1 /* 2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include <openssl/rand.h> 36 #include <crypto/ml_kem.h> 37 #include "testutil.h" 38 #include "internal/nelem.h" 39 #include "internal/sizes.h" 40 #include "crypto/evp.h" 41 #include "fake_rsaprov.h" 42 #include "fake_pipelineprov.h" 43 44 #ifdef STATIC_LEGACY 45 OSSL_provider_init_fn ossl_legacy_provider_init; 46 #endif 47 48 static OSSL_LIB_CTX *testctx = NULL; 49 static char *testpropq = NULL; 50 51 static OSSL_PROVIDER *nullprov = NULL; 52 static OSSL_PROVIDER *deflprov = NULL; 53 static OSSL_PROVIDER *lgcyprov = NULL; 54 55 /* 56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 57 * should never use this key anywhere but in an example. 58 */ 59 static const unsigned char kExampleRSAKeyDER[] = { 60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 111 }; 112 113 /* An invalid key whose prime factors exceed modulus n. */ 114 static const unsigned char kInvalidRSAKeyDER[] = { 115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, 166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, 174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, 176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, 177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, 183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, 185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, 186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, 187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, 191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, 195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, 196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, 200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, 201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, 203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, 204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, 212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, 218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, 233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, 240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, 245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, 249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, 250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, 256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, 258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, 260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, 261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, 266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, 267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, 269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, 270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, 272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, 273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, 274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, 275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, 276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, 277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, 280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, 288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 289 0xe2, 0x80 290 }; 291 292 /* 293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 294 * should never use this key anywhere but in an example. 295 */ 296 #ifndef OPENSSL_NO_DSA 297 static const unsigned char kExampleDSAKeyDER[] = { 298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 335 0x40, 0x48 336 }; 337 #endif 338 339 /* 340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 341 * components are not correct. 342 */ 343 static const unsigned char kExampleBadRSAKeyDER[] = { 344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce 433 }; 434 435 /* 436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 437 * values are 0. 438 */ 439 static const unsigned char kExampleBad2RSAKeyDER[] = { 440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 442 0x01, 0x00, 0x02, 0x01, 0x00 443 }; 444 445 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 446 447 static const unsigned char kSignature[] = { 448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42 459 }; 460 461 /* 462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 463 * PrivateKeyInfo. 464 */ 465 static const unsigned char kExampleRSAKeyPKCS8[] = { 466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf 519 }; 520 521 /* 522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 523 * PrivateKeyInfo (with an optional public key). 524 */ 525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = { 526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 579 /* Implicit optional Public key BIT STRING */ 580 0x81, 581 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 582 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 583 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 584 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 585 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 586 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 587 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 588 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 589 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 590 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 591 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 592 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 593 }; 594 595 #ifndef OPENSSL_NO_EC 596 /* 597 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 598 * structure. 599 */ 600 static const unsigned char kExampleECKeyDER[] = { 601 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 602 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 603 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 604 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 605 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 606 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 607 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 608 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 609 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 610 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 611 0xc1 612 }; 613 614 static const unsigned char kExampleECKeyPKCS8_v2[] = { 615 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 616 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 617 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 618 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 619 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 620 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, 621 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 622 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 623 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 624 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 625 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 626 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, 627 /* Optional implicit public key BIT STRING */ 628 0x81, 629 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 630 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 631 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 632 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 633 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 634 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 635 }; 636 637 /* 638 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 639 * structure. The private key is equal to the order and will fail to import 640 */ 641 static const unsigned char kExampleBadECKeyDER[] = { 642 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 643 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 644 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 645 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 646 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 647 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 648 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 649 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 650 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 651 }; 652 653 /* prime256v1 */ 654 static const unsigned char kExampleECPubKeyDER[] = { 655 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 656 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 657 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 658 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 659 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 660 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 661 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 662 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 663 }; 664 665 /* 666 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 667 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 668 */ 669 static const unsigned char kExampleBadECPubKeyDER[] = { 670 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 671 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 672 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 673 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 674 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 675 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 676 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 677 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 678 }; 679 680 static const unsigned char pExampleECParamDER[] = { 681 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 682 }; 683 684 #ifndef OPENSSL_NO_ECX 685 static const unsigned char kExampleED25519KeyDER[] = { 686 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 687 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 688 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 689 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 690 }; 691 692 static const unsigned char kExampleED25519PubKeyDER[] = { 693 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 694 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 695 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 696 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 697 }; 698 699 #ifndef OPENSSL_NO_DEPRECATED_3_0 700 static const unsigned char kExampleX25519KeyDER[] = { 701 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 702 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 703 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 704 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 705 }; 706 #endif 707 #endif 708 #endif 709 710 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 711 #ifndef OPENSSL_NO_DEPRECATED_3_0 712 #ifndef OPENSSL_NO_DH 713 static const unsigned char kExampleDHKeyDER[] = { 714 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 715 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 716 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 717 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 718 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 719 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 720 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 721 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 722 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 723 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 724 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 725 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 726 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 727 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 728 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 729 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 730 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 731 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 732 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 733 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 734 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 735 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 736 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 737 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 738 0x2e, 0x87, 0x2a, 0x0b, 0x7a 739 }; 740 #endif 741 #endif 742 743 static const unsigned char kCFBDefaultKey[] = { 744 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 745 0x09, 0xCF, 0x4F, 0x3C 746 }; 747 748 static const unsigned char kGCMDefaultKey[32] = { 0 }; 749 750 static const unsigned char kGCMResetKey[] = { 751 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 752 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 753 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 754 }; 755 756 static const unsigned char iCFBIV[] = { 757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 758 0x0C, 0x0D, 0x0E, 0x0F 759 }; 760 761 static const unsigned char iGCMDefaultIV[12] = { 0 }; 762 763 static const unsigned char iGCMResetIV1[] = { 764 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 765 }; 766 767 static const unsigned char iGCMResetIV2[] = { 768 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 769 }; 770 771 static const unsigned char cfbPlaintext[] = { 772 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 773 0x73, 0x93, 0x17, 0x2A 774 }; 775 static const unsigned char cfbPlaintext_partial[] = { 776 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 777 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96 778 }; 779 780 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 781 782 static const unsigned char gcmResetPlaintext[] = { 783 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 784 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 785 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 786 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 787 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 788 }; 789 790 static const unsigned char cfbCiphertext[] = { 791 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 792 0xE8, 0x3C, 0xFB, 0x4A 793 }; 794 795 static const unsigned char cfbCiphertext_partial[] = { 796 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 797 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 798 }; 799 800 static const unsigned char ofbCiphertext_partial[] = { 801 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 802 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 803 }; 804 805 static const unsigned char gcmDefaultCiphertext[] = { 806 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 807 0xba, 0xf3, 0x9d, 0x18 808 }; 809 810 static const unsigned char gcmResetCiphertext1[] = { 811 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 812 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 813 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 814 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 815 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 816 }; 817 818 static const unsigned char gcmResetCiphertext2[] = { 819 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 820 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 821 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 822 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 823 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 824 }; 825 826 static const unsigned char gcmAAD[] = { 827 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 828 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 829 }; 830 831 static const unsigned char gcmDefaultTag[] = { 832 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 833 0xd4, 0x8a, 0xb9, 0x19 834 }; 835 836 static const unsigned char gcmResetTag1[] = { 837 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 838 0xfe, 0x2e, 0xa8, 0xf2 839 }; 840 841 static const unsigned char gcmResetTag2[] = { 842 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 843 0xbb, 0x2d, 0x55, 0x1b 844 }; 845 846 typedef struct APK_DATA_st { 847 const unsigned char *kder; 848 size_t size; 849 const char *keytype; 850 int evptype; 851 int check; 852 int pub_check; 853 int param_check; 854 int type; /* 0 for private, 1 for public, 2 for params */ 855 } APK_DATA; 856 857 static APK_DATA keydata[] = { 858 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA }, 859 { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA }, 860 #ifndef OPENSSL_NO_EC 861 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC } 862 #endif 863 }; 864 865 static APK_DATA keydata_v2[] = { 866 { kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA }, 867 #ifndef OPENSSL_NO_EC 868 { kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC } 869 #endif 870 }; 871 872 static APK_DATA keycheckdata[] = { 873 { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 874 0 }, 875 { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 876 0, 1, 1, 0 }, 877 { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 878 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 }, 879 #ifndef OPENSSL_NO_EC 880 { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 }, 881 /* group is also associated in our pub key */ 882 { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 883 1, 1 }, 884 { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 885 2 }, 886 #ifndef OPENSSL_NO_ECX 887 { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 888 EVP_PKEY_ED25519, 1, 1, 1, 0 }, 889 { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 890 EVP_PKEY_ED25519, 0, 1, 1, 1 }, 891 #endif 892 #endif 893 }; 894 895 static EVP_PKEY *load_example_key(const char *keytype, 896 const unsigned char *data, size_t data_len) 897 { 898 const unsigned char **pdata = &data; 899 EVP_PKEY *pkey = NULL; 900 OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 901 testctx, testpropq); 902 903 /* |pkey| will be NULL on error */ 904 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 905 OSSL_DECODER_CTX_free(dctx); 906 return pkey; 907 } 908 909 static EVP_PKEY *load_example_rsa_key(void) 910 { 911 return load_example_key("RSA", kExampleRSAKeyDER, 912 sizeof(kExampleRSAKeyDER)); 913 } 914 915 #ifndef OPENSSL_NO_DSA 916 static EVP_PKEY *load_example_dsa_key(void) 917 { 918 return load_example_key("DSA", kExampleDSAKeyDER, 919 sizeof(kExampleDSAKeyDER)); 920 } 921 #endif 922 923 #ifndef OPENSSL_NO_EC 924 static EVP_PKEY *load_example_ec_key(void) 925 { 926 return load_example_key("EC", kExampleECKeyDER, 927 sizeof(kExampleECKeyDER)); 928 } 929 #endif 930 931 #ifndef OPENSSL_NO_DEPRECATED_3_0 932 #ifndef OPENSSL_NO_DH 933 static EVP_PKEY *load_example_dh_key(void) 934 { 935 return load_example_key("DH", kExampleDHKeyDER, 936 sizeof(kExampleDHKeyDER)); 937 } 938 #endif 939 940 #ifndef OPENSSL_NO_ECX 941 static EVP_PKEY *load_example_ed25519_key(void) 942 { 943 return load_example_key("ED25519", kExampleED25519KeyDER, 944 sizeof(kExampleED25519KeyDER)); 945 } 946 947 static EVP_PKEY *load_example_x25519_key(void) 948 { 949 return load_example_key("X25519", kExampleX25519KeyDER, 950 sizeof(kExampleX25519KeyDER)); 951 } 952 #endif 953 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 954 955 static EVP_PKEY *load_example_hmac_key(void) 956 { 957 EVP_PKEY *pkey = NULL; 958 unsigned char key[] = { 959 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 960 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 961 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 962 }; 963 964 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 965 NULL, key, sizeof(key)); 966 if (!TEST_ptr(pkey)) 967 return NULL; 968 969 return pkey; 970 } 971 972 static int test_EVP_set_config_properties(void) 973 { 974 char *fetched_properties = NULL; 975 const char test_propq[] = "test.fizzbuzz=buzzfizz"; 976 int res = 0; 977 978 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); 979 if (!TEST_ptr(fetched_properties) 980 || !TEST_str_eq(fetched_properties, test_propq)) 981 goto err; 982 OPENSSL_free(fetched_properties); 983 fetched_properties = NULL; 984 985 res = 1; 986 err: 987 OPENSSL_free(fetched_properties); 988 return res; 989 } 990 991 static int test_EVP_set_default_properties(void) 992 { 993 OSSL_LIB_CTX *ctx; 994 EVP_MD *md = NULL; 995 int res = 0; 996 char *fetched_properties = NULL; 997 const char test_propq[] = "provider=fizzbang"; 998 const char test_fips_propq[] = "fips=yes,provider=fizzbang"; 999 1000 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 1001 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1002 goto err; 1003 EVP_MD_free(md); 1004 md = NULL; 1005 1006 if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) 1007 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 1008 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 1009 goto err; 1010 EVP_MD_free(md); 1011 md = NULL; 1012 1013 fetched_properties = EVP_get1_default_properties(ctx); 1014 if (!TEST_ptr(fetched_properties) 1015 || !TEST_str_eq(fetched_properties, test_propq)) 1016 goto err; 1017 OPENSSL_free(fetched_properties); 1018 fetched_properties = NULL; 1019 1020 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) 1021 goto err; 1022 fetched_properties = EVP_get1_default_properties(ctx); 1023 if (!TEST_ptr(fetched_properties) 1024 || !TEST_str_eq(fetched_properties, test_fips_propq)) 1025 goto err; 1026 OPENSSL_free(fetched_properties); 1027 fetched_properties = NULL; 1028 1029 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) 1030 goto err; 1031 1032 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 1033 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1034 goto err; 1035 res = 1; 1036 err: 1037 OPENSSL_free(fetched_properties); 1038 EVP_MD_free(md); 1039 OSSL_LIB_CTX_free(ctx); 1040 return res; 1041 } 1042 1043 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1044 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 1045 { 1046 EVP_PKEY_CTX *pctx = NULL; 1047 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 1048 1049 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 1050 goto err; 1051 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ 1052 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) 1053 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 1054 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 1055 params), 1056 0)) 1057 goto err; 1058 1059 if (!TEST_ptr(tmp_pkey)) 1060 goto err; 1061 1062 pkey = tmp_pkey; 1063 tmp_pkey = NULL; 1064 err: 1065 EVP_PKEY_free(tmp_pkey); 1066 EVP_PKEY_CTX_free(pctx); 1067 return pkey; 1068 } 1069 1070 static int test_selection(EVP_PKEY *pkey, int selection) 1071 { 1072 int testresult = 0; 1073 int ret; 1074 BIO *bio = BIO_new(BIO_s_mem()); 1075 1076 ret = PEM_write_bio_PUBKEY(bio, pkey); 1077 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 1078 if (!TEST_true(ret)) 1079 goto err; 1080 } else { 1081 if (!TEST_false(ret)) 1082 goto err; 1083 } 1084 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 1085 testctx, NULL); 1086 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 1087 if (!TEST_true(ret)) 1088 goto err; 1089 } else { 1090 if (!TEST_false(ret)) 1091 goto err; 1092 } 1093 1094 testresult = 1; 1095 err: 1096 BIO_free(bio); 1097 1098 return testresult; 1099 } 1100 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 1101 1102 /* 1103 * Test combinations of private, public, missing and private + public key 1104 * params to ensure they are all accepted 1105 */ 1106 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 1107 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 1108 { 1109 OSSL_PARAM_BLD *bld = NULL; 1110 OSSL_PARAM *params = NULL; 1111 EVP_PKEY *just_params = NULL; 1112 EVP_PKEY *params_and_priv = NULL; 1113 EVP_PKEY *params_and_pub = NULL; 1114 EVP_PKEY *params_and_keypair = NULL; 1115 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 1116 int ret = 0; 1117 1118 /* 1119 * Setup the parameters for our pkey object. For our purposes they don't 1120 * have to actually be *valid* parameters. We just need to set something. 