errmsg);
5342 EVP_CIPHER_CTX_free(ctx);
5343 EVP_CIPHER_free(type);
5344 return testresult;
5345 }
5346
5347 static const char *ivlen_change_ciphers[] = {
5348 "AES-256-GCM",
5349 #ifndef OPENSSL_NO_OCB
5350 "AES-256-OCB",
5351 #endif
5352 "AES-256-CCM"
5353 };
5354
5355 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)5356 static int test_ivlen_change(int idx)
5357 {
5358 int outlen;
5359 int res = 0;
5360 unsigned char outbuf[1024];
5361 static const unsigned char iv[] = {
5362 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5363 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5364 };
5365 EVP_CIPHER_CTX *ctx = NULL;
5366 EVP_CIPHER *ciph = NULL;
5367 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5368 size_t ivlen = 13; /* non-default IV length */
5369
5370 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5371 goto err;
5372
5373 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
5374 testpropq)))
5375 goto err;
5376
5377 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
5378 goto err;
5379
5380 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5381 sizeof(gcmDefaultPlaintext))))
5382 goto err;
5383
5384 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5385 &ivlen);
5386 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5387 goto err;
5388
5389 ERR_set_mark();
5390 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5391 sizeof(gcmDefaultPlaintext)))) {
5392 ERR_clear_last_mark();
5393 goto err;
5394 }
5395 ERR_pop_to_mark();
5396
5397 res = 1;
5398 err:
5399 EVP_CIPHER_CTX_free(ctx);
5400 EVP_CIPHER_free(ciph);
5401 return res;
5402 }
5403
5404 static const char *keylen_change_ciphers[] = {
5405 #ifndef OPENSSL_NO_BF
5406 "BF-ECB",
5407 #endif
5408 #ifndef OPENSSL_NO_CAST
5409 "CAST5-ECB",
5410 #endif
5411 #ifndef OPENSSL_NO_RC2
5412 "RC2-ECB",
5413 #endif
5414 #ifndef OPENSSL_NO_RC4
5415 "RC4",
5416 #endif
5417 #ifndef OPENSSL_NO_RC5
5418 "RC5-ECB",
5419 #endif
5420 NULL
5421 };
5422
5423 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)5424 static int test_keylen_change(int idx)
5425 {
5426 int outlen;
5427 int res = 0;
5428 unsigned char outbuf[1024];
5429 static const unsigned char key[] = {
5430 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
5431 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
5432 };
5433 EVP_CIPHER_CTX *ctx = NULL;
5434 EVP_CIPHER *ciph = NULL;
5435 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
5436 size_t keylen = 12; /* non-default key length */
5437
5438 if (lgcyprov == NULL)
5439 return TEST_skip("Test requires legacy provider to be loaded");
5440
5441 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5442 goto err;
5443
5444 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
5445 testpropq)))
5446 goto err;
5447
5448 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
5449 goto err;
5450
5451 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5452 sizeof(gcmDefaultPlaintext))))
5453 goto err;
5454
5455 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5456 &keylen);
5457 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
5458 goto err;
5459
5460 ERR_set_mark();
5461 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
5462 sizeof(gcmDefaultPlaintext)))) {
5463 ERR_clear_last_mark();
5464 goto err;
5465 }
5466 ERR_pop_to_mark();
5467
5468 res = 1;
5469 err:
5470 EVP_CIPHER_CTX_free(ctx);
5471 EVP_CIPHER_free(ciph);
5472 return res;
5473 }
5474
5475 #ifndef OPENSSL_NO_DEPRECATED_3_0
5476 static EVP_PKEY_METHOD *custom_pmeth = NULL;
5477 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
5478
5479 #define EVP_PKEY_CTRL_MY_COMMAND 9999
5480
custom_pmeth_init(EVP_PKEY_CTX * ctx)5481 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
5482 {
5483 int (*pinit)(EVP_PKEY_CTX *ctx);
5484
5485 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
5486 return pinit(ctx);
5487 }
5488
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)5489 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
5490 {
5491 void (*pcleanup)(EVP_PKEY_CTX *ctx);
5492
5493 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
5494 pcleanup(ctx);
5495 }
5496
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)5497 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
5498 size_t *outlen, const unsigned char *in,
5499 size_t inlen)
5500 {
5501 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
5502 const unsigned char *tbs, size_t tbslen);
5503
5504 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
5505 return psign(ctx, out, outlen, in, inlen);
5506 }
5507
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)5508 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
5509 size_t *siglen, const unsigned char *tbs,
5510 size_t tbslen)
5511 {
5512 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
5513 const unsigned char *tbs, size_t tbslen);
5514
5515 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
5516 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
5517 }
5518
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)5519 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
5520 size_t *keylen)
5521 {
5522 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
5523
5524 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
5525 return pderive(ctx, key, keylen);
5526 }
5527
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)5528 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
5529 {
5530 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
5531
5532 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
5533 return pcopy(dst, src);
5534 }
5535
5536 static int ctrl_called;
5537
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)5538 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
5539 {
5540 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
5541
5542 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
5543
5544 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
5545 ctrl_called = 1;
5546 return 1;
5547 }
5548
5549 return pctrl(ctx, type, p1, p2);
5550 }
5551
test_custom_pmeth(int idx)5552 static int test_custom_pmeth(int idx)
5553 {
5554 EVP_PKEY_CTX *pctx = NULL;
