evp_extra_test.c revision 1.1.1.1
1 /* 2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include <openssl/rand.h> 36 # include <crypto/ml_kem.h> 37 #include "testutil.h" 38 #include "internal/nelem.h" 39 #include "internal/sizes.h" 40 #include "crypto/evp.h" 41 #include "fake_rsaprov.h" 42 #include "fake_pipelineprov.h" 43 44 #ifdef STATIC_LEGACY 45 OSSL_provider_init_fn ossl_legacy_provider_init; 46 #endif 47 48 static OSSL_LIB_CTX *testctx = NULL; 49 static char *testpropq = NULL; 50 51 static OSSL_PROVIDER *nullprov = NULL; 52 static OSSL_PROVIDER *deflprov = NULL; 53 static OSSL_PROVIDER *lgcyprov = NULL; 54 55 /* 56 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 57 * should never use this key anywhere but in an example. 58 */ 59 static const unsigned char kExampleRSAKeyDER[] = { 60 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 61 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 62 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 63 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 64 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 65 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 66 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 67 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 68 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 69 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 70 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 71 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 72 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 73 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 74 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 75 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 76 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 77 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 78 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 79 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 80 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 81 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 82 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 83 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 84 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 85 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 86 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 87 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 88 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 89 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 90 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 91 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 92 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 93 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 94 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 95 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 96 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 97 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 98 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 99 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 100 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 101 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 102 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 103 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 104 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 105 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 106 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 107 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 108 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 109 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 110 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 111 }; 112 113 /* An invalid key whose prime factors exceed modulus n. */ 114 static const unsigned char kInvalidRSAKeyDER[] = { 115 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 116 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 119 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 120 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 121 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 122 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 123 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 124 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 125 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 126 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 127 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 129 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 130 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 131 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 132 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 133 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 134 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 135 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 136 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 137 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 138 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 139 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 140 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 144 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 145 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 146 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 147 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 148 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 149 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 150 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 151 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 152 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 154 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 155 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 156 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 157 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 158 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 159 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 160 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 161 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 163 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 164 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 165 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, 166 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 168 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 169 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 170 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 171 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, 174 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 175 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, 176 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, 177 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 179 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 180 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 181 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 182 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, 183 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 184 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, 185 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, 186 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, 187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 188 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 189 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 190 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, 191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 194 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, 195 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, 196 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 197 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 198 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 199 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, 200 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, 201 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 202 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, 203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, 204 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 205 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 206 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 207 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 208 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 209 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 210 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 211 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, 212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 215 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 216 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 217 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, 218 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 220 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 221 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 222 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 223 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 224 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 226 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 227 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 228 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 229 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 230 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 231 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 232 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, 233 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 235 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 236 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 237 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 238 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 239 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, 240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 241 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 242 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 243 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, 245 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 246 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 247 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, 249 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, 250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 254 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 255 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, 256 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 257 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, 258 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 259 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, 260 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, 261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 264 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 265 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, 266 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, 267 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 268 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, 269 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, 270 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, 272 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, 273 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, 274 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, 275 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, 276 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, 277 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 278 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 279 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, 280 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 281 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 282 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 283 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 284 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 285 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 286 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 287 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, 288 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 289 0xe2, 0x80, 290 }; 291 292 /* 293 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 294 * should never use this key anywhere but in an example. 295 */ 296 #ifndef OPENSSL_NO_DSA 297 static const unsigned char kExampleDSAKeyDER[] = { 298 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 299 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 300 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 301 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 302 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 303 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 304 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 305 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 306 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 307 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 308 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 309 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 310 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 311 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 312 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 313 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 314 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 315 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 316 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 317 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 318 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 319 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 320 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 321 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 322 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 323 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 324 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 325 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 326 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 327 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 328 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 329 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 330 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 331 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 332 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 333 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 334 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 335 0x40, 0x48 336 }; 337 #endif 338 339 /* 340 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 341 * components are not correct. 