1121 */ 1122 if (!TEST_ptr(p = BN_new()) 1123 || !TEST_ptr(q = BN_new()) 1124 || !TEST_ptr(g = BN_new()) 1125 || !TEST_ptr(pub = BN_new()) 1126 || !TEST_ptr(priv = BN_new())) 1127 goto err; 1128 1129 /* Test !priv and !pub */ 1130 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1132 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1133 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 1134 goto err; 1135 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1136 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 1137 goto err; 1138 1139 OSSL_PARAM_free(params); 1140 OSSL_PARAM_BLD_free(bld); 1141 params = NULL; 1142 bld = NULL; 1143 1144 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1145 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1146 goto err; 1147 1148 /* Test priv and !pub */ 1149 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1152 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1153 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1154 priv))) 1155 goto err; 1156 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1157 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 1158 goto err; 1159 1160 OSSL_PARAM_free(params); 1161 OSSL_PARAM_BLD_free(bld); 1162 params = NULL; 1163 bld = NULL; 1164 1165 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 1166 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1167 goto err; 1168 1169 /* Test !priv and pub */ 1170 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1173 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1174 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1175 pub))) 1176 goto err; 1177 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1178 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 1179 goto err; 1180 1181 OSSL_PARAM_free(params); 1182 OSSL_PARAM_BLD_free(bld); 1183 params = NULL; 1184 bld = NULL; 1185 1186 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1187 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1188 goto err; 1189 1190 /* Test priv and pub */ 1191 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1194 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1196 pub)) 1197 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1198 priv))) 1199 goto err; 1200 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1201 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 1202 goto err; 1203 1204 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1205 goto err; 1206 1207 ret = 1; 1208 err: 1209 OSSL_PARAM_free(params); 1210 OSSL_PARAM_BLD_free(bld); 1211 EVP_PKEY_free(just_params); 1212 EVP_PKEY_free(params_and_priv); 1213 EVP_PKEY_free(params_and_pub); 1214 EVP_PKEY_free(params_and_keypair); 1215 BN_free(p); 1216 BN_free(q); 1217 BN_free(g); 1218 BN_free(pub); 1219 BN_free(priv); 1220 1221 return ret; 1222 } 1223 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 1224 1225 /* 1226 * Test combinations of private, public, missing and private + public key 1227 * params to ensure they are all accepted for EC keys 1228 */ 1229 #ifndef OPENSSL_NO_EC 1230 static unsigned char ec_priv[] = { 1231 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 1232 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 1233 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 1234 }; 1235 static unsigned char ec_pub[] = { 1236 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 1237 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 1238 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 1239 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 1240 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 1241 0x08, 0x09, 0xb8, 0xdb, 0x03 1242 }; 1243 1244 static int test_EC_priv_pub(void) 1245 { 1246 OSSL_PARAM_BLD *bld = NULL; 1247 OSSL_PARAM *params = NULL; 1248 EVP_PKEY *just_params = NULL; 1249 EVP_PKEY *params_and_priv = NULL; 1250 EVP_PKEY *params_and_pub = NULL; 1251 EVP_PKEY *params_and_keypair = NULL; 1252 BIGNUM *priv = NULL; 1253 int ret = 0; 1254 unsigned char *encoded = NULL; 1255 size_t len = 0; 1256 unsigned char buffer[128]; 1257 1258 /* 1259 * Setup the parameters for our pkey object. For our purposes they don't 1260 * have to actually be *valid* parameters. We just need to set something. 1261 */ 1262 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1263 goto err; 1264 1265 /* Test !priv and !pub */ 1266 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1267 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1268 OSSL_PKEY_PARAM_GROUP_NAME, 1269 "P-256", 0))) 1270 goto err; 1271 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1272 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 1273 goto err; 1274 1275 OSSL_PARAM_free(params); 1276 OSSL_PARAM_BLD_free(bld); 1277 params = NULL; 1278 bld = NULL; 1279 1280 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1281 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1282 goto err; 1283 1284 /* Test priv and !pub */ 1285 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1286 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1287 OSSL_PKEY_PARAM_GROUP_NAME, 1288 "P-256", 0)) 1289 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1290 priv))) 1291 goto err; 1292 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1293 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 1294 goto err; 1295 1296 OSSL_PARAM_free(params); 1297 OSSL_PARAM_BLD_free(bld); 1298 params = NULL; 1299 bld = NULL; 1300 1301 /* 1302 * We indicate only parameters here, in spite of having built a key that 1303 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 1304 * expected to fail because it does not support exporting a private EC 1305 * key without a corresponding public key 1306 */ 1307 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1308 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1309 goto err; 1310 1311 /* Test !priv and pub */ 1312 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1313 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1314 OSSL_PKEY_PARAM_GROUP_NAME, 1315 "P-256", 0)) 1316 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1317 OSSL_PKEY_PARAM_PUB_KEY, 1318 ec_pub, sizeof(ec_pub)))) 1319 goto err; 1320 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1321 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 1322 goto err; 1323 1324 OSSL_PARAM_free(params); 1325 OSSL_PARAM_BLD_free(bld); 1326 params = NULL; 1327 bld = NULL; 1328 1329 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1330 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1331 goto err; 1332 1333 /* Test priv and pub */ 1334 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1335 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1336 OSSL_PKEY_PARAM_GROUP_NAME, 1337 "P-256", 0)) 1338 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1339 OSSL_PKEY_PARAM_PUB_KEY, 1340 ec_pub, sizeof(ec_pub))) 1341 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1342 priv))) 1343 goto err; 1344 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1345 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1346 goto err; 1347 1348 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1349 goto err; 1350 1351 /* Try key equality */ 1352 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1354 0) 1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1356 0) 1357 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1358 0) 1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1361 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1362 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1363 goto err; 1364 1365 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1366 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1367 goto err; 1368 OPENSSL_free(encoded); 1369 encoded = NULL; 1370 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1371 OPENSSL_free(encoded); 1372 encoded = NULL; 1373 goto err; 1374 } 1375 1376 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1377 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1378 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1379 buffer, sizeof(buffer), &len), 1380 1) 1381 || !TEST_int_eq(len, 65)) 1382 goto err; 1383 1384 len = 0; 1385 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1386 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1387 NULL, 0, &len), 1388 1) 1389 || !TEST_int_eq(len, 65)) 1390 goto err; 1391 1392 /* too-short buffer len*/ 1393 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1394 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1395 buffer, 10, &len), 1396 0)) 1397 goto err; 1398 1399 ret = 1; 1400 err: 1401 OSSL_PARAM_free(params); 1402 OSSL_PARAM_BLD_free(bld); 1403 EVP_PKEY_free(just_params); 1404 EVP_PKEY_free(params_and_priv); 1405 EVP_PKEY_free(params_and_pub); 1406 EVP_PKEY_free(params_and_keypair); 1407 BN_free(priv); 1408 1409 return ret; 1410 } 1411 1412 /* Also test that we can read the EC PUB affine coordinates */ 1413 static int test_evp_get_ec_pub(void) 1414 { 1415 OSSL_PARAM_BLD *bld = NULL; 1416 OSSL_PARAM *params = NULL; 1417 unsigned char *pad = NULL; 1418 EVP_PKEY *keypair = NULL; 1419 BIGNUM *priv = NULL; 1420 BIGNUM *x = NULL; 1421 BIGNUM *y = NULL; 1422 int ret = 0; 1423 1424 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1425 goto err; 1426 1427 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1428 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1429 OSSL_PKEY_PARAM_GROUP_NAME, 1430 "P-256", 0)) 1431 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1432 OSSL_PKEY_PARAM_PUB_KEY, 1433 ec_pub, sizeof(ec_pub))) 1434 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1435 priv))) 1436 goto err; 1437 1438 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1439 || !TEST_ptr(keypair = make_key_fromdata("EC", params))) 1440 goto err; 1441 1442 if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) 1443 goto err; 1444 1445 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) 1446 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) 1447 goto err; 1448 1449 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1450 goto err; 1451 1452 pad[0] = ec_pub[0]; 1453 BN_bn2bin(x, &pad[1]); 1454 BN_bn2bin(y, &pad[33]); 1455 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1456 goto err; 1457 1458 ret = 1; 1459 1460 err: 1461 OSSL_PARAM_free(params); 1462 OSSL_PARAM_BLD_free(bld); 1463 EVP_PKEY_free(keypair); 1464 OPENSSL_free(pad); 1465 BN_free(priv); 1466 BN_free(x); 1467 BN_free(y); 1468 return ret; 1469 } 1470 1471 /* Test that using a legacy EC key with only a private key in it works */ 1472 #ifndef OPENSSL_NO_DEPRECATED_3_0 1473 static int test_EC_priv_only_legacy(void) 1474 { 1475 BIGNUM *priv = NULL; 1476 int ret = 0; 1477 EC_KEY *eckey = NULL; 1478 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1479 EVP_MD_CTX *ctx = NULL; 1480 1481 /* Create the low level EC_KEY */ 1482 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1483 goto err; 1484 1485 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1486 if (!TEST_ptr(eckey)) 1487 goto err; 1488 1489 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1490 goto err; 1491 1492 pkey = EVP_PKEY_new(); 1493 if (!TEST_ptr(pkey)) 1494 goto err; 1495 1496 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1497 goto err; 1498 eckey = NULL; 1499 1500 for (;;) { 1501 ret = 0; 1502 ctx = EVP_MD_CTX_new(); 1503 if (!TEST_ptr(ctx)) 1504 goto err; 1505 1506 /* 1507 * The EVP_DigestSignInit function should create the key on the 1508 * provider side which is sufficient for this test. 1509 */ 1510 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1511 testpropq, pkey, NULL))) 1512 goto err; 1513 EVP_MD_CTX_free(ctx); 1514 ctx = NULL; 1515 1516 if (dup_pk != NULL) 1517 break; 1518 1519 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1520 goto err; 1521 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1522 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1523 EVP_PKEY_free(pkey); 1524 pkey = dup_pk; 1525 if (!ret) 1526 goto err; 1527 } 1528 ret = 1; 1529 1530 err: 1531 EVP_MD_CTX_free(ctx); 1532 EVP_PKEY_free(pkey); 1533 EC_KEY_free(eckey); 1534 BN_free(priv); 1535 1536 return ret; 1537 } 1538 1539 static int test_evp_get_ec_pub_legacy(void) 1540 { 1541 OSSL_LIB_CTX *libctx = NULL; 1542 unsigned char *pad = NULL; 1543 EVP_PKEY *pkey = NULL; 1544 EC_KEY *eckey = NULL; 1545 BIGNUM *priv = NULL; 1546 BIGNUM *x = NULL; 1547 BIGNUM *y = NULL; 1548 int ret = 0; 1549 1550 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 1551 goto err; 1552 1553 /* Create the legacy key */ 1554 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, 1555 NID_X9_62_prime256v1))) 1556 goto err; 1557 1558 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1559 goto err; 1560 1561 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1562 goto err; 1563 1564 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) 1565 goto err; 1566 1567 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) 1568 goto err; 1569 1570 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) 1571 goto err; 1572 1573 if (!TEST_ptr(pkey = EVP_PKEY_new())) 1574 goto err; 1575 1576 /* Transfer the legacy key */ 1577 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1578 goto err; 1579 eckey = NULL; 1580 1581 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) 1582 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) 1583 goto err; 1584 1585 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1586 goto err; 1587 1588 pad[0] = ec_pub[0]; 1589 BN_bn2bin(x, &pad[1]); 1590 BN_bn2bin(y, &pad[33]); 1591 1592 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1593 goto err; 1594 1595 ret = 1; 1596 1597 err: 1598 OSSL_LIB_CTX_free(libctx); 1599 EVP_PKEY_free(pkey); 1600 EC_KEY_free(eckey); 1601 OPENSSL_free(pad); 1602 BN_free(priv); 1603 BN_free(x); 1604 BN_free(y); 1605 1606 return ret; 1607 } 1608 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1609 #endif /* OPENSSL_NO_EC */ 1610 1611 static int test_EVP_PKEY_sign(int tst) 1612 { 1613 int ret = 0; 1614 EVP_PKEY *pkey = NULL; 1615 unsigned char *sig = NULL; 1616 size_t sig_len = 0, shortsig_len = 1; 1617 EVP_PKEY_CTX *ctx = NULL; 1618 unsigned char tbs[] = { 1619 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1620 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1621 }; 1622 1623 if (tst == 0) { 1624 if (!TEST_ptr(pkey = load_example_rsa_key())) 1625 goto out; 1626 } else if (tst == 1) { 1627 #ifndef OPENSSL_NO_DSA 1628 if (!TEST_ptr(pkey = load_example_dsa_key())) 1629 goto out; 1630 #else 1631 ret = 1; 1632 goto out; 1633 #endif 1634 } else { 1635 #ifndef OPENSSL_NO_EC 1636 if (!TEST_ptr(pkey = load_example_ec_key())) 1637 goto out; 1638 #else 1639 ret = 1; 1640 goto out; 1641 #endif 1642 } 1643 1644 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1645 if (!TEST_ptr(ctx) 1646 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1647 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1648 sizeof(tbs)), 1649 0)) 1650 goto out; 1651 sig = OPENSSL_malloc(sig_len); 1652 if (!TEST_ptr(sig) 1653 /* Test sending a signature buffer that is too short is rejected */ 1654 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1655 sizeof(tbs)), 1656 0) 1657 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1658 0) 1659 /* Test the signature round-trips */ 1660 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1661 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1662 0)) 1663 goto out; 1664 1665 ret = 1; 1666 out: 1667 EVP_PKEY_CTX_free(ctx); 1668 OPENSSL_free(sig); 1669 EVP_PKEY_free(pkey); 1670 return ret; 1671 } 1672 1673 #ifndef OPENSSL_NO_DEPRECATED_3_0 1674 static int test_EVP_PKEY_sign_with_app_method(int tst) 1675 { 1676 int ret = 0; 1677 EVP_PKEY *pkey = NULL; 1678 RSA *rsa = NULL; 1679 RSA_METHOD *rsa_meth = NULL; 1680 #ifndef OPENSSL_NO_DSA 1681 DSA *dsa = NULL; 1682 DSA_METHOD *dsa_meth = NULL; 1683 #endif 1684 unsigned char *sig = NULL; 1685 size_t sig_len = 0, shortsig_len = 1; 1686 EVP_PKEY_CTX *ctx = NULL; 1687 unsigned char tbs[] = { 1688 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1689 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1690 }; 1691 1692 if (tst == 0) { 1693 if (!TEST_ptr(pkey = load_example_rsa_key())) 1694 goto out; 1695 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1696 goto out; 1697 1698 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1699 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1700 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1701 goto out; 1702 rsa = NULL; /* now owned by the pkey */ 1703 } else { 1704 #ifndef OPENSSL_NO_DSA 1705 if (!TEST_ptr(pkey = load_example_dsa_key())) 1706 goto out; 1707 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1708 goto out; 1709 1710 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1711 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1712 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1713 goto out; 1714 dsa = NULL; /* now owned by the pkey */ 1715 #else 1716 ret = 1; 1717 goto out; 1718 #endif 1719 } 1720 1721 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1722 if (!TEST_ptr(ctx) 1723 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1724 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1725 sizeof(tbs)), 1726 0)) 1727 goto out; 1728 sig = OPENSSL_malloc(sig_len); 1729 if (!TEST_ptr(sig) 1730 /* Test sending a signature buffer that is too short is rejected */ 1731 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1732 sizeof(tbs)), 1733 0) 1734 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1735 0) 1736 /* Test the signature round-trips */ 1737 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1738 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1739 0)) 1740 goto out; 1741 1742 ret = 1; 1743 out: 1744 EVP_PKEY_CTX_free(ctx); 1745 OPENSSL_free(sig); 1746 EVP_PKEY_free(pkey); 1747 RSA_free(rsa); 1748 RSA_meth_free(rsa_meth); 1749 #ifndef OPENSSL_NO_DSA 1750 DSA_free(dsa); 1751 DSA_meth_free(dsa_meth); 1752 #endif 1753 return ret; 1754 } 1755 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1756 1757 /* 1758 * n = 0 => test using legacy cipher 1759 * n = 1 => test using fetched cipher 1760 */ 1761 static int test_EVP_Enveloped(int n) 1762 { 1763 int ret = 0; 1764 EVP_CIPHER_CTX *ctx = NULL; 1765 EVP_PKEY *keypair = NULL; 1766 unsigned char *kek = NULL; 1767 unsigned char iv[EVP_MAX_IV_LENGTH]; 1768 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1769 int len, kek_len, ciphertext_len, plaintext_len; 1770 unsigned char ciphertext[32], plaintext[16]; 1771 EVP_CIPHER *type = NULL; 1772 1773 if (nullprov != NULL) 1774 return TEST_skip("Test does not support a non-default library context"); 1775 1776 if (n == 0) 1777 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1778 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1779 testpropq))) 1780 goto err; 1781 1782 if (!TEST_ptr(keypair = load_example_rsa_key()) 1783 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1784 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1785 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1786 &keypair, 1)) 1787 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1788 msg, sizeof(msg))) 1789 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1790 &len))) 1791 goto err; 1792 1793 ciphertext_len += len; 1794 1795 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1796 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1797 ciphertext, ciphertext_len)) 1798 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1799 goto err; 1800 1801 plaintext_len += len; 1802 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1803 goto err; 1804 1805 ret = 1; 1806 err: 1807 if (n != 0) 1808 EVP_CIPHER_free(type); 1809 OPENSSL_free(kek); 1810 EVP_PKEY_free(keypair); 1811 EVP_CIPHER_CTX_free(ctx); 1812 return ret; 1813 } 1814 1815 /* 1816 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1817 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1818 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1819 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1820 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1821 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1822 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1823 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1824 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1825 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1826 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1827 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1828 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1829 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1830 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1831 * Test 15-29: Same as above with reinitialization 1832 */ 1833 static int test_EVP_DigestSignInit(int tst) 1834 { 1835 int ret = 0; 1836 EVP_PKEY *pkey = NULL; 1837 unsigned char *sig = NULL, *sig2 = NULL; 1838 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1839 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1840 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1841 BIO *mdbio = NULL, *membio = NULL; 1842 size_t written; 1843 const EVP_MD *md; 1844 EVP_MD *mdexp = NULL; 1845 int reinit = 0; 1846 1847 if (nullprov != NULL) 1848 return TEST_skip("Test does not support a non-default library context"); 1849 1850 if (tst >= 15) { 1851 reinit = 1; 1852 tst -= 15; 1853 } 1854 1855 if (tst >= 6 && tst <= 8) { 1856 membio = BIO_new(BIO_s_mem()); 1857 mdbio = BIO_new(BIO_f_md()); 1858 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1859 goto out; 1860 BIO_push(mdbio, membio); 1861 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1862 goto out; 1863 } else { 1864 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1865 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1866 goto out; 1867 } 1868 1869 if (tst % 3 == 0) { 1870 if (!TEST_ptr(pkey = load_example_rsa_key())) 1871 goto out; 1872 } else if (tst % 3 == 1) { 1873 #ifndef OPENSSL_NO_DSA 1874 if (!TEST_ptr(pkey = load_example_dsa_key())) 1875 goto out; 1876 #else 1877 ret = 1; 1878 goto out; 1879 #endif 1880 } else { 1881 if (!TEST_ptr(pkey = load_example_hmac_key())) 1882 goto out; 1883 } 1884 1885 if (tst >= 3 && tst <= 5) 1886 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1887 else 1888 md = EVP_sha256(); 1889 1890 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1891 goto out; 1892 1893 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1894 goto out; 1895 1896 if (tst >= 6 && tst <= 8) { 1897 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1898 goto out; 1899 } else if (tst < 6) { 1900 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1901 goto out; 1902 } 1903 1904 if (tst >= 9) { 1905 /* Determine the size of the signature. */ 1906 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1907 sizeof(kMsg))) 1908 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1909 goto out; 1910 if (tst <= 11) { 1911 /* Test that supply a short sig buffer fails */ 1912 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1913 sizeof(kMsg)))) 1914 goto out; 1915 /* 1916 * We end here because once EVP_DigestSign() has failed you should 1917 * not call it again without re-initing the ctx 1918 */ 1919 ret = 1; 1920 goto out; 1921 } 1922 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1923 sizeof(kMsg)))) 1924 goto out; 1925 } else { 1926 /* Determine the size of the signature. */ 1927 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1928 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1929 /* 1930 * Trying to create a signature with a deliberately short 1931 * buffer should fail. 1932 */ 1933 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1934 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1935 goto out; 1936 } 1937 1938 /* 1939 * Ensure that the signature round-trips (Verification isn't supported for 1940 * HMAC via EVP_DigestVerify*) 1941 */ 1942 if (tst % 3 != 2) { 1943 if (tst >= 6 && tst <= 8) { 1944 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1945 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1946 goto out; 1947 } 1948 1949 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1950 NULL, pkey))) 1951 goto out; 1952 1953 if (tst >= 6 && tst <= 8) { 1954 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1955 goto out; 1956 } else { 1957 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1958 sizeof(kMsg)))) 1959 goto out; 1960 } 1961 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1962 goto out; 1963 1964 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1965 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1966 goto out; 1967 } else { 1968 /* 1969 * For HMAC a doubled call to DigestSignFinal should produce the same 1970 * value as finalization should not happen. 1971 */ 1972 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1973 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1974 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1975 goto out; 1976 1977 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1978 goto out; 1979 } 1980 1981 ret = 1; 1982 1983 out: 1984 BIO_free(membio); 1985 BIO_free(mdbio); 1986 EVP_MD_CTX_free(a_md_ctx); 1987 EVP_MD_CTX_free(a_md_ctx_verify); 1988 EVP_PKEY_free(pkey); 1989 OPENSSL_free(sig); 1990 OPENSSL_free(sig2); 1991 EVP_MD_free(mdexp); 1992 1993 return ret; 1994 } 1995 1996 static int test_EVP_DigestVerifyInit(void) 1997 { 1998 int ret = 0; 1999 EVP_PKEY *pkey = NULL; 2000 EVP_MD_CTX *md_ctx = NULL; 2001 2002 if (nullprov != NULL) 2003 return TEST_skip("Test does not support a non-default library context"); 2004 2005 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 2006 || !TEST_ptr(pkey = load_example_rsa_key())) 2007 goto out; 2008 2009 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 2010 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2011 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2012 sizeof(kSignature)), 2013 0)) 2014 goto out; 2015 2016 /* test with reinitialization */ 2017 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 2018 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2019 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2020 sizeof(kSignature)), 2021 0)) 2022 goto out; 2023 ret = 1; 2024 2025 out: 2026 EVP_MD_CTX_free(md_ctx); 2027 EVP_PKEY_free(pkey); 2028 return ret; 2029 } 2030 2031 #ifndef OPENSSL_NO_EC 2032 static int test_ecdsa_digestsign_keccak(void) 2033 { 2034 int ret = 0; 2035 EVP_PKEY *pkey = NULL; 2036 EVP_MD_CTX *ctx = NULL; 2037 EVP_MD *md = NULL; 2038 2039 if (nullprov != NULL) 2040 return TEST_skip("Test does not support a non-default library context"); 2041 2042 pkey = load_example_ec_key(); 2043 if (!TEST_ptr(pkey)) 2044 goto err; 2045 2046 /* This would not work with FIPS provider so just use NULL libctx */ 2047 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); 2048 if (!TEST_ptr(md)) 2049 goto err; 2050 2051 ctx = EVP_MD_CTX_new(); 2052 if (!TEST_ptr(ctx)) 2053 goto err; 2054 2055 /* 2056 * Just check EVP_DigestSignInit_ex() works. 