2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
21 #include <openssl/provider.h>
22 #include <openssl/core_names.h>
23 #include <openssl/dsa.h>
25 #include "internal/nelem.h"
26 #include "internal/evp_int.h"
29 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
30 * should never use this key anywhere but in an example.
32 static const unsigned char kExampleRSAKeyDER[] = {
33 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
34 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
35 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
36 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
37 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
38 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
39 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
40 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
41 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
42 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
43 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
44 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
45 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
46 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
47 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
48 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
49 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
50 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
51 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
52 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
53 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
54 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
55 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
56 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
57 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
58 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
59 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
60 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
61 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
62 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
63 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
64 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
65 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
66 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
67 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
68 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
69 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
70 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
71 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
72 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
73 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
74 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
75 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
76 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
77 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
78 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
79 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
80 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
81 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
82 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
83 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
87 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
88 * components are not correct.
90 static const unsigned char kExampleBadRSAKeyDER[] = {
91 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
92 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
93 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
94 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
95 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
96 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
97 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
98 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
99 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
100 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
101 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
102 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
103 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
104 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
105 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
106 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
107 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
108 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
109 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
110 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
111 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
112 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
113 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
114 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
115 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
116 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
117 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
118 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
119 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
120 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
121 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
122 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
123 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
124 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
125 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
126 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
127 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
128 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
129 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
130 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
131 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
132 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
133 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
134 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
135 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
136 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
137 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
138 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
139 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
140 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
141 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
142 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
143 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
144 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
145 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
146 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
147 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
148 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
149 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
150 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
151 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
152 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
153 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
154 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
155 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
156 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
157 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
158 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
159 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
160 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
161 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
162 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
163 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
164 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
165 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
166 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
167 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
168 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
169 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
170 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
171 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
172 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
173 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
174 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
175 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
176 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
177 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
178 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
179 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