342 */ 343 static const unsigned char kExampleBadRSAKeyDER[] = { 344 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 345 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 346 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 347 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 348 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 349 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 350 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 351 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 352 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 353 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 354 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 355 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 356 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 357 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 358 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 359 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 360 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 361 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 362 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 363 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 364 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 365 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 366 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 367 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 368 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 369 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 370 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 371 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 372 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 373 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 374 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 375 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 376 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 377 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 378 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 379 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 380 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 381 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 382 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 383 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 384 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 385 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 386 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 387 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 388 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 389 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 390 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 391 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 392 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 393 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 394 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 395 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 396 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 397 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 398 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 399 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 400 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 401 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 402 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 403 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 404 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 405 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 406 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 407 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 408 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 409 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 410 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 411 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 412 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 413 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 414 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 415 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 416 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 417 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 418 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 419 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 420 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 421 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 422 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 423 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 424 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 425 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 426 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 427 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 428 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 429 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 430 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 431 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 432 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 433 }; 434 435 /* 436 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 437 * values are 0. 438 */ 439 static const unsigned char kExampleBad2RSAKeyDER[] = { 440 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 441 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 442 0x01, 0x00, 0x02, 0x01, 0x00 443 }; 444 445 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 446 447 static const unsigned char kSignature[] = { 448 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 449 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 450 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 451 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 452 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 453 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 454 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 455 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 456 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 457 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 458 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 459 }; 460 461 /* 462 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 463 * PrivateKeyInfo. 464 */ 465 static const unsigned char kExampleRSAKeyPKCS8[] = { 466 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 467 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 468 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 469 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 470 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 471 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 472 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 473 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 474 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 475 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 476 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 477 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 478 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 479 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 480 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 481 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 482 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 483 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 484 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 485 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 486 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 487 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 488 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 489 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 490 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 491 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 492 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 493 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 494 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 495 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 496 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 497 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 498 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 499 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 500 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 501 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 502 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 503 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 504 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 505 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 506 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 507 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 508 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 509 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 510 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 511 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 512 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 513 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 514 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 515 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 516 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 517 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 518 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 519 }; 520 521 /* 522 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 523 * PrivateKeyInfo (with an optional public key). 524 */ 525 static const unsigned char kExampleRSAKeyPKCS8_v2[] = { 526 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 527 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 528 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 529 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 530 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 531 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 532 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 533 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 534 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 535 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 536 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 537 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 538 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 539 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 540 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 541 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 542 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 543 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 544 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 545 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 546 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 547 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 548 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 549 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 550 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 551 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 552 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 553 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 554 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 555 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 556 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 557 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 558 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 559 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 560 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 561 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 562 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 563 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 564 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 565 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 566 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 567 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 568 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 569 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 570 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 571 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 572 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 573 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 574 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 575 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 576 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 577 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 578 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 579 /* Implicit optional Public key BIT STRING */ 580 0x81, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 581 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 582 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 583 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 584 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 585 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 586 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 587 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 588 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 589 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 590 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 591 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 592 }; 593 594 #ifndef OPENSSL_NO_EC 595 /* 596 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 597 * structure. 598 */ 599 static const unsigned char kExampleECKeyDER[] = { 600 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 601 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 602 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 603 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 604 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 605 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 606 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 607 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 608 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 609 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 610 0xc1, 611 }; 612 613 static const unsigned char kExampleECKeyPKCS8_v2[] = { 614 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 615 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 616 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 617 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 618 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 619 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, 620 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 621 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 622 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 623 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 624 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 625 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, 626 /* Optional implicit public key BIT STRING */ 627 0x81, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 628 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 629 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 630 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 631 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 632 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 633 }; 634 635 /* 636 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 637 * structure. The private key is equal to the order and will fail to import 638 */ 639 static const unsigned char kExampleBadECKeyDER[] = { 640 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 641 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 642 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 643 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 644 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 645 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 646 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 647 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 648 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 649 }; 650 651 /* prime256v1 */ 652 static const unsigned char kExampleECPubKeyDER[] = { 653 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 654 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 655 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 656 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 657 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 658 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 659 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 660 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 661 }; 662 663 /* 664 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 665 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 666 */ 667 static const unsigned char kExampleBadECPubKeyDER[] = { 668 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 669 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 670 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 671 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 672 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 673 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 674 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 675 