2057 */ 2058 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 2059 goto err; 2060 2061 ret = 1; 2062 err: 2063 EVP_MD_CTX_free(ctx); 2064 EVP_PKEY_free(pkey); 2065 EVP_MD_free(md); 2066 2067 return ret; 2068 } 2069 #endif 2070 2071 #ifndef OPENSSL_NO_SIPHASH 2072 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 2073 static int test_siphash_digestsign(void) 2074 { 2075 unsigned char key[16]; 2076 unsigned char buf[8], digest[8]; 2077 unsigned char expected[8] = { 2078 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 2079 }; 2080 EVP_PKEY *pkey = NULL; 2081 EVP_MD_CTX *mdctx = NULL; 2082 EVP_PKEY_CTX *ctx = NULL; 2083 int ret = 0; 2084 size_t len = 8; 2085 2086 if (nullprov != NULL) 2087 return TEST_skip("Test does not support a non-default library context"); 2088 2089 memset(buf, 0, 8); 2090 memset(key, 1, 16); 2091 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 2092 key, 16))) 2093 goto out; 2094 2095 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 2096 goto out; 2097 2098 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 2099 goto out; 2100 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 2101 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 2102 8, NULL), 2103 1)) 2104 goto out; 2105 /* reinitialize */ 2106 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 2107 goto out; 2108 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 2109 goto out; 2110 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 2111 goto out; 2112 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 2113 goto out; 2114 2115 ret = 1; 2116 out: 2117 EVP_PKEY_free(pkey); 2118 EVP_MD_CTX_free(mdctx); 2119 return ret; 2120 } 2121 #endif 2122 2123 /* 2124 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 2125 */ 2126 static int test_EVP_Digest(void) 2127 { 2128 int ret = 0; 2129 EVP_MD_CTX *md_ctx = NULL; 2130 unsigned char md[EVP_MAX_MD_SIZE]; 2131 EVP_MD *sha256 = NULL; 2132 EVP_MD *shake256 = NULL; 2133 2134 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2135 goto out; 2136 2137 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 2138 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 2139 goto out; 2140 2141 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2142 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2143 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 2144 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 2145 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 2146 goto out; 2147 2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2150 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 2151 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2153 /* 2154 * EVP_DigestInit_ex with NULL type should work on 2155 * pre-initialized context. 2156 */ 2157 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2158 goto out; 2159 2160 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 2161 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2162 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 2163 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 2164 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2165 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2166 goto out; 2167 ret = 1; 2168 2169 out: 2170 EVP_MD_CTX_free(md_ctx); 2171 EVP_MD_free(sha256); 2172 EVP_MD_free(shake256); 2173 return ret; 2174 } 2175 2176 static int test_EVP_md_null(void) 2177 { 2178 int ret = 0; 2179 EVP_MD_CTX *md_ctx = NULL; 2180 const EVP_MD *md_null = EVP_md_null(); 2181 unsigned char md_value[EVP_MAX_MD_SIZE]; 2182 unsigned int md_len = sizeof(md_value); 2183 2184 if (nullprov != NULL) 2185 return TEST_skip("Test does not support a non-default library context"); 2186 2187 if (!TEST_ptr(md_null) 2188 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2189 goto out; 2190 2191 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 2192 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 2193 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 2194 goto out; 2195 2196 if (!TEST_uint_eq(md_len, 0)) 2197 goto out; 2198 2199 ret = 1; 2200 out: 2201 EVP_MD_CTX_free(md_ctx); 2202 return ret; 2203 } 2204 2205 static int test_d2i_AutoPrivateKey(int i) 2206 { 2207 int ret = 0; 2208 const unsigned char *p; 2209 EVP_PKEY *pkey = NULL; 2210 const APK_DATA *ak = &keydata[i]; 2211 const unsigned char *input = ak->kder; 2212 size_t input_len = ak->size; 2213 int expected_id = ak->evptype; 2214 2215 p = input; 2216 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 2217 || !TEST_ptr_eq(p, input + input_len) 2218 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2219 goto done; 2220 2221 ret = 1; 2222 2223 done: 2224 EVP_PKEY_free(pkey); 2225 return ret; 2226 } 2227 2228 #ifndef OPENSSL_NO_EC 2229 2230 static const unsigned char ec_public_sect163k1_validxy[] = { 2231 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2232 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2233 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2234 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 2235 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2236 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2237 }; 2238 2239 static const unsigned char ec_public_sect163k1_badx[] = { 2240 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2241 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2242 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2243 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 2244 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2245 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2246 }; 2247 2248 static const unsigned char ec_public_sect163k1_bady[] = { 2249 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2250 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2251 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2252 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 2253 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2254 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 2255 }; 2256 2257 static struct ec_der_pub_keys_st { 2258 const unsigned char *der; 2259 size_t len; 2260 int valid; 2261 } ec_der_pub_keys[] = { 2262 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 2263 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 2264 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 2265 }; 2266 2267 /* 2268 * Tests the range of the decoded EC char2 public point. 2269 * See ec_GF2m_simple_oct2point(). 2270 */ 2271 static int test_invalide_ec_char2_pub_range_decode(int id) 2272 { 2273 int ret = 0; 2274 EVP_PKEY *pkey; 2275 2276 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 2277 ec_der_pub_keys[id].len); 2278 2279 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 2280 || TEST_ptr_null(pkey); 2281 EVP_PKEY_free(pkey); 2282 return ret; 2283 } 2284 2285 static int test_EVP_PKCS82PKEY(void) 2286 { 2287 int ret = 0; 2288 const unsigned char *derp = kExampleBadECKeyDER; 2289 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2290 EVP_PKEY *pkey = NULL; 2291 2292 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 2293 sizeof(kExampleBadECKeyDER)))) 2294 goto done; 2295 2296 if (!TEST_ptr_eq(derp, 2297 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 2298 goto done; 2299 2300 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 2301 goto done; 2302 2303 ret = 1; 2304 2305 done: 2306 PKCS8_PRIV_KEY_INFO_free(p8inf); 2307 EVP_PKEY_free(pkey); 2308 2309 return ret; 2310 } 2311 2312 #endif 2313 2314 static int test_EVP_PKCS82PKEY_v2(int i) 2315 { 2316 int ret = 0; 2317 const unsigned char *p; 2318 const APK_DATA *ak = &keydata_v2[i]; 2319 const unsigned char *input = ak->kder; 2320 size_t input_len = ak->size; 2321 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2322 2323 /* Can we parse PKCS#8 v2, ignoring the public key for now? */ 2324 p = input; 2325 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); 2326 if (!TEST_ptr(p8inf) 2327 || !TEST_true(p == input + input_len)) 2328 goto done; 2329 2330 ret = 1; 2331 done: 2332 PKCS8_PRIV_KEY_INFO_free(p8inf); 2333 return ret; 2334 } 2335 2336 /* Tests loading a bad key in PKCS8 format */ 2337 static int test_EVP_PKCS82PKEY_wrong_tag(void) 2338 { 2339 EVP_PKEY *pkey = NULL; 2340 EVP_PKEY *pkey2 = NULL; 2341 BIO *membio = NULL; 2342 char *membuf = NULL; 2343 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2344 int ok = 0; 2345 2346 if (testctx != NULL) 2347 /* test not supported with non-default context */ 2348 return 1; 2349 2350 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2351 || !TEST_ptr(pkey = load_example_rsa_key()) 2352 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2353 NULL, 0, NULL, NULL), 2354 0) 2355 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 2356 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 2357 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 2358 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 2359 goto done; 2360 } 2361 2362 ok = 1; 2363 done: 2364 EVP_PKEY_free(pkey); 2365 EVP_PKEY_free(pkey2); 2366 PKCS8_PRIV_KEY_INFO_free(p8inf); 2367 BIO_free_all(membio); 2368 return ok; 2369 } 2370 2371 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 2372 static int test_privatekey_to_pkcs8(void) 2373 { 2374 EVP_PKEY *pkey = NULL; 2375 BIO *membio = NULL; 2376 char *membuf = NULL; 2377 long membuf_len = 0; 2378 int ok = 0; 2379 2380 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2381 || !TEST_ptr(pkey = load_example_rsa_key()) 2382 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2383 NULL, 0, NULL, NULL), 2384 0) 2385 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 2386 || !TEST_ptr(membuf) 2387 || !TEST_mem_eq(membuf, (size_t)membuf_len, 2388 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 2389 /* 2390 * We try to write PEM as well, just to see that it doesn't err, but 2391 * assume that the result is correct. 2392 */ 2393 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 2394 NULL, 0, NULL, NULL), 2395 0)) 2396 goto done; 2397 2398 ok = 1; 2399 done: 2400 EVP_PKEY_free(pkey); 2401 BIO_free_all(membio); 2402 return ok; 2403 } 2404 2405 #ifndef OPENSSL_NO_EC 2406 static const struct { 2407 int encoding; 2408 const char *encoding_name; 2409 } ec_encodings[] = { 2410 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 2411 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 2412 }; 2413 2414 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 2415 { 2416 const OSSL_PARAM *p; 2417 const char *enc_name = NULL; 2418 int *enc = arg; 2419 size_t i; 2420 2421 *enc = -1; 2422 2423 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 2424 OSSL_PKEY_PARAM_EC_ENCODING)) 2425 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 2426 return 0; 2427 2428 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 2429 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 2430 *enc = ec_encodings[i].encoding; 2431 break; 2432 } 2433 } 2434 2435 return (*enc != -1); 2436 } 2437 2438 static int test_EC_keygen_with_enc(int idx) 2439 { 2440 EVP_PKEY *params = NULL, *key = NULL; 2441 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 2442 int enc; 2443 int ret = 0; 2444 2445 enc = ec_encodings[idx].encoding; 2446 2447 /* Create key parameters */ 2448 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 2449 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 2450 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 2451 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 2452 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 2453 || !TEST_ptr(params)) 2454 goto done; 2455 2456 /* Create key */ 2457 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 2458 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2459 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 2460 || !TEST_ptr(key)) 2461 goto done; 2462 2463 /* Check that the encoding got all the way into the key */ 2464 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 2465 ec_export_get_encoding_cb, &enc)) 2466 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 2467 goto done; 2468 2469 ret = 1; 2470 done: 2471 EVP_PKEY_free(key); 2472 EVP_PKEY_free(params); 2473 EVP_PKEY_CTX_free(kctx); 2474 EVP_PKEY_CTX_free(pctx); 2475 return ret; 2476 } 2477 #endif 2478 2479 #if !defined(OPENSSL_NO_SM2) 2480 2481 static int test_EVP_SM2_verify(void) 2482 { 2483 const char *pubkey = "-----BEGIN PUBLIC KEY-----\n" 2484 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 2485 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 2486 "-----END PUBLIC KEY-----\n"; 2487 2488 const char *msg = "message digest"; 2489 const char *id = "ALICE123@YAHOO.COM"; 2490 2491 const uint8_t signature[] = { 2492 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 2493 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 2494 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 2495 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 2496 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 2497 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 2498 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 2499 }; 2500 2501 int rc = 0; 2502 BIO *bio = NULL; 2503 EVP_PKEY *pkey = NULL; 2504 EVP_MD_CTX *mctx = NULL; 2505 EVP_PKEY_CTX *pctx = NULL; 2506 EVP_MD *sm3 = NULL; 2507 2508 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 2509 if (!TEST_true(bio != NULL)) 2510 goto done; 2511 2512 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 2513 if (!TEST_true(pkey != NULL)) 2514 goto done; 2515 2516 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 2517 goto done; 2518 2519 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 2520 goto done; 2521 2522 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2523 goto done; 2524 2525 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 2526 2527 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 2528 goto done; 2529 2530 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 2531 goto done; 2532 2533 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 2534 goto done; 2535 2536 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2537 goto done; 2538 2539 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2540 goto done; 2541 rc = 1; 2542 2543 done: 2544 BIO_free(bio); 2545 EVP_PKEY_free(pkey); 2546 EVP_PKEY_CTX_free(pctx); 2547 EVP_MD_CTX_free(mctx); 2548 EVP_MD_free(sm3); 2549 return rc; 2550 } 2551 2552 static int test_EVP_SM2(void) 2553 { 2554 int ret = 0; 2555 EVP_PKEY *pkey = NULL; 2556 EVP_PKEY *pkeyparams = NULL; 2557 EVP_PKEY_CTX *pctx = NULL; 2558 EVP_PKEY_CTX *kctx = NULL; 2559 EVP_PKEY_CTX *sctx = NULL; 2560 size_t sig_len = 0; 2561 unsigned char *sig = NULL; 2562 EVP_MD_CTX *md_ctx = NULL; 2563 EVP_MD_CTX *md_ctx_verify = NULL; 2564 EVP_PKEY_CTX *cctx = NULL; 2565 EVP_MD *check_md = NULL; 2566 2567 uint8_t ciphertext[128]; 2568 size_t ctext_len = sizeof(ciphertext); 2569 2570 uint8_t plaintext[8]; 2571 size_t ptext_len = sizeof(plaintext); 2572 2573 uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; 2574 2575 OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2576 OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2577 int i; 2578 char mdname[OSSL_MAX_NAME_SIZE]; 2579 2580 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2581 "SM2", testpropq))) 2582 goto done; 2583 2584 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2585 goto done; 2586 2587 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2588 goto done; 2589 2590 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2591 goto done; 2592 2593 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2594 pkeyparams, testpropq))) 2595 goto done; 2596 2597 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2598 goto done; 2599 2600 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2601 goto done; 2602 2603 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2604 goto done; 2605 2606 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2607 goto done; 2608 2609 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2610 goto done; 2611 2612 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2613 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2614 2615 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2616 goto done; 2617 2618 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2619 goto done; 2620 2621 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2622 goto done; 2623 2624 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2625 goto done; 2626 2627 /* Determine the size of the signature. */ 2628 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2629 goto done; 2630 2631 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2632 goto done; 2633 2634 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2635 goto done; 2636 2637 /* Ensure that the signature round-trips. */ 2638 2639 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2640 pkey))) 2641 goto done; 2642 2643 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2644 goto done; 2645 2646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2647 goto done; 2648 2649 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2650 goto done; 2651 2652 /* 2653 * Try verify again with non-matching 0 length id but ensure that it can 2654 * be set on the context and overrides the previous value. 2655 */ 2656 2657 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2658 pkey))) 2659 goto done; 2660 2661 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2662 goto done; 2663 2664 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2665 goto done; 2666 2667 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2668 goto done; 2669 2670 /* now check encryption/decryption */ 2671 2672 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2673 mdname, sizeof(mdname)); 2674 for (i = 0; i < 2; i++) { 2675 const char *mdnames[] = { 2676 #ifndef OPENSSL_NO_SM3 2677 "SM3", 2678 #else 2679 NULL, 2680 #endif 2681 "SHA2-256" 2682 }; 2683 EVP_PKEY_CTX_free(cctx); 2684 2685 if (mdnames[i] == NULL) 2686 continue; 2687 2688 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2689 (char *)mdnames[i], 0); 2690 2691 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2692 pkey, testpropq))) 2693 goto done; 2694 2695 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2696 goto done; 2697 2698 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2699 goto done; 2700 2701 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2702 sizeof(kMsg)))) 2703 goto done; 2704 2705 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2706 goto done; 2707 2708 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2709 goto done; 2710 2711 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2712 ctext_len), 2713 0)) 2714 goto done; 2715 2716 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2717 goto done; 2718 2719 /* 2720 * Test we're still using the digest we think we are. 2721 * Because of aliases, the easiest is to fetch the digest and 2722 * check the name with EVP_MD_is_a(). 2723 */ 2724 EVP_MD_free(check_md); 2725 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2726 goto done; 2727 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2728 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2729 goto done; 2730 } 2731 2732 if (!TEST_true(ptext_len == sizeof(kMsg))) 2733 goto done; 2734 2735 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2736 goto done; 2737 } 2738 2739 ret = 1; 2740 done: 2741 EVP_PKEY_CTX_free(pctx); 2742 EVP_PKEY_CTX_free(kctx); 2743 EVP_PKEY_CTX_free(sctx); 2744 EVP_PKEY_CTX_free(cctx); 2745 EVP_PKEY_free(pkey); 2746 EVP_PKEY_free(pkeyparams); 2747 EVP_MD_CTX_free(md_ctx); 2748 EVP_MD_CTX_free(md_ctx_verify); 2749 EVP_MD_free(check_md); 2750 OPENSSL_free(sig); 2751 return ret; 2752 } 2753 2754 #endif 2755 2756 #ifndef OPENSSL_NO_ML_KEM 2757 static const uint8_t ml_kem_seed[] = { 2758 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 2759 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, 2760 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, 2761 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 2762 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 2763 0x87, 0x2b, 0xfb, 0x8f 2764 }; 2765 static const uint8_t ml_kem_512_pubkey[] = { 2766 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 2767 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, 2768 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, 2769 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, 2770 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, 2771 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, 2772 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, 2773 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, 2774 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, 2775 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, 2776 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, 2777 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, 2778 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, 2779 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, 2780 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, 2781 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, 2782 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, 2783 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, 2784 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, 2785 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, 2786 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, 2787 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, 2788 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, 2789 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, 2790 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, 2791 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, 2792 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, 2793 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, 2794 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, 2795 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, 2796 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, 2797 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, 2798 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, 2799 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, 2800 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, 2801 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, 2802 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, 2803 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, 2804 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, 2805 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, 2806 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, 2807 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, 2808 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, 2809 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, 2810 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, 2811 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, 2812 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, 2813 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, 2814 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, 2815 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, 2816 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, 2817 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, 2818 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, 2819 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, 2820 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, 2821 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, 2822 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, 2823 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, 2824 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, 2825 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, 2826 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, 2827 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, 2828 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, 2829 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, 2830 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, 2831 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 2832 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 2833 }; 2834 static const uint8_t ml_kem_768_pubkey[] = { 2835 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 2836 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, 2837 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, 2838 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, 2839 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, 2840 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, 2841 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, 