182 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
184 static const unsigned char kSignature[] = {
185 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
186 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
187 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
188 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
189 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
190 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
191 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
192 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
193 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
194 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
195 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
199 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
202 static const unsigned char kExampleRSAKeyPKCS8[] = {
203 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
204 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
205 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
206 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
207 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
208 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
209 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
210 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
211 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
212 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
213 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
214 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
215 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
216 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
217 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
218 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
219 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
220 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
221 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
222 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
223 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
224 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
225 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
226 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
227 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
228 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
229 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
230 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
231 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
232 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
233 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
234 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
235 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
236 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
237 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
238 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
239 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
240 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
241 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
242 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
243 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
244 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
245 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
246 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
247 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
248 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
249 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
250 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
251 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
252 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
253 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
254 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
255 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
258 #ifndef OPENSSL_NO_EC
260 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
263 static const unsigned char kExampleECKeyDER[] = {
264 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
265 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
266 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
267 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
268 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
269 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
270 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
271 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
272 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
273 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
278 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
279 * structure. The private key is equal to the order and will fail to import
281 static const unsigned char kExampleBadECKeyDER[] = {
282 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
283 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
284 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
285 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
286 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
287 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
288 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
289 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
290 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
294 static const unsigned char kExampleECPubKeyDER[] = {
295 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
296 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
297 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
298 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
299 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
300 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
301 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
302 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
306 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
307 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
309 static const unsigned char kExampleBadECPubKeyDER[] = {
310 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
311 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
312 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
313 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
314 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
315 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
316 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
317 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
320 static const unsigned char pExampleECParamDER[] = {
321 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
325 typedef struct APK_DATA_st {
326 const unsigned char *kder;
332 int type; /* 0 for private, 1 for public, 2 for params */
335 static APK_DATA keydata[] = {
336 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
337 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
338 #ifndef OPENSSL_NO_EC
339 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
343 static APK_DATA keycheckdata[] = {
344 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
345 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
347 #ifndef OPENSSL_NO_EC
348 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
349 /* group is also associated in our pub key */
350 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
351 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
355 static EVP_PKEY *load_example_rsa_key(void)
357 EVP_PKEY *ret = NULL;
358 const unsigned char *derp = kExampleRSAKeyDER;
359 EVP_PKEY *pkey = NULL;
362 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
365 if (!TEST_ptr(pkey = EVP_PKEY_new())
366 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
379 static int test_EVP_Enveloped(void)
382 EVP_CIPHER_CTX *ctx = NULL;
383 EVP_PKEY *keypair = NULL;
384 unsigned char *kek = NULL;
385 unsigned char iv[EVP_MAX_IV_LENGTH];
386 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
387 int len, kek_len, ciphertext_len, plaintext_len;
388 unsigned char ciphertext[32], plaintext[16];
389 const EVP_CIPHER *type = EVP_aes_256_cbc();
391 if (!TEST_ptr(keypair = load_example_rsa_key())
392 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
393 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
394 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
396 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
398 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
402 ciphertext_len += len;
404 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