5555 EVP_MD_CTX *ctx = NULL;
5556 EVP_PKEY *pkey = NULL;
5557 int id, orig_id, orig_flags;
5558 int testresult = 0;
5559 size_t reslen;
5560 unsigned char *res = NULL;
5561 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
5562 const EVP_MD *md = EVP_sha256();
5563 int doderive = 0;
5564
5565 ctrl_called = 0;
5566
5567 /* We call deprecated APIs so this test doesn't support a custom libctx */
5568 if (testctx != NULL)
5569 return 1;
5570
5571 switch (idx) {
5572 case 0:
5573 case 6:
5574 id = EVP_PKEY_RSA;
5575 pkey = load_example_rsa_key();
5576 break;
5577 case 1:
5578 case 7:
5579 #ifndef OPENSSL_NO_DSA
5580 id = EVP_PKEY_DSA;
5581 pkey = load_example_dsa_key();
5582 break;
5583 #else
5584 return 1;
5585 #endif
5586 case 2:
5587 case 8:
5588 #ifndef OPENSSL_NO_EC
5589 id = EVP_PKEY_EC;
5590 pkey = load_example_ec_key();
5591 break;
5592 #else
5593 return 1;
5594 #endif
5595 case 3:
5596 case 9:
5597 #ifndef OPENSSL_NO_ECX
5598 id = EVP_PKEY_ED25519;
5599 md = NULL;
5600 pkey = load_example_ed25519_key();
5601 break;
5602 #else
5603 return 1;
5604 #endif
5605 case 4:
5606 case 10:
5607 #ifndef OPENSSL_NO_DH
5608 id = EVP_PKEY_DH;
5609 doderive = 1;
5610 pkey = load_example_dh_key();
5611 break;
5612 #else
5613 return 1;
5614 #endif
5615 case 5:
5616 case 11:
5617 #ifndef OPENSSL_NO_ECX
5618 id = EVP_PKEY_X25519;
5619 doderive = 1;
5620 pkey = load_example_x25519_key();
5621 break;
5622 #else
5623 return 1;
5624 #endif
5625 default:
5626 TEST_error("Should not happen");
5627 goto err;
5628 }
5629
5630 if (!TEST_ptr(pkey))
5631 goto err;
5632
5633 if (idx < 6) {
5634 if (!TEST_true(evp_pkey_is_provided(pkey)))
5635 goto err;
5636 } else {
5637 EVP_PKEY *tmp = pkey;
5638
5639 /* Convert to a legacy key */
5640 pkey = EVP_PKEY_new();
5641 if (!TEST_ptr(pkey)) {
5642 pkey = tmp;
5643 goto err;
5644 }
5645 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5646 EVP_PKEY_free(tmp);
5647 goto err;
5648 }
5649 EVP_PKEY_free(tmp);
5650 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5651 goto err;
5652 }
5653
5654 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5655 || !TEST_ptr(pkey))
5656 goto err;
5657
5658 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5659 if (!TEST_int_eq(orig_id, id)
5660 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5661 goto err;
5662
5663 if (id == EVP_PKEY_ED25519) {
5664 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5665 }
5666 if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5667 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5668 } else {
5669 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5670 }
5671 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5672 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5673 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5674 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5675 }
5676 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5677 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5678 goto err;
5679
5680 if (doderive) {
5681 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5682 if (!TEST_ptr(pctx)
5683 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5684 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5685 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5686 1)
5687 || !TEST_int_eq(ctrl_called, 1)
5688 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5689 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5690 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5691 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5692 goto err;
5693 } else {
5694 ctx = EVP_MD_CTX_new();
5695 reslen = EVP_PKEY_size(pkey);
5696 res = OPENSSL_malloc(reslen);
5697 if (!TEST_ptr(ctx)
5698 || !TEST_ptr(res)
5699 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5700 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5701 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5702 1)
5703 || !TEST_int_eq(ctrl_called, 1))
5704 goto err;
5705
5706 if (id == EVP_PKEY_ED25519) {
5707 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5708 goto err;
5709 } else {
5710 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5711 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5712 goto err;
5713 }
5714 }
5715
5716 testresult = 1;
5717 err:
5718 OPENSSL_free(res);
5719 EVP_MD_CTX_free(ctx);
5720 if (doderive)
5721 EVP_PKEY_CTX_free(pctx);
5722 EVP_PKEY_free(pkey);
5723 EVP_PKEY_meth_remove(custom_pmeth);
5724 EVP_PKEY_meth_free(custom_pmeth);
5725 custom_pmeth = NULL;
5726 return testresult;
5727 }
5728
test_evp_md_cipher_meth(void)5729 static int test_evp_md_cipher_meth(void)
5730 {
5731 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5732 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5733 int testresult = 0;
5734
5735 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5736 goto err;
5737
5738 testresult = 1;
5739
5740 err:
5741 EVP_MD_meth_free(md);
5742 EVP_CIPHER_meth_free(ciph);
5743
5744 return testresult;
5745 }
5746
5747 typedef struct {
5748 int data;
5749 } custom_dgst_ctx;
5750
5751 static int custom_md_init_called = 0;
5752 static int custom_md_cleanup_called = 0;
5753
custom_md_init(EVP_MD_CTX * ctx)5754 static int custom_md_init(EVP_MD_CTX *ctx)
5755 {
5756 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5757
5758 if (p == NULL)
5759 return 0;
5760
5761 custom_md_init_called++;
5762 return 1;
5763 }
5764
custom_md_cleanup(EVP_MD_CTX * ctx)5765 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5766 {
5767 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5768
5769 if (p == NULL)
5770 /* Nothing to do */
5771 return 1;
5772
5773 custom_md_cleanup_called++;
5774 return 1;
5775 }
5776
test_custom_md_meth(void)5777 static int test_custom_md_meth(void)
5778 {
5779 ASN1_OBJECT *o = NULL;
5780 EVP_MD_CTX *mdctx = NULL;
5781 EVP_MD *tmp = NULL;
5782 char mess[] = "Test Message\n";
5783 unsigned char md_value[EVP_MAX_MD_SIZE];
5784 unsigned int md_len;
5785 int testresult = 0;
5786 int nid;
5787
5788 /*
5789 * We are testing deprecated functions. We don't support a non-default
5790 * library context in this test.