2842 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, 2843 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, 2844 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, 2845 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, 2846 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, 2847 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, 2848 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, 2849 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, 2850 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, 2851 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, 2852 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, 2853 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, 2854 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, 2855 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, 2856 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, 2857 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, 2858 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, 2859 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, 2860 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, 2861 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, 2862 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, 2863 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, 2864 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, 2865 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, 2866 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, 2867 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, 2868 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, 2869 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, 2870 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, 2871 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, 2872 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, 2873 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, 2874 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, 2875 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, 2876 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, 2877 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, 2878 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, 2879 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, 2880 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, 2881 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, 2882 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, 2883 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, 2884 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, 2885 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, 2886 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, 2887 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, 2888 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, 2889 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, 2890 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, 2891 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, 2892 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, 2893 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, 2894 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, 2895 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, 2896 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, 2897 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, 2898 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, 2899 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, 2900 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, 2901 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, 2902 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, 2903 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, 2904 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, 2905 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, 2906 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, 2907 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, 2908 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, 2909 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, 2910 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, 2911 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, 2912 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, 2913 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, 2914 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, 2915 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, 2916 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, 2917 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, 2918 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, 2919 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, 2920 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, 2921 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, 2922 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, 2923 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, 2924 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, 2925 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, 2926 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, 2927 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, 2928 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, 2929 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, 2930 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, 2931 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, 2932 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 2933 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 2934 }; 2935 static const uint8_t ml_kem_1024_pubkey[] = { 2936 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 2937 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, 2938 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, 2939 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, 2940 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, 2941 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, 2942 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, 2943 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, 2944 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, 2945 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, 2946 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, 2947 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, 2948 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, 2949 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, 2950 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, 2951 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, 2952 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, 2953 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, 2954 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, 2955 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, 2956 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, 2957 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, 2958 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, 2959 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, 2960 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, 2961 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, 2962 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, 2963 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, 2964 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, 2965 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, 2966 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, 2967 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, 2968 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, 2969 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, 2970 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, 2971 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, 2972 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, 2973 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, 2974 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, 2975 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, 2976 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, 2977 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, 2978 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, 2979 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, 2980 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, 2981 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, 2982 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, 2983 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, 2984 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, 2985 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, 2986 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, 2987 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, 2988 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, 2989 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, 2990 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, 2991 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, 2992 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, 2993 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, 2994 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, 2995 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, 2996 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, 2997 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, 2998 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, 2999 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, 3000 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, 3001 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, 3002 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, 3003 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, 3004 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, 3005 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, 3006 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, 3007 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, 3008 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, 3009 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, 3010 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, 3011 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, 3012 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, 3013 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, 3014 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, 3015 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, 3016 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, 3017 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, 3018 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, 3019 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, 3020 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, 3021 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, 3022 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, 3023 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, 3024 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, 3025 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, 3026 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, 3027 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, 3028 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, 3029 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, 3030 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, 3031 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, 3032 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, 3033 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, 3034 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, 3035 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, 3036 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, 3037 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, 3038 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, 3039 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, 3040 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, 3041 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, 3042 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, 3043 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, 3044 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, 3045 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, 3046 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, 3047 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, 3048 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, 3049 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, 3050 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, 3051 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, 3052 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, 3053 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, 3054 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, 3055 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, 3056 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, 3057 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, 3058 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, 3059 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, 3060 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, 3061 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, 3062 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, 3063 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, 3064 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, 3065 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 3066 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb 3067 }; 3068 #endif 3069 3070 static struct keys_st { 3071 int type; 3072 const uint8_t *priv; 3073 const uint8_t *pub; 3074 /* If "name" is non-NULL, create via non-legacy _ex() API */ 3075 char *name; 3076 int privlen; 3077 int publen; 3078 } keys[] = { 3079 { EVP_PKEY_HMAC, 3080 (const uint8_t *)"0123456789", 3081 NULL, 3082 NULL, 10, 0 }, 3083 { EVP_PKEY_HMAC, (const uint8_t *)"", NULL, 3084 NULL, 0, 0 3085 #ifndef OPENSSL_NO_POLY1305 3086 }, 3087 { EVP_PKEY_POLY1305, 3088 (const uint8_t *)"01234567890123456789012345678901", 3089 NULL, 3090 NULL, 32, 0 3091 #endif 3092 #ifndef OPENSSL_NO_SIPHASH 3093 }, 3094 { EVP_PKEY_SIPHASH, 3095 (const uint8_t *)"0123456789012345", 3096 NULL, 3097 NULL, 16, 0 3098 #endif 3099 }, 3100 #ifndef OPENSSL_NO_ECX 3101 { EVP_PKEY_X25519, 3102 (const uint8_t *)"01234567890123456789012345678901", 3103 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", 3104 NULL, 32, 32 }, 3105 { EVP_PKEY_ED25519, 3106 (const uint8_t *)"01234567890123456789012345678901", 3107 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", 3108 NULL, 32, 32 }, 3109 { EVP_PKEY_X448, 3110 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", 3111 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", 3112 NULL, 56, 56 }, 3113 { EVP_PKEY_ED448, 3114 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", 3115 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", 3116 NULL, 57, 57 }, 3117 #endif 3118 #ifndef OPENSSL_NO_ML_KEM 3119 { NID_undef, ml_kem_seed, ml_kem_512_pubkey, 3120 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) }, 3121 { NID_undef, ml_kem_seed, ml_kem_768_pubkey, 3122 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) }, 3123 { NID_undef, ml_kem_seed, ml_kem_1024_pubkey, 3124 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) }, 3125 #endif 3126 }; 3127 3128 #ifndef OPENSSL_NO_ML_KEM 3129 static int 3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, 3131 unsigned char **ret, size_t *retlen) 3132 { 3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3134 EVP_PKEY_CTX *ctx = NULL; 3135 EVP_PKEY *pkey = NULL; 3136 const OSSL_PARAM *p; 3137 OSSL_PARAM *params = NULL; 3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 3139 int ok = 0; 3140 3141 /* Import the seed to generate a key */ 3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); 3143 if (!TEST_ptr(ctx) 3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) 3145 goto done; 3146 parr[0] = OSSL_PARAM_construct_octet_string( 3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); 3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) 3149 goto done; 3150 3151 /* Export the key to get the encoded form */ 3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) 3153 goto done; 3154 3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 3156 if (!TEST_ptr(p) 3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) 3158 goto done; 3159 ok = 1; 3160 3161 done: 3162 EVP_PKEY_free(pkey); 3163 OSSL_PARAM_free(params); 3164 EVP_PKEY_CTX_free(ctx); 3165 return ok; 3166 } 3167 #endif 3168 3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 3170 { 3171 int ret = 0; 3172 uint8_t *buf = NULL; 3173 const uint8_t *in; 3174 uint8_t shortbuf[1]; 3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf); 3176 EVP_PKEY *pkey = NULL; 3177 unsigned char *privalloc = NULL; 3178 const char *name; 3179 3180 /* Check if this algorithm supports public keys */ 3181 if (pub && keys[tst].pub == NULL) 3182 return 1; 3183 3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); 3185 3186 if (pub) { 3187 #ifndef OPENSSL_NO_EC 3188 inlen = keys[tst].publen; 3189 in = keys[tst].pub; 3190 if (uselibctx || keys[tst].name != NULL) { 3191 pkey = EVP_PKEY_new_raw_public_key_ex( 3192 testctx, 3193 name, 3194 NULL, 3195 in, 3196 inlen); 3197 } else { 3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 3199 NULL, 3200 in, 3201 inlen); 3202 } 3203 #else 3204 return 1; 3205 #endif 3206 } else { 3207 inlen = keys[tst].privlen; 3208 in = keys[tst].priv; 3209 #ifndef OPENSSL_NO_ML_KEM 3210 if (in == ml_kem_seed) { 3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, 3212 &privalloc, &inlen))) 3213 goto done; 3214 in = privalloc; 3215 } 3216 #endif 3217 if (uselibctx || keys[tst].name != NULL) { 3218 pkey = EVP_PKEY_new_raw_private_key_ex( 3219 testctx, 3220 name, 3221 NULL, 3222 in, 3223 inlen); 3224 } else { 3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 3226 NULL, 3227 in, 3228 inlen); 3229 } 3230 } 3231 3232 if (!TEST_ptr(pkey) 3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 3236 || !TEST_true(len == inlen)) 3237 goto done; 3238 if (tst != 1) { 3239 /* 3240 * Test that supplying a buffer that is too small fails. Doesn't apply 3241 * to HMAC with a zero length key 3242 */ 3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen))) 3244 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen)))) 3245 goto done; 3246 } 3247 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) 3248 goto done; 3249 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 3250 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 3251 || !TEST_mem_eq(in, inlen, buf, len)) 3252 goto done; 3253 3254 ret = 1; 3255 done: 3256 OPENSSL_free(privalloc); 3257 OPENSSL_free(buf); 3258 EVP_PKEY_free(pkey); 3259 return ret; 3260 } 3261 3262 static int test_set_get_raw_keys(int tst) 3263 { 3264 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 3265 && test_set_get_raw_keys_int(tst, 0, 1) 3266 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 3267 && test_set_get_raw_keys_int(tst, 1, 1); 3268 } 3269 3270 #ifndef OPENSSL_NO_DEPRECATED_3_0 3271 static int pkey_custom_check(EVP_PKEY *pkey) 3272 { 3273 return 0xbeef; 3274 } 3275 3276 static int pkey_custom_pub_check(EVP_PKEY *pkey) 3277 { 3278 return 0xbeef; 3279 } 3280 3281 static int pkey_custom_param_check(EVP_PKEY *pkey) 3282 { 3283 return 0xbeef; 3284 } 3285 3286 static EVP_PKEY_METHOD *custom_pmeth; 3287 #endif 3288 3289 static int test_EVP_PKEY_check(int i) 3290 { 3291 int ret = 0; 3292 EVP_PKEY *pkey = NULL; 3293 EVP_PKEY_CTX *ctx = NULL; 3294 #ifndef OPENSSL_NO_DEPRECATED_3_0 3295 EVP_PKEY_CTX *ctx2 = NULL; 3296 #endif 3297 const APK_DATA *ak = &keycheckdata[i]; 3298 const unsigned char *input = ak->kder; 3299 size_t input_len = ak->size; 3300 int expected_id = ak->evptype; 3301 int expected_check = ak->check; 3302 int expected_pub_check = ak->pub_check; 3303 int expected_param_check = ak->param_check; 3304 int type = ak->type; 3305 3306 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 3307 goto done; 3308 if (type == 0 3309 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 3310 goto done; 3311 3312 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 3313 goto done; 3314 3315 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 3316 goto done; 3317 3318 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 3319 goto done; 3320 3321 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 3322 goto done; 3323 3324 #ifndef OPENSSL_NO_DEPRECATED_3_0 3325 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 3326 /* assign the pkey directly, as an internal test */ 3327 if (!EVP_PKEY_up_ref(pkey)) 3328 goto done; 3329 3330 ctx2->pkey = pkey; 3331 3332 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 3333 goto done; 3334 3335 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 3336 goto done; 3337 3338 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 3339 goto done; 3340 #endif 3341 3342 ret = 1; 3343 3344 done: 3345 EVP_PKEY_CTX_free(ctx); 3346 #ifndef OPENSSL_NO_DEPRECATED_3_0 3347 EVP_PKEY_CTX_free(ctx2); 3348 #endif 3349 EVP_PKEY_free(pkey); 3350 return ret; 3351 } 3352 3353 #ifndef OPENSSL_NO_CMAC 3354 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 3355 { 3356 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 3357 const char msg[] = "Hello World"; 3358 size_t maclen = AES_BLOCK_SIZE; 3359 int ret = 1; 3360 3361 if (!TEST_ptr(mdctx) 3362 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 3363 testpropq, pkey, NULL)) 3364 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 3365 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 3366 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 3367 ret = 0; 3368 3369 EVP_MD_CTX_free(mdctx); 3370 3371 return ret; 3372 } 3373 static int test_CMAC_keygen(void) 3374 { 3375 static unsigned char key[] = { 3376 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3377 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3378 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 3379 }; 3380 EVP_PKEY_CTX *kctx = NULL; 3381 int ret = 0; 3382 EVP_PKEY *pkey = NULL; 3383 unsigned char mac[AES_BLOCK_SIZE]; 3384 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3385 unsigned char mac2[AES_BLOCK_SIZE]; 3386 #endif 3387 3388 if (nullprov != NULL) 3389 return TEST_skip("Test does not support a non-default library context"); 3390 3391 /* 3392 * This is a legacy method for CMACs, but should still work. 3393 * This verifies that it works without an ENGINE. 3394 */ 3395 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 3396 3397 /* Test a CMAC key created using the "generated" method */ 3398 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 3399 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3400 EVP_PKEY_CTRL_CIPHER, 3401 0, (void *)EVP_aes_256_cbc()), 3402 0) 3403 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3404 EVP_PKEY_CTRL_SET_MAC_KEY, 3405 sizeof(key), (void *)key), 3406 0) 3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 3408 || !TEST_ptr(pkey) 3409 || !TEST_true(get_cmac_val(pkey, mac))) 3410 goto done; 3411 3412 #if !defined(OPENSSL_NO_DEPRECATED_3_0) 3413 EVP_PKEY_free(pkey); 3414 3415 /* 3416 * Test a CMAC key using the direct method, and compare with the mac 3417 * created above. 