405 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
406 ciphertext, ciphertext_len))
407 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
410 plaintext_len += len;
411 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
417 EVP_PKEY_free(keypair);
418 EVP_CIPHER_CTX_free(ctx);
423 static int test_EVP_DigestSignInit(void)
426 EVP_PKEY *pkey = NULL;
427 unsigned char *sig = NULL;
429 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
431 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
432 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
433 || !TEST_ptr(pkey = load_example_rsa_key()))
436 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
437 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
440 /* Determine the size of the signature. */
441 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
442 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
445 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
446 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
449 /* Ensure that the signature round-trips. */
450 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
452 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
454 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
460 EVP_MD_CTX_free(md_ctx);
461 EVP_MD_CTX_free(md_ctx_verify);
468 static int test_EVP_DigestVerifyInit(void)
471 EVP_PKEY *pkey = NULL;
472 EVP_MD_CTX *md_ctx = NULL;
474 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
475 || !TEST_ptr(pkey = load_example_rsa_key()))
478 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
479 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
480 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
481 sizeof(kSignature))))
486 EVP_MD_CTX_free(md_ctx);
491 static int test_d2i_AutoPrivateKey(int i)
494 const unsigned char *p;
495 EVP_PKEY *pkey = NULL;
496 const APK_DATA *ak = &keydata[i];
497 const unsigned char *input = ak->kder;
498 size_t input_len = ak->size;
499 int expected_id = ak->evptype;
502 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
503 || !TEST_ptr_eq(p, input + input_len)
504 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
514 #ifndef OPENSSL_NO_EC
516 static const unsigned char ec_public_sect163k1_validxy[] = {
517 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
518 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
519 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
520 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
521 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
522 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
525 static const unsigned char ec_public_sect163k1_badx[] = {
526 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
527 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
528 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
529 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
530 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
531 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
534 static const unsigned char ec_public_sect163k1_bady[] = {
535 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
536 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
537 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
538 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
539 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
540 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
543 static struct ec_der_pub_keys_st {
544 const unsigned char *der;
547 } ec_der_pub_keys[] = {
548 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
549 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
550 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
554 * Tests the range of the decoded EC char2 public point.
555 * See ec_GF2m_simple_oct2point().
557 static int test_invalide_ec_char2_pub_range_decode(int id)
561 EC_KEY *eckey = NULL;
563 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
564 ec_der_pub_keys[id].len)))
566 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
567 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
568 || TEST_ptr_null(eckey);
575 /* Tests loading a bad key in PKCS8 format */
576 static int test_EVP_PKCS82PKEY(void)
579 const unsigned char *derp = kExampleBadECKeyDER;
580 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
581 EVP_PKEY *pkey = NULL;
583 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
584 sizeof(kExampleBadECKeyDER))))
587 if (!TEST_ptr_eq(derp,
588 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
591 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
597 PKCS8_PRIV_KEY_INFO_free(p8inf);
604 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
606 static int test_EVP_SM2_verify(void)
608 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
610 "-----BEGIN PUBLIC KEY-----\n"
611 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
612 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
613 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
614 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
615 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
616 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
617 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
618 "-----END PUBLIC KEY-----\n";
620 const char *msg = "message digest";
621 const char *id = "ALICE123@YAHOO.COM";
623 const uint8_t signature[] = {
624 0x30, 0x44, 0x02, 0x20,
626 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
627 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
628 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
632 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
633 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
634 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
639 EVP_PKEY *pkey = NULL;
640 EVP_MD_CTX *mctx = NULL;
641 EVP_PKEY_CTX *pctx = NULL;
643 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
644 if (!TEST_true(bio != NULL))
647 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
648 if (!TEST_true(pkey != NULL))
651 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
654 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
657 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
660 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
664 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
666 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
669 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
672 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
679 EVP_PKEY_CTX_free(pctx);
680 EVP_MD_CTX_free(mctx);
684 static int test_EVP_SM2(void)
687 EVP_PKEY *pkey = NULL;
688 EVP_PKEY *params = NULL;
689 EVP_PKEY_CTX *pctx = NULL;
690 EVP_PKEY_CTX *kctx = NULL;
691 EVP_PKEY_CTX *sctx = NULL;
693 unsigned char *sig = NULL;
694 EVP_MD_CTX *md_ctx = NULL;
695 EVP_MD_CTX *md_ctx_verify = NULL;
696 EVP_PKEY_CTX *cctx = NULL;
698 uint8_t ciphertext[128];
699 size_t ctext_len = sizeof(ciphertext);
701 uint8_t plaintext[8];
702 size_t ptext_len = sizeof(plaintext);
704 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
706 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
710 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
713 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
716 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
719 kctx = EVP_PKEY_CTX_new(params, NULL);
723 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
726 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
729 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
732 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
735 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
738 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
741 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
742 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
744 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
747 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
750 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
753 /* Determine the size of the signature. */
754 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
757 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
760 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
763 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
766 /* Ensure that the signature round-trips. */
768 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
771 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
774 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
777 /* now check encryption/decryption */
779 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
782 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