5791 */
5792 if (testctx != NULL)
5793 return TEST_skip("Non-default libctx");
5794
5795 custom_md_init_called = custom_md_cleanup_called = 0;
5796
5797 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5798 if (!TEST_int_ne(nid, NID_undef))
5799 goto err;
5800 tmp = EVP_MD_meth_new(nid, NID_undef);
5801 if (!TEST_ptr(tmp))
5802 goto err;
5803
5804 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5805 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5806 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5807 sizeof(custom_dgst_ctx))))
5808 goto err;
5809
5810 mdctx = EVP_MD_CTX_new();
5811 if (!TEST_ptr(mdctx)
5812 /*
5813 * Initing our custom md and then initing another md should
5814 * result in the init and cleanup functions of the custom md
5815 * being called.
5816 */
5817 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5818 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5819 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5820 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5821 || !TEST_int_eq(custom_md_init_called, 1)
5822 || !TEST_int_eq(custom_md_cleanup_called, 1))
5823 goto err;
5824
5825 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5826 "custom-md", "custom-md"),
5827 NID_undef)
5828 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5829 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5830 goto err;
5831
5832 o = ASN1_OBJECT_create(nid, (unsigned char *)"\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5833 "custom-md", "custom-md");
5834 if (!TEST_int_eq(OBJ_add_object(o), nid))
5835 goto err;
5836
5837 testresult = 1;
5838 err:
5839 ASN1_OBJECT_free(o);
5840 EVP_MD_CTX_free(mdctx);
5841 EVP_MD_meth_free(tmp);
5842 return testresult;
5843 }
5844
5845 typedef struct {
5846 int data;
5847 } custom_ciph_ctx;
5848
5849 static int custom_ciph_init_called = 0;
5850 static int custom_ciph_cleanup_called = 0;
5851
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5852 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5853 const unsigned char *iv, int enc)
5854 {
5855 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5856
5857 if (p == NULL)
5858 return 0;
5859
5860 custom_ciph_init_called++;
5861 return 1;
5862 }
5863
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5864 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5865 {
5866 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5867
5868 if (p == NULL)
5869 /* Nothing to do */
5870 return 1;
5871
5872 custom_ciph_cleanup_called++;
5873 return 1;
5874 }
5875
test_custom_ciph_meth(void)5876 static int test_custom_ciph_meth(void)
5877 {
5878 EVP_CIPHER_CTX *ciphctx = NULL;
5879 EVP_CIPHER *tmp = NULL;
5880 int testresult = 0;
5881 int nid;
5882
5883 /*
5884 * We are testing deprecated functions. We don't support a non-default
5885 * library context in this test.
5886 */
5887 if (testctx != NULL)
5888 return TEST_skip("Non-default libctx");
5889
5890 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5891
5892 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5893 if (!TEST_int_ne(nid, NID_undef))
5894 goto err;
5895 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5896 if (!TEST_ptr(tmp))
5897 goto err;
5898
5899 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5900 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5901 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5902 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5903 sizeof(custom_ciph_ctx))))
5904 goto err;
5905
5906 ciphctx = EVP_CIPHER_CTX_new();
5907 if (!TEST_ptr(ciphctx)
5908 /*
5909 * Initing our custom cipher and then initing another cipher
5910 * should result in the init and cleanup functions of the custom
5911 * cipher being called.
5912 */
5913 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5914 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5915 NULL, NULL, 1))
5916 || !TEST_int_eq(custom_ciph_init_called, 1)
5917 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5918 goto err;
5919
5920 testresult = 1;
5921 err:
5922 EVP_CIPHER_CTX_free(ciphctx);
5923 EVP_CIPHER_meth_free(tmp);
5924 return testresult;
5925 }
5926
test_rsasve_kem_with_invalid_pub_key(void)5927 static int test_rsasve_kem_with_invalid_pub_key(void)
5928 {
5929 RSA *rsa = NULL;
5930 EVP_PKEY *pkey = NULL;
5931 EVP_PKEY_CTX *ctx = NULL;
5932 unsigned char *ct = NULL;
5933 unsigned char *secret = NULL;
5934 size_t ctlen = 0, secretlen = 0;
5935 int testresult = 0;
5936
5937 if (nullprov != NULL) {
5938 testresult = TEST_skip("Test does not support a non-default library context");
5939 goto err;
5940 }
5941
5942 if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
5943 goto err;
5944
5945 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
5946 || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
5947 || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
5948 || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
5949 || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
5950 || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
5951 goto err;
5952
5953 if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
5954 goto err;
5955
5956 testresult = 1;
5957
5958 err:
5959 OPENSSL_free(secret);
5960 OPENSSL_free(ct);
5961 EVP_PKEY_CTX_free(ctx);
5962 RSA_free(rsa);
5963 EVP_PKEY_free(pkey);
5964 return testresult;
5965 }
5966
5967 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
5968 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5969 static int test_signatures_with_engine(int tst)
5970 {
5971 ENGINE *e;
5972 const char *engine_id = "dasync";
5973 EVP_PKEY *pkey = NULL;
5974 const unsigned char badcmackey[] = { 0x00, 0x01 };
5975 const unsigned char cmackey[] = {
5976 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5977 0x0c, 0x0d, 0x0e, 0x0f
5978 };
5979 const unsigned char ed25519key[] = {
5980 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5981 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5983 };