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 676 }; 677 678 static const unsigned char pExampleECParamDER[] = { 679 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 680 }; 681 682 # ifndef OPENSSL_NO_ECX 683 static const unsigned char kExampleED25519KeyDER[] = { 684 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 685 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 686 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 687 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 688 }; 689 690 static const unsigned char kExampleED25519PubKeyDER[] = { 691 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 692 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 693 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 694 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 695 }; 696 697 # ifndef OPENSSL_NO_DEPRECATED_3_0 698 static const unsigned char kExampleX25519KeyDER[] = { 699 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 700 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 701 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 702 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 703 }; 704 # endif 705 # endif 706 #endif 707 708 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 709 #ifndef OPENSSL_NO_DEPRECATED_3_0 710 # ifndef OPENSSL_NO_DH 711 static const unsigned char kExampleDHKeyDER[] = { 712 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 713 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 714 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 715 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 716 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 717 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 718 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 719 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 720 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 721 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 722 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 723 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 724 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 725 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 726 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 727 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 728 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 729 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 730 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 731 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 732 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 733 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 734 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 735 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 736 0x2e, 0x87, 0x2a, 0x0b, 0x7a 737 }; 738 # endif 739 #endif 740 741 static const unsigned char kCFBDefaultKey[] = { 742 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 743 0x09, 0xCF, 0x4F, 0x3C 744 }; 745 746 static const unsigned char kGCMDefaultKey[32] = { 0 }; 747 748 static const unsigned char kGCMResetKey[] = { 749 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 750 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 751 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 752 }; 753 754 static const unsigned char iCFBIV[] = { 755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 756 0x0C, 0x0D, 0x0E, 0x0F 757 }; 758 759 static const unsigned char iGCMDefaultIV[12] = { 0 }; 760 761 static const unsigned char iGCMResetIV1[] = { 762 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 763 }; 764 765 static const unsigned char iGCMResetIV2[] = { 766 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 767 }; 768 769 static const unsigned char cfbPlaintext[] = { 770 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 771 0x73, 0x93, 0x17, 0x2A 772 }; 773 static const unsigned char cfbPlaintext_partial[] = { 774 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 775 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 776 }; 777 778 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 779 780 static const unsigned char gcmResetPlaintext[] = { 781 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 782 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 783 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 784 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 785 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 786 }; 787 788 static const unsigned char cfbCiphertext[] = { 789 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 790 0xE8, 0x3C, 0xFB, 0x4A 791 }; 792 793 static const unsigned char cfbCiphertext_partial[] = { 794 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 795 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 796 }; 797 798 static const unsigned char ofbCiphertext_partial[] = { 799 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 800 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 801 }; 802 803 static const unsigned char gcmDefaultCiphertext[] = { 804 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 805 0xba, 0xf3, 0x9d, 0x18 806 }; 807 808 static const unsigned char gcmResetCiphertext1[] = { 809 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 810 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 811 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 812 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 813 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 814 }; 815 816 static const unsigned char gcmResetCiphertext2[] = { 817 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 818 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 819 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 820 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 821 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 822 }; 823 824 static const unsigned char gcmAAD[] = { 825 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 826 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 827 }; 828 829 static const unsigned char gcmDefaultTag[] = { 830 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 831 0xd4, 0x8a, 0xb9, 0x19 832 }; 833 834 static const unsigned char gcmResetTag1[] = { 835 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 836 0xfe, 0x2e, 0xa8, 0xf2 837 }; 838 839 static const unsigned char gcmResetTag2[] = { 840 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 841 0xbb, 0x2d, 0x55, 0x1b 842 }; 843 844 typedef struct APK_DATA_st { 845 const unsigned char *kder; 846 size_t size; 847 const char *keytype; 848 int evptype; 849 int check; 850 int pub_check; 851 int param_check; 852 int type; /* 0 for private, 1 for public, 2 for params */ 853 } APK_DATA; 854 855 static APK_DATA keydata[] = { 856 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, 857 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, 858 #ifndef OPENSSL_NO_EC 859 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} 860 #endif 861 }; 862 863 static APK_DATA keydata_v2[] = { 864 {kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA}, 865 #ifndef OPENSSL_NO_EC 866 {kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC} 867 #endif 868 }; 869 870 static APK_DATA keycheckdata[] = { 871 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 872 0}, 873 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 874 0, 1, 1, 0}, 875 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 876 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, 877 #ifndef OPENSSL_NO_EC 878 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, 879 /* group is also associated in our pub key */ 880 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 881 1, 1}, 882 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 883 2}, 884 # ifndef OPENSSL_NO_ECX 885 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 886 EVP_PKEY_ED25519, 1, 1, 1, 0}, 887 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 888 EVP_PKEY_ED25519, 0, 1, 1, 1}, 889 # endif 890 #endif 891 }; 892 893 static EVP_PKEY *load_example_key(const char *keytype, 894 const unsigned char *data, size_t data_len) 895 { 896 const unsigned char **pdata = &data; 897 EVP_PKEY *pkey = NULL; 898 OSSL_DECODER_CTX *dctx = 899 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 900 testctx, testpropq); 901 902 /* |pkey| will be NULL on error */ 903 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 904 OSSL_DECODER_CTX_free(dctx); 905 return pkey; 906 } 907 908 static EVP_PKEY *load_example_rsa_key(void) 909 { 910 return load_example_key("RSA", kExampleRSAKeyDER, 911 sizeof(kExampleRSAKeyDER)); 912 } 913 914 #ifndef OPENSSL_NO_DSA 915 static EVP_PKEY *load_example_dsa_key(void) 916 { 917 return load_example_key("DSA", kExampleDSAKeyDER, 918 sizeof(kExampleDSAKeyDER)); 919 } 920 #endif 921 922 #ifndef OPENSSL_NO_EC 923 static EVP_PKEY *load_example_ec_key(void) 924 { 925 return load_example_key("EC", kExampleECKeyDER, 926 sizeof(kExampleECKeyDER)); 927 } 928 #endif 929 930 #ifndef OPENSSL_NO_DEPRECATED_3_0 931 # ifndef OPENSSL_NO_DH 932 static EVP_PKEY *load_example_dh_key(void) 933 { 934 return load_example_key("DH", kExampleDHKeyDER, 935 sizeof(kExampleDHKeyDER)); 936 } 937 # endif 938 939 # ifndef OPENSSL_NO_ECX 940 static EVP_PKEY *load_example_ed25519_key(void) 941 { 942 return load_example_key("ED25519", kExampleED25519KeyDER, 943 sizeof(kExampleED25519KeyDER)); 944 } 945 946 static EVP_PKEY *load_example_x25519_key(void) 947 { 948 return load_example_key("X25519", kExampleX25519KeyDER, 949 sizeof(kExampleX25519KeyDER)); 950 } 951 # endif 952 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 953 954 static EVP_PKEY *load_example_hmac_key(void) 955 { 956 EVP_PKEY *pkey = NULL; 957 unsigned char key[] = { 958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 959 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 960 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 961 }; 962 963 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 964 NULL, key, sizeof(key)); 965 if (!TEST_ptr(pkey)) 966 return NULL; 967 968 return pkey; 969 } 970 971 static int test_EVP_set_config_properties(void) 972 { 973 char *fetched_properties = NULL; 974 const char test_propq[] = "test.fizzbuzz=buzzfizz"; 975 int res = 0; 976 977 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); 978 if (!TEST_ptr(fetched_properties) 979 || !TEST_str_eq(fetched_properties, test_propq)) 980 goto err; 981 OPENSSL_free(fetched_properties); 982 fetched_properties = NULL; 983 984 res = 1; 985 err: 986 OPENSSL_free(fetched_properties); 987 return res; 988 } 989 990 static int test_EVP_set_default_properties(void) 991 { 992 OSSL_LIB_CTX *ctx; 993 EVP_MD *md = NULL; 994 int res = 0; 995 char *fetched_properties = NULL; 996 const char test_propq[] = "provider=fizzbang"; 997 const char test_fips_propq[] = "fips=yes,provider=fizzbang"; 998 999 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 1000 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1001 goto err; 1002 EVP_MD_free(md); 1003 md = NULL; 1004 1005 if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) 1006 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 1007 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 1008 goto err; 1009 EVP_MD_free(md); 1010 md = NULL; 1011 1012 fetched_properties = EVP_get1_default_properties(ctx); 1013 if (!TEST_ptr(fetched_properties) 1014 || !TEST_str_eq(fetched_properties, test_propq)) 1015 goto err; 1016 OPENSSL_free(fetched_properties); 1017 fetched_properties = NULL; 1018 1019 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) 1020 goto err; 1021 fetched_properties = EVP_get1_default_properties(ctx); 1022 if (!TEST_ptr(fetched_properties) 1023 || !TEST_str_eq(fetched_properties, test_fips_propq)) 1024 goto err; 1025 OPENSSL_free(fetched_properties); 1026 fetched_properties = NULL; 1027 1028 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) 1029 goto err; 1030 1031 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 1032 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 1033 goto err; 1034 res = 1; 1035 err: 1036 OPENSSL_free(fetched_properties); 1037 EVP_MD_free(md); 1038 OSSL_LIB_CTX_free(ctx); 1039 return res; 1040 } 1041 1042 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1043 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 1044 { 1045 EVP_PKEY_CTX *pctx = NULL; 1046 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 1047 1048 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 1049 goto err; 1050 /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ 1051 if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) 1052 || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 1053 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 1054 params), 0)) 1055 goto err; 1056 1057 if (!TEST_ptr(tmp_pkey)) 1058 goto err; 1059 1060 pkey = tmp_pkey; 1061 tmp_pkey = NULL; 1062 err: 1063 EVP_PKEY_free(tmp_pkey); 1064 EVP_PKEY_CTX_free(pctx); 1065 return pkey; 1066 } 1067 1068 static int test_selection(EVP_PKEY *pkey, int selection) 1069 { 1070 int testresult = 0; 1071 int ret; 1072 BIO *bio = BIO_new(BIO_s_mem()); 1073 1074 ret = PEM_write_bio_PUBKEY(bio, pkey); 1075 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 1076 if (!TEST_true(ret)) 1077 goto err; 1078 } else { 1079 if (!TEST_false(ret)) 1080 goto err; 1081 } 1082 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 1083 testctx, NULL); 1084 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 1085 if (!TEST_true(ret)) 1086 goto err; 1087 } else { 1088 if (!TEST_false(ret)) 1089 goto err; 1090 } 1091 1092 testresult = 1; 1093 err: 1094 BIO_free(bio); 1095 1096 return testresult; 1097 } 1098 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 1099 1100 /* 1101 * Test combinations of private, public, missing and private + public key 1102 * params to ensure they are all accepted 1103 */ 1104 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 1105 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 1106 { 1107 OSSL_PARAM_BLD *bld = NULL; 1108 OSSL_PARAM *params = NULL; 1109 EVP_PKEY *just_params = NULL; 1110 EVP_PKEY *params_and_priv = NULL; 1111 EVP_PKEY *params_and_pub = NULL; 1112 EVP_PKEY *params_and_keypair = NULL; 1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 1114 int ret = 0; 1115 1116 /* 1117 * Setup the parameters for our pkey object. For our purposes they don't 1118 * have to actually be *valid* parameters. We just need to set something. 