3418 */ 3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); 3420 if (!TEST_ptr(pkey) 3421 || !TEST_true(get_cmac_val(pkey, mac2)) 3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 3423 goto done; 3424 #endif 3425 3426 ret = 1; 3427 3428 done: 3429 EVP_PKEY_free(pkey); 3430 EVP_PKEY_CTX_free(kctx); 3431 return ret; 3432 } 3433 #endif 3434 3435 static int test_HKDF(void) 3436 { 3437 EVP_PKEY_CTX *pctx; 3438 unsigned char out[20]; 3439 size_t outlen; 3440 int i, ret = 0; 3441 unsigned char salt[] = "0123456789"; 3442 unsigned char key[] = "012345678901234567890123456789"; 3443 unsigned char info[] = "infostring"; 3444 const unsigned char expected[] = { 3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 3447 }; 3448 size_t expectedlen = sizeof(expected); 3449 3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3451 goto done; 3452 3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 3454 for (i = 0; i < 2; i++) { 3455 outlen = sizeof(out); 3456 memset(out, 0, outlen); 3457 3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3461 sizeof(salt) - 1), 3462 0) 3463 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3464 sizeof(key) - 1), 3465 0) 3466 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3467 sizeof(info) - 1), 3468 0) 3469 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3470 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3471 goto done; 3472 } 3473 3474 ret = 1; 3475 3476 done: 3477 EVP_PKEY_CTX_free(pctx); 3478 3479 return ret; 3480 } 3481 3482 static int test_emptyikm_HKDF(void) 3483 { 3484 EVP_PKEY_CTX *pctx; 3485 unsigned char out[20]; 3486 size_t outlen; 3487 int ret = 0; 3488 unsigned char salt[] = "9876543210"; 3489 unsigned char key[] = ""; 3490 unsigned char info[] = "stringinfo"; 3491 const unsigned char expected[] = { 3492 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 3493 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 3494 }; 3495 size_t expectedlen = sizeof(expected); 3496 3497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3498 goto done; 3499 3500 outlen = sizeof(out); 3501 memset(out, 0, outlen); 3502 3503 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3504 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3505 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3506 sizeof(salt) - 1), 3507 0) 3508 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3509 sizeof(key) - 1), 3510 0) 3511 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3512 sizeof(info) - 1), 3513 0) 3514 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3515 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3516 goto done; 3517 3518 ret = 1; 3519 3520 done: 3521 EVP_PKEY_CTX_free(pctx); 3522 3523 return ret; 3524 } 3525 3526 static int test_empty_salt_info_HKDF(void) 3527 { 3528 EVP_PKEY_CTX *pctx; 3529 unsigned char out[20]; 3530 size_t outlen; 3531 int ret = 0; 3532 unsigned char salt[] = ""; 3533 unsigned char fake[] = "0123456789"; 3534 unsigned char key[] = "012345678901234567890123456789"; 3535 unsigned char info[] = ""; 3536 const unsigned char expected[] = { 3537 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 3538 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06 3539 }; 3540 size_t expectedlen = sizeof(expected); 3541 3542 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3543 goto done; 3544 3545 outlen = sizeof(out); 3546 memset(out, 0, outlen); 3547 3548 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3549 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3550 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, 3551 sizeof(fake) - 1), 3552 0) 3553 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3554 sizeof(salt) - 1), 3555 0) 3556 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3557 sizeof(key) - 1), 3558 0) 3559 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3560 sizeof(info) - 1), 3561 0) 3562 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3563 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3564 goto done; 3565 3566 ret = 1; 3567 3568 done: 3569 EVP_PKEY_CTX_free(pctx); 3570 3571 return ret; 3572 } 3573 3574 #ifndef OPENSSL_NO_EC 3575 static int test_X509_PUBKEY_inplace(void) 3576 { 3577 int ret = 0; 3578 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 3579 const unsigned char *p = kExampleECPubKeyDER; 3580 size_t input_len = sizeof(kExampleECPubKeyDER); 3581 3582 if (!TEST_ptr(xp)) 3583 goto done; 3584 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 3585 goto done; 3586 3587 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 3588 goto done; 3589 3590 p = kExampleBadECPubKeyDER; 3591 input_len = sizeof(kExampleBadECPubKeyDER); 3592 3593 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 3594 goto done; 3595 3596 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 3597 goto done; 3598 3599 ret = 1; 3600 3601 done: 3602 X509_PUBKEY_free(xp); 3603 return ret; 3604 } 3605 3606 static int test_X509_PUBKEY_dup(void) 3607 { 3608 int ret = 0; 3609 X509_PUBKEY *xp = NULL, *xq = NULL; 3610 const unsigned char *p = kExampleECPubKeyDER; 3611 size_t input_len = sizeof(kExampleECPubKeyDER); 3612 3613 xp = X509_PUBKEY_new_ex(testctx, testpropq); 3614 if (!TEST_ptr(xp) 3615 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 3616 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 3617 || !TEST_ptr_ne(xp, xq)) 3618 goto done; 3619 3620 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 3621 || !TEST_ptr(X509_PUBKEY_get0(xp)) 3622 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 3623 goto done; 3624 3625 X509_PUBKEY_free(xq); 3626 xq = NULL; 3627 p = kExampleBadECPubKeyDER; 3628 input_len = sizeof(kExampleBadECPubKeyDER); 3629 3630 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 3631 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 3632 goto done; 3633 3634 X509_PUBKEY_free(xp); 3635 xp = NULL; 3636 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 3637 goto done; 3638 3639 ret = 1; 3640 3641 done: 3642 X509_PUBKEY_free(xp); 3643 X509_PUBKEY_free(xq); 3644 return ret; 3645 } 3646 #endif /* OPENSSL_NO_EC */ 3647 3648 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 3649 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 3650 { 3651 EVP_MD_CTX *mdctx = NULL; 3652 EVP_PKEY_CTX *ctx = NULL; 3653 const OSSL_PARAM *params; 3654 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 3655 int ret = 0; 3656 const EVP_MD *md; 3657 char mdname[OSSL_MAX_NAME_SIZE]; 3658 char ssl3ms[48]; 3659 3660 /* Initialise a sign operation */ 3661 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 3662 if (!TEST_ptr(ctx) 3663 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 3664 goto err; 3665 3666 /* 3667 * We should be able to query the parameters now. 3668 */ 3669 params = EVP_PKEY_CTX_settable_params(ctx); 3670 if (!TEST_ptr(params) 3671 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3672 OSSL_SIGNATURE_PARAM_DIGEST))) 3673 goto err; 3674 3675 params = EVP_PKEY_CTX_gettable_params(ctx); 3676 if (!TEST_ptr(params) 3677 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3678 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 3679 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3680 OSSL_SIGNATURE_PARAM_DIGEST))) 3681 goto err; 3682 3683 /* 3684 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 3685 * EVP_PKEY_CTX_get_params() 3686 */ 3687 strcpy(mdname, "SHA512"); 3688 param_md = param; 3689 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3690 mdname, 0); 3691 *param++ = OSSL_PARAM_construct_end(); 3692 3693 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 3694 goto err; 3695 3696 mdname[0] = '\0'; 3697 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3698 mdname, sizeof(mdname)); 3699 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 3700 || !TEST_str_eq(mdname, "SHA512")) 3701 goto err; 3702 3703 /* 3704 * Test the TEST_PKEY_CTX_set_signature_md() and 3705 * TEST_PKEY_CTX_get_signature_md() functions 3706 */ 3707 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 3708 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 3709 || !TEST_ptr_eq(md, EVP_sha256())) 3710 goto err; 3711 3712 /* 3713 * Test getting MD parameters via an associated EVP_PKEY_CTX 3714 */ 3715 mdctx = EVP_MD_CTX_new(); 3716 if (!TEST_ptr(mdctx) 3717 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 3718 pkey, NULL))) 3719 goto err; 3720 3721 /* 3722 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 3723 * able to obtain the digest's settable parameters from the provider. 3724 */ 3725 params = EVP_MD_CTX_settable_params(mdctx); 3726 if (!TEST_ptr(params) 3727 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 3728 /* The final key should be NULL */ 3729 || !TEST_ptr_null(params[1].key)) 3730 goto err; 3731 3732 param = ourparams; 3733 memset(ssl3ms, 0, sizeof(ssl3ms)); 3734 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 3735 ssl3ms, sizeof(ssl3ms)); 3736 *param++ = OSSL_PARAM_construct_end(); 3737 3738 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 3739 goto err; 3740 3741 ret = 1; 3742 3743 err: 3744 EVP_MD_CTX_free(mdctx); 3745 EVP_PKEY_CTX_free(ctx); 3746 3747 return ret; 3748 } 3749 3750 #ifndef OPENSSL_NO_DSA 3751 static int test_DSA_get_set_params(void) 3752 { 3753 OSSL_PARAM_BLD *bld = NULL; 3754 OSSL_PARAM *params = NULL; 3755 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 3756 EVP_PKEY_CTX *pctx = NULL; 3757 EVP_PKEY *pkey = NULL; 3758 int ret = 0; 3759 3760 /* 3761 * Setup the parameters for our DSA object. For our purposes they don't 3762 * have to actually be *valid* parameters. We just need to set something. 3763 */ 3764 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 3765 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3766 || !TEST_ptr(p = BN_new()) 3767 || !TEST_ptr(q = BN_new()) 3768 || !TEST_ptr(g = BN_new()) 3769 || !TEST_ptr(pub = BN_new()) 3770 || !TEST_ptr(priv = BN_new())) 3771 goto err; 3772 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 3773 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 3774 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 3775 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 3776 pub)) 3777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 3778 priv))) 3779 goto err; 3780 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3781 goto err; 3782 3783 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3784 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3785 params), 3786 0)) 3787 goto err; 3788 3789 if (!TEST_ptr(pkey)) 3790 goto err; 3791 3792 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3793 3794 err: 3795 EVP_PKEY_free(pkey); 3796 EVP_PKEY_CTX_free(pctx); 3797 OSSL_PARAM_free(params); 3798 OSSL_PARAM_BLD_free(bld); 3799 BN_free(p); 3800 BN_free(q); 3801 BN_free(g); 3802 BN_free(pub); 3803 BN_free(priv); 3804 3805 return ret; 3806 } 3807 3808 /* 3809 * Test combinations of private, public, missing and private + public key 3810 * params to ensure they are all accepted 3811 */ 3812 static int test_DSA_priv_pub(void) 3813 { 3814 return test_EVP_PKEY_ffc_priv_pub("DSA"); 3815 } 3816 3817 #endif /* !OPENSSL_NO_DSA */ 3818 3819 static int test_RSA_get_set_params(void) 3820 { 3821 OSSL_PARAM_BLD *bld = NULL; 3822 OSSL_PARAM *params = NULL; 3823 BIGNUM *n = NULL, *e = NULL, *d = NULL; 3824 EVP_PKEY_CTX *pctx = NULL; 3825 EVP_PKEY *pkey = NULL; 3826 int ret = 0; 3827 3828 /* 3829 * Setup the parameters for our RSA object. For our purposes they don't 3830 * have to actually be *valid* parameters. We just need to set something. 3831 */ 3832 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 3833 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3834 || !TEST_ptr(n = BN_new()) 3835 || !TEST_ptr(e = BN_new()) 3836 || !TEST_ptr(d = BN_new())) 3837 goto err; 3838 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 3839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 3840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 3841 goto err; 3842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3843 goto err; 3844 3845 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3846 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3847 params), 3848 0)) 3849 goto err; 3850 3851 if (!TEST_ptr(pkey)) 3852 goto err; 3853 3854 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3855 3856 err: 3857 EVP_PKEY_free(pkey); 3858 EVP_PKEY_CTX_free(pctx); 3859 OSSL_PARAM_free(params); 3860 OSSL_PARAM_BLD_free(bld); 3861 BN_free(n); 3862 BN_free(e); 3863 BN_free(d); 3864 3865 return ret; 3866 } 3867 3868 static int test_RSA_OAEP_set_get_params(void) 3869 { 3870 int ret = 0; 3871 EVP_PKEY *key = NULL; 3872 EVP_PKEY_CTX *key_ctx = NULL; 3873 3874 if (nullprov != NULL) 3875 return TEST_skip("Test does not support a non-default library context"); 3876 3877 if (!TEST_ptr(key = load_example_rsa_key()) 3878 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 3879 goto err; 3880 3881 { 3882 int padding = RSA_PKCS1_OAEP_PADDING; 3883 OSSL_PARAM params[4]; 3884 3885 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 3886 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3887 OSSL_DIGEST_NAME_SHA2_256, 0); 3888 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3889 OSSL_DIGEST_NAME_SHA1, 0); 3890 params[3] = OSSL_PARAM_construct_end(); 3891 3892 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0)) 3893 goto err; 3894 } 3895 { 3896 OSSL_PARAM params[3]; 3897 char oaepmd[30] = { '\0' }; 3898 char mgf1md[30] = { '\0' }; 3899 3900 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3901 oaepmd, sizeof(oaepmd)); 3902 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3903 mgf1md, sizeof(mgf1md)); 3904 params[2] = OSSL_PARAM_construct_end(); 3905 3906 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 3907 goto err; 3908 3909 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 3910 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 3911 goto err; 3912 } 3913 3914 ret = 1; 3915 3916 err: 3917 EVP_PKEY_free(key); 3918 EVP_PKEY_CTX_free(key_ctx); 3919 3920 return ret; 3921 } 3922 3923 /* https://github.com/openssl/openssl/issues/21288 */ 3924 static int test_RSA_OAEP_set_null_label(void) 3925 { 3926 int ret = 0; 3927 EVP_PKEY *key = NULL; 3928 EVP_PKEY_CTX *key_ctx = NULL; 3929 3930 if (!TEST_ptr(key = load_example_rsa_key()) 3931 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 3932 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 3933 goto err; 3934 3935 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 3936 goto err; 3937 3938 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 3939 goto err; 3940 3941 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 3942 goto err; 3943 3944 ret = 1; 3945 3946 err: 3947 EVP_PKEY_free(key); 3948 EVP_PKEY_CTX_free(key_ctx); 3949 3950 return ret; 3951 } 3952 3953 static int test_RSA_encrypt(void) 3954 { 3955 int ret = 0; 3956 EVP_PKEY *pkey = NULL; 3957 EVP_PKEY_CTX *pctx = NULL; 3958 unsigned char *cbuf = NULL, *pbuf = NULL; 3959 size_t clen = 0, plen = 0; 3960 3961 if (!TEST_ptr(pkey = load_example_rsa_key()) 3962 || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, 3963 pkey, testpropq)) 3964 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) 3965 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) 3966 || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) 3967 || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) 3968 goto done; 3969 3970 /* Require failure when the output buffer is too small */ 3971 plen = clen - 1; 3972 if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) 3973 goto done; 3974 /* flush error stack */ 3975 TEST_openssl_errors(); 3976 3977 /* Check decryption of encrypted result */ 3978 if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) 3979 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 3980 || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) 3981 || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) 3982 || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) 3983 || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) 3984 goto done; 3985 3986 ret = 1; 3987 done: 3988 EVP_PKEY_CTX_free(pctx); 3989 EVP_PKEY_free(pkey); 3990 OPENSSL_free(cbuf); 3991 OPENSSL_free(pbuf); 3992 return ret; 3993 } 3994 3995 #ifndef OPENSSL_NO_DEPRECATED_3_0 3996 static int test_RSA_legacy(void) 3997 { 3998 int ret = 0; 3999 BIGNUM *p = NULL; 4000 BIGNUM *q = NULL; 4001 BIGNUM *n = NULL; 4002 BIGNUM *e = NULL; 4003 BIGNUM *d = NULL; 4004 const EVP_MD *md = EVP_sha256(); 4005 EVP_MD_CTX *ctx = NULL; 4006 EVP_PKEY *pkey = NULL; 4007 RSA *rsa = NULL; 4008 4009 if (nullprov != NULL) 4010 return TEST_skip("Test does not support a non-default library context"); 4011 4012 if (!TEST_ptr(p = BN_dup(BN_value_one())) 4013 || !TEST_ptr(q = BN_dup(BN_value_one())) 4014 || !TEST_ptr(n = BN_dup(BN_value_one())) 4015 || !TEST_ptr(e = BN_dup(BN_value_one())) 4016 || !TEST_ptr(d = BN_dup(BN_value_one()))) 4017 goto err; 4018 4019 if (!TEST_ptr(rsa = RSA_new()) 4020 || !TEST_ptr(pkey = EVP_PKEY_new()) 4021 || !TEST_ptr(ctx = EVP_MD_CTX_new())) 4022 goto err; 4023 4024 if (!TEST_true(RSA_set0_factors(rsa, p, q))) 4025 goto err; 4026 p = NULL; 4027 q = NULL; 4028 4029 if (!TEST_true(RSA_set0_key(rsa, n, e, d))) 4030 goto err; 4031 n = NULL; 4032 e = NULL; 4033 d = NULL; 4034 4035 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) 4036 goto err; 4037 4038 rsa = NULL; 4039 4040 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 4041 goto err; 4042 4043 ret = 1; 4044 4045 err: 4046 RSA_free(rsa); 4047 EVP_MD_CTX_free(ctx); 4048 EVP_PKEY_free(pkey); 4049 BN_free(p); 4050 BN_free(q); 4051 BN_free(n); 4052 BN_free(e); 4053 BN_free(d); 4054 4055 return ret; 4056 } 4057 #endif 4058 4059 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4060 static int test_decrypt_null_chunks(void) 4061 { 4062 EVP_CIPHER_CTX *ctx = NULL; 4063 EVP_CIPHER *cipher = NULL; 4064 const unsigned char key[32] = { 4065 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4066 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4067 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 4068 }; 4069 unsigned char iv[12] = { 4070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 4071 }; 4072 unsigned char msg[] = "It was the best of times, it was the worst of times"; 4073 unsigned char ciphertext[80]; 4074 unsigned char plaintext[80]; 4075 /* We initialise tmp to a non zero value on purpose */ 4076 int ctlen, ptlen, tmp = 99; 4077 int ret = 0; 4078 const int enc_offset = 10, dec_offset = 20; 4079 4080 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 4081 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4082 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 4083 key, iv)) 4084 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 4085 enc_offset)) 4086 /* Deliberate add a zero length update */ 4087 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 4088 0)) 4089 || !TEST_int_eq(tmp, 0) 4090 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 4091 msg + enc_offset, 4092 sizeof(msg) - enc_offset)) 4093 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 4094 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 4095 || !TEST_int_eq(tmp, 0)) 4096 goto err; 4097 4098 /* Deliberately initialise tmp to a non zero value */ 4099 tmp = 99; 4100 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 4101 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 4102 dec_offset)) 4103 /* 4104 * Deliberately add a zero length update. We also deliberately do 4105 * this at a different offset than for encryption. 4106 */ 4107 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 4108 0)) 4109 || !TEST_int_eq(tmp, 0) 4110 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 4111 ciphertext + dec_offset, 4112 ctlen - dec_offset)) 4113 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 4114 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 4115 || !TEST_int_eq(tmp, 0) 4116 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 4117 goto err; 4118 4119 ret = 1; 4120 err: 4121 EVP_CIPHER_CTX_free(ctx); 4122 EVP_CIPHER_free(cipher); 4123 return ret; 4124 } 4125 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 4126 4127 #ifndef OPENSSL_NO_DH 4128 /* 4129 * Test combinations of private, public, missing and private + public key 4130 * params to ensure they are all accepted 4131 */ 4132 static int test_DH_priv_pub(void) 4133 { 4134 return test_EVP_PKEY_ffc_priv_pub("DH"); 4135 } 4136 4137 #ifndef OPENSSL_NO_DEPRECATED_3_0 4138 static int test_EVP_PKEY_set1_DH(void) 4139 { 4140 DH *x942dh = NULL, *noqdh = NULL; 4141 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 4142 int ret = 0; 4143 BIGNUM *p, *g = NULL; 4144 BIGNUM *pubkey = NULL; 4145 unsigned char pub[2048 / 8]; 4146 size_t len = 0; 4147 4148 if (!TEST_ptr(p = BN_new()) 4149 || !TEST_ptr(g = BN_new()) 4150 || !TEST_ptr(pubkey = BN_new()) 4151 || !TEST_true(BN_set_word(p, 9999)) 4152 || !TEST_true(BN_set_word(g, 2)) 4153 || !TEST_true(BN_set_word(pubkey, 4321)) 4154 || !TEST_ptr(noqdh = DH_new()) 4155 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 4156 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 4157 || !TEST_ptr(pubkey = BN_new()) 4158 || !TEST_true(BN_set_word(pubkey, 4321))) 4159 goto err; 4160 p = g = NULL; 4161 4162 x942dh = DH_get_2048_256(); 4163 pkey1 = EVP_PKEY_new(); 4164 pkey2 = EVP_PKEY_new(); 4165 if (!TEST_ptr(x942dh) 4166 || !TEST_ptr(noqdh) 4167 || !TEST_ptr(pkey1) 4168 || !TEST_ptr(pkey2) 4169 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 4170 goto err; 4171 pubkey = NULL; 4172 4173 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 4174 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 4175 goto err; 4176 4177 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 4178 &pubkey)) 4179 || !TEST_ptr(pubkey)) 4180 goto err; 4181 4182 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 4183 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 4184 goto err; 4185 4186 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 4187 OSSL_PKEY_PARAM_PUB_KEY, 4188 pub, sizeof(pub), &len)) 4189 || !TEST_size_t_ne(len, 0)) 4190 goto err; 4191 4192 ret = 1; 4193 err: 4194 BN_free(p); 4195 BN_free(g); 4196 BN_free(pubkey); 4197 EVP_PKEY_free(pkey1); 4198 EVP_PKEY_free(pkey2); 4199 DH_free(x942dh); 4200 DH_free(noqdh); 4201 4202 return ret; 4203 } 4204 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 4205 #endif /* !OPENSSL_NO_DH */ 4206 4207 /* 4208 * We test what happens with an empty template. For the sake of this test, 4209 * the template must be ignored, and we know that's the case for RSA keys 4210 * (this might arguably be a misfeature, but that's what we currently do, 4211 * even in provider code, since that's how the legacy RSA implementation 4212 * does things) 4213 */ 4214 static int test_keygen_with_empty_template(int n) 4215 { 4216 EVP_PKEY_CTX *ctx = NULL; 4217 EVP_PKEY *pkey = NULL; 4218 EVP_PKEY *tkey = NULL; 4219 int ret = 0; 4220 4221 if (nullprov != NULL) 4222 return TEST_skip("Test does not support a non-default library context"); 4223 4224 switch (n) { 4225 case 0: 4226 /* We do test with no template at all as well */ 4227 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 4228 goto err; 4229 break; 4230 case 1: 4231 /* Here we create an empty RSA key that serves as our template */ 4232 if (!TEST_ptr(tkey = EVP_PKEY_new()) 4233 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 4234 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 4235 goto err; 4236 break; 4237 } 4238 4239 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4240 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 4241 goto err; 4242 4243 ret = 1; 4244 err: 4245 EVP_PKEY_CTX_free(ctx); 4246 EVP_PKEY_free(pkey); 4247 EVP_PKEY_free(tkey); 4248 return ret; 4249 } 4250 4251 /* 4252 * Test that we fail if we attempt to use an algorithm that is not available 4253 * in the current library context (unless we are using an algorithm that 4254 * should be made available via legacy codepaths). 4255 * 4256 * 0: RSA 4257 * 1: SM2 4258 */ 4259 static int test_pkey_ctx_fail_without_provider(int tst) 4260 { 4261 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 4262 OSSL_PROVIDER *tmpnullprov = NULL; 4263 EVP_PKEY_CTX *pctx = NULL; 4264 const char *keytype = NULL; 4265 int expect_null = 0; 4266 int ret = 0; 4267 4268 if (!TEST_ptr(tmpctx)) 4269 goto err; 4270 4271 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 4272 if (!TEST_ptr(tmpnullprov)) 4273 goto err; 4274 4275 /* 4276 * We check for certain algos in the null provider. 4277 * If an algo is expected to have a provider keymgmt, constructing an 4278 * EVP_PKEY_CTX is expected to fail (return NULL). 4279 * Otherwise, if it's expected to have legacy support, constructing an 4280 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 4281 */ 4282 switch (tst) { 4283 case 0: 4284 keytype = "RSA"; 4285 expect_null = 1; 4286 break; 4287 case 1: 4288 keytype = "SM2"; 4289 expect_null = 1; 4290 #ifdef OPENSSL_NO_EC 4291 TEST_info("EC disable, skipping SM2 check..."); 4292 goto end; 4293 #endif 4294 #ifdef OPENSSL_NO_SM2 4295 TEST_info("SM2 disable, skipping SM2 check..."); 4296 goto end; 4297 #endif 4298 break; 4299 default: 4300 TEST_error("No test for case %d", tst); 4301 goto err; 4302 } 4303 4304 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 4305 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 4306 goto err; 4307 4308 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 4309 end: 4310 #endif 4311 ret = 1; 4312 4313 err: 4314 EVP_PKEY_CTX_free(pctx); 4315 OSSL_PROVIDER_unload(tmpnullprov); 4316 OSSL_LIB_CTX_free(tmpctx); 4317 return ret; 4318 } 4319 4320 static int test_rand_agglomeration(void) 4321 { 4322 EVP_RAND *rand; 4323 EVP_RAND_CTX *ctx; 4324 OSSL_PARAM params[3], *p = params; 4325 int res; 4326 unsigned int step = 7; 4327 static unsigned char seed[] = "It does not matter how slowly you go " 4328 "as long as you do not stop."; 4329 unsigned char out[sizeof(seed)]; 4330 4331 if (!TEST_int_ne(sizeof(seed) % step, 0) 4332 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 4333 return 0; 4334 ctx = EVP_RAND_CTX_new(rand, NULL); 4335 EVP_RAND_free(rand); 4336 if (!TEST_ptr(ctx)) 4337 return 0; 4338 4339 memset(out, 0, sizeof(out)); 4340 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 4341 seed, sizeof(seed)); 4342 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 4343 *p = OSSL_PARAM_construct_end(); 4344 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 4345 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 4346 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 4347 EVP_RAND_CTX_free(ctx); 4348 return res; 4349 } 4350 4351 /* 4352 * Test that we correctly return the original or "running" IV after 4353 * an encryption operation. 4354 * Run multiple times for some different relevant algorithms/modes. 