785 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
788 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
791 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
794 if (!TEST_true(ptext_len == sizeof(kMsg)))
797 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
802 EVP_PKEY_CTX_free(pctx);
803 EVP_PKEY_CTX_free(kctx);
804 EVP_PKEY_CTX_free(sctx);
805 EVP_PKEY_CTX_free(cctx);
807 EVP_PKEY_free(params);
808 EVP_MD_CTX_free(md_ctx);
809 EVP_MD_CTX_free(md_ctx_verify);
816 static struct keys_st {
822 EVP_PKEY_HMAC, "0123456789", NULL
824 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
826 EVP_PKEY_SIPHASH, "0123456789012345", NULL
828 #ifndef OPENSSL_NO_EC
830 EVP_PKEY_X25519, "01234567890123456789012345678901",
831 "abcdefghijklmnopqrstuvwxyzabcdef"
833 EVP_PKEY_ED25519, "01234567890123456789012345678901",
834 "abcdefghijklmnopqrstuvwxyzabcdef"
837 "01234567890123456789012345678901234567890123456789012345",
838 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
841 "012345678901234567890123456789012345678901234567890123456",
842 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
847 static int test_set_get_raw_keys_int(int tst, int pub)
850 unsigned char buf[80];
852 size_t inlen, len = 0;
855 /* Check if this algorithm supports public keys */
856 if (keys[tst].pub == NULL)
859 memset(buf, 0, sizeof(buf));
862 inlen = strlen(keys[tst].pub);
863 in = (unsigned char *)keys[tst].pub;
864 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
869 inlen = strlen(keys[tst].priv);
870 in = (unsigned char *)keys[tst].priv;
871 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
878 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
879 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
880 || !TEST_true(len == inlen)
881 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
882 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
883 || !TEST_mem_eq(in, inlen, buf, len))
892 static int test_set_get_raw_keys(int tst)
894 return test_set_get_raw_keys_int(tst, 0)
895 && test_set_get_raw_keys_int(tst, 1);
898 static int pkey_custom_check(EVP_PKEY *pkey)
903 static int pkey_custom_pub_check(EVP_PKEY *pkey)
908 static int pkey_custom_param_check(EVP_PKEY *pkey)
913 static EVP_PKEY_METHOD *custom_pmeth;
915 static int test_EVP_PKEY_check(int i)
918 const unsigned char *p;
919 EVP_PKEY *pkey = NULL;
920 #ifndef OPENSSL_NO_EC
921 EC_KEY *eckey = NULL;
923 EVP_PKEY_CTX *ctx = NULL;
924 EVP_PKEY_CTX *ctx2 = NULL;
925 const APK_DATA *ak = &keycheckdata[i];
926 const unsigned char *input = ak->kder;
927 size_t input_len = ak->size;
928 int expected_id = ak->evptype;
929 int expected_check = ak->check;
930 int expected_pub_check = ak->pub_check;
931 int expected_param_check = ak->param_check;
939 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
940 || !TEST_ptr_eq(p, input + input_len)
941 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
944 #ifndef OPENSSL_NO_EC
946 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
947 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
948 || !TEST_ptr(pkey = EVP_PKEY_new())
949 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
953 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
954 || !TEST_ptr_eq(p, input + input_len)
955 || !TEST_ptr(pkey = EVP_PKEY_new())
956 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
964 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
967 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
970 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
973 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
976 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
977 /* assign the pkey directly, as an internal test */
978 EVP_PKEY_up_ref(pkey);
981 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
984 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
987 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
993 EVP_PKEY_CTX_free(ctx);
994 EVP_PKEY_CTX_free(ctx2);
1000 static int test_HKDF(void)
1003 unsigned char out[20];
1006 unsigned char salt[] = "0123456789";
1007 unsigned char key[] = "012345678901234567890123456789";
1008 unsigned char info[] = "infostring";
1009 const unsigned char expected[] = {
1010 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1011 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1013 size_t expectedlen = sizeof(expected);
1015 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1018 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1019 for (i = 0; i < 2; i++) {
1020 outlen = sizeof(out);
1021 memset(out, 0, outlen);
1023 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1024 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1025 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1026 sizeof(salt) - 1), 0)
1027 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1028 sizeof(key) - 1), 0)
1029 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1030 sizeof(info) - 1), 0)
1031 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1032 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1039 EVP_PKEY_CTX_free(pctx);
1044 #ifndef OPENSSL_NO_EC
1045 static int test_X509_PUBKEY_inplace(void)
1048 X509_PUBKEY *xp = NULL;
1049 const unsigned char *p = kExampleECPubKeyDER;
1050 size_t input_len = sizeof(kExampleECPubKeyDER);
1052 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1055 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1058 p = kExampleBadECPubKeyDER;
1059 input_len = sizeof(kExampleBadECPubKeyDER);
1061 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1064 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1070 X509_PUBKEY_free(xp);
1076 static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
1077 const unsigned char *exptd)
1079 unsigned char out[SHA256_DIGEST_LENGTH];
1083 if (!TEST_ptr(ctx = EVP_MD_CTX_new())
1084 || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL))
1085 || !TEST_true(EVP_DigestUpdate(ctx, msg, len))
1086 || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
1087 || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
1088 SHA256_DIGEST_LENGTH)
1089 || !TEST_true(md == EVP_MD_CTX_md(ctx)))
1094 EVP_MD_CTX_free(ctx);
1098 * Test EVP_MD_fetch()
1100 * Test 0: Test with the default OPENSSL_CTX
1101 * Test 1: Test with an explicit OPENSSL_CTX
1102 * Test 2: Explicit OPENSSL_CTX with explicit load of default provider
1103 * Test 3: Explicit OPENSSL_CTX with explicit load of default and fips provider
1104 * Test 4: Explicit OPENSSL_CTX with explicit load of fips provider
1106 static int test_EVP_MD_fetch(int tst)
1108 OPENSSL_CTX *ctx = NULL;
1110 OSSL_PROVIDER *defltprov = NULL, *fipsprov = NULL;
1112 const char testmsg[] = "Hello world";
1113 const unsigned char exptd[] = {
1114 0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c,
1115 0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24,
1116 0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26
1120 ctx = OPENSSL_CTX_new();
1124 if (tst == 2 || tst == 3) {
1125 defltprov = OSSL_PROVIDER_load(ctx, "default");
1126 if (!TEST_ptr(defltprov))
1129 if (tst == 3 || tst == 4) {
1130 fipsprov = OSSL_PROVIDER_load(ctx, "fips");
1131 if (!TEST_ptr(fipsprov))
1136 /* Implicit fetching of the MD should produce the expected result */
1137 if (!TEST_true(calculate_digest(EVP_sha256(), testmsg, sizeof(testmsg),
1139 || !TEST_int_eq(EVP_MD_size(EVP_sha256()), SHA256_DIGEST_LENGTH)
1140 || !TEST_int_eq(EVP_MD_block_size(EVP_sha256()), SHA256_CBLOCK))
1144 * Test that without specifying any properties we can get a sha256 md from a
1147 if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL))
1149 || !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
1150 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))
1151 || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH)
1152 || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK))
1155 /* Also test EVP_MD_up_ref() while we're doing this */
1156 if (!TEST_true(EVP_MD_up_ref(md)))
1158 /* Ref count should now be 2. Release both */
1164 * In tests 0 - 2 we've only loaded the default provider so explicitly
1165 * asking for a non-default implementation should fail. In tests 3 and 4 we
1166 * have the FIPS provider loaded so we should succeed in that case.
1168 md = EVP_MD_fetch(ctx, "SHA256", "default=no");
1169 if (tst == 3 || tst == 4) {
1171 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg),
1175 if (!TEST_ptr_null(md))
1183 * Explicitly asking for the default implementation should succeed except
1184 * in test 4 where the default provider is not loaded.