1119 */ 1120 if (!TEST_ptr(p = BN_new()) 1121 || !TEST_ptr(q = BN_new()) 1122 || !TEST_ptr(g = BN_new()) 1123 || !TEST_ptr(pub = BN_new()) 1124 || !TEST_ptr(priv = BN_new())) 1125 goto err; 1126 1127 /* Test !priv and !pub */ 1128 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1130 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1131 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 1132 goto err; 1133 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1134 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 1135 goto err; 1136 1137 OSSL_PARAM_free(params); 1138 OSSL_PARAM_BLD_free(bld); 1139 params = NULL; 1140 bld = NULL; 1141 1142 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1143 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1144 goto err; 1145 1146 /* Test priv and !pub */ 1147 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1148 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1149 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1150 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1151 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1152 priv))) 1153 goto err; 1154 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1155 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 1156 goto err; 1157 1158 OSSL_PARAM_free(params); 1159 OSSL_PARAM_BLD_free(bld); 1160 params = NULL; 1161 bld = NULL; 1162 1163 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 1164 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1165 goto err; 1166 1167 /* Test !priv and pub */ 1168 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1169 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1170 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1171 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1172 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1173 pub))) 1174 goto err; 1175 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1176 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 1177 goto err; 1178 1179 OSSL_PARAM_free(params); 1180 OSSL_PARAM_BLD_free(bld); 1181 params = NULL; 1182 bld = NULL; 1183 1184 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1185 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1186 goto err; 1187 1188 /* Test priv and pub */ 1189 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 1191 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 1192 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 1193 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1194 pub)) 1195 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1196 priv))) 1197 goto err; 1198 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1199 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 1200 goto err; 1201 1202 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1203 goto err; 1204 1205 ret = 1; 1206 err: 1207 OSSL_PARAM_free(params); 1208 OSSL_PARAM_BLD_free(bld); 1209 EVP_PKEY_free(just_params); 1210 EVP_PKEY_free(params_and_priv); 1211 EVP_PKEY_free(params_and_pub); 1212 EVP_PKEY_free(params_and_keypair); 1213 BN_free(p); 1214 BN_free(q); 1215 BN_free(g); 1216 BN_free(pub); 1217 BN_free(priv); 1218 1219 return ret; 1220 } 1221 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 1222 1223 /* 1224 * Test combinations of private, public, missing and private + public key 1225 * params to ensure they are all accepted for EC keys 1226 */ 1227 #ifndef OPENSSL_NO_EC 1228 static unsigned char ec_priv[] = { 1229 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 1230 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 1231 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 1232 }; 1233 static unsigned char ec_pub[] = { 1234 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 1235 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 1236 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 1237 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 1238 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 1239 0x08, 0x09, 0xb8, 0xdb, 0x03 1240 }; 1241 1242 static int test_EC_priv_pub(void) 1243 { 1244 OSSL_PARAM_BLD *bld = NULL; 1245 OSSL_PARAM *params = NULL; 1246 EVP_PKEY *just_params = NULL; 1247 EVP_PKEY *params_and_priv = NULL; 1248 EVP_PKEY *params_and_pub = NULL; 1249 EVP_PKEY *params_and_keypair = NULL; 1250 BIGNUM *priv = NULL; 1251 int ret = 0; 1252 unsigned char *encoded = NULL; 1253 size_t len = 0; 1254 unsigned char buffer[128]; 1255 1256 /* 1257 * Setup the parameters for our pkey object. For our purposes they don't 1258 * have to actually be *valid* parameters. We just need to set something. 1259 */ 1260 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1261 goto err; 1262 1263 /* Test !priv and !pub */ 1264 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1265 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1266 OSSL_PKEY_PARAM_GROUP_NAME, 1267 "P-256", 0))) 1268 goto err; 1269 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1270 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 1271 goto err; 1272 1273 OSSL_PARAM_free(params); 1274 OSSL_PARAM_BLD_free(bld); 1275 params = NULL; 1276 bld = NULL; 1277 1278 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1279 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 1280 goto err; 1281 1282 /* Test priv and !pub */ 1283 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1284 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1285 OSSL_PKEY_PARAM_GROUP_NAME, 1286 "P-256", 0)) 1287 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1288 priv))) 1289 goto err; 1290 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1291 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 1292 goto err; 1293 1294 OSSL_PARAM_free(params); 1295 OSSL_PARAM_BLD_free(bld); 1296 params = NULL; 1297 bld = NULL; 1298 1299 /* 1300 * We indicate only parameters here, in spite of having built a key that 1301 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 1302 * expected to fail because it does not support exporting a private EC 1303 * key without a corresponding public key 1304 */ 1305 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 1306 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 1307 goto err; 1308 1309 /* Test !priv and pub */ 1310 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1311 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1312 OSSL_PKEY_PARAM_GROUP_NAME, 1313 "P-256", 0)) 1314 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1315 OSSL_PKEY_PARAM_PUB_KEY, 1316 ec_pub, sizeof(ec_pub)))) 1317 goto err; 1318 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1319 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 1320 goto err; 1321 1322 OSSL_PARAM_free(params); 1323 OSSL_PARAM_BLD_free(bld); 1324 params = NULL; 1325 bld = NULL; 1326 1327 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 1328 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 1329 goto err; 1330 1331 /* Test priv and pub */ 1332 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1333 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1334 OSSL_PKEY_PARAM_GROUP_NAME, 1335 "P-256", 0)) 1336 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1337 OSSL_PKEY_PARAM_PUB_KEY, 1338 ec_pub, sizeof(ec_pub))) 1339 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1340 priv))) 1341 goto err; 1342 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1343 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1344 goto err; 1345 1346 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1347 goto err; 1348 1349 /* Try key equality */ 1350 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1351 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1352 0) 1353 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1354 0) 1355 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1356 0) 1357 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1358 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1359 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1360 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1361 goto err; 1362 1363 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1364 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1365 goto err; 1366 OPENSSL_free(encoded); 1367 encoded = NULL; 1368 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1369 OPENSSL_free(encoded); 1370 encoded = NULL; 1371 goto err; 1372 } 1373 1374 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1375 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1376 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1377 buffer, sizeof(buffer), &len), 1) 1378 || !TEST_int_eq(len, 65)) 1379 goto err; 1380 1381 len = 0; 1382 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1383 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1384 NULL, 0, &len), 1) 1385 || !TEST_int_eq(len, 65)) 1386 goto err; 1387 1388 /* too-short buffer len*/ 1389 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1390 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1391 buffer, 10, &len), 0)) 1392 goto err; 1393 1394 ret = 1; 1395 err: 1396 OSSL_PARAM_free(params); 1397 OSSL_PARAM_BLD_free(bld); 1398 EVP_PKEY_free(just_params); 1399 EVP_PKEY_free(params_and_priv); 1400 EVP_PKEY_free(params_and_pub); 1401 EVP_PKEY_free(params_and_keypair); 1402 BN_free(priv); 1403 1404 return ret; 1405 } 1406 1407 /* Also test that we can read the EC PUB affine coordinates */ 1408 static int test_evp_get_ec_pub(void) 1409 { 1410 OSSL_PARAM_BLD *bld = NULL; 1411 OSSL_PARAM *params = NULL; 1412 unsigned char *pad = NULL; 1413 EVP_PKEY *keypair = NULL; 1414 BIGNUM *priv = NULL; 1415 BIGNUM *x = NULL; 1416 BIGNUM *y = NULL; 1417 int ret = 0; 1418 1419 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1420 goto err; 1421 1422 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1423 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1424 OSSL_PKEY_PARAM_GROUP_NAME, 1425 "P-256", 0)) 1426 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1427 OSSL_PKEY_PARAM_PUB_KEY, 1428 ec_pub, sizeof(ec_pub))) 1429 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1430 priv))) 1431 goto err; 1432 1433 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1434 || !TEST_ptr(keypair = make_key_fromdata("EC", params))) 1435 goto err; 1436 1437 if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) 1438 goto err; 1439 1440 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) 1441 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) 1442 goto err; 1443 1444 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1445 goto err; 1446 1447 pad[0] = ec_pub[0]; 1448 BN_bn2bin(x, &pad[1]); 1449 BN_bn2bin(y, &pad[33]); 1450 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1451 goto err; 1452 1453 ret = 1; 1454 1455 err: 1456 OSSL_PARAM_free(params); 1457 OSSL_PARAM_BLD_free(bld); 1458 EVP_PKEY_free(keypair); 1459 OPENSSL_free(pad); 1460 BN_free(priv); 1461 BN_free(x); 1462 BN_free(y); 1463 return ret; 1464 } 1465 1466 /* Test that using a legacy EC key with only a private key in it works */ 1467 # ifndef OPENSSL_NO_DEPRECATED_3_0 1468 static int test_EC_priv_only_legacy(void) 1469 { 1470 BIGNUM *priv = NULL; 1471 int ret = 0; 1472 EC_KEY *eckey = NULL; 1473 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1474 EVP_MD_CTX *ctx = NULL; 1475 1476 /* Create the low level EC_KEY */ 1477 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1478 goto err; 1479 1480 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1481 if (!TEST_ptr(eckey)) 1482 goto err; 1483 1484 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1485 goto err; 1486 1487 pkey = EVP_PKEY_new(); 1488 if (!TEST_ptr(pkey)) 1489 goto err; 1490 1491 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1492 goto err; 1493 eckey = NULL; 1494 1495 for (;;) { 1496 ret = 0; 1497 ctx = EVP_MD_CTX_new(); 1498 if (!TEST_ptr(ctx)) 1499 goto err; 1500 1501 /* 1502 * The EVP_DigestSignInit function should create the key on the 1503 * provider side which is sufficient for this test. 1504 */ 1505 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1506 testpropq, pkey, NULL))) 1507 goto err; 1508 EVP_MD_CTX_free(ctx); 1509 ctx = NULL; 1510 1511 if (dup_pk != NULL) 1512 break; 1513 1514 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1515 goto err; 1516 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1517 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1518 EVP_PKEY_free(pkey); 1519 pkey = dup_pk; 1520 if (!ret) 1521 goto err; 1522 } 1523 ret = 1; 1524 1525 err: 1526 EVP_MD_CTX_free(ctx); 1527 EVP_PKEY_free(pkey); 1528 EC_KEY_free(eckey); 1529 BN_free(priv); 1530 1531 return ret; 1532 } 1533 1534 static int test_evp_get_ec_pub_legacy(void) 1535 { 1536 OSSL_LIB_CTX *libctx = NULL; 1537 unsigned char *pad = NULL; 1538 EVP_PKEY *pkey = NULL; 1539 EC_KEY *eckey = NULL; 1540 BIGNUM *priv = NULL; 1541 BIGNUM *x = NULL; 1542 BIGNUM *y = NULL; 1543 int ret = 0; 1544 1545 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 1546 goto err; 1547 1548 /* Create the legacy key */ 1549 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, 1550 NID_X9_62_prime256v1))) 1551 goto err; 1552 1553 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1554 goto err; 1555 1556 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1557 goto err; 1558 1559 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) 1560 goto err; 1561 1562 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) 1563 goto err; 1564 1565 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) 1566 goto err; 1567 1568 if (!TEST_ptr(pkey = EVP_PKEY_new())) 1569 goto err; 1570 1571 /* Transfer the legacy key */ 1572 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1573 goto err; 1574 eckey = NULL; 1575 1576 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) 1577 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) 1578 goto err; 1579 1580 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) 1581 goto err; 1582 1583 pad[0] = ec_pub[0]; 1584 BN_bn2bin(x, &pad[1]); 1585 BN_bn2bin(y, &pad[33]); 1586 1587 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) 1588 goto err; 1589 1590 ret = 1; 1591 1592 err: 1593 OSSL_LIB_CTX_free(libctx); 1594 EVP_PKEY_free(pkey); 1595 EC_KEY_free(eckey); 1596 OPENSSL_free(pad); 1597 BN_free(priv); 1598 BN_free(x); 1599 BN_free(y); 1600 1601 return ret; 1602 } 1603 # endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1604 #endif /* OPENSSL_NO_EC */ 1605 1606 static int test_EVP_PKEY_sign(int tst) 1607 { 1608 int ret = 0; 1609 EVP_PKEY *pkey = NULL; 1610 unsigned char *sig = NULL; 1611 size_t sig_len = 0, shortsig_len = 1; 1612 EVP_PKEY_CTX *ctx = NULL; 1613 unsigned char tbs[] = { 1614 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1615 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1616 }; 1617 1618 if (tst == 0) { 1619 if (!TEST_ptr(pkey = load_example_rsa_key())) 1620 goto out; 1621 } else if (tst == 1) { 1622 #ifndef OPENSSL_NO_DSA 1623 if (!TEST_ptr(pkey = load_example_dsa_key())) 1624 goto out; 1625 #else 1626 ret = 1; 1627 goto out; 1628 #endif 1629 } else { 1630 #ifndef OPENSSL_NO_EC 1631 if (!TEST_ptr(pkey = load_example_ec_key())) 1632 goto out; 1633 #else 1634 ret = 1; 1635 goto out; 1636 #endif 1637 } 1638 1639 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1640 if (!TEST_ptr(ctx) 1641 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1642 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1643 sizeof(tbs)), 0)) 1644 goto out; 1645 sig = OPENSSL_malloc(sig_len); 1646 if (!TEST_ptr(sig) 1647 /* Test sending a signature buffer that is too short is rejected */ 1648 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1649 sizeof(tbs)), 0) 1650 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1651 0) 1652 /* Test the signature round-trips */ 1653 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1654 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1655 0)) 1656 goto out; 1657 1658 ret = 1; 1659 out: 1660 EVP_PKEY_CTX_free(ctx); 1661 OPENSSL_free(sig); 1662 EVP_PKEY_free(pkey); 1663 return ret; 1664 } 1665 1666 #ifndef OPENSSL_NO_DEPRECATED_3_0 1667 static int test_EVP_PKEY_sign_with_app_method(int tst) 1668 { 1669 int ret = 0; 1670 EVP_PKEY *pkey = NULL; 1671 RSA *rsa = NULL; 1672 RSA_METHOD *rsa_meth = NULL; 1673 #ifndef OPENSSL_NO_DSA 1674 DSA *dsa = NULL; 1675 DSA_METHOD *dsa_meth = NULL; 1676 #endif 1677 unsigned char *sig = NULL; 1678 size_t sig_len = 0, shortsig_len = 1; 1679 EVP_PKEY_CTX *ctx = NULL; 1680 unsigned char tbs[] = { 1681 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1682 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1683 }; 1684 1685 if (tst == 0) { 1686 if (!TEST_ptr(pkey = load_example_rsa_key())) 1687 goto out; 1688 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1689 goto out; 1690 1691 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1692 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1693 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1694 goto out; 1695 rsa = NULL; /* now owned by the pkey */ 1696 } else { 1697 #ifndef OPENSSL_NO_DSA 1698 if (!TEST_ptr(pkey = load_example_dsa_key())) 1699 goto out; 1700 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1701 goto out; 1702 1703 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1704 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1705 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1706 goto out; 1707 dsa = NULL; /* now owned by the pkey */ 1708 #else 1709 ret = 1; 1710 goto out; 1711 #endif 1712 } 1713 1714 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1715 if (!TEST_ptr(ctx) 1716 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1717 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1718 sizeof(tbs)), 0)) 1719 goto out; 1720 sig = OPENSSL_malloc(sig_len); 1721 if (!TEST_ptr(sig) 1722 /* Test sending a signature buffer that is too short is rejected */ 1723 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1724 