4355 */ 4356 static int test_evp_iv_aes(int idx) 4357 { 4358 int ret = 0; 4359 EVP_CIPHER_CTX *ctx = NULL; 4360 unsigned char key[16] = { 4361 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 4362 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 4363 }; 4364 unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 4365 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4366 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4367 }; 4368 static const unsigned char msg[] = { 4369 1, 2, 3, 4, 5, 6, 7, 8, 4370 9, 10, 11, 12, 13, 14, 15, 16 4371 }; 4372 unsigned char ciphertext[32], oiv[16], iv[16]; 4373 unsigned char *ref_iv; 4374 unsigned char cbc_state[16] = { 4375 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 4376 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e 4377 }; 4378 4379 unsigned char ofb_state[16] = { 4380 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 4381 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd 4382 }; 4383 unsigned char cfb_state[16] = { 4384 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 4385 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed 4386 }; 4387 unsigned char gcm_state[12] = { 4388 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4389 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4390 }; 4391 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; 4392 #ifndef OPENSSL_NO_OCB 4393 unsigned char ocb_state[12] = { 4394 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4395 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4396 }; 4397 #endif 4398 int len = sizeof(ciphertext); 4399 size_t ivlen, ref_len; 4400 const EVP_CIPHER *type = NULL; 4401 int iv_reset = 0; 4402 4403 if (nullprov != NULL && idx < 6) 4404 return TEST_skip("Test does not support a non-default library context"); 4405 4406 switch (idx) { 4407 case 0: 4408 type = EVP_aes_128_cbc(); 4409 /* FALLTHROUGH */ 4410 case 6: 4411 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 4412 ref_iv = cbc_state; 4413 ref_len = sizeof(cbc_state); 4414 iv_reset = 1; 4415 break; 4416 case 1: 4417 type = EVP_aes_128_ofb(); 4418 /* FALLTHROUGH */ 4419 case 7: 4420 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 4421 ref_iv = ofb_state; 4422 ref_len = sizeof(ofb_state); 4423 iv_reset = 1; 4424 break; 4425 case 2: 4426 type = EVP_aes_128_cfb(); 4427 /* FALLTHROUGH */ 4428 case 8: 4429 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 4430 ref_iv = cfb_state; 4431 ref_len = sizeof(cfb_state); 4432 iv_reset = 1; 4433 break; 4434 case 3: 4435 type = EVP_aes_128_gcm(); 4436 /* FALLTHROUGH */ 4437 case 9: 4438 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 4439 ref_iv = gcm_state; 4440 ref_len = sizeof(gcm_state); 4441 break; 4442 case 4: 4443 type = EVP_aes_128_ccm(); 4444 /* FALLTHROUGH */ 4445 case 10: 4446 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 4447 ref_iv = ccm_state; 4448 ref_len = sizeof(ccm_state); 4449 break; 4450 #ifdef OPENSSL_NO_OCB 4451 case 5: 4452 case 11: 4453 return 1; 4454 #else 4455 case 5: 4456 type = EVP_aes_128_ocb(); 4457 /* FALLTHROUGH */ 4458 case 11: 4459 type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 4460 ref_iv = ocb_state; 4461 ref_len = sizeof(ocb_state); 4462 break; 4463 #endif 4464 default: 4465 return 0; 4466 } 4467 4468 if (!TEST_ptr(type) 4469 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4470 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4471 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4472 (int)sizeof(msg))) 4473 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4474 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4475 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4476 goto err; 4477 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4478 4479 if (!TEST_int_gt(ivlen, 0)) 4480 goto err; 4481 4482 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4483 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4484 goto err; 4485 4486 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 4487 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4488 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4489 goto err; 4490 if (iv_reset) { 4491 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4492 goto err; 4493 } else { 4494 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 4495 goto err; 4496 } 4497 4498 ret = 1; 4499 err: 4500 EVP_CIPHER_CTX_free(ctx); 4501 if (idx >= 6) 4502 EVP_CIPHER_free((EVP_CIPHER *)type); 4503 return ret; 4504 } 4505 4506 #ifndef OPENSSL_NO_DES 4507 static int test_evp_iv_des(int idx) 4508 { 4509 int ret = 0; 4510 EVP_CIPHER_CTX *ctx = NULL; 4511 static const unsigned char key[24] = { 4512 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 4513 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 4514 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4515 }; 4516 static const unsigned char init_iv[8] = { 4517 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4518 }; 4519 static const unsigned char msg[] = { 4520 1, 2, 3, 4, 5, 6, 7, 8, 4521 9, 10, 11, 12, 13, 14, 15, 16 4522 }; 4523 unsigned char ciphertext[32], oiv[8], iv[8]; 4524 unsigned const char *ref_iv; 4525 static const unsigned char cbc_state_des[8] = { 4526 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 4527 }; 4528 static const unsigned char cbc_state_3des[8] = { 4529 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 4530 }; 4531 static const unsigned char ofb_state_des[8] = { 4532 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 4533 }; 4534 static const unsigned char ofb_state_3des[8] = { 4535 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 4536 }; 4537 static const unsigned char cfb_state_des[8] = { 4538 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 4539 }; 4540 static const unsigned char cfb_state_3des[8] = { 4541 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 4542 }; 4543 int len = sizeof(ciphertext); 4544 size_t ivlen, ref_len; 4545 EVP_CIPHER *type = NULL; 4546 4547 if (lgcyprov == NULL && idx < 3) 4548 return TEST_skip("Test requires legacy provider to be loaded"); 4549 4550 switch (idx) { 4551 case 0: 4552 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 4553 ref_iv = cbc_state_des; 4554 ref_len = sizeof(cbc_state_des); 4555 break; 4556 case 1: 4557 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 4558 ref_iv = ofb_state_des; 4559 ref_len = sizeof(ofb_state_des); 4560 break; 4561 case 2: 4562 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 4563 ref_iv = cfb_state_des; 4564 ref_len = sizeof(cfb_state_des); 4565 break; 4566 case 3: 4567 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 4568 ref_iv = cbc_state_3des; 4569 ref_len = sizeof(cbc_state_3des); 4570 break; 4571 case 4: 4572 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 4573 ref_iv = ofb_state_3des; 4574 ref_len = sizeof(ofb_state_3des); 4575 break; 4576 case 5: 4577 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 4578 ref_iv = cfb_state_3des; 4579 ref_len = sizeof(cfb_state_3des); 4580 break; 4581 default: 4582 return 0; 4583 } 4584 4585 if (!TEST_ptr(type) 4586 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4587 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4588 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4589 (int)sizeof(msg))) 4590 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4591 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4592 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4593 goto err; 4594 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4595 4596 if (!TEST_int_gt(ivlen, 0)) 4597 goto err; 4598 4599 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4600 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4601 goto err; 4602 4603 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4604 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4605 goto err; 4606 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4607 goto err; 4608 4609 ret = 1; 4610 err: 4611 EVP_CIPHER_CTX_free(ctx); 4612 EVP_CIPHER_free(type); 4613 return ret; 4614 } 4615 #endif 4616 4617 #ifndef OPENSSL_NO_BF 4618 static int test_evp_bf_default_keylen(int idx) 4619 { 4620 int ret = 0; 4621 static const char *algos[4] = { 4622 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 4623 }; 4624 int ivlen[4] = { 0, 8, 8, 8 }; 4625 EVP_CIPHER *cipher = NULL; 4626 4627 if (lgcyprov == NULL) 4628 return TEST_skip("Test requires legacy provider to be loaded"); 4629 4630 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 4631 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 4632 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 4633 goto err; 4634 4635 ret = 1; 4636 err: 4637 EVP_CIPHER_free(cipher); 4638 return ret; 4639 } 4640 #endif 4641 4642 #ifndef OPENSSL_NO_EC 4643 static int ecpub_nids[] = { 4644 NID_brainpoolP256r1, NID_X9_62_prime256v1, 4645 NID_secp384r1, NID_secp521r1, 4646 #ifndef OPENSSL_NO_EC2M 4647 NID_sect233k1, NID_sect233r1, NID_sect283r1, 4648 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 4649 #endif 4650 NID_brainpoolP384r1, NID_brainpoolP512r1 4651 }; 4652 4653 static int test_ecpub(int idx) 4654 { 4655 int ret = 0, len, savelen; 4656 int nid; 4657 unsigned char buf[1024]; 4658 unsigned char *p; 4659 EVP_PKEY *pkey = NULL; 4660 EVP_PKEY_CTX *ctx = NULL; 4661 #ifndef OPENSSL_NO_DEPRECATED_3_0 4662 const unsigned char *q; 4663 EVP_PKEY *pkey2 = NULL; 4664 EC_KEY *ec = NULL; 4665 #endif 4666 4667 if (nullprov != NULL) 4668 return TEST_skip("Test does not support a non-default library context"); 4669 4670 nid = ecpub_nids[idx]; 4671 4672 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 4673 if (!TEST_ptr(ctx) 4674 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4675 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 4676 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 4677 goto done; 4678 len = i2d_PublicKey(pkey, NULL); 4679 savelen = len; 4680 if (!TEST_int_ge(len, 1) 4681 || !TEST_int_lt(len, 1024)) 4682 goto done; 4683 p = buf; 4684 len = i2d_PublicKey(pkey, &p); 4685 if (!TEST_int_ge(len, 1) 4686 || !TEST_int_eq(len, savelen)) 4687 goto done; 4688 4689 #ifndef OPENSSL_NO_DEPRECATED_3_0 4690 /* Now try to decode the just-created DER. */ 4691 q = buf; 4692 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 4693 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 4694 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 4695 goto done; 4696 /* EC_KEY ownership transferred */ 4697 ec = NULL; 4698 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 4699 goto done; 4700 /* The keys should match. */ 4701 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 4702 goto done; 4703 #endif 4704 4705 ret = 1; 4706 4707 done: 4708 EVP_PKEY_CTX_free(ctx); 4709 EVP_PKEY_free(pkey); 4710 #ifndef OPENSSL_NO_DEPRECATED_3_0 4711 EVP_PKEY_free(pkey2); 4712 EC_KEY_free(ec); 4713 #endif 4714 return ret; 4715 } 4716 #endif 4717 4718 static int test_EVP_rsa_pss_with_keygen_bits(void) 4719 { 4720 int ret = 0; 4721 EVP_PKEY_CTX *ctx = NULL; 4722 EVP_PKEY *pkey = NULL; 4723 EVP_MD *md; 4724 4725 md = EVP_MD_fetch(testctx, "sha256", testpropq); 4726 ret = TEST_ptr(md) 4727 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 4728 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4729 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 4730 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 4731 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 4732 4733 EVP_MD_free(md); 4734 EVP_PKEY_free(pkey); 4735 EVP_PKEY_CTX_free(ctx); 4736 return ret; 4737 } 4738 4739 static int test_EVP_rsa_pss_set_saltlen(void) 4740 { 4741 int ret = 0; 4742 EVP_PKEY *pkey = NULL; 4743 EVP_PKEY_CTX *pkey_ctx = NULL; 4744 EVP_MD *sha256 = NULL; 4745 EVP_MD_CTX *sha256_ctx = NULL; 4746 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 4747 const int test_value = 32; 4748 4749 ret = TEST_ptr(pkey = load_example_rsa_key()) 4750 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 4751 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 4752 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 4753 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 4754 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 4755 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 4756 && TEST_int_eq(saltlen, test_value); 4757 4758 EVP_MD_CTX_free(sha256_ctx); 4759 EVP_PKEY_free(pkey); 4760 EVP_MD_free(sha256); 4761 4762 return ret; 4763 } 4764 4765 static int test_EVP_rsa_invalid_key(void) 4766 { 4767 int ret = 0; 4768 EVP_PKEY *pkey = NULL; 4769 4770 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); 4771 /* we expect to fail to load bogus key */ 4772 ret = !TEST_ptr(pkey); 4773 EVP_PKEY_free(pkey); 4774 4775 return ret; 4776 } 4777 4778 static int success = 1; 4779 static void md_names(const char *name, void *vctx) 4780 { 4781 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 4782 /* Force a namemap update */ 4783 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 4784 4785 if (!TEST_ptr(aes128)) 4786 success = 0; 4787 4788 EVP_CIPHER_free(aes128); 4789 } 4790 4791 /* 4792 * Test that changing the namemap in a user callback works in a names_do_all 4793 * function. 4794 */ 4795 static int test_names_do_all(void) 4796 { 4797 /* We use a custom libctx so that we know the state of the namemap */ 4798 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 4799 EVP_MD *sha256 = NULL; 4800 int testresult = 0; 4801 4802 if (!TEST_ptr(ctx)) 4803 goto err; 4804 4805 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 4806 if (!TEST_ptr(sha256)) 4807 goto err; 4808 4809 /* 4810 * We loop through all the names for a given digest. This should still work 4811 * even if the namemap changes part way through. 4812 */ 4813 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 4814 goto err; 4815 4816 if (!TEST_true(success)) 4817 goto err; 4818 4819 testresult = 1; 4820 err: 4821 EVP_MD_free(sha256); 4822 OSSL_LIB_CTX_free(ctx); 4823 return testresult; 4824 } 4825 4826 typedef struct { 4827 const char *cipher; 4828 const unsigned char *key; 4829 const unsigned char *iv; 4830 const unsigned char *input; 4831 const unsigned char *expected; 4832 const unsigned char *tag; 4833 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 4834 size_t inlen; 4835 size_t expectedlen; 4836 size_t taglen; 4837 int keyfirst; 4838 int initenc; 4839 int finalenc; 4840 } EVP_INIT_TEST_st; 4841 4842 static const EVP_INIT_TEST_st evp_init_tests[] = { 4843 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4844 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4845 0, 1, 0, 1 }, 4846 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4847 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4848 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4849 sizeof(gcmDefaultTag), 1, 0, 1 }, 4850 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4851 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4852 0, 0, 0, 1 }, 4853 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4854 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4855 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4856 sizeof(gcmDefaultTag), 0, 0, 1 }, 4857 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4858 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4859 0, 1, 1, 0 }, 4860 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4861 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4862 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4863 sizeof(gcmDefaultTag), 1, 1, 0 }, 4864 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4865 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4866 0, 0, 1, 0 }, 4867 { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4868 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4869 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4870 sizeof(gcmDefaultTag), 0, 1, 0 } 4871 }; 4872 4873 /* use same key, iv and plaintext for cfb and ofb */ 4874 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 4875 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4876 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4877 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 }, 4878 { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 4879 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 4880 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 4881 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4882 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4883 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 }, 4884 { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 4885 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 4886 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, 4887 }; 4888 4889 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 4890 { 4891 int res = 0; 4892 4893 if (t->ivlen != 0) { 4894 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 4895 goto err; 4896 } 4897 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 4898 goto err; 4899 res = 1; 4900 err: 4901 return res; 4902 } 4903 4904 /* 4905 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 4906 * arguments are given one at a time and a final adjustment to the enc 4907 * parameter sets the correct operation. 4908 */ 4909 static int test_evp_init_seq(int idx) 4910 { 4911 int outlen1, outlen2; 4912 int testresult = 0; 4913 unsigned char outbuf[1024]; 4914 unsigned char tag[16]; 4915 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 4916 EVP_CIPHER_CTX *ctx = NULL; 4917 EVP_CIPHER *type = NULL; 4918 size_t taglen = sizeof(tag); 4919 char *errmsg = NULL; 4920 4921 ctx = EVP_CIPHER_CTX_new(); 4922 if (ctx == NULL) { 4923 errmsg = "CTX_ALLOC"; 4924 goto err; 4925 } 4926 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 4927 errmsg = "CIPHER_FETCH"; 4928 goto err; 4929 } 4930 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 4931 errmsg = "EMPTY_ENC_INIT"; 4932 goto err; 4933 } 4934 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4935 errmsg = "PADDING"; 4936 goto err; 4937 } 4938 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4939 errmsg = "KEY_INIT (before iv)"; 4940 goto err; 4941 } 4942 if (!evp_init_seq_set_iv(ctx, t)) { 4943 errmsg = "IV_INIT"; 4944 goto err; 4945 } 4946 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4947 errmsg = "KEY_INIT (after iv)"; 4948 goto err; 4949 } 4950 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 4951 errmsg = "FINAL_ENC_INIT"; 4952 goto err; 4953 } 4954 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4955 errmsg = "CIPHER_UPDATE"; 4956 goto err; 4957 } 4958 if (t->finalenc == 0 && t->tag != NULL) { 4959 /* Set expected tag */ 4960 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 4961 t->taglen, (void *)t->tag), 4962 0)) { 4963 errmsg = "SET_TAG"; 4964 goto err; 4965 } 4966 } 4967 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4968 errmsg = "CIPHER_FINAL"; 4969 goto err; 4970 } 4971 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4972 errmsg = "WRONG_RESULT"; 4973 goto err; 4974 } 4975 if (t->finalenc != 0 && t->tag != NULL) { 4976 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4977 errmsg = "GET_TAG"; 4978 goto err; 4979 } 4980 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 4981 errmsg = "TAG_ERROR"; 4982 goto err; 4983 } 4984 } 4985 testresult = 1; 4986 err: 4987 if (errmsg != NULL) 4988 TEST_info("evp_init_test %d: %s", idx, errmsg); 4989 EVP_CIPHER_CTX_free(ctx); 4990 EVP_CIPHER_free(type); 4991 return testresult; 4992 } 4993 4994 /* 4995 * Test re-initialization of cipher context without changing key or iv. 4996 * The result of both iteration should be the same. 4997 */ 4998 static int test_evp_reinit_seq(int idx) 4999 { 5000 int outlen1, outlen2, outlen_final; 5001 int testresult = 0; 5002 unsigned char outbuf1[1024]; 5003 unsigned char outbuf2[1024]; 5004 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 5005 EVP_CIPHER_CTX *ctx = NULL; 5006 EVP_CIPHER *type = NULL; 5007 5008 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5009 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 5010 /* setup cipher context */ 5011 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 5012 /* first iteration */ 5013 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 5014 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 5015 /* check test results iteration 1 */ 5016 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 5017 /* now re-init the context (same cipher, key and iv) */ 5018 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 5019 /* second iteration */ 5020 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 5021 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 5022 /* check test results iteration 2 */ 5023 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 5024 goto err; 5025 testresult = 1; 5026 err: 5027 EVP_CIPHER_CTX_free(ctx); 5028 EVP_CIPHER_free(type); 5029 return testresult; 5030 } 5031 5032 typedef struct { 5033 const unsigned char *input; 5034 const unsigned char *expected; 5035 size_t inlen; 5036 size_t expectedlen; 5037 int enc; 5038 } EVP_RESET_TEST_st; 5039 5040 static const EVP_RESET_TEST_st evp_reset_tests[] = { 5041 { cfbPlaintext, cfbCiphertext, 5042 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 }, 5043 { cfbCiphertext, cfbPlaintext, 5044 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 } 5045 }; 5046 5047 /* 5048 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 5049 * been used. 5050 */ 5051 static int test_evp_reset(int idx) 5052 { 5053 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 5054 int outlen1, outlen2; 5055 int testresult = 0; 5056 unsigned char outbuf[1024]; 5057 EVP_CIPHER_CTX *ctx = NULL; 5058 EVP_CIPHER *type = NULL; 5059 char *errmsg = NULL; 5060 5061 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5062 errmsg = "CTX_ALLOC"; 5063 goto err; 5064 } 5065 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 5066 errmsg = "CIPHER_FETCH"; 5067 goto err; 5068 } 5069 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5070 errmsg = "CIPHER_INIT"; 5071 goto err; 5072 } 5073 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5074 errmsg = "PADDING"; 5075 goto err; 5076 } 5077 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5078 errmsg = "CIPHER_UPDATE"; 5079 goto err; 5080 } 5081 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5082 errmsg = "CIPHER_FINAL"; 5083 goto err; 5084 } 5085 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5086 errmsg = "WRONG_RESULT"; 5087 goto err; 5088 } 5089 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 5090 errmsg = "CIPHER_REINIT"; 5091 goto err; 5092 } 5093 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5094 errmsg = "CIPHER_UPDATE (reinit)"; 5095 goto err; 5096 } 5097 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5098 errmsg = "CIPHER_FINAL (reinit)"; 5099 goto err; 5100 } 5101 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5102 errmsg = "WRONG_RESULT (reinit)"; 5103 goto err; 5104 } 5105 testresult = 1; 5106 err: 5107 if (errmsg != NULL) 5108 TEST_info("test_evp_reset %d: %s", idx, errmsg); 5109 EVP_CIPHER_CTX_free(ctx); 5110 EVP_CIPHER_free(type); 5111 return testresult; 5112 } 5113 5114 typedef struct { 5115 const char *cipher; 5116 int enc; 5117 } EVP_UPDATED_IV_TEST_st; 5118 5119 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 5120 { "aes-128-cfb", 1 }, 5121 { "aes-128-cfb", 0 }, 5122 { "aes-128-cfb1", 1 }, 5123 { "aes-128-cfb1", 0 }, 5124 { "aes-128-cfb8", 1 }, 5125 { "aes-128-cfb8", 0 }, 5126 { "aes-128-ofb", 1 }, 5127 { "aes-128-ofb", 0 }, 5128 { "aes-128-ctr", 1 }, 5129 { "aes-128-ctr", 0 }, 5130 { "aes-128-cbc", 1 }, 5131 { "aes-128-cbc", 0 } 5132 }; 5133 5134 /* 5135 * Test that the IV in the context is updated during a crypto operation for CFB 5136 * and OFB. 5137 */ 5138 static int test_evp_updated_iv(int idx) 5139 { 5140 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 5141 int outlen1, outlen2; 5142 int testresult = 0; 5143 unsigned char outbuf[1024]; 5144 EVP_CIPHER_CTX *ctx = NULL; 5145 EVP_CIPHER *type = NULL; 5146 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 5147 int iv_len; 5148 char *errmsg = NULL; 5149 5150 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5151 errmsg = "CTX_ALLOC"; 5152 goto err; 5153 } 5154 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 5155 TEST_info("cipher %s not supported, skipping", t->cipher); 5156 goto ok; 5157 } 5158 5159 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5160 errmsg = "CIPHER_INIT"; 5161 goto err; 5162 } 5163 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5164 errmsg = "PADDING"; 5165 goto err; 5166 } 5167 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 5168 errmsg = "CIPHER_UPDATE"; 5169 goto err; 5170 } 5171 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 5172 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 5173 goto err; 5174 } 5175 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); 5176 if (!TEST_int_ge(iv_len, 0)) { 5177 errmsg = "CIPHER_CTX_GET_IV_LEN"; 5178 goto err; 5179 } 5180 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 5181 errmsg = "IV_NOT_UPDATED"; 5182 goto err; 5183 } 5184 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5185 errmsg = "CIPHER_FINAL"; 5186 goto err; 5187 } 5188 ok: 5189 testresult = 1; 5190 err: 5191 if (errmsg != NULL) 5192 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 5193 