5984 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5985 int testresult = 0;
5986 EVP_MD_CTX *ctx = NULL;
5987 unsigned char *mac = NULL;
5988 size_t maclen = 0;
5989 int ret;
5990
5991 #ifdef OPENSSL_NO_CMAC
5992 /* Skip CMAC tests in a no-cmac build */
5993 if (tst <= 1)
5994 return 1;
5995 #endif
5996 #ifdef OPENSSL_NO_ECX
5997 /* Skip ECX tests in a no-ecx build */
5998 if (tst == 2)
5999 return 1;
6000 #endif
6001
6002 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
6003 return 0;
6004
6005 if (!TEST_true(ENGINE_init(e))) {
6006 ENGINE_free(e);
6007 return 0;
6008 }
6009
6010 switch (tst) {
6011 case 0:
6012 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
6013 EVP_aes_128_cbc());
6014 break;
6015 case 1:
6016 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
6017 EVP_aes_128_cbc());
6018 break;
6019 case 2:
6020 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
6021 sizeof(ed25519key));
6022 break;
6023 default:
6024 TEST_error("Invalid test case");
6025 goto err;
6026 }
6027 if (!TEST_ptr(pkey))
6028 goto err;
6029
6030 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6031 goto err;
6032
6033 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
6034 pkey);
6035 if (tst == 0) {
6036 if (!TEST_true(ret))
6037 goto err;
6038
6039 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
6040 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
6041 goto err;
6042
6043 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6044 goto err;
6045
6046 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
6047 goto err;
6048 } else {
6049 /* We used a bad key. We expect a failure here */
6050 if (!TEST_false(ret))
6051 goto err;
6052 }
6053
6054 testresult = 1;
6055 err:
6056 EVP_MD_CTX_free(ctx);
6057 OPENSSL_free(mac);
6058 EVP_PKEY_free(pkey);
6059 ENGINE_finish(e);
6060 ENGINE_free(e);
6061
6062 return testresult;
6063 }
6064
test_cipher_with_engine(void)6065 static int test_cipher_with_engine(void)
6066 {
6067 ENGINE *e;
6068 const char *engine_id = "dasync";
6069 const unsigned char keyiv[] = {
6070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
6071 0x0c, 0x0d, 0x0e, 0x0f
6072 };
6073 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6074 int testresult = 0;
6075 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
6076 unsigned char buf[AES_BLOCK_SIZE];
6077 int len = 0;
6078
6079 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
6080 return 0;
6081
6082 if (!TEST_true(ENGINE_init(e))) {
6083 ENGINE_free(e);
6084 return 0;
6085 }
6086
6087 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6088 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
6089 goto err;
6090
6091 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
6092 goto err;
6093
6094 /* Copy the ctx, and complete the operation with the new ctx */
6095 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
6096 goto err;
6097
6098 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
6099 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
6100 goto err;
6101
6102 testresult = 1;
6103 err:
6104 EVP_CIPHER_CTX_free(ctx);
6105 EVP_CIPHER_CTX_free(ctx2);
6106 ENGINE_finish(e);
6107 ENGINE_free(e);
6108
6109 return testresult;
6110 }
6111 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
6112 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
6113
6114 #ifndef OPENSSL_NO_ECX
6115 static int ecxnids[] = {
6116 NID_X25519,
6117 NID_X448,
6118 NID_ED25519,
6119 NID_ED448
6120 };
6121
6122 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)6123 static int test_ecx_short_keys(int tst)
6124 {
6125 unsigned char ecxkeydata = 1;
6126 EVP_PKEY *pkey;
6127
6128 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
6129 NULL, &ecxkeydata, 1);
6130 if (!TEST_ptr_null(pkey)) {
6131 EVP_PKEY_free(pkey);
6132 return 0;
6133 }
6134
6135 return 1;
6136 }
6137 #endif
6138
6139 typedef enum OPTION_choice {
6140 OPT_ERR = -1,
6141 OPT_EOF = 0,
6142 OPT_CONTEXT,
6143 OPT_CONFIG_FILE,
6144 OPT_TEST_ENUM
6145 } OPTION_CHOICE;
6146
test_get_options(void)6147 const OPTIONS *test_get_options(void)
6148 {
6149 static const OPTIONS options[] = {
6150 OPT_TEST_OPTIONS_DEFAULT_USAGE,
6151 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
6152 { "config", OPT_CONFIG_FILE, '<',
6153 "The configuration file to use for the libctx" },
6154 { NULL }
6155 };
6156 return options;
6157 }
6158
6159 #ifndef OPENSSL_NO_ECX
6160 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)6161 static int test_ecx_not_private_key(int tst)
6162 {
6163 EVP_PKEY *pkey = NULL;
6164
6165 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
6166 int testresult = 0;
6167 EVP_MD_CTX *ctx = NULL;
6168 unsigned char *mac = NULL;
6169 size_t maclen = 0;
6170 const uint8_t *pubkey;
6171 size_t pubkeylen;
6172
6173 switch (keys[tst].type) {
6174 case NID_X25519:
6175 case NID_X448:
6176 case NID_undef:
6177 return TEST_skip("signing not supported for X25519/X448/ML-KEM");
6178 }
6179
6180 /* Check if this algorithm supports public keys */
6181 if (keys[tst].pub == NULL)
6182 return TEST_skip("no public key present");
6183
6184 pubkey = keys[tst].pub;
6185 pubkeylen = keys[tst].publen;
6186
6187 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
6188 NULL, pubkey, pubkeylen);
6189 if (!TEST_ptr(pkey))
6190 goto err;
6191
6192 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
6193 goto err;
6194
6195 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
6196 goto check_err;
6197
6198 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
6199 goto check_err;
6200
6201 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
6202 goto err;
6203
6204 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
6205 goto err;
6206
6207 check_err:
6208 /*
6209 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
6210 * but we relax the check to allow error also thrown by
6211 * EVP_DigestSignInit and EVP_DigestSign.