sizeof(tbs)), 0) 1725 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1726 0) 1727 /* Test the signature round-trips */ 1728 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1729 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1730 0)) 1731 goto out; 1732 1733 ret = 1; 1734 out: 1735 EVP_PKEY_CTX_free(ctx); 1736 OPENSSL_free(sig); 1737 EVP_PKEY_free(pkey); 1738 RSA_free(rsa); 1739 RSA_meth_free(rsa_meth); 1740 #ifndef OPENSSL_NO_DSA 1741 DSA_free(dsa); 1742 DSA_meth_free(dsa_meth); 1743 #endif 1744 return ret; 1745 } 1746 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1747 1748 /* 1749 * n = 0 => test using legacy cipher 1750 * n = 1 => test using fetched cipher 1751 */ 1752 static int test_EVP_Enveloped(int n) 1753 { 1754 int ret = 0; 1755 EVP_CIPHER_CTX *ctx = NULL; 1756 EVP_PKEY *keypair = NULL; 1757 unsigned char *kek = NULL; 1758 unsigned char iv[EVP_MAX_IV_LENGTH]; 1759 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1760 int len, kek_len, ciphertext_len, plaintext_len; 1761 unsigned char ciphertext[32], plaintext[16]; 1762 EVP_CIPHER *type = NULL; 1763 1764 if (nullprov != NULL) 1765 return TEST_skip("Test does not support a non-default library context"); 1766 1767 if (n == 0) 1768 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1769 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1770 testpropq))) 1771 goto err; 1772 1773 if (!TEST_ptr(keypair = load_example_rsa_key()) 1774 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1775 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1776 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1777 &keypair, 1)) 1778 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1779 msg, sizeof(msg))) 1780 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1781 &len))) 1782 goto err; 1783 1784 ciphertext_len += len; 1785 1786 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1787 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1788 ciphertext, ciphertext_len)) 1789 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1790 goto err; 1791 1792 plaintext_len += len; 1793 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1794 goto err; 1795 1796 ret = 1; 1797 err: 1798 if (n != 0) 1799 EVP_CIPHER_free(type); 1800 OPENSSL_free(kek); 1801 EVP_PKEY_free(keypair); 1802 EVP_CIPHER_CTX_free(ctx); 1803 return ret; 1804 } 1805 1806 /* 1807 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1808 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1809 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1810 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1811 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1812 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1813 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1814 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1815 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1816 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1817 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1818 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1819 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1820 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1821 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1822 * Test 15-29: Same as above with reinitialization 1823 */ 1824 static int test_EVP_DigestSignInit(int tst) 1825 { 1826 int ret = 0; 1827 EVP_PKEY *pkey = NULL; 1828 unsigned char *sig = NULL, *sig2 = NULL; 1829 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1830 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1831 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1832 BIO *mdbio = NULL, *membio = NULL; 1833 size_t written; 1834 const EVP_MD *md; 1835 EVP_MD *mdexp = NULL; 1836 int reinit = 0; 1837 1838 if (nullprov != NULL) 1839 return TEST_skip("Test does not support a non-default library context"); 1840 1841 if (tst >= 15) { 1842 reinit = 1; 1843 tst -= 15; 1844 } 1845 1846 if (tst >= 6 && tst <= 8) { 1847 membio = BIO_new(BIO_s_mem()); 1848 mdbio = BIO_new(BIO_f_md()); 1849 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1850 goto out; 1851 BIO_push(mdbio, membio); 1852 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1853 goto out; 1854 } else { 1855 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1856 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1857 goto out; 1858 } 1859 1860 if (tst % 3 == 0) { 1861 if (!TEST_ptr(pkey = load_example_rsa_key())) 1862 goto out; 1863 } else if (tst % 3 == 1) { 1864 #ifndef OPENSSL_NO_DSA 1865 if (!TEST_ptr(pkey = load_example_dsa_key())) 1866 goto out; 1867 #else 1868 ret = 1; 1869 goto out; 1870 #endif 1871 } else { 1872 if (!TEST_ptr(pkey = load_example_hmac_key())) 1873 goto out; 1874 } 1875 1876 if (tst >= 3 && tst <= 5) 1877 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1878 else 1879 md = EVP_sha256(); 1880 1881 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1882 goto out; 1883 1884 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1885 goto out; 1886 1887 if (tst >= 6 && tst <= 8) { 1888 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1889 goto out; 1890 } else if (tst < 6) { 1891 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1892 goto out; 1893 } 1894 1895 if (tst >= 9) { 1896 /* Determine the size of the signature. */ 1897 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1898 sizeof(kMsg))) 1899 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1900 goto out; 1901 if (tst <= 11) { 1902 /* Test that supply a short sig buffer fails */ 1903 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1904 sizeof(kMsg)))) 1905 goto out; 1906 /* 1907 * We end here because once EVP_DigestSign() has failed you should 1908 * not call it again without re-initing the ctx 1909 */ 1910 ret = 1; 1911 goto out; 1912 } 1913 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1914 sizeof(kMsg)))) 1915 goto out; 1916 } else { 1917 /* Determine the size of the signature. */ 1918 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1919 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1920 /* 1921 * Trying to create a signature with a deliberately short 1922 * buffer should fail. 1923 */ 1924 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1925 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1926 goto out; 1927 } 1928 1929 /* 1930 * Ensure that the signature round-trips (Verification isn't supported for 1931 * HMAC via EVP_DigestVerify*) 1932 */ 1933 if (tst % 3 != 2) { 1934 if (tst >= 6 && tst <= 8) { 1935 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1936 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1937 goto out; 1938 } 1939 1940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1941 NULL, pkey))) 1942 goto out; 1943 1944 if (tst >= 6 && tst <= 8) { 1945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1946 goto out; 1947 } else { 1948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1949 sizeof(kMsg)))) 1950 goto out; 1951 } 1952 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1953 goto out; 1954 1955 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1956 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1957 goto out; 1958 } else { 1959 /* 1960 * For HMAC a doubled call to DigestSignFinal should produce the same 1961 * value as finalization should not happen. 1962 */ 1963 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1964 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1965 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1966 goto out; 1967 1968 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1969 goto out; 1970 } 1971 1972 ret = 1; 1973 1974 out: 1975 BIO_free(membio); 1976 BIO_free(mdbio); 1977 EVP_MD_CTX_free(a_md_ctx); 1978 EVP_MD_CTX_free(a_md_ctx_verify); 1979 EVP_PKEY_free(pkey); 1980 OPENSSL_free(sig); 1981 OPENSSL_free(sig2); 1982 EVP_MD_free(mdexp); 1983 1984 return ret; 1985 } 1986 1987 static int test_EVP_DigestVerifyInit(void) 1988 { 1989 int ret = 0; 1990 EVP_PKEY *pkey = NULL; 1991 EVP_MD_CTX *md_ctx = NULL; 1992 1993 if (nullprov != NULL) 1994 return TEST_skip("Test does not support a non-default library context"); 1995 1996 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1997 || !TEST_ptr(pkey = load_example_rsa_key())) 1998 goto out; 1999 2000 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 2001 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2002 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2003 sizeof(kSignature)), 0)) 2004 goto out; 2005 2006 /* test with reinitialization */ 2007 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 2008 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 2009 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 2010 sizeof(kSignature)), 0)) 2011 goto out; 2012 ret = 1; 2013 2014 out: 2015 EVP_MD_CTX_free(md_ctx); 2016 EVP_PKEY_free(pkey); 2017 return ret; 2018 } 2019 2020 #ifndef OPENSSL_NO_EC 2021 static int test_ecdsa_digestsign_keccak(void) 2022 { 2023 int ret = 0; 2024 EVP_PKEY *pkey = NULL; 2025 EVP_MD_CTX *ctx = NULL; 2026 EVP_MD *md = NULL; 2027 2028 if (nullprov != NULL) 2029 return TEST_skip("Test does not support a non-default library context"); 2030 2031 pkey = load_example_ec_key(); 2032 if (!TEST_ptr(pkey)) 2033 goto err; 2034 2035 /* This would not work with FIPS provider so just use NULL libctx */ 2036 md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); 2037 if (!TEST_ptr(md)) 2038 goto err; 2039 2040 ctx = EVP_MD_CTX_new(); 2041 if (!TEST_ptr(ctx)) 2042 goto err; 2043 2044 /* 2045 * Just check EVP_DigestSignInit_ex() works. 2046 */ 2047 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 2048 goto err; 2049 2050 ret = 1; 2051 err: 2052 EVP_MD_CTX_free(ctx); 2053 EVP_PKEY_free(pkey); 2054 EVP_MD_free(md); 2055 2056 return ret; 2057 } 2058 #endif 2059 2060 #ifndef OPENSSL_NO_SIPHASH 2061 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 2062 static int test_siphash_digestsign(void) 2063 { 2064 unsigned char key[16]; 2065 unsigned char buf[8], digest[8]; 2066 unsigned char expected[8] = { 2067 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 2068 }; 2069 EVP_PKEY *pkey = NULL; 2070 EVP_MD_CTX *mdctx = NULL; 2071 EVP_PKEY_CTX *ctx = NULL; 2072 int ret = 0; 2073 size_t len = 8; 2074 2075 if (nullprov != NULL) 2076 return TEST_skip("Test does not support a non-default library context"); 2077 2078 memset(buf, 0, 8); 2079 memset(key, 1, 16); 2080 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 2081 key, 16))) 2082 goto out; 2083 2084 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 2085 goto out; 2086 2087 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 2088 goto out; 2089 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 2090 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 2091 8, NULL), 1)) 2092 goto out; 2093 /* reinitialize */ 2094 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 2095 goto out; 2096 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 2097 goto out; 2098 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 2099 goto out; 2100 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 2101 goto out; 2102 2103 ret = 1; 2104 out: 2105 EVP_PKEY_free(pkey); 2106 EVP_MD_CTX_free(mdctx); 2107 return ret; 2108 } 2109 #endif 2110 2111 /* 2112 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 2113 */ 2114 static int test_EVP_Digest(void) 2115 { 2116 int ret = 0; 2117 EVP_MD_CTX *md_ctx = NULL; 2118 unsigned char md[EVP_MAX_MD_SIZE]; 2119 EVP_MD *sha256 = NULL; 2120 EVP_MD *shake256 = NULL; 2121 2122 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2123 goto out; 2124 2125 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 2126 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 2127 goto out; 2128 2129 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2130 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2131 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 2132 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 2133 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 2134 goto out; 2135 2136 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 2137 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2138 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 2139 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 2140 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2141 /* 2142 * EVP_DigestInit_ex with NULL type should work on 2143 * pre-initialized context. 2144 */ 2145 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2146 goto out; 2147 2148 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 2149 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 2150 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 2151 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 2152 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 2153 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 2154 goto out; 2155 ret = 1; 2156 2157 out: 2158 EVP_MD_CTX_free(md_ctx); 2159 EVP_MD_free(sha256); 2160 EVP_MD_free(shake256); 2161 return ret; 2162 } 2163 2164 static int test_EVP_md_null(void) 2165 { 2166 int ret = 0; 2167 EVP_MD_CTX *md_ctx = NULL; 2168 const EVP_MD *md_null = EVP_md_null(); 2169 unsigned char md_value[EVP_MAX_MD_SIZE]; 2170 unsigned int md_len = sizeof(md_value); 2171 2172 if (nullprov != NULL) 2173 return TEST_skip("Test does not support a non-default library context"); 2174 2175 if (!TEST_ptr(md_null) 2176 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2177 goto out; 2178 2179 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 2180 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 2181 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 2182 goto out; 2183 2184 if (!TEST_uint_eq(md_len, 0)) 2185 goto out; 2186 2187 ret = 1; 2188 out: 2189 EVP_MD_CTX_free(md_ctx); 2190 return ret; 2191 } 2192 2193 static int test_d2i_AutoPrivateKey(int i) 2194 { 2195 int ret = 0; 2196 const unsigned char *p; 2197 EVP_PKEY *pkey = NULL; 2198 const APK_DATA *ak = &keydata[i]; 2199 const unsigned char *input = ak->kder; 2200 size_t input_len = ak->size; 2201 int expected_id = ak->evptype; 2202 2203 p = input; 2204 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 2205 || !TEST_ptr_eq(p, input + input_len) 2206 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2207 goto done; 2208 2209 ret = 1; 2210 2211 done: 2212 EVP_PKEY_free(pkey); 2213 return ret; 2214 } 2215 2216 #ifndef OPENSSL_NO_EC 2217 2218 static const unsigned char ec_public_sect163k1_validxy[] = { 2219 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2220 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2221 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2222 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 2223 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2224 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2225 }; 2226 2227 static const unsigned char ec_public_sect163k1_badx[] = { 2228 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2229 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2230 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2231 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 2232 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2233 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 2234 }; 2235 2236 static const unsigned char ec_public_sect163k1_bady[] = { 2237 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 2238 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 2239 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 2240 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 2241 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 2242 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 2243 }; 2244 2245 static struct ec_der_pub_keys_st { 2246 const unsigned char *der; 2247 size_t len; 2248 int valid; 2249 } ec_der_pub_keys[] = { 2250 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 2251 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 2252 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 2253 }; 2254 2255 /* 2256 * Tests the range of the decoded EC char2 public point. 2257 * See ec_GF2m_simple_oct2point(). 