EVP_CIPHER_CTX_free(ctx); 5194 EVP_CIPHER_free(type); 5195 return testresult; 5196 } 5197 5198 typedef struct { 5199 const unsigned char *iv1; 5200 const unsigned char *iv2; 5201 const unsigned char *expected1; 5202 const unsigned char *expected2; 5203 const unsigned char *tag1; 5204 const unsigned char *tag2; 5205 size_t ivlen1; 5206 size_t ivlen2; 5207 size_t expectedlen1; 5208 size_t expectedlen2; 5209 } TEST_GCM_IV_REINIT_st; 5210 5211 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 5212 { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 5213 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 5214 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) }, 5215 { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 5216 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 5217 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) } 5218 }; 5219 5220 static int test_gcm_reinit(int idx) 5221 { 5222 int outlen1, outlen2, outlen3; 5223 int testresult = 0; 5224 unsigned char outbuf[1024]; 5225 unsigned char tag[16]; 5226 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 5227 EVP_CIPHER_CTX *ctx = NULL; 5228 EVP_CIPHER *type = NULL; 5229 size_t taglen = sizeof(tag); 5230 char *errmsg = NULL; 5231 5232 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5233 errmsg = "CTX_ALLOC"; 5234 goto err; 5235 } 5236 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 5237 errmsg = "CIPHER_FETCH"; 5238 goto err; 5239 } 5240 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 5241 errmsg = "ENC_INIT"; 5242 goto err; 5243 } 5244 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 5245 errmsg = "SET_IVLEN1"; 5246 goto err; 5247 } 5248 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 5249 errmsg = "SET_IV1"; 5250 goto err; 5251 } 5252 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5253 errmsg = "AAD1"; 5254 goto err; 5255 } 5256 EVP_CIPHER_CTX_set_padding(ctx, 0); 5257 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5258 sizeof(gcmResetPlaintext)))) { 5259 errmsg = "CIPHER_UPDATE1"; 5260 goto err; 5261 } 5262 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5263 errmsg = "CIPHER_FINAL1"; 5264 goto err; 5265 } 5266 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 5267 errmsg = "WRONG_RESULT1"; 5268 goto err; 5269 } 5270 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5271 errmsg = "GET_TAG1"; 5272 goto err; 5273 } 5274 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 5275 errmsg = "TAG_ERROR1"; 5276 goto err; 5277 } 5278 /* Now reinit */ 5279 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 5280 errmsg = "SET_IVLEN2"; 5281 goto err; 5282 } 5283 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 5284 errmsg = "SET_IV2"; 5285 goto err; 5286 } 5287 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5288 errmsg = "AAD2"; 5289 goto err; 5290 } 5291 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5292 sizeof(gcmResetPlaintext)))) { 5293 errmsg = "CIPHER_UPDATE2"; 5294 goto err; 5295 } 5296 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5297 errmsg = "CIPHER_FINAL2"; 5298 goto err; 5299 } 5300 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 5301 errmsg = "WRONG_RESULT2"; 5302 goto err; 5303 } 5304 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5305 errmsg = "GET_TAG2"; 5306 goto err; 5307 } 5308 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 5309 errmsg = "TAG_ERROR2"; 5310 goto err; 5311 } 5312 testresult = 1; 5313 err: 5314 if (errmsg != NULL) 5315 TEST_info("evp_init_test %d: %s", idx, errmsg); 5316 EVP_CIPHER_CTX_free(ctx); 5317 EVP_CIPHER_free(type); 5318 return testresult; 5319 } 5320 5321 static const char *ivlen_change_ciphers[] = { 5322 "AES-256-GCM", 5323 #ifndef OPENSSL_NO_OCB 5324 "AES-256-OCB", 5325 #endif 5326 "AES-256-CCM" 5327 }; 5328 5329 /* Negative test for ivlen change after iv being set */ 5330 static int test_ivlen_change(int idx) 5331 { 5332 int outlen; 5333 int res = 0; 5334 unsigned char outbuf[1024]; 5335 static const unsigned char iv[] = { 5336 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5337 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5338 }; 5339 EVP_CIPHER_CTX *ctx = NULL; 5340 EVP_CIPHER *ciph = NULL; 5341 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5342 size_t ivlen = 13; /* non-default IV length */ 5343 5344 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5345 goto err; 5346 5347 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 5348 testpropq))) 5349 goto err; 5350 5351 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 5352 goto err; 5353 5354 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5355 sizeof(gcmDefaultPlaintext)))) 5356 goto err; 5357 5358 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5359 &ivlen); 5360 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5361 goto err; 5362 5363 ERR_set_mark(); 5364 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5365 sizeof(gcmDefaultPlaintext)))) { 5366 ERR_clear_last_mark(); 5367 goto err; 5368 } 5369 ERR_pop_to_mark(); 5370 5371 res = 1; 5372 err: 5373 EVP_CIPHER_CTX_free(ctx); 5374 EVP_CIPHER_free(ciph); 5375 return res; 5376 } 5377 5378 static const char *keylen_change_ciphers[] = { 5379 #ifndef OPENSSL_NO_BF 5380 "BF-ECB", 5381 #endif 5382 #ifndef OPENSSL_NO_CAST 5383 "CAST5-ECB", 5384 #endif 5385 #ifndef OPENSSL_NO_RC2 5386 "RC2-ECB", 5387 #endif 5388 #ifndef OPENSSL_NO_RC4 5389 "RC4", 5390 #endif 5391 #ifndef OPENSSL_NO_RC5 5392 "RC5-ECB", 5393 #endif 5394 NULL 5395 }; 5396 5397 /* Negative test for keylen change after key was set */ 5398 static int test_keylen_change(int idx) 5399 { 5400 int outlen; 5401 int res = 0; 5402 unsigned char outbuf[1024]; 5403 static const unsigned char key[] = { 5404 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5405 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5406 }; 5407 EVP_CIPHER_CTX *ctx = NULL; 5408 EVP_CIPHER *ciph = NULL; 5409 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5410 size_t keylen = 12; /* non-default key length */ 5411 5412 if (lgcyprov == NULL) 5413 return TEST_skip("Test requires legacy provider to be loaded"); 5414 5415 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5416 goto err; 5417 5418 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 5419 testpropq))) 5420 goto err; 5421 5422 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 5423 goto err; 5424 5425 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5426 sizeof(gcmDefaultPlaintext)))) 5427 goto err; 5428 5429 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5430 &keylen); 5431 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5432 goto err; 5433 5434 ERR_set_mark(); 5435 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5436 sizeof(gcmDefaultPlaintext)))) { 5437 ERR_clear_last_mark(); 5438 goto err; 5439 } 5440 ERR_pop_to_mark(); 5441 5442 res = 1; 5443 err: 5444 EVP_CIPHER_CTX_free(ctx); 5445 EVP_CIPHER_free(ciph); 5446 return res; 5447 } 5448 5449 #ifndef OPENSSL_NO_DEPRECATED_3_0 5450 static EVP_PKEY_METHOD *custom_pmeth = NULL; 5451 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 5452 5453 #define EVP_PKEY_CTRL_MY_COMMAND 9999 5454 5455 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 5456 { 5457 int (*pinit)(EVP_PKEY_CTX *ctx); 5458 5459 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 5460 return pinit(ctx); 5461 } 5462 5463 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 5464 { 5465 void (*pcleanup)(EVP_PKEY_CTX *ctx); 5466 5467 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 5468 pcleanup(ctx); 5469 } 5470 5471 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 5472 size_t *outlen, const unsigned char *in, 5473 size_t inlen) 5474 { 5475 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 5476 const unsigned char *tbs, size_t tbslen); 5477 5478 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 5479 return psign(ctx, out, outlen, in, inlen); 5480 } 5481 5482 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 5483 size_t *siglen, const unsigned char *tbs, 5484 size_t tbslen) 5485 { 5486 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 5487 const unsigned char *tbs, size_t tbslen); 5488 5489 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 5490 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 5491 } 5492 5493 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 5494 size_t *keylen) 5495 { 5496 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 5497 5498 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 5499 return pderive(ctx, key, keylen); 5500 } 5501 5502 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 5503 { 5504 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 5505 5506 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 5507 return pcopy(dst, src); 5508 } 5509 5510 static int ctrl_called; 5511 5512 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 5513 { 5514 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 5515 5516 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 5517 5518 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 5519 ctrl_called = 1; 5520 return 1; 5521 } 5522 5523 return pctrl(ctx, type, p1, p2); 5524 } 5525 5526 static int test_custom_pmeth(int idx) 5527 { 5528 EVP_PKEY_CTX *pctx = NULL; 5529 EVP_MD_CTX *ctx = NULL; 5530 EVP_PKEY *pkey = NULL; 5531 int id, orig_id, orig_flags; 5532 int testresult = 0; 5533 size_t reslen; 5534 unsigned char *res = NULL; 5535 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 5536 const EVP_MD *md = EVP_sha256(); 5537 int doderive = 0; 5538 5539 ctrl_called = 0; 5540 5541 /* We call deprecated APIs so this test doesn't support a custom libctx */ 5542 if (testctx != NULL) 5543 return 1; 5544 5545 switch (idx) { 5546 case 0: 5547 case 6: 5548 id = EVP_PKEY_RSA; 5549 pkey = load_example_rsa_key(); 5550 break; 5551 case 1: 5552 case 7: 5553 #ifndef OPENSSL_NO_DSA 5554 id = EVP_PKEY_DSA; 5555 pkey = load_example_dsa_key(); 5556 break; 5557 #else 5558 return 1; 5559 #endif 5560 case 2: 5561 case 8: 5562 #ifndef OPENSSL_NO_EC 5563 id = EVP_PKEY_EC; 5564 pkey = load_example_ec_key(); 5565 break; 5566 #else 5567 return 1; 5568 #endif 5569 case 3: 5570 case 9: 5571 #ifndef OPENSSL_NO_ECX 5572 id = EVP_PKEY_ED25519; 5573 md = NULL; 5574 pkey = load_example_ed25519_key(); 5575 break; 5576 #else 5577 return 1; 5578 #endif 5579 case 4: 5580 case 10: 5581 #ifndef OPENSSL_NO_DH 5582 id = EVP_PKEY_DH; 5583 doderive = 1; 5584 pkey = load_example_dh_key(); 5585 break; 5586 #else 5587 return 1; 5588 #endif 5589 case 5: 5590 case 11: 5591 #ifndef OPENSSL_NO_ECX 5592 id = EVP_PKEY_X25519; 5593 doderive = 1; 5594 pkey = load_example_x25519_key(); 5595 break; 5596 #else 5597 return 1; 5598 #endif 5599 default: 5600 TEST_error("Should not happen"); 5601 goto err; 5602 } 5603 5604 if (!TEST_ptr(pkey)) 5605 goto err; 5606 5607 if (idx < 6) { 5608 if (!TEST_true(evp_pkey_is_provided(pkey))) 5609 goto err; 5610 } else { 5611 EVP_PKEY *tmp = pkey; 5612 5613 /* Convert to a legacy key */ 5614 pkey = EVP_PKEY_new(); 5615 if (!TEST_ptr(pkey)) { 5616 pkey = tmp; 5617 goto err; 5618 } 5619 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 5620 EVP_PKEY_free(tmp); 5621 goto err; 5622 } 5623 EVP_PKEY_free(tmp); 5624 if (!TEST_true(evp_pkey_is_legacy(pkey))) 5625 goto err; 5626 } 5627 5628 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 5629 || !TEST_ptr(pkey)) 5630 goto err; 5631 5632 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 5633 if (!TEST_int_eq(orig_id, id) 5634 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 5635 goto err; 5636 5637 if (id == EVP_PKEY_ED25519) { 5638 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 5639 } 5640 if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 5641 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 5642 } else { 5643 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 5644 } 5645 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 5646 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 5647 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 5648 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 5649 } 5650 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 5651 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 5652 goto err; 5653 5654 if (doderive) { 5655 pctx = EVP_PKEY_CTX_new(pkey, NULL); 5656 if (!TEST_ptr(pctx) 5657 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 5658 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5659 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5660 1) 5661 || !TEST_int_eq(ctrl_called, 1) 5662 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 5663 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 5664 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 5665 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 5666 goto err; 5667 } else { 5668 ctx = EVP_MD_CTX_new(); 5669 reslen = EVP_PKEY_size(pkey); 5670 res = OPENSSL_malloc(reslen); 5671 if (!TEST_ptr(ctx) 5672 || !TEST_ptr(res) 5673 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 5674 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5675 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5676 1) 5677 || !TEST_int_eq(ctrl_called, 1)) 5678 goto err; 5679 5680 if (id == EVP_PKEY_ED25519) { 5681 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 5682 goto err; 5683 } else { 5684 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 5685 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 5686 goto err; 5687 } 5688 } 5689 5690 testresult = 1; 5691 err: 5692 OPENSSL_free(res); 5693 EVP_MD_CTX_free(ctx); 5694 if (doderive) 5695 EVP_PKEY_CTX_free(pctx); 5696 EVP_PKEY_free(pkey); 5697 EVP_PKEY_meth_remove(custom_pmeth); 5698 EVP_PKEY_meth_free(custom_pmeth); 5699 custom_pmeth = NULL; 5700 return testresult; 5701 } 5702 5703 static int test_evp_md_cipher_meth(void) 5704 { 5705 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 5706 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 5707 int testresult = 0; 5708 5709 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 5710 goto err; 5711 5712 testresult = 1; 5713 5714 err: 5715 EVP_MD_meth_free(md); 5716 EVP_CIPHER_meth_free(ciph); 5717 5718 return testresult; 5719 } 5720 5721 typedef struct { 5722 int data; 5723 } custom_dgst_ctx; 5724 5725 static int custom_md_init_called = 0; 5726 static int custom_md_cleanup_called = 0; 5727 5728 static int custom_md_init(EVP_MD_CTX *ctx) 5729 { 5730 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5731 5732 if (p == NULL) 5733 return 0; 5734 5735 custom_md_init_called++; 5736 return 1; 5737 } 5738 5739 static int custom_md_cleanup(EVP_MD_CTX *ctx) 5740 { 5741 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5742 5743 if (p == NULL) 5744 /* Nothing to do */ 5745 return 1; 5746 5747 custom_md_cleanup_called++; 5748 return 1; 5749 } 5750 5751 static int test_custom_md_meth(void) 5752 { 5753 ASN1_OBJECT *o = NULL; 5754 EVP_MD_CTX *mdctx = NULL; 5755 EVP_MD *tmp = NULL; 5756 char mess[] = "Test Message\n"; 5757 unsigned char md_value[EVP_MAX_MD_SIZE]; 5758 unsigned int md_len; 5759 int testresult = 0; 5760 int nid; 5761 5762 /* 5763 * We are testing deprecated functions. We don't support a non-default 5764 * library context in this test. 5765 */ 5766 if (testctx != NULL) 5767 return TEST_skip("Non-default libctx"); 5768 5769 custom_md_init_called = custom_md_cleanup_called = 0; 5770 5771 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 5772 if (!TEST_int_ne(nid, NID_undef)) 5773 goto err; 5774 tmp = EVP_MD_meth_new(nid, NID_undef); 5775 if (!TEST_ptr(tmp)) 5776 goto err; 5777 5778 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 5779 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 5780 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 5781 sizeof(custom_dgst_ctx)))) 5782 goto err; 5783 5784 mdctx = EVP_MD_CTX_new(); 5785 if (!TEST_ptr(mdctx) 5786 /* 5787 * Initing our custom md and then initing another md should 5788 * result in the init and cleanup functions of the custom md 5789 * being called. 5790 */ 5791 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 5792 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 5793 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 5794 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 5795 || !TEST_int_eq(custom_md_init_called, 1) 5796 || !TEST_int_eq(custom_md_cleanup_called, 1)) 5797 goto err; 5798 5799 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 5800 "custom-md", "custom-md"), 5801 NID_undef) 5802 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 5803 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 5804 goto err; 5805 5806 o = ASN1_OBJECT_create(nid, (unsigned char *)"\53\6\1\4\1\201\201\134\274\373\122\1", 12, 5807 "custom-md", "custom-md"); 5808 if (!TEST_int_eq(OBJ_add_object(o), nid)) 5809 goto err; 5810 5811 testresult = 1; 5812 err: 5813 ASN1_OBJECT_free(o); 5814 EVP_MD_CTX_free(mdctx); 5815 EVP_MD_meth_free(tmp); 5816 return testresult; 5817 } 5818 5819 typedef struct { 5820 int data; 5821 } custom_ciph_ctx; 5822 5823 static int custom_ciph_init_called = 0; 5824 static int custom_ciph_cleanup_called = 0; 5825 5826 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 5827 const unsigned char *iv, int enc) 5828 { 5829 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5830 5831 if (p == NULL) 5832 return 0; 5833 5834 custom_ciph_init_called++; 5835 return 1; 5836 } 5837 5838 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 5839 { 5840 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5841 5842 if (p == NULL) 5843 /* Nothing to do */ 5844 return 1; 5845 5846 custom_ciph_cleanup_called++; 5847 return 1; 5848 } 5849 5850 static int test_custom_ciph_meth(void) 5851 { 5852 EVP_CIPHER_CTX *ciphctx = NULL; 5853 EVP_CIPHER *tmp = NULL; 5854 int testresult = 0; 5855 int nid; 5856 5857 /* 5858 * We are testing deprecated functions. We don't support a non-default 5859 * library context in this test. 5860 */ 5861 if (testctx != NULL) 5862 return TEST_skip("Non-default libctx"); 5863 5864 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 5865 5866 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 5867 if (!TEST_int_ne(nid, NID_undef)) 5868 goto err; 5869 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 5870 if (!TEST_ptr(tmp)) 5871 goto err; 5872 5873 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 5874 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 5875 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 5876 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 5877 sizeof(custom_ciph_ctx)))) 5878 goto err; 5879 5880 ciphctx = EVP_CIPHER_CTX_new(); 5881 if (!TEST_ptr(ciphctx) 5882 /* 5883 * Initing our custom cipher and then initing another cipher 5884 * should result in the init and cleanup functions of the custom 5885 * cipher being called. 5886 */ 5887 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 5888 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 5889 NULL, NULL, 1)) 5890 || !TEST_int_eq(custom_ciph_init_called, 1) 5891 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 5892 goto err; 5893 5894 testresult = 1; 5895 err: 5896 EVP_CIPHER_CTX_free(ciphctx); 5897 EVP_CIPHER_meth_free(tmp); 5898 return testresult; 5899 } 5900 5901 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 5902 /* Test we can create a signature keys with an associated ENGINE */ 5903 static int test_signatures_with_engine(int tst) 5904 { 5905 ENGINE *e; 5906 const char *engine_id = "dasync"; 5907 EVP_PKEY *pkey = NULL; 5908 const unsigned char badcmackey[] = { 0x00, 0x01 }; 5909 const unsigned char cmackey[] = { 5910 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5911 0x0c, 0x0d, 0x0e, 0x0f 5912 }; 5913 const unsigned char ed25519key[] = { 5914 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5915 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5916 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 5917 }; 5918 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5919 int testresult = 0; 5920 EVP_MD_CTX *ctx = NULL; 5921 unsigned char *mac = NULL; 5922 size_t maclen = 0; 5923 int ret; 5924 5925 #ifdef OPENSSL_NO_CMAC 5926 /* Skip CMAC tests in a no-cmac build */ 5927 if (tst <= 1) 5928 return 1; 5929 #endif 5930 #ifdef OPENSSL_NO_ECX 5931 /* Skip ECX tests in a no-ecx build */ 5932 if (tst == 2) 5933 return 1; 5934 #endif 5935 5936 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 5937 return 0; 5938 5939 if (!TEST_true(ENGINE_init(e))) { 5940 ENGINE_free(e); 5941 return 0; 5942 } 5943 5944 switch (tst) { 5945 case 0: 5946 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 5947 EVP_aes_128_cbc()); 5948 break; 5949 case 1: 5950 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 5951 EVP_aes_128_cbc()); 5952 break; 5953 case 2: 5954 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 5955 sizeof(ed25519key)); 5956 break; 5957 default: 5958 TEST_error("Invalid test case"); 5959 goto err; 5960 } 5961 if (!TEST_ptr(pkey)) 5962 goto err; 5963 5964 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 5965 goto err; 5966 5967 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 5968 pkey); 5969 if (tst == 0) { 5970 if (!TEST_true(ret)) 5971 goto err; 5972 5973 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 5974 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 5975 goto err; 5976 5977 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 5978 goto err; 5979 5980 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 5981 goto err; 5982 } else { 5983 /* We used a bad key. We expect a failure here */ 5984 if (!TEST_false(ret)) 5985 goto err; 5986 } 5987 5988 testresult = 1; 5989 err: 5990 EVP_MD_CTX_free(ctx); 5991 OPENSSL_free(mac); 5992 EVP_PKEY_free(pkey); 5993 ENGINE_finish(e); 5994 ENGINE_free(e); 5995 5996 return testresult; 5997 } 5998 5999 static int test_cipher_with_engine(void) 6000 { 6001 ENGINE *e; 6002 const char *engine_id = "dasync"; 6003 const unsigned char keyiv[] = { 6004 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6005 0x0c, 0x0d, 0x0e, 0x0f 6006 }; 6007 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6008 int testresult = 0; 6009 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 6010 unsigned char buf[AES_BLOCK_SIZE]; 6011 int len = 0; 6012 6013 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6014 return 0; 6015 6016 if (!TEST_true(ENGINE_init(e))) { 6017 ENGINE_free(e); 6018 return 0; 6019 } 6020 6021 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6022 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 6023 goto err; 6024 6025 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 6026 goto err; 6027 6028 /* Copy the ctx, and complete the operation with the new ctx */ 6029 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 6030 goto err; 6031 6032 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 6033 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 6034 goto err; 6035 6036 testresult = 1; 6037 err: 6038 EVP_CIPHER_CTX_free(ctx); 6039 EVP_CIPHER_CTX_free(ctx2); 6040 ENGINE_finish(e); 6041 ENGINE_free(e); 6042 6043 return testresult; 6044 } 6045 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 6046 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 6047 6048 #ifndef OPENSSL_NO_ECX 6049 static int ecxnids[] = { 6050 NID_X25519, 6051 NID_X448, 6052 NID_ED25519, 6053 NID_ED448 6054 }; 6055 6056 /* Test that creating ECX keys with a short private key fails as expected */ 6057 static int test_ecx_short_keys(int tst) 6058 { 6059 unsigned char ecxkeydata = 1; 6060 EVP_PKEY *pkey; 6061 6062 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 6063 NULL, &ecxkeydata, 1); 6064 if (!TEST_ptr_null(pkey)) { 6065 EVP_PKEY_free(pkey); 6066 return 0; 6067 } 6068 6069 return 1; 6070 } 6071 #endif 6072 6073 typedef enum OPTION_choice { 6074 OPT_ERR = -1, 6075 OPT_EOF = 0, 6076 OPT_CONTEXT, 6077 OPT_CONFIG_FILE, 6078 OPT_TEST_ENUM 6079 } OPTION_CHOICE; 6080 6081 const OPTIONS *test_get_options(void) 6082 { 6083 static const OPTIONS options[] = { 6084 OPT_TEST_OPTIONS_DEFAULT_USAGE, 6085 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 6086 { "config", OPT_CONFIG_FILE, '<', 6087 "The configuration file to use for the libctx" }, 6088 { NULL } 6089 }; 6090 return options; 6091 } 6092 6093 #ifndef OPENSSL_NO_ECX 6094 /* Test that trying to sign with a public key errors out gracefully */ 6095 static int test_ecx_not_private_key(int tst) 6096 { 6097 EVP_PKEY *pkey = NULL; 6098 6099 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6100 int testresult = 0; 6101 EVP_MD_CTX *ctx = NULL; 6102 unsigned char *mac = NULL; 6103 size_t maclen = 0; 6104 const uint8_t *pubkey; 6105 size_t pubkeylen; 6106 6107 switch (keys[tst].type) { 6108 case NID_X25519: 6109 case NID_X448: 6110 case NID_undef: 6111 return TEST_skip("signing not supported for X25519/X448/ML-KEM"); 6112 } 6113 6114 /* Check if this algorithm supports public keys */ 6115 if (keys[tst].pub == NULL) 6116 return TEST_skip("no public key present"); 6117 6118 pubkey = keys[tst].pub; 6119 pubkeylen = keys[tst].publen; 6120 6121 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 6122 NULL, pubkey, pubkeylen); 6123 if (!TEST_ptr(pkey)) 6124 goto err; 6125 6126 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6127 goto err; 6128 6129 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 6130 goto check_err; 6131 6132 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 6133 goto check_err; 6134 6135 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6136 goto err; 6137 6138 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 6139 goto err; 6140 6141 check_err: 6142 /* 6143 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 6144 * but we relax the check to allow error also thrown by 6145 * EVP_DigestSignInit and EVP_DigestSign. 