6212 */
6213 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
6214 testresult = 1;
6215 ERR_clear_error();
6216 }
6217
6218 err:
6219 EVP_MD_CTX_free(ctx);
6220 OPENSSL_free(mac);
6221 EVP_PKEY_free(pkey);
6222
6223 return testresult;
6224 }
6225 #endif /* OPENSSL_NO_ECX */
6226
test_sign_continuation(void)6227 static int test_sign_continuation(void)
6228 {
6229 OSSL_PROVIDER *fake_rsa = NULL;
6230 int testresult = 0;
6231 EVP_PKEY *pkey = NULL;
6232 EVP_PKEY_CTX *pctx = NULL;
6233 EVP_MD_CTX *mctx = NULL;
6234 const char sigbuf[] = "To Be Signed";
6235 unsigned char signature[256];
6236 size_t siglen = 256;
6237 static int nodupnum = 1;
6238 static const OSSL_PARAM nodup_params[] = {
6239 OSSL_PARAM_int("NO_DUP", &nodupnum),
6240 OSSL_PARAM_END
6241 };
6242
6243 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
6244 return 0;
6245
6246 /* Construct a pkey using precise propq to use our provider */
6247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
6248 "provider=fake-rsa"))
6249 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
6250 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
6251 || !TEST_ptr(pkey))
6252 goto end;
6253
6254 /* First test it continues (classic behavior) */
6255 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6256 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6257 NULL, pkey, NULL))
6258 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6259 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6260 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6261 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
6262 goto end;
6263
6264 EVP_MD_CTX_free(mctx);
6265
6266 /* try again but failing the continuation */
6267 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
6268 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
6269 NULL, pkey, nodup_params))
6270 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6271 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
6272 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
6273 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
6274 goto end;
6275
6276 testresult = 1;
6277
6278 end:
6279 EVP_MD_CTX_free(mctx);
6280 EVP_PKEY_free(pkey);
6281 EVP_PKEY_CTX_free(pctx);
6282 fake_rsa_finish(fake_rsa);
6283 return testresult;
6284 }
6285
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6286 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6287 const unsigned char *gcm_iv, size_t gcm_ivlen,
6288 const unsigned char *gcm_pt, size_t gcm_pt_s,
6289 const unsigned char *gcm_aad, size_t gcm_aad_s,
6290 const unsigned char *gcm_ct, size_t gcm_ct_s,
6291 const unsigned char *gcm_tag, size_t gcm_tag_s)
6292 {
6293 int ret = 0;
6294 EVP_CIPHER_CTX *ctx;
6295 EVP_CIPHER *cipher = NULL;
6296 int outlen, tmplen;
6297 unsigned char outbuf[1024];
6298 unsigned char outtag[16];
6299 OSSL_PARAM params[2] = {
6300 OSSL_PARAM_END, OSSL_PARAM_END
6301 };
6302
6303 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6304 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
6305 goto err;
6306
6307 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6308 &gcm_ivlen);
6309
6310 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6311 || (gcm_aad != NULL
6312 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6313 gcm_aad, gcm_aad_s)))
6314 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6315 gcm_pt, gcm_pt_s))
6316 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6317 goto err;
6318
6319 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6320 outtag, sizeof(outtag));
6321
6322 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
6323 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
6324 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
6325 goto err;
6326
6327 ret = 1;
6328 err:
6329 EVP_CIPHER_free(cipher);
6330 EVP_CIPHER_CTX_free(ctx);
6331
6332 return ret;
6333 }
6334
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)6335 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
6336 const unsigned char *gcm_iv, size_t gcm_ivlen,
6337 const unsigned char *gcm_pt, size_t gcm_pt_s,
6338 const unsigned char *gcm_aad, size_t gcm_aad_s,
6339 const unsigned char *gcm_ct, size_t gcm_ct_s,
6340 const unsigned char *gcm_tag, size_t gcm_tag_s)
6341 {
6342 int ret = 0;
6343 EVP_CIPHER_CTX *ctx;
6344 EVP_CIPHER *cipher = NULL;
6345 int outlen;
6346 unsigned char outbuf[1024];
6347 OSSL_PARAM params[2] = {
6348 OSSL_PARAM_END, OSSL_PARAM_END
6349 };
6350
6351 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6352 goto err;
6353
6354 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
6355 goto err;
6356
6357 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
6358 &gcm_ivlen);
6359
6360 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
6361 || (gcm_aad != NULL
6362 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
6363 gcm_aad, gcm_aad_s)))
6364 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6365 gcm_ct, gcm_ct_s))
6366 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
6367 goto err;
6368
6369 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6370 (void *)gcm_tag, gcm_tag_s);
6371
6372 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6373 || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
6374 goto err;
6375
6376 ret = 1;
6377 err:
6378 EVP_CIPHER_free(cipher);
6379 EVP_CIPHER_CTX_free(ctx);
6380
6381 return ret;
6382 }
6383
test_aes_gcm_ivlen_change_cve_2023_5363(void)6384 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
6385 {
6386 /* AES-GCM test data obtained from NIST public test vectors */
6387 static const unsigned char gcm_key[] = {
6388 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
6389 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
6390 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b
6391 };
6392 static const unsigned char gcm_iv[] = {
6393 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
6394 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
6395 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
6396 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
6397 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
6398 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
6399 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
6400 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
6401 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
6402 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
6403 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d
6404 };
6405 static const unsigned char gcm_pt[] = {
6406 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
6407 0x4f, 0xe3, 0x6f, 0x81