2258 */ 2259 static int test_invalide_ec_char2_pub_range_decode(int id) 2260 { 2261 int ret = 0; 2262 EVP_PKEY *pkey; 2263 2264 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 2265 ec_der_pub_keys[id].len); 2266 2267 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 2268 || TEST_ptr_null(pkey); 2269 EVP_PKEY_free(pkey); 2270 return ret; 2271 } 2272 2273 static int test_EVP_PKCS82PKEY(void) 2274 { 2275 int ret = 0; 2276 const unsigned char *derp = kExampleBadECKeyDER; 2277 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2278 EVP_PKEY *pkey = NULL; 2279 2280 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 2281 sizeof(kExampleBadECKeyDER)))) 2282 goto done; 2283 2284 if (!TEST_ptr_eq(derp, 2285 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 2286 goto done; 2287 2288 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 2289 goto done; 2290 2291 ret = 1; 2292 2293 done: 2294 PKCS8_PRIV_KEY_INFO_free(p8inf); 2295 EVP_PKEY_free(pkey); 2296 2297 return ret; 2298 } 2299 2300 #endif 2301 2302 static int test_EVP_PKCS82PKEY_v2(int i) 2303 { 2304 int ret = 0; 2305 const unsigned char *p; 2306 const APK_DATA *ak = &keydata_v2[i]; 2307 const unsigned char *input = ak->kder; 2308 size_t input_len = ak->size; 2309 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2310 2311 /* Can we parse PKCS#8 v2, ignoring the public key for now? */ 2312 p = input; 2313 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); 2314 if (!TEST_ptr(p8inf) 2315 || !TEST_true(p == input + input_len)) 2316 goto done; 2317 2318 ret = 1; 2319 done: 2320 PKCS8_PRIV_KEY_INFO_free(p8inf); 2321 return ret; 2322 } 2323 2324 /* Tests loading a bad key in PKCS8 format */ 2325 static int test_EVP_PKCS82PKEY_wrong_tag(void) 2326 { 2327 EVP_PKEY *pkey = NULL; 2328 EVP_PKEY *pkey2 = NULL; 2329 BIO *membio = NULL; 2330 char *membuf = NULL; 2331 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2332 int ok = 0; 2333 2334 if (testctx != NULL) 2335 /* test not supported with non-default context */ 2336 return 1; 2337 2338 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2339 || !TEST_ptr(pkey = load_example_rsa_key()) 2340 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2341 NULL, 0, NULL, NULL), 2342 0) 2343 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 2344 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 2345 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 2346 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 2347 goto done; 2348 } 2349 2350 ok = 1; 2351 done: 2352 EVP_PKEY_free(pkey); 2353 EVP_PKEY_free(pkey2); 2354 PKCS8_PRIV_KEY_INFO_free(p8inf); 2355 BIO_free_all(membio); 2356 return ok; 2357 } 2358 2359 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 2360 static int test_privatekey_to_pkcs8(void) 2361 { 2362 EVP_PKEY *pkey = NULL; 2363 BIO *membio = NULL; 2364 char *membuf = NULL; 2365 long membuf_len = 0; 2366 int ok = 0; 2367 2368 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 2369 || !TEST_ptr(pkey = load_example_rsa_key()) 2370 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 2371 NULL, 0, NULL, NULL), 2372 0) 2373 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 2374 || !TEST_ptr(membuf) 2375 || !TEST_mem_eq(membuf, (size_t)membuf_len, 2376 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 2377 /* 2378 * We try to write PEM as well, just to see that it doesn't err, but 2379 * assume that the result is correct. 2380 */ 2381 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 2382 NULL, 0, NULL, NULL), 2383 0)) 2384 goto done; 2385 2386 ok = 1; 2387 done: 2388 EVP_PKEY_free(pkey); 2389 BIO_free_all(membio); 2390 return ok; 2391 } 2392 2393 #ifndef OPENSSL_NO_EC 2394 static const struct { 2395 int encoding; 2396 const char *encoding_name; 2397 } ec_encodings[] = { 2398 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 2399 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 2400 }; 2401 2402 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 2403 { 2404 const OSSL_PARAM *p; 2405 const char *enc_name = NULL; 2406 int *enc = arg; 2407 size_t i; 2408 2409 *enc = -1; 2410 2411 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 2412 OSSL_PKEY_PARAM_EC_ENCODING)) 2413 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 2414 return 0; 2415 2416 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 2417 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 2418 *enc = ec_encodings[i].encoding; 2419 break; 2420 } 2421 } 2422 2423 return (*enc != -1); 2424 } 2425 2426 static int test_EC_keygen_with_enc(int idx) 2427 { 2428 EVP_PKEY *params = NULL, *key = NULL; 2429 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 2430 int enc; 2431 int ret = 0; 2432 2433 enc = ec_encodings[idx].encoding; 2434 2435 /* Create key parameters */ 2436 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 2437 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 2438 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 2439 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 2440 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 2441 || !TEST_ptr(params)) 2442 goto done; 2443 2444 /* Create key */ 2445 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 2446 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2447 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 2448 || !TEST_ptr(key)) 2449 goto done; 2450 2451 /* Check that the encoding got all the way into the key */ 2452 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 2453 ec_export_get_encoding_cb, &enc)) 2454 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 2455 goto done; 2456 2457 ret = 1; 2458 done: 2459 EVP_PKEY_free(key); 2460 EVP_PKEY_free(params); 2461 EVP_PKEY_CTX_free(kctx); 2462 EVP_PKEY_CTX_free(pctx); 2463 return ret; 2464 } 2465 #endif 2466 2467 #if !defined(OPENSSL_NO_SM2) 2468 2469 static int test_EVP_SM2_verify(void) 2470 { 2471 const char *pubkey = 2472 "-----BEGIN PUBLIC KEY-----\n" 2473 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 2474 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 2475 "-----END PUBLIC KEY-----\n"; 2476 2477 const char *msg = "message digest"; 2478 const char *id = "ALICE123 (at) YAHOO.COM"; 2479 2480 const uint8_t signature[] = { 2481 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 2482 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 2483 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 2484 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 2485 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 2486 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 2487 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 2488 }; 2489 2490 int rc = 0; 2491 BIO *bio = NULL; 2492 EVP_PKEY *pkey = NULL; 2493 EVP_MD_CTX *mctx = NULL; 2494 EVP_PKEY_CTX *pctx = NULL; 2495 EVP_MD *sm3 = NULL; 2496 2497 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 2498 if (!TEST_true(bio != NULL)) 2499 goto done; 2500 2501 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 2502 if (!TEST_true(pkey != NULL)) 2503 goto done; 2504 2505 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 2506 goto done; 2507 2508 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 2509 goto done; 2510 2511 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2512 goto done; 2513 2514 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 2515 2516 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 2517 goto done; 2518 2519 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 2520 goto done; 2521 2522 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 2523 goto done; 2524 2525 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2526 goto done; 2527 2528 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2529 goto done; 2530 rc = 1; 2531 2532 done: 2533 BIO_free(bio); 2534 EVP_PKEY_free(pkey); 2535 EVP_PKEY_CTX_free(pctx); 2536 EVP_MD_CTX_free(mctx); 2537 EVP_MD_free(sm3); 2538 return rc; 2539 } 2540 2541 static int test_EVP_SM2(void) 2542 { 2543 int ret = 0; 2544 EVP_PKEY *pkey = NULL; 2545 EVP_PKEY *pkeyparams = NULL; 2546 EVP_PKEY_CTX *pctx = NULL; 2547 EVP_PKEY_CTX *kctx = NULL; 2548 EVP_PKEY_CTX *sctx = NULL; 2549 size_t sig_len = 0; 2550 unsigned char *sig = NULL; 2551 EVP_MD_CTX *md_ctx = NULL; 2552 EVP_MD_CTX *md_ctx_verify = NULL; 2553 EVP_PKEY_CTX *cctx = NULL; 2554 EVP_MD *check_md = NULL; 2555 2556 uint8_t ciphertext[128]; 2557 size_t ctext_len = sizeof(ciphertext); 2558 2559 uint8_t plaintext[8]; 2560 size_t ptext_len = sizeof(plaintext); 2561 2562 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 2563 2564 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2565 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2566 int i; 2567 char mdname[OSSL_MAX_NAME_SIZE]; 2568 2569 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2570 "SM2", testpropq))) 2571 goto done; 2572 2573 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2574 goto done; 2575 2576 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2577 goto done; 2578 2579 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2580 goto done; 2581 2582 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2583 pkeyparams, testpropq))) 2584 goto done; 2585 2586 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2587 goto done; 2588 2589 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2590 goto done; 2591 2592 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2593 goto done; 2594 2595 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2596 goto done; 2597 2598 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2599 goto done; 2600 2601 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2602 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2603 2604 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2605 goto done; 2606 2607 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2608 goto done; 2609 2610 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2611 goto done; 2612 2613 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2614 goto done; 2615 2616 /* Determine the size of the signature. */ 2617 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2618 goto done; 2619 2620 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2621 goto done; 2622 2623 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2624 goto done; 2625 2626 /* Ensure that the signature round-trips. */ 2627 2628 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2629 pkey))) 2630 goto done; 2631 2632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2633 goto done; 2634 2635 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2636 goto done; 2637 2638 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2639 goto done; 2640 2641 /* 2642 * Try verify again with non-matching 0 length id but ensure that it can 2643 * be set on the context and overrides the previous value. 2644 */ 2645 2646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2647 pkey))) 2648 goto done; 2649 2650 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2651 goto done; 2652 2653 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2654 goto done; 2655 2656 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2657 goto done; 2658 2659 /* now check encryption/decryption */ 2660 2661 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2662 mdname, sizeof(mdname)); 2663 for (i = 0; i < 2; i++) { 2664 const char *mdnames[] = { 2665 #ifndef OPENSSL_NO_SM3 2666 "SM3", 2667 #else 2668 NULL, 2669 #endif 2670 "SHA2-256" }; 2671 EVP_PKEY_CTX_free(cctx); 2672 2673 if (mdnames[i] == NULL) 2674 continue; 2675 2676 sparams[0] = 2677 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2678 (char *)mdnames[i], 0); 2679 2680 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2681 pkey, testpropq))) 2682 goto done; 2683 2684 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2685 goto done; 2686 2687 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2688 goto done; 2689 2690 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2691 sizeof(kMsg)))) 2692 goto done; 2693 2694 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2695 goto done; 2696 2697 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2698 goto done; 2699 2700 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2701 ctext_len), 0)) 2702 goto done; 2703 2704 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2705 goto done; 2706 2707 /* 2708 * Test we're still using the digest we think we are. 2709 * Because of aliases, the easiest is to fetch the digest and 2710 * check the name with EVP_MD_is_a(). 2711 */ 2712 EVP_MD_free(check_md); 2713 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2714 goto done; 2715 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2716 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2717 goto done; 2718 } 2719 2720 if (!TEST_true(ptext_len == sizeof(kMsg))) 2721 goto done; 2722 2723 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2724 goto done; 2725 } 2726 2727 ret = 1; 2728 done: 2729 EVP_PKEY_CTX_free(pctx); 2730 EVP_PKEY_CTX_free(kctx); 2731 EVP_PKEY_CTX_free(sctx); 2732 EVP_PKEY_CTX_free(cctx); 2733 EVP_PKEY_free(pkey); 2734 EVP_PKEY_free(pkeyparams); 2735 EVP_MD_CTX_free(md_ctx); 2736 EVP_MD_CTX_free(md_ctx_verify); 2737 EVP_MD_free(check_md); 2738 OPENSSL_free(sig); 2739 return ret; 2740 } 2741 2742 #endif 2743 2744 #ifndef OPENSSL_NO_ML_KEM 2745 static const uint8_t ml_kem_seed[] = { 2746 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 2747 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, 2748 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, 2749 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 2750 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 2751 0x87, 0x2b, 0xfb, 0x8f 2752 }; 2753 static const uint8_t ml_kem_512_pubkey[] = { 2754 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 2755 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, 2756 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, 2757 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, 2758 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, 2759 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, 2760 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, 2761 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, 2762 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, 2763 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, 2764 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, 2765 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, 2766 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, 2767 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, 2768 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, 2769 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, 2770 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, 2771 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, 2772 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, 2773 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, 2774 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, 2775 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, 2776 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, 2777 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, 2778 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, 2779 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, 2780 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, 2781 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, 2782 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, 2783 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, 2784 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, 2785 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, 2786 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, 2787 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, 2788 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, 2789 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, 2790 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, 2791 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, 2792 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, 2793 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, 2794 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, 