1186 md = EVP_MD_fetch(ctx, "SHA256", "default=yes");
1189 || !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
1190 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg),
1192 || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH)
1193 || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK))
1196 if (!TEST_ptr_null(md))
1204 * Explicitly asking for a fips implementation should succeed if we have
1205 * the FIPS provider loaded and fail otherwise
1207 md = EVP_MD_fetch(ctx, "SHA256", "fips=yes");
1208 if (tst == 3 || tst == 4) {
1210 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg),
1214 if (!TEST_ptr_null(md))
1223 OSSL_PROVIDER_unload(defltprov);
1224 OSSL_PROVIDER_unload(fipsprov);
1225 /* Not normally needed, but we would like to test that
1226 * OPENSSL_thread_stop_ex() behaves as expected.
1229 OPENSSL_thread_stop_ex(ctx);
1230 OPENSSL_CTX_free(ctx);
1234 static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg,
1237 int ret = 0, ctlen, ptlen;
1238 EVP_CIPHER_CTX *ctx = NULL;
1239 unsigned char key[128 / 8];
1240 unsigned char ct[64], pt[64];
1242 memset(key, 0, sizeof(key));
1243 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1244 || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0)
1245 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1))
1246 || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0)
1247 || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len))
1248 || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen))
1249 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0))
1250 || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0)
1251 || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen))
1252 || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen))
1253 || !TEST_mem_eq(pt, ptlen, msg, len))
1258 EVP_CIPHER_CTX_free(ctx);
1262 static int get_num_params(const OSSL_PARAM *params)
1266 if (params != NULL) {
1267 while (params[i].key != NULL)
1275 * Test EVP_CIPHER_fetch()
1277 * Test 0: Test with the default OPENSSL_CTX
1278 * Test 1: Test with an explicit OPENSSL_CTX
1279 * Test 2: Explicit OPENSSL_CTX with explicit load of default provider
1280 * Test 3: Explicit OPENSSL_CTX with explicit load of default and fips provider
1281 * Test 4: Explicit OPENSSL_CTX with explicit load of fips provider
1283 static int test_EVP_CIPHER_fetch(int tst)
1285 OPENSSL_CTX *ctx = NULL;
1286 EVP_CIPHER *cipher = NULL;
1287 OSSL_PROVIDER *defltprov = NULL, *fipsprov = NULL;
1289 const unsigned char testmsg[] = "Hello world";
1290 const OSSL_PARAM *params;
1293 ctx = OPENSSL_CTX_new();
1297 if (tst == 2 || tst == 3) {
1298 defltprov = OSSL_PROVIDER_load(ctx, "default");
1299 if (!TEST_ptr(defltprov))
1302 if (tst == 3 || tst == 4) {
1303 fipsprov = OSSL_PROVIDER_load(ctx, "fips");
1304 if (!TEST_ptr(fipsprov))
1309 /* Implicit fetching of the cipher should produce the expected result */
1310 if (!TEST_true(encrypt_decrypt(EVP_aes_128_cbc(), testmsg, sizeof(testmsg))))
1314 * Test that without specifying any properties we can get a cipher from a
1317 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL))
1318 || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg))))
1321 /* Also test EVP_CIPHER_up_ref() while we're doing this */
1322 if (!TEST_true(EVP_CIPHER_up_ref(cipher)))
1324 /* Ref count should now be 2. Release both */
1325 EVP_CIPHER_free(cipher);
1326 EVP_CIPHER_free(cipher);
1330 * In tests 0 - 2 we've only loaded the default provider so explicitly
1331 * asking for a non-default implementation should fail. In tests 3 and 4 we
1332 * have the FIPS provider loaded so we should succeed in that case.
1334 cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "default=no");
1335 if (tst == 3 || tst == 4) {
1336 if (!TEST_ptr(cipher)
1337 || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg))))
1340 if (!TEST_ptr_null(cipher))
1344 EVP_CIPHER_free(cipher);
1348 * Explicitly asking for the default implementation should succeed except
1349 * in test 4 where the default provider is not loaded.