6408 };
6409 static const unsigned char gcm_ct[] = {
6410 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
6411 0xe2, 0xd0, 0xec, 0xed
6412 };
6413 static const unsigned char gcm_tag[] = {
6414 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
6415 0xdb, 0x99, 0x6c, 0x21
6416 };
6417
6418 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6419 gcm_pt, sizeof(gcm_pt), NULL, 0,
6420 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
6421 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
6422 gcm_pt, sizeof(gcm_pt), NULL, 0,
6423 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
6424 }
6425
6426 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6427 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6428 const unsigned char *rc4_pt, size_t rc4_pt_s,
6429 const unsigned char *rc4_ct, size_t rc4_ct_s)
6430 {
6431 int ret = 0;
6432 EVP_CIPHER_CTX *ctx;
6433 EVP_CIPHER *cipher = NULL;
6434 int outlen, tmplen;
6435 unsigned char outbuf[1024];
6436 OSSL_PARAM params[2] = {
6437 OSSL_PARAM_END, OSSL_PARAM_END
6438 };
6439
6440 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
6441 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
6442 goto err;
6443
6444 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6445 &rc4_key_s);
6446
6447 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6448 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
6449 rc4_pt, rc4_pt_s))
6450 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
6451 goto err;
6452
6453 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
6454 goto err;
6455
6456 ret = 1;
6457 err:
6458 EVP_CIPHER_free(cipher);
6459 EVP_CIPHER_CTX_free(ctx);
6460
6461 return ret;
6462 }
6463
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)6464 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
6465 const unsigned char *rc4_pt, size_t rc4_pt_s,
6466 const unsigned char *rc4_ct, size_t rc4_ct_s)
6467 {
6468 int ret = 0;
6469 EVP_CIPHER_CTX *ctx;
6470 EVP_CIPHER *cipher = NULL;
6471 int outlen;
6472 unsigned char outbuf[1024];
6473 OSSL_PARAM params[2] = {
6474 OSSL_PARAM_END, OSSL_PARAM_END
6475 };
6476
6477 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
6478 goto err;
6479
6480 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
6481 goto err;
6482
6483 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
6484 &rc4_key_s);
6485
6486 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
6487 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
6488 rc4_ct, rc4_ct_s))
6489 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
6490 goto err;
6491
6492 ret = 1;
6493 err:
6494 EVP_CIPHER_free(cipher);
6495 EVP_CIPHER_CTX_free(ctx);
6496
6497 return ret;
6498 }
6499
test_aes_rc4_keylen_change_cve_2023_5363(void)6500 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
6501 {
6502 /* RC4 test data obtained from RFC 6229 */
6503 static const struct {
6504 unsigned char key[5];
6505 unsigned char padding[11];
6506 } rc4_key = {
6507 { /* Five bytes of key material */
6508 0x83, 0x32, 0x22, 0x77, 0x2a },
6509 { /* Random padding to 16 bytes */
6510 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 }
6511 };
6512 static const unsigned char rc4_pt[] = {
6513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6514 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6515 };
6516 static const unsigned char rc4_ct[] = {
6517 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
6518 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
6519 };
6520
6521 if (lgcyprov == NULL)
6522 return TEST_skip("Test requires legacy provider to be loaded");
6523
6524 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
6525 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
6526 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
6527 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
6528 }
6529 #endif
6530
test_invalid_ctx_for_digest(void)6531 static int test_invalid_ctx_for_digest(void)
6532 {
6533 int ret;
6534 EVP_MD_CTX *mdctx;
6535
6536 mdctx = EVP_MD_CTX_new();
6537 if (!TEST_ptr(mdctx))
6538 return 0;
6539
6540 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
6541 ret = 0;
6542 else
6543 ret = 1;
6544
6545 EVP_MD_CTX_free(mdctx);
6546
6547 return ret;
6548 }
6549
test_evp_cipher_negative_length(void)6550 static int test_evp_cipher_negative_length(void)
6551 {
6552 EVP_CIPHER_CTX *ctx = NULL;
6553 EVP_CIPHER *cipher = NULL;
6554 unsigned char key[16] = { 0 };
6555 unsigned char iv[16] = { 0 };
6556 unsigned char buffer[32] = { 0 };
6557 int outl = 0;
6558 int ret = 0;
6559
6560 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
6561 goto end;
6562
6563 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq)))
6564 goto end;
6565
6566 /* Initialize encryption context */
6567 if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
6568 goto end;
6569
6570 /* Test EVP_EncryptUpdate with negative length - should fail */
6571 if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
6572 goto end;
6573
6574 /* Reinitialize for decryption */
6575 if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
6576 goto end;
6577
6578 /* Test EVP_DecryptUpdate with negative length - should fail */
6579 if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
6580 goto end;
6581
6582 ret = 1;
6583 end:
6584 EVP_CIPHER_free(cipher);
6585 EVP_CIPHER_CTX_free(ctx);
6586 return ret;
6587 }
6588
test_evp_cipher_pipeline(void)6589 static int test_evp_cipher_pipeline(void)
6590 {
6591 OSSL_PROVIDER *fake_pipeline = NULL;
6592 int testresult = 0;
6593 EVP_CIPHER *cipher = NULL;
6594 EVP_CIPHER *pipeline_cipher = NULL;
6595 EVP_CIPHER_CTX *ctx = NULL;
6596 unsigned char key[32];
6597 size_t keylen = 32;
6598 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
6599 size_t taglen = EVP_GCM_TLS_TAG_LEN;
6600 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
6601 unsigned char *plaintext_array[EVP_MAX_PIPES];
6602 unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
6603 void **aead_tags = (void **)&tag_array;
6604 unsigned char *temp[EVP_MAX_PIPES];
6605 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
6606 size_t ciphertextlen_array[EVP_MAX_PIPES];
6607 size_t inlen_array[EVP_MAX_PIPES];
6608 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
6609 unsigned char *ciphertext, *exp_plaintext, *tag;
6610 size_t numpipes, plaintextlen, i;
6611
6612 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
6613 return 0;
6614 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6615 "provider=fake-pipeline"))
6616 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
6617 "provider!=fake-pipeline"))
6618 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