6146 */ 6147 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 6148 testresult = 1; 6149 ERR_clear_error(); 6150 } 6151 6152 err: 6153 EVP_MD_CTX_free(ctx); 6154 OPENSSL_free(mac); 6155 EVP_PKEY_free(pkey); 6156 6157 return testresult; 6158 } 6159 #endif /* OPENSSL_NO_ECX */ 6160 6161 static int test_sign_continuation(void) 6162 { 6163 OSSL_PROVIDER *fake_rsa = NULL; 6164 int testresult = 0; 6165 EVP_PKEY *pkey = NULL; 6166 EVP_PKEY_CTX *pctx = NULL; 6167 EVP_MD_CTX *mctx = NULL; 6168 const char sigbuf[] = "To Be Signed"; 6169 unsigned char signature[256]; 6170 size_t siglen = 256; 6171 static int nodupnum = 1; 6172 static const OSSL_PARAM nodup_params[] = { 6173 OSSL_PARAM_int("NO_DUP", &nodupnum), 6174 OSSL_PARAM_END 6175 }; 6176 6177 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) 6178 return 0; 6179 6180 /* Construct a pkey using precise propq to use our provider */ 6181 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", 6182 "provider=fake-rsa")) 6183 || !TEST_true(EVP_PKEY_fromdata_init(pctx)) 6184 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) 6185 || !TEST_ptr(pkey)) 6186 goto end; 6187 6188 /* First test it continues (classic behavior) */ 6189 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6190 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6191 NULL, pkey, NULL)) 6192 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6193 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6194 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6195 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) 6196 goto end; 6197 6198 EVP_MD_CTX_free(mctx); 6199 6200 /* try again but failing the continuation */ 6201 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6202 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6203 NULL, pkey, nodup_params)) 6204 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6205 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6206 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6207 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) 6208 goto end; 6209 6210 testresult = 1; 6211 6212 end: 6213 EVP_MD_CTX_free(mctx); 6214 EVP_PKEY_free(pkey); 6215 EVP_PKEY_CTX_free(pctx); 6216 fake_rsa_finish(fake_rsa); 6217 return testresult; 6218 } 6219 6220 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6221 const unsigned char *gcm_iv, size_t gcm_ivlen, 6222 const unsigned char *gcm_pt, size_t gcm_pt_s, 6223 const unsigned char *gcm_aad, size_t gcm_aad_s, 6224 const unsigned char *gcm_ct, size_t gcm_ct_s, 6225 const unsigned char *gcm_tag, size_t gcm_tag_s) 6226 { 6227 int ret = 0; 6228 EVP_CIPHER_CTX *ctx; 6229 EVP_CIPHER *cipher = NULL; 6230 int outlen, tmplen; 6231 unsigned char outbuf[1024]; 6232 unsigned char outtag[16]; 6233 OSSL_PARAM params[2] = { 6234 OSSL_PARAM_END, OSSL_PARAM_END 6235 }; 6236 6237 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6238 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 6239 goto err; 6240 6241 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6242 &gcm_ivlen); 6243 6244 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6245 || (gcm_aad != NULL 6246 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6247 gcm_aad, gcm_aad_s))) 6248 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6249 gcm_pt, gcm_pt_s)) 6250 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6251 goto err; 6252 6253 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6254 outtag, sizeof(outtag)); 6255 6256 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 6257 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 6258 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 6259 goto err; 6260 6261 ret = 1; 6262 err: 6263 EVP_CIPHER_free(cipher); 6264 EVP_CIPHER_CTX_free(ctx); 6265 6266 return ret; 6267 } 6268 6269 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6270 const unsigned char *gcm_iv, size_t gcm_ivlen, 6271 const unsigned char *gcm_pt, size_t gcm_pt_s, 6272 const unsigned char *gcm_aad, size_t gcm_aad_s, 6273 const unsigned char *gcm_ct, size_t gcm_ct_s, 6274 const unsigned char *gcm_tag, size_t gcm_tag_s) 6275 { 6276 int ret = 0; 6277 EVP_CIPHER_CTX *ctx; 6278 EVP_CIPHER *cipher = NULL; 6279 int outlen; 6280 unsigned char outbuf[1024]; 6281 OSSL_PARAM params[2] = { 6282 OSSL_PARAM_END, OSSL_PARAM_END 6283 }; 6284 6285 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6286 goto err; 6287 6288 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 6289 goto err; 6290 6291 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6292 &gcm_ivlen); 6293 6294 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6295 || (gcm_aad != NULL 6296 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 6297 gcm_aad, gcm_aad_s))) 6298 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6299 gcm_ct, gcm_ct_s)) 6300 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 6301 goto err; 6302 6303 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6304 (void *)gcm_tag, gcm_tag_s); 6305 6306 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6307 || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 6308 goto err; 6309 6310 ret = 1; 6311 err: 6312 EVP_CIPHER_free(cipher); 6313 EVP_CIPHER_CTX_free(ctx); 6314 6315 return ret; 6316 } 6317 6318 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 6319 { 6320 /* AES-GCM test data obtained from NIST public test vectors */ 6321 static const unsigned char gcm_key[] = { 6322 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 6323 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 6324 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b 6325 }; 6326 static const unsigned char gcm_iv[] = { 6327 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 6328 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 6329 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 6330 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 6331 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 6332 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 6333 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 6334 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 6335 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 6336 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 6337 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d 6338 }; 6339 static const unsigned char gcm_pt[] = { 6340 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 6341 0x4f, 0xe3, 0x6f, 0x81 6342 }; 6343 static const unsigned char gcm_ct[] = { 6344 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 6345 0xe2, 0xd0, 0xec, 0xed 6346 }; 6347 static const unsigned char gcm_tag[] = { 6348 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 6349 0xdb, 0x99, 0x6c, 0x21 6350 }; 6351 6352 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6353 gcm_pt, sizeof(gcm_pt), NULL, 0, 6354 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 6355 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6356 gcm_pt, sizeof(gcm_pt), NULL, 0, 6357 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 6358 } 6359 6360 #ifndef OPENSSL_NO_RC4 6361 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6362 const unsigned char *rc4_pt, size_t rc4_pt_s, 6363 const unsigned char *rc4_ct, size_t rc4_ct_s) 6364 { 6365 int ret = 0; 6366 EVP_CIPHER_CTX *ctx; 6367 EVP_CIPHER *cipher = NULL; 6368 int outlen, tmplen; 6369 unsigned char outbuf[1024]; 6370 OSSL_PARAM params[2] = { 6371 OSSL_PARAM_END, OSSL_PARAM_END 6372 }; 6373 6374 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6375 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 6376 goto err; 6377 6378 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6379 &rc4_key_s); 6380 6381 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6382 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6383 rc4_pt, rc4_pt_s)) 6384 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6385 goto err; 6386 6387 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 6388 goto err; 6389 6390 ret = 1; 6391 err: 6392 EVP_CIPHER_free(cipher); 6393 EVP_CIPHER_CTX_free(ctx); 6394 6395 return ret; 6396 } 6397 6398 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6399 const unsigned char *rc4_pt, size_t rc4_pt_s, 6400 const unsigned char *rc4_ct, size_t rc4_ct_s) 6401 { 6402 int ret = 0; 6403 EVP_CIPHER_CTX *ctx; 6404 EVP_CIPHER *cipher = NULL; 6405 int outlen; 6406 unsigned char outbuf[1024]; 6407 OSSL_PARAM params[2] = { 6408 OSSL_PARAM_END, OSSL_PARAM_END 6409 }; 6410 6411 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6412 goto err; 6413 6414 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 6415 goto err; 6416 6417 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6418 &rc4_key_s); 6419 6420 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6421 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6422 rc4_ct, rc4_ct_s)) 6423 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 6424 goto err; 6425 6426 ret = 1; 6427 err: 6428 EVP_CIPHER_free(cipher); 6429 EVP_CIPHER_CTX_free(ctx); 6430 6431 return ret; 6432 } 6433 6434 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 6435 { 6436 /* RC4 test data obtained from RFC 6229 */ 6437 static const struct { 6438 unsigned char key[5]; 6439 unsigned char padding[11]; 6440 } rc4_key = { 6441 { /* Five bytes of key material */ 6442 0x83, 0x32, 0x22, 0x77, 0x2a }, 6443 { /* Random padding to 16 bytes */ 6444 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 } 6445 }; 6446 static const unsigned char rc4_pt[] = { 6447 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6448 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 6449 }; 6450 static const unsigned char rc4_ct[] = { 6451 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 6452 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 6453 }; 6454 6455 if (lgcyprov == NULL) 6456 return TEST_skip("Test requires legacy provider to be loaded"); 6457 6458 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 6459 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 6460 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 6461 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 6462 } 6463 #endif 6464 6465 static int test_invalid_ctx_for_digest(void) 6466 { 6467 int ret; 6468 EVP_MD_CTX *mdctx; 6469 6470 mdctx = EVP_MD_CTX_new(); 6471 if (!TEST_ptr(mdctx)) 6472 return 0; 6473 6474 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 6475 ret = 0; 6476 else 6477 ret = 1; 6478 6479 EVP_MD_CTX_free(mdctx); 6480 6481 return ret; 6482 } 6483 6484 static int test_evp_cipher_pipeline(void) 6485 { 6486 OSSL_PROVIDER *fake_pipeline = NULL; 6487 int testresult = 0; 6488 EVP_CIPHER *cipher = NULL; 6489 EVP_CIPHER *pipeline_cipher = NULL; 6490 EVP_CIPHER_CTX *ctx = NULL; 6491 unsigned char key[32]; 6492 size_t keylen = 32; 6493 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; 6494 size_t taglen = EVP_GCM_TLS_TAG_LEN; 6495 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; 6496 unsigned char *plaintext_array[EVP_MAX_PIPES]; 6497 unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; 6498 void **aead_tags = (void **)&tag_array; 6499 unsigned char *temp[EVP_MAX_PIPES]; 6500 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; 6501 size_t ciphertextlen_array[EVP_MAX_PIPES]; 6502 size_t inlen_array[EVP_MAX_PIPES]; 6503 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 6504 unsigned char *ciphertext, *exp_plaintext, *tag; 6505 size_t numpipes, plaintextlen, i; 6506 6507 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) 6508 return 0; 6509 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6510 "provider=fake-pipeline")) 6511 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6512 "provider!=fake-pipeline")) 6513 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6514 goto end; 6515 memset(key, 0x01, sizeof(key)); 6516 6517 /* Negative tests */ 6518 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) 6519 goto end; 6520 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) 6521 goto end; 6522 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6523 key, keylen, 6524 EVP_MAX_PIPES + 1, NULL, 0))) 6525 goto end; 6526 6527 /* Positive tests */ 6528 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { 6529 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { 6530 size_t ciphertextlen = 0; 6531 int outlen = 0; 6532 6533 /* Cleanup to be able to error out */ 6534 memset(iv_array, 0, sizeof(iv_array)); 6535 memset(plaintext_array, 0, sizeof(plaintext_array)); 6536 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); 6537 memset(tag_array, 0, sizeof(tag_array)); 6538 ciphertext = NULL; 6539 exp_plaintext = NULL; 6540 tag = NULL; 6541 6542 /* Allocate fresh buffers with exact size to catch buffer overwrites */ 6543 for (i = 0; i < numpipes; i++) { 6544 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) 6545 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) 6546 || !TEST_ptr(ciphertext_array_p[i] = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6547 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) 6548 goto err; 6549 6550 memset(iv_array[i], i + 33, ivlen); 6551 memset(plaintext_array[i], i + 1, plaintextlen); 6552 inlen_array[i] = plaintextlen; 6553 outlen_array[i] = 0; 6554 ciphertextlen_array[i] = 0; 6555 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; 6556 } 6557 if (!TEST_ptr(ciphertext = OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6558 || !TEST_ptr(tag = OPENSSL_malloc(taglen)) 6559 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) 6560 goto err; 6561 6562 /* Encrypt using pipeline API */ 6563 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6564 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) 6565 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6566 key, keylen, numpipes, 6567 (const unsigned char **)iv_array, 6568 ivlen)) 6569 /* reuse plaintext for AAD as it won't affect test */ 6570 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6571 (const unsigned char **)plaintext_array, 6572 inlen_array)) 6573 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, 6574 outlen_array, outsize_array, 6575 (const unsigned char **)plaintext_array, 6576 inlen_array))) 6577 goto err; 6578 6579 for (i = 0; i < numpipes; i++) { 6580 ciphertextlen_array[i] = outlen_array[i]; 6581 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; 6582 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; 6583 } 6584 6585 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6586 goto err; 6587 6588 for (i = 0; i < numpipes; i++) 6589 ciphertextlen_array[i] += outlen_array[i]; 6590 6591 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6592 (void **)&aead_tags, taglen); 6593 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6594 goto err; 6595 6596 /* Encrypt using non-pipeline API and compare */ 6597 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) 6598 goto err; 6599 6600 for (i = 0; i < numpipes; i++) { 6601 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) 6602 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6603 plaintext_array[i], 6604 plaintextlen)) 6605 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, 6606 plaintext_array[i], 6607 plaintextlen))) 6608 goto err; 6609 ciphertextlen = outlen; 6610 6611 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) 6612 goto err; 6613 ciphertextlen += outlen; 6614 6615 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6616 (void *)tag, taglen); 6617 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6618 goto err; 6619 6620 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], 6621 ciphertext, ciphertextlen) 6622 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) 6623 goto err; 6624 } 6625 6626 for (i = 0; i < numpipes; i++) 6627 outsize_array[i] = plaintextlen; 6628 6629 /* Decrypt using pipeline API and compare */ 6630 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6631 (void **)&aead_tags, taglen); 6632 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6633 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) 6634 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, 6635 key, keylen, numpipes, 6636 (const unsigned char **)iv_array, 6637 ivlen)) 6638 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6639 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6640 (const unsigned char **)plaintext_array, 6641 inlen_array)) 6642 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, 6643 outlen_array, outsize_array, 6644 (const unsigned char **)ciphertext_array_p, 6645 ciphertextlen_array))) 6646 goto err; 6647 6648 for (i = 0; i < numpipes; i++) { 6649 temp[i] = plaintext_array[i] + outlen_array[i]; 6650 outsize_array[i] = outsize_array[i] - outlen_array[i]; 6651 } 6652 6653 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6654 goto err; 6655 6656 for (i = 0; i < numpipes; i++) { 6657 memset(exp_plaintext, i + 1, plaintextlen); 6658 if (!TEST_mem_eq(plaintext_array[i], plaintextlen, 6659 exp_plaintext, plaintextlen)) 6660 goto err; 6661 } 6662 6663 for (i = 0; i < numpipes; i++) { 6664 OPENSSL_free(iv_array[i]); 6665 OPENSSL_free(plaintext_array[i]); 6666 OPENSSL_free(ciphertext_array_p[i]); 6667 OPENSSL_free(tag_array[i]); 6668 } 6669 OPENSSL_free(exp_plaintext); 6670 OPENSSL_free(ciphertext); 6671 OPENSSL_free(tag); 6672 } 6673 } 6674 6675 testresult = 1; 6676 goto end; 6677 6678 err: 6679 for (i = 0; i < numpipes; i++) { 6680 OPENSSL_free(iv_array[i]); 6681 OPENSSL_free(plaintext_array[i]); 6682 OPENSSL_free(ciphertext_array_p[i]); 6683 OPENSSL_free(tag_array[i]); 6684 } 6685 OPENSSL_free(exp_plaintext); 6686 OPENSSL_free(ciphertext); 6687 OPENSSL_free(tag); 6688 end: 6689 EVP_CIPHER_CTX_free(ctx); 6690 EVP_CIPHER_free(cipher); 6691 EVP_CIPHER_free(pipeline_cipher); 6692 fake_pipeline_finish(fake_pipeline); 6693 return testresult; 6694 } 6695 6696 int setup_tests(void) 6697 { 6698 char *config_file = NULL; 6699 OPTION_CHOICE o; 6700 6701 while ((o = opt_next()) != OPT_EOF) { 6702 switch (o) { 6703 case OPT_CONTEXT: 6704 /* Set up an alternate library context */ 6705 testctx = OSSL_LIB_CTX_new(); 6706 if (!TEST_ptr(testctx)) 6707 return 0; 6708 #ifdef STATIC_LEGACY 6709 /* 6710 * This test is always statically linked against libcrypto. We must not 6711 * attempt to load legacy.so that might be dynamically linked against 6712 * libcrypto. Instead we use a built-in version of the legacy provider. 6713 */ 6714 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 6715 return 0; 6716 #endif 6717 /* Swap the libctx to test non-default context only */ 6718 nullprov = OSSL_PROVIDER_load(NULL, "null"); 6719 deflprov = OSSL_PROVIDER_load(testctx, "default"); 6720 #ifndef OPENSSL_SYS_TANDEM 6721 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 6722 #endif 6723 break; 6724 case OPT_CONFIG_FILE: 6725 config_file = opt_arg(); 6726 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) 6727 return 0; 6728 break; 6729 case OPT_TEST_CASES: 6730 break; 6731 default: 6732 return 0; 6733 } 6734 } 6735 6736 if (config_file != NULL) { 6737 ADD_TEST(test_EVP_set_config_properties); 6738 return 1; 6739 } 6740 6741 ADD_TEST(test_EVP_set_default_properties); 6742 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 6743 ADD_TEST(test_EVP_DigestVerifyInit); 6744 #ifndef OPENSSL_NO_EC 6745 ADD_TEST(test_ecdsa_digestsign_keccak); 6746 #endif 6747 #ifndef OPENSSL_NO_SIPHASH 6748 ADD_TEST(test_siphash_digestsign); 6749 #endif 6750 ADD_TEST(test_EVP_Digest); 6751 ADD_TEST(test_EVP_md_null); 6752 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 6753 #ifndef OPENSSL_NO_DEPRECATED_3_0 6754 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 6755 #endif 6756 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 6757 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 6758 ADD_TEST(test_privatekey_to_pkcs8); 6759 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 6760 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); 6761 #ifndef OPENSSL_NO_EC 6762 ADD_TEST(test_EVP_PKCS82PKEY); 6763 #endif 6764 #ifndef OPENSSL_NO_EC 6765 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 6766 #endif 6767 #if !defined(OPENSSL_NO_SM2) 6768 ADD_TEST(test_EVP_SM2); 6769 ADD_TEST(test_EVP_SM2_verify); 6770 #endif 6771 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 6772 #ifndef OPENSSL_NO_DEPRECATED_3_0 6773 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 6774 if (!TEST_ptr(custom_pmeth)) 6775 return 0; 6776 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 6777 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 6778 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 6779 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 6780 return 0; 6781 #endif 6782 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 6783 #ifndef OPENSSL_NO_CMAC 6784 ADD_TEST(test_CMAC_keygen); 6785 #endif 6786 ADD_TEST(test_HKDF); 6787 ADD_TEST(test_emptyikm_HKDF); 6788 ADD_TEST(test_empty_salt_info_HKDF); 6789 #ifndef OPENSSL_NO_EC 6790 ADD_TEST(test_X509_PUBKEY_inplace); 6791 ADD_TEST(test_X509_PUBKEY_dup); 6792 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 6793 OSSL_NELEM(ec_der_pub_keys)); 6794 #endif 6795 #ifndef OPENSSL_NO_DSA 6796 ADD_TEST(test_DSA_get_set_params); 6797 ADD_TEST(test_DSA_priv_pub); 6798 #endif 6799 ADD_TEST(test_RSA_get_set_params); 6800 ADD_TEST(test_RSA_OAEP_set_get_params); 6801 ADD_TEST(test_RSA_OAEP_set_null_label); 6802 ADD_TEST(test_RSA_encrypt); 6803 #ifndef OPENSSL_NO_DEPRECATED_3_0 6804 ADD_TEST(test_RSA_legacy); 6805 #endif 6806 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 6807 ADD_TEST(test_decrypt_null_chunks); 6808 #endif 6809 #ifndef OPENSSL_NO_DH 6810 ADD_TEST(test_DH_priv_pub); 6811 #ifndef OPENSSL_NO_DEPRECATED_3_0 6812 ADD_TEST(test_EVP_PKEY_set1_DH); 6813 #endif 6814 #endif 6815 #ifndef OPENSSL_NO_EC 6816 ADD_TEST(test_EC_priv_pub); 6817 ADD_TEST(test_evp_get_ec_pub); 6818 #ifndef OPENSSL_NO_DEPRECATED_3_0 6819 ADD_TEST(test_EC_priv_only_legacy); 6820 ADD_TEST(test_evp_get_ec_pub_legacy); 6821 #endif 6822 #endif 6823 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 6824 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 6825 6826 ADD_TEST(test_rand_agglomeration); 6827 ADD_ALL_TESTS(test_evp_iv_aes, 12); 6828 #ifndef OPENSSL_NO_DES 6829 ADD_ALL_TESTS(test_evp_iv_des, 6); 6830 #endif 6831 #ifndef OPENSSL_NO_BF 6832 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 6833 #endif 6834 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 6835 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 6836 ADD_TEST(test_EVP_rsa_invalid_key); 6837 #ifndef OPENSSL_NO_EC 6838 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 6839 #endif 6840 6841 ADD_TEST(test_names_do_all); 6842 6843 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 6844 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 6845 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 6846 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 6847 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 6848 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 6849 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 6850 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 6851 6852 #ifndef OPENSSL_NO_DEPRECATED_3_0 6853 ADD_ALL_TESTS(test_custom_pmeth, 12); 6854 ADD_TEST(test_evp_md_cipher_meth); 6855 ADD_TEST(test_custom_md_meth); 6856 ADD_TEST(test_custom_ciph_meth); 6857 6858 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 6859 /* Tests only support the default libctx */ 6860 if (testctx == NULL) { 6861 #ifndef OPENSSL_NO_EC 6862 ADD_ALL_TESTS(test_signatures_with_engine, 3); 6863 #else 6864 ADD_ALL_TESTS(test_signatures_with_engine, 2); 6865 #endif 6866 ADD_TEST(test_cipher_with_engine); 6867 } 6868 #endif 6869 #endif 6870 6871 #ifndef OPENSSL_NO_ECX 6872 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 6873 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 6874 #endif 6875 6876 ADD_TEST(test_sign_continuation); 6877 6878 /* Test cases for CVE-2023-5363 */ 6879 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 6880 #ifndef OPENSSL_NO_RC4 6881 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 6882 #endif 6883 6884 ADD_TEST(test_invalid_ctx_for_digest); 6885 6886 ADD_TEST(test_evp_cipher_pipeline); 6887 6888 return 1; 6889 } 6890 6891 void cleanup_tests(void) 6892 { 6893 OSSL_PROVIDER_unload(nullprov); 6894 OSSL_PROVIDER_unload(deflprov); 6895 #ifndef OPENSSL_SYS_TANDEM 6896 OSSL_PROVIDER_unload(lgcyprov); 6897 #endif 6898 OSSL_LIB_CTX_free(testctx); 6899 } 6900