2795 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, 2796 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, 2797 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, 2798 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, 2799 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, 2800 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, 2801 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, 2802 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, 2803 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, 2804 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, 2805 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, 2806 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, 2807 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, 2808 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, 2809 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, 2810 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, 2811 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, 2812 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, 2813 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, 2814 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, 2815 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, 2816 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, 2817 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, 2818 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, 2819 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 2820 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 2821 }; 2822 static const uint8_t ml_kem_768_pubkey[] = { 2823 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 2824 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, 2825 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, 2826 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, 2827 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, 2828 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, 2829 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, 2830 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, 2831 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, 2832 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, 2833 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, 2834 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, 2835 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, 2836 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, 2837 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, 2838 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, 2839 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, 2840 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, 2841 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, 2842 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, 2843 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, 2844 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, 2845 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, 2846 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, 2847 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, 2848 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, 2849 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, 2850 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, 2851 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, 2852 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, 2853 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, 2854 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, 2855 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, 2856 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, 2857 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, 2858 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, 2859 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, 2860 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, 2861 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, 2862 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, 2863 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, 2864 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, 2865 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, 2866 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, 2867 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, 2868 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, 2869 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, 2870 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, 2871 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, 2872 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, 2873 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, 2874 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, 2875 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, 2876 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, 2877 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, 2878 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, 2879 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, 2880 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, 2881 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, 2882 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, 2883 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, 2884 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, 2885 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, 2886 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, 2887 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, 2888 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, 2889 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, 2890 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, 2891 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, 2892 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, 2893 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, 2894 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, 2895 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, 2896 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, 2897 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, 2898 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, 2899 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, 2900 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, 2901 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, 2902 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, 2903 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, 2904 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, 2905 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, 2906 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, 2907 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, 2908 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, 2909 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, 2910 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, 2911 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, 2912 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, 2913 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, 2914 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, 2915 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, 2916 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, 2917 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, 2918 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, 2919 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, 2920 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 2921 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 2922 }; 2923 static const uint8_t ml_kem_1024_pubkey[] = { 2924 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 2925 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, 2926 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, 2927 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, 2928 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, 2929 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, 2930 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, 2931 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, 2932 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, 2933 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, 2934 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, 2935 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, 2936 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, 2937 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, 2938 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, 2939 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, 2940 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, 2941 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, 2942 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, 2943 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, 2944 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, 2945 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, 2946 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, 2947 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, 2948 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, 2949 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, 2950 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, 2951 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, 2952 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, 2953 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, 2954 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, 2955 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, 2956 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, 2957 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, 2958 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, 2959 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, 2960 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, 2961 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, 2962 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, 2963 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, 2964 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, 2965 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, 2966 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, 2967 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, 2968 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, 2969 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, 2970 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, 2971 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, 2972 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, 2973 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, 2974 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, 2975 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, 2976 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, 2977 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, 2978 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, 2979 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, 2980 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, 2981 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, 2982 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, 2983 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, 2984 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, 2985 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, 2986 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, 2987 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, 2988 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, 2989 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, 2990 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, 2991 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, 2992 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, 2993 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, 2994 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, 2995 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, 2996 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, 2997 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, 2998 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, 2999 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, 3000 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, 3001 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, 3002 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, 3003 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, 3004 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, 3005 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, 3006 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, 3007 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, 3008 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, 3009 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, 3010 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, 3011 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, 3012 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, 3013 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, 3014 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, 3015 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, 3016 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, 3017 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, 3018 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, 3019 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, 3020 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, 3021 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, 3022 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, 3023 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, 3024 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, 3025 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, 3026 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, 3027 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, 3028 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, 3029 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, 3030 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, 3031 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, 3032 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, 3033 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, 3034 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, 3035 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, 3036 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, 3037 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, 3038 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, 3039 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, 3040 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, 3041 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, 3042 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, 3043 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, 3044 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, 3045 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, 3046 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, 3047 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, 3048 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, 3049 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, 3050 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, 3051 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, 3052 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, 3053 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 3054 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb 3055 }; 3056 #endif 3057 3058 static struct keys_st { 3059 int type; 3060 const uint8_t *priv; 3061 const uint8_t *pub; 3062 /* If "name" is non-NULL, create via non-legacy _ex() API */ 3063 char *name; 3064 int privlen; 3065 int publen; 3066 } keys[] = { 3067 { 3068 EVP_PKEY_HMAC, 3069 (const uint8_t *)"0123456789", 3070 NULL, 3071 NULL, 10, 0 3072 }, 3073 { 3074 EVP_PKEY_HMAC, (const uint8_t *)"", NULL, 3075 NULL, 0, 0 3076 #ifndef OPENSSL_NO_POLY1305 3077 }, { 3078 EVP_PKEY_POLY1305, 3079 (const uint8_t *)"01234567890123456789012345678901", 3080 NULL, 3081 NULL, 32, 0 3082 #endif 3083 #ifndef OPENSSL_NO_SIPHASH 3084 }, { 3085 EVP_PKEY_SIPHASH, 3086 (const uint8_t *)"0123456789012345", 