6619 goto end;
6620 memset(key, 0x01, sizeof(key));
6621
6622 /* Negative tests */
6623 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
6624 goto end;
6625 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
6626 goto end;
6627 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6628 key, keylen,
6629 EVP_MAX_PIPES + 1, NULL, 0)))
6630 goto end;
6631
6632 /* Positive tests */
6633 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
6634 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
6635 size_t ciphertextlen = 0;
6636 int outlen = 0;
6637
6638 /* Cleanup to be able to error out */
6639 memset(iv_array, 0, sizeof(iv_array));
6640 memset(plaintext_array, 0, sizeof(plaintext_array));
6641 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
6642 memset(tag_array, 0, sizeof(tag_array));
6643 ciphertext = NULL;
6644 exp_plaintext = NULL;
6645 tag = NULL;
6646
6647 /* Allocate fresh buffers with exact size to catch buffer overwrites */
6648 for (i = 0; i < numpipes; i++) {
6649 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
6650 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
6651 || !TEST_ptr(ciphertext_array_p[i] = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6652 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
6653 goto err;
6654
6655 memset(iv_array[i], i + 33, ivlen);
6656 memset(plaintext_array[i], i + 1, plaintextlen);
6657 inlen_array[i] = plaintextlen;
6658 outlen_array[i] = 0;
6659 ciphertextlen_array[i] = 0;
6660 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
6661 }
6662 if (!TEST_ptr(ciphertext = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
6663 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
6664 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
6665 goto err;
6666
6667 /* Encrypt using pipeline API */
6668 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6669 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
6670 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
6671 key, keylen, numpipes,
6672 (const unsigned char **)iv_array,
6673 ivlen))
6674 /* reuse plaintext for AAD as it won't affect test */
6675 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6676 (const unsigned char **)plaintext_array,
6677 inlen_array))
6678 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6679 outlen_array, outsize_array,
6680 (const unsigned char **)plaintext_array,
6681 inlen_array)))
6682 goto err;
6683
6684 for (i = 0; i < numpipes; i++) {
6685 ciphertextlen_array[i] = outlen_array[i];
6686 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6687 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6688 }
6689
6690 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6691 goto err;
6692
6693 for (i = 0; i < numpipes; i++)
6694 ciphertextlen_array[i] += outlen_array[i];
6695
6696 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6697 (void **)&aead_tags, taglen);
6698 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6699 goto err;
6700
6701 /* Encrypt using non-pipeline API and compare */
6702 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6703 goto err;
6704
6705 for (i = 0; i < numpipes; i++) {
6706 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6707 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6708 plaintext_array[i],
6709 plaintextlen))
6710 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6711 plaintext_array[i],
6712 plaintextlen)))
6713 goto err;
6714 ciphertextlen = outlen;
6715
6716 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6717 goto err;
6718 ciphertextlen += outlen;
6719
6720 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6721 (void *)tag, taglen);
6722 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6723 goto err;
6724
6725 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6726 ciphertext, ciphertextlen)
6727 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6728 goto err;
6729 }
6730
6731 for (i = 0; i < numpipes; i++)
6732 outsize_array[i] = plaintextlen;
6733
6734 /* Decrypt using pipeline API and compare */
6735 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6736 (void **)&aead_tags, taglen);
6737 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6738 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6739 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6740 key, keylen, numpipes,
6741 (const unsigned char **)iv_array,
6742 ivlen))
6743 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6744 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6745 (const unsigned char **)plaintext_array,
6746 inlen_array))
6747 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6748 outlen_array, outsize_array,
6749 (const unsigned char **)ciphertext_array_p,
6750 ciphertextlen_array)))
6751 goto err;
6752
6753 for (i = 0; i < numpipes; i++) {
6754 temp[i] = plaintext_array[i] + outlen_array[i];
6755 outsize_array[i] = outsize_array[i] - outlen_array[i];
6756 }
6757
6758 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6759 goto err;
6760
6761 for (i = 0; i < numpipes; i++) {
6762 memset(exp_plaintext, i + 1, plaintextlen);
6763 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6764 exp_plaintext, plaintextlen))
6765 goto err;
6766 }
6767
6768 for (i = 0; i < numpipes; i++) {
6769 OPENSSL_free(iv_array[i]);
6770 OPENSSL_free(plaintext_array[i]);
6771 OPENSSL_free(ciphertext_array_p[i]);
6772 OPENSSL_free(tag_array[i]);
6773 }
6774 OPENSSL_free(exp_plaintext);
6775 OPENSSL_free(ciphertext);
6776 OPENSSL_free(tag);
6777 }
6778 }
6779
6780 testresult = 1;
6781 goto end;
6782
6783 err:
6784 for (i = 0; i < numpipes; i++) {
6785 OPENSSL_free(iv_array[i]);
6786 OPENSSL_free(plaintext_array[i]);
6787 OPENSSL_free(ciphertext_array_p[i]);
6788 OPENSSL_free(tag_array[i]);
6789 }
6790 OPENSSL_free(exp_plaintext);
6791 OPENSSL_free(ciphertext);
6792 OPENSSL_free(tag);
6793 end:
6794 EVP_CIPHER_CTX_free(ctx);
6795 EVP_CIPHER_free(cipher);
6796 EVP_CIPHER_free(pipeline_cipher);
6797 fake_pipeline_finish(fake_pipeline);
6798 return testresult;
6799 }
6800
setup_tests(void)6801 int setup_tests(void)
6802 {
6803 char *config_file = NULL;
6804 OPTION_CHOICE o;
6805
6806 while ((o = opt_next()) != OPT_EOF) {
6807 switch (o) {
6808 case OPT_CONTEXT:
6809 /* Set up an alternate library context */
6810 testctx = OSSL_LIB_CTX_new();
6811 if (!TEST_ptr(testctx))
6812 return 0;
6813 #ifdef STATIC_LEGACY
6814 /*
6815 * This test is always statically linked against libcrypto. We must not
6816 * attempt to load legacy.so that might be dynamically linked against
6817 * libcrypto. Instead we use a built-in version of the legacy provider.