1351 cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "default=yes");
1353 if (!TEST_ptr(cipher)
1354 || !TEST_int_eq(EVP_CIPHER_nid(cipher), NID_aes_128_cbc)
1355 || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))
1356 || !TEST_int_eq(EVP_CIPHER_block_size(cipher), 128/8))
1359 if (!TEST_ptr_null(cipher))
1363 EVP_CIPHER_free(cipher);
1367 * Explicitly asking for a fips implementation should succeed if we have
1368 * the FIPS provider loaded and fail otherwise
1370 cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "fips=yes");
1371 if (tst == 3 || tst == 4) {
1372 if (!TEST_ptr(cipher)
1373 || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))
1374 || !TEST_ptr(params = cipher->gettable_params())
1375 || !TEST_int_gt(get_num_params(params), 1)
1376 || !TEST_ptr(params = cipher->gettable_ctx_params())
1377 || !TEST_int_gt(get_num_params(params), 1)
1378 || !TEST_ptr(params = cipher->settable_ctx_params())
1379 || !TEST_int_gt(get_num_params(params), 1))
1382 if (!TEST_ptr_null(cipher))
1389 EVP_CIPHER_free(cipher);
1390 OSSL_PROVIDER_unload(defltprov);
1391 OSSL_PROVIDER_unload(fipsprov);
1392 /* Not normally needed, but we would like to test that
1393 * OPENSSL_thread_stop_ex() behaves as expected.
1396 OPENSSL_thread_stop_ex(ctx);
1397 OPENSSL_CTX_free(ctx);
1401 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1402 static int test_EVP_PKEY_CTX_get_set_params(void)
1404 EVP_PKEY_CTX *ctx = NULL;
1405 EVP_SIGNATURE *dsaimpl = NULL;
1406 const OSSL_PARAM *params;
1407 OSSL_PARAM ourparams[2], *param = ourparams;
1409 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1410 EVP_PKEY *pkey = NULL;
1413 size_t mdsize = SHA512_DIGEST_LENGTH;
1416 * Setup the parameters for our DSA object. For our purposes they don't have
1417 * to actually be *valid* parameters. We just need to set something. We
1418 * don't even need a pub_key/priv_key.
1428 || !DSA_set0_pqg(dsa, p, q, g))
1432 pkey = EVP_PKEY_new();
1434 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1439 /* Initialise a sign operation */
1440 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1441 dsaimpl = EVP_SIGNATURE_fetch(NULL, "DSA", NULL);
1443 || !TEST_ptr(dsaimpl)
1444 || !TEST_int_gt(EVP_PKEY_sign_init_ex(ctx, dsaimpl), 0))
1448 * We should be able to query the parameters now. The default DSA
1449 * implementation supports exactly one parameter - so we expect to see that
1450 * returned and no more.
1452 params = EVP_PKEY_CTX_settable_params(ctx);
1453 if (!TEST_ptr(params)
1454 || !TEST_int_eq(strcmp(params[0].key,
1455 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1456 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1458 /* The final key should be NULL */
1459 || !TEST_ptr_null(params[2].key))
1462 /* Gettable params are the same as the settable ones */
1463 params = EVP_PKEY_CTX_gettable_params(ctx);
1464 if (!TEST_ptr(params)
1465 || !TEST_int_eq(strcmp(params[0].key,
1466 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1467 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1469 /* The final key should be NULL */
1470 || !TEST_ptr_null(params[2].key))
1474 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1475 * EVP_PKEY_CTX_get_params()
1477 *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
1479 *param++ = OSSL_PARAM_construct_end();
1481 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1485 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1486 || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
1490 * Test the TEST_PKEY_CTX_set_signature_md() and
1491 * TEST_PKEY_CTX_get_signature_md() functions
1493 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1494 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1495 || !TEST_ptr_eq(md, EVP_sha256()))
1501 EVP_PKEY_CTX_free(ctx);
1502 EVP_SIGNATURE_free(dsaimpl);
1503 EVP_PKEY_free(pkey);
1512 int setup_tests(void)
1514 ADD_TEST(test_EVP_DigestSignInit);
1515 ADD_TEST(test_EVP_DigestVerifyInit);
1516 ADD_TEST(test_EVP_Enveloped);
1517 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1518 #ifndef OPENSSL_NO_EC
1519 ADD_TEST(test_EVP_PKCS82PKEY);
1521 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1522 ADD_TEST(test_EVP_SM2);
1523 ADD_TEST(test_EVP_SM2_verify);
1525 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1526 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1527 if (!TEST_ptr(custom_pmeth))
1529 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1530 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1531 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1532 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1534 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1535 ADD_TEST(test_HKDF);
1536 #ifndef OPENSSL_NO_EC
1537 ADD_TEST(test_X509_PUBKEY_inplace);
1538 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1539 OSSL_NELEM(ec_der_pub_keys));
1541 #ifdef NO_FIPS_MODULE
1542 ADD_ALL_TESTS(test_EVP_MD_fetch, 3);
1543 ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 3);
1545 ADD_ALL_TESTS(test_EVP_MD_fetch, 5);
1546 ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 5);
1548 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);