6818 */
6819 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6820 return 0;
6821 #endif
6822 /* Swap the libctx to test non-default context only */
6823 nullprov = OSSL_PROVIDER_load(NULL, "null");
6824 deflprov = OSSL_PROVIDER_load(testctx, "default");
6825 #ifndef OPENSSL_SYS_TANDEM
6826 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6827 #endif
6828 break;
6829 case OPT_CONFIG_FILE:
6830 config_file = opt_arg();
6831 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6832 return 0;
6833 break;
6834 case OPT_TEST_CASES:
6835 break;
6836 default:
6837 return 0;
6838 }
6839 }
6840
6841 if (config_file != NULL) {
6842 ADD_TEST(test_EVP_set_config_properties);
6843 return 1;
6844 }
6845
6846 ADD_TEST(test_EVP_set_default_properties);
6847 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6848 ADD_TEST(test_EVP_DigestVerifyInit);
6849 #ifndef OPENSSL_NO_EC
6850 ADD_TEST(test_ecdsa_digestsign_keccak);
6851 #endif
6852 #ifndef OPENSSL_NO_SIPHASH
6853 ADD_TEST(test_siphash_digestsign);
6854 #endif
6855 ADD_TEST(test_EVP_Digest);
6856 ADD_TEST(test_EVP_md_null);
6857 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6858 #ifndef OPENSSL_NO_DEPRECATED_3_0
6859 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6860 #endif
6861 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6862 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6863 ADD_TEST(test_privatekey_to_pkcs8);
6864 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6865 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2));
6866 #ifndef OPENSSL_NO_EC
6867 ADD_TEST(test_EVP_PKCS82PKEY);
6868 #endif
6869 #ifndef OPENSSL_NO_EC
6870 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6871 #endif
6872 #if !defined(OPENSSL_NO_SM2)
6873 ADD_TEST(test_EVP_SM2);
6874 ADD_TEST(test_EVP_SM2_verify);
6875 #endif
6876 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6877 #ifndef OPENSSL_NO_DEPRECATED_3_0
6878 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6879 if (!TEST_ptr(custom_pmeth))
6880 return 0;
6881 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6882 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6883 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6884 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6885 return 0;
6886 #endif
6887 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6888 #ifndef OPENSSL_NO_CMAC
6889 ADD_TEST(test_CMAC_keygen);
6890 #endif
6891 ADD_TEST(test_HKDF);
6892 ADD_TEST(test_emptyikm_HKDF);
6893 ADD_TEST(test_empty_salt_info_HKDF);
6894 #ifndef OPENSSL_NO_EC
6895 ADD_TEST(test_X509_PUBKEY_inplace);
6896 ADD_TEST(test_X509_PUBKEY_dup);
6897 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6898 OSSL_NELEM(ec_der_pub_keys));
6899 #endif
6900 #ifndef OPENSSL_NO_DSA
6901 ADD_TEST(test_DSA_get_set_params);
6902 ADD_TEST(test_DSA_priv_pub);
6903 #endif
6904 ADD_TEST(test_RSA_get_set_params);
6905 ADD_TEST(test_RSA_OAEP_set_get_params);
6906 ADD_TEST(test_RSA_OAEP_set_null_label);
6907 ADD_TEST(test_RSA_encrypt);
6908 #ifndef OPENSSL_NO_DEPRECATED_3_0
6909 ADD_TEST(test_RSA_legacy);
6910 #endif
6911 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6912 ADD_TEST(test_decrypt_null_chunks);
6913 #endif
6914 #ifndef OPENSSL_NO_DH
6915 ADD_TEST(test_DH_priv_pub);
6916 #ifndef OPENSSL_NO_DEPRECATED_3_0
6917 ADD_TEST(test_EVP_PKEY_set1_DH);
6918 #endif
6919 #endif
6920 #ifndef OPENSSL_NO_EC
6921 ADD_TEST(test_EC_priv_pub);
6922 ADD_TEST(test_evp_get_ec_pub);
6923 #ifndef OPENSSL_NO_DEPRECATED_3_0
6924 ADD_TEST(test_EC_priv_only_legacy);
6925 ADD_TEST(test_evp_get_ec_pub_legacy);
6926 #endif
6927 #endif
6928 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6929 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6930
6931 ADD_TEST(test_rand_agglomeration);
6932 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6933 #ifndef OPENSSL_NO_DES
6934 ADD_ALL_TESTS(test_evp_iv_des, 6);
6935 #endif
6936 #ifndef OPENSSL_NO_BF
6937 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6938 #endif
6939 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6940 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6941 ADD_TEST(test_EVP_rsa_invalid_key);
6942 #ifndef OPENSSL_NO_EC
6943 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6944 #endif
6945
6946 ADD_TEST(test_names_do_all);
6947
6948 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6949 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6950 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6951 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6952 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6953 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6954 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6955 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6956
6957 #ifndef OPENSSL_NO_DEPRECATED_3_0
6958 ADD_ALL_TESTS(test_custom_pmeth, 12);
6959 ADD_TEST(test_evp_md_cipher_meth);
6960 ADD_TEST(test_custom_md_meth);
6961 ADD_TEST(test_custom_ciph_meth);
6962 ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
6963
6964 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
6965 /* Tests only support the default libctx */
6966 if (testctx == NULL) {
6967 #ifndef OPENSSL_NO_EC
6968 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6969 #else
6970 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6971 #endif
6972 ADD_TEST(test_cipher_with_engine);
6973 }
6974 #endif
6975 #endif
6976
6977 #ifndef OPENSSL_NO_ECX
6978 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6979 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6980 #endif
6981
6982 ADD_TEST(test_sign_continuation);
6983
6984 /* Test cases for CVE-2023-5363 */
6985 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6986 #ifndef OPENSSL_NO_RC4
6987 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6988 #endif
6989
6990 ADD_TEST(test_invalid_ctx_for_digest);
6991
6992 ADD_TEST(test_evp_cipher_negative_length);
6993
6994 ADD_TEST(test_evp_cipher_pipeline);
6995
6996 return 1;
6997 }
6998
cleanup_tests(void)6999 void cleanup_tests(void)
7000 {
7001 OSSL_PROVIDER_unload(nullprov);
7002 OSSL_PROVIDER_unload(deflprov);
7003 #ifndef OPENSSL_SYS_TANDEM
7004 OSSL_PROVIDER_unload(lgcyprov);
7005 #endif
7006 OSSL_LIB_CTX_free(testctx);
7007 }
7008