3087 NULL, 3088 NULL, 16, 0 3089 #endif 3090 }, 3091 #ifndef OPENSSL_NO_ECX 3092 { 3093 EVP_PKEY_X25519, 3094 (const uint8_t *)"01234567890123456789012345678901", 3095 (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", 3096 NULL, 32, 32 3097 }, { 3098 EVP_PKEY_ED25519, 3099 (const uint8_t *)"01234567890123456789012345678901", 3100 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", 3101 NULL, 32, 32 3102 }, { 3103 EVP_PKEY_X448, 3104 (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", 3105 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", 3106 NULL, 56, 56 3107 }, { 3108 EVP_PKEY_ED448, 3109 (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", 3110 (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", 3111 NULL, 57, 57 3112 }, 3113 #endif 3114 #ifndef OPENSSL_NO_ML_KEM 3115 { 3116 NID_undef, ml_kem_seed, ml_kem_512_pubkey, 3117 "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) 3118 }, { 3119 NID_undef, ml_kem_seed, ml_kem_768_pubkey, 3120 "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) 3121 }, { 3122 NID_undef, ml_kem_seed, ml_kem_1024_pubkey, 3123 "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) 3124 }, 3125 #endif 3126 }; 3127 3128 #ifndef OPENSSL_NO_ML_KEM 3129 static int 3130 ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, 3131 unsigned char **ret, size_t *retlen) 3132 { 3133 OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3134 EVP_PKEY_CTX *ctx = NULL; 3135 EVP_PKEY *pkey = NULL; 3136 const OSSL_PARAM *p; 3137 OSSL_PARAM *params = NULL; 3138 int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 3139 int ok = 0; 3140 3141 /* Import the seed to generate a key */ 3142 ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); 3143 if (!TEST_ptr(ctx) 3144 || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) 3145 goto done; 3146 parr[0] = OSSL_PARAM_construct_octet_string( 3147 OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); 3148 if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) 3149 goto done; 3150 3151 /* Export the key to get the encoded form */ 3152 if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) 3153 goto done; 3154 3155 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 3156 if (!TEST_ptr(p) 3157 || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) 3158 goto done; 3159 ok = 1; 3160 3161 done: 3162 EVP_PKEY_free(pkey); 3163 OSSL_PARAM_free(params); 3164 EVP_PKEY_CTX_free(ctx); 3165 return ok; 3166 } 3167 #endif 3168 3169 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 3170 { 3171 int ret = 0; 3172 uint8_t *buf = NULL; 3173 const uint8_t *in; 3174 uint8_t shortbuf[1]; 3175 size_t inlen, len = 0, shortlen = sizeof(shortbuf); 3176 EVP_PKEY *pkey = NULL; 3177 unsigned char *privalloc = NULL; 3178 const char *name; 3179 3180 /* Check if this algorithm supports public keys */ 3181 if (pub && keys[tst].pub == NULL) 3182 return 1; 3183 3184 name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); 3185 3186 if (pub) { 3187 #ifndef OPENSSL_NO_EC 3188 inlen = keys[tst].publen; 3189 in = keys[tst].pub; 3190 if (uselibctx || keys[tst].name != NULL) { 3191 pkey = EVP_PKEY_new_raw_public_key_ex( 3192 testctx, 3193 name, 3194 NULL, 3195 in, 3196 inlen); 3197 } else { 3198 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 3199 NULL, 3200 in, 3201 inlen); 3202 } 3203 #else 3204 return 1; 3205 #endif 3206 } else { 3207 inlen = keys[tst].privlen; 3208 in = keys[tst].priv; 3209 #ifndef OPENSSL_NO_ML_KEM 3210 if (in == ml_kem_seed) { 3211 if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, 3212 &privalloc, &inlen))) 3213 goto done; 3214 in = privalloc; 3215 } 3216 #endif 3217 if (uselibctx || keys[tst].name != NULL) { 3218 pkey = EVP_PKEY_new_raw_private_key_ex( 3219 testctx, 3220 name, 3221 NULL, 3222 in, 3223 inlen); 3224 } else { 3225 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 3226 NULL, 3227 in, 3228 inlen); 3229 } 3230 } 3231 3232 if (!TEST_ptr(pkey) 3233 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 3234 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 3235 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 3236 || !TEST_true(len == inlen)) 3237 goto done; 3238 if (tst != 1) { 3239 /* 3240 * Test that supplying a buffer that is too small fails. Doesn't apply 3241 * to HMAC with a zero length key 3242 */ 3243 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, 3244 &shortlen))) 3245 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, 3246 &shortlen)))) 3247 goto done; 3248 } 3249 if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) 3250 goto done; 3251 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 3252 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 3253 || !TEST_mem_eq(in, inlen, buf, len)) 3254 goto done; 3255 3256 ret = 1; 3257 done: 3258 OPENSSL_free(privalloc); 3259 OPENSSL_free(buf); 3260 EVP_PKEY_free(pkey); 3261 return ret; 3262 } 3263 3264 static int test_set_get_raw_keys(int tst) 3265 { 3266 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 3267 && test_set_get_raw_keys_int(tst, 0, 1) 3268 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 3269 && test_set_get_raw_keys_int(tst, 1, 1); 3270 } 3271 3272 #ifndef OPENSSL_NO_DEPRECATED_3_0 3273 static int pkey_custom_check(EVP_PKEY *pkey) 3274 { 3275 return 0xbeef; 3276 } 3277 3278 static int pkey_custom_pub_check(EVP_PKEY *pkey) 3279 { 3280 return 0xbeef; 3281 } 3282 3283 static int pkey_custom_param_check(EVP_PKEY *pkey) 3284 { 3285 return 0xbeef; 3286 } 3287 3288 static EVP_PKEY_METHOD *custom_pmeth; 3289 #endif 3290 3291 static int test_EVP_PKEY_check(int i) 3292 { 3293 int ret = 0; 3294 EVP_PKEY *pkey = NULL; 3295 EVP_PKEY_CTX *ctx = NULL; 3296 #ifndef OPENSSL_NO_DEPRECATED_3_0 3297 EVP_PKEY_CTX *ctx2 = NULL; 3298 #endif 3299 const APK_DATA *ak = &keycheckdata[i]; 3300 const unsigned char *input = ak->kder; 3301 size_t input_len = ak->size; 3302 int expected_id = ak->evptype; 3303 int expected_check = ak->check; 3304 int expected_pub_check = ak->pub_check; 3305 int expected_param_check = ak->param_check; 3306 int type = ak->type; 3307 3308 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 3309 goto done; 3310 if (type == 0 3311 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 3312 goto done; 3313 3314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 3315 goto done; 3316 3317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 3318 goto done; 3319 3320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 3321 goto done; 3322 3323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 3324 goto done; 3325 3326 #ifndef OPENSSL_NO_DEPRECATED_3_0 3327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 3328 /* assign the pkey directly, as an internal test */ 3329 if (!EVP_PKEY_up_ref(pkey)) 3330 goto done; 3331 3332 ctx2->pkey = pkey; 3333 3334 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 3335 goto done; 3336 3337 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 3338 goto done; 3339 3340 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 3341 goto done; 3342 #endif 3343 3344 ret = 1; 3345 3346 done: 3347 EVP_PKEY_CTX_free(ctx); 3348 #ifndef OPENSSL_NO_DEPRECATED_3_0 3349 EVP_PKEY_CTX_free(ctx2); 3350 #endif 3351 EVP_PKEY_free(pkey); 3352 return ret; 3353 } 3354 3355 #ifndef OPENSSL_NO_CMAC 3356 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 3357 { 3358 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 3359 const char msg[] = "Hello World"; 3360 size_t maclen = AES_BLOCK_SIZE; 3361 int ret = 1; 3362 3363 if (!TEST_ptr(mdctx) 3364 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 3365 testpropq, pkey, NULL)) 3366 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 3367 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 3368 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 3369 ret = 0; 3370 3371 EVP_MD_CTX_free(mdctx); 3372 3373 return ret; 3374 } 3375 static int test_CMAC_keygen(void) 3376 { 3377 static unsigned char key[] = { 3378 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3379 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3380 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 3381 }; 3382 EVP_PKEY_CTX *kctx = NULL; 3383 int ret = 0; 3384 EVP_PKEY *pkey = NULL; 3385 unsigned char mac[AES_BLOCK_SIZE]; 3386 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 3387 unsigned char mac2[AES_BLOCK_SIZE]; 3388 # endif 3389 3390 if (nullprov != NULL) 3391 return TEST_skip("Test does not support a non-default library context"); 3392 3393 /* 3394 * This is a legacy method for CMACs, but should still work. 3395 * This verifies that it works without an ENGINE. 3396 */ 3397 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 3398 3399 /* Test a CMAC key created using the "generated" method */ 3400 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 3401 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3402 EVP_PKEY_CTRL_CIPHER, 3403 0, (void *)EVP_aes_256_cbc()), 0) 3404 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 3405 EVP_PKEY_CTRL_SET_MAC_KEY, 3406 sizeof(key), (void *)key), 0) 3407 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 3408 || !TEST_ptr(pkey) 3409 || !TEST_true(get_cmac_val(pkey, mac))) 3410 goto done; 3411 3412 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 3413 EVP_PKEY_free(pkey); 3414 3415 /* 3416 * Test a CMAC key using the direct method, and compare with the mac 3417 * created above. 3418 */ 3419 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); 3420 if (!TEST_ptr(pkey) 3421 || !TEST_true(get_cmac_val(pkey, mac2)) 3422 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 3423 goto done; 3424 # endif 3425 3426 ret = 1; 3427 3428 done: 3429 EVP_PKEY_free(pkey); 3430 EVP_PKEY_CTX_free(kctx); 3431 return ret; 3432 } 3433 #endif 3434 3435 static int test_HKDF(void) 3436 { 3437 EVP_PKEY_CTX *pctx; 3438 unsigned char out[20]; 3439 size_t outlen; 3440 int i, ret = 0; 3441 unsigned char salt[] = "0123456789"; 3442 unsigned char key[] = "012345678901234567890123456789"; 3443 unsigned char info[] = "infostring"; 3444 const unsigned char expected[] = { 3445 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 3446 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 3447 }; 3448 size_t expectedlen = sizeof(expected); 3449 3450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3451 goto done; 3452 3453 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 3454 for (i = 0; i < 2; i++) { 3455 outlen = sizeof(out); 3456 memset(out, 0, outlen); 3457 3458 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3459 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3461 sizeof(salt) - 1), 0) 3462 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3463 sizeof(key) - 1), 0) 3464 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3465 sizeof(info) - 1), 0) 3466 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3467 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3468 goto done; 3469 } 3470 3471 ret = 1; 3472 3473 done: 3474 EVP_PKEY_CTX_free(pctx); 3475 3476 return ret; 3477 } 3478 3479 static int test_emptyikm_HKDF(void) 3480 { 3481 EVP_PKEY_CTX *pctx; 3482 unsigned char out[20]; 3483 size_t outlen; 3484 int ret = 0; 3485 unsigned char salt[] = "9876543210"; 3486 unsigned char key[] = ""; 3487 unsigned char info[] = "stringinfo"; 3488 const unsigned char expected[] = { 3489 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 3490 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 3491 }; 3492 size_t expectedlen = sizeof(expected); 3493 3494 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3495 goto done; 3496 3497 outlen = sizeof(out); 3498 memset(out, 0, outlen); 3499 3500 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3501 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3502 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3503 sizeof(salt) - 1), 0) 3504 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3505 sizeof(key) - 1), 0) 3506 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3507 sizeof(info) - 1), 0) 3508 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3509 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3510 goto done; 3511 3512 ret = 1; 3513 3514 done: 3515 EVP_PKEY_CTX_free(pctx); 3516 3517 return ret; 3518 } 3519 3520 static int test_empty_salt_info_HKDF(void) 3521 { 3522 EVP_PKEY_CTX *pctx; 3523 unsigned char out[20]; 3524 size_t outlen; 3525 int ret = 0; 3526 unsigned char salt[] = ""; 3527 unsigned char fake[] = "0123456789"; 3528 unsigned char key[] = "012345678901234567890123456789"; 3529 unsigned char info[] = ""; 3530 const unsigned char expected[] = { 3531 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 3532 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, 3533 }; 3534 size_t expectedlen = sizeof(expected); 3535 3536 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 3537 goto done; 3538 3539 outlen = sizeof(out); 3540 memset(out, 0, outlen); 3541 3542 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 3543 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 3544 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, 3545 sizeof(fake) - 1), 0) 3546 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 3547 sizeof(salt) - 1), 0) 3548 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 3549 sizeof(key) - 1), 0) 3550 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 3551 sizeof(info) - 1), 0) 3552 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 3553 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 3554 goto done; 3555 3556 ret = 1; 3557 3558 done: 3559 EVP_PKEY_CTX_free(pctx); 3560 3561 return ret; 3562 } 3563 3564 #ifndef OPENSSL_NO_EC 3565 static int test_X509_PUBKEY_inplace(void) 3566 { 3567 int ret = 0; 3568 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 3569 const unsigned char *p = kExampleECPubKeyDER; 3570 size_t input_len = sizeof(kExampleECPubKeyDER); 3571 3572 if (!TEST_ptr(xp)) 3573 goto done; 3574 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 3575 goto done; 3576 3577 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 3578 goto done; 3579 3580 p = kExampleBadECPubKeyDER; 3581 input_len = sizeof(kExampleBadECPubKeyDER); 3582 3583 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 3584 goto done; 3585 3586 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 3587 goto done; 3588 3589 ret = 1; 3590 3591 done: 3592 X509_PUBKEY_free(xp); 3593 return ret; 3594 } 3595 3596 static int test_X509_PUBKEY_dup(void) 3597 { 3598 int ret = 0; 3599 X509_PUBKEY *xp = NULL, *xq = NULL; 3600 const unsigned char *p = kExampleECPubKeyDER; 3601 size_t input_len = sizeof(kExampleECPubKeyDER); 3602 3603 xp = X509_PUBKEY_new_ex(testctx, testpropq); 3604 if (!TEST_ptr(xp) 3605 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 3606 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 3607 || !TEST_ptr_ne(xp, xq)) 3608 goto done; 3609 3610 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 3611 || !TEST_ptr(X509_PUBKEY_get0(xp)) 3612 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 3613 goto done; 3614 3615 X509_PUBKEY_free(xq); 3616 xq = NULL; 3617 p = kExampleBadECPubKeyDER; 3618 input_len = sizeof(kExampleBadECPubKeyDER); 3619 3620 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 3621 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 3622 goto done; 3623 3624 X509_PUBKEY_free(xp); 3625 xp = NULL; 3626 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 3627 goto done; 3628 3629 ret = 1; 3630 3631 done: 3632 X509_PUBKEY_free(xp); 3633 X509_PUBKEY_free(xq); 3634 return ret; 3635 } 3636 #endif /* OPENSSL_NO_EC */ 3637 3638 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 3639 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 3640 { 3641 EVP_MD_CTX *mdctx = NULL; 3642 EVP_PKEY_CTX *ctx = NULL; 3643 const OSSL_PARAM *params; 3644 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 3645 int ret = 0; 3646 const EVP_MD *md; 3647 char mdname[OSSL_MAX_NAME_SIZE]; 3648 char ssl3ms[48]; 3649 3650 /* Initialise a sign operation */ 3651 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 3652 if (!TEST_ptr(ctx) 3653 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 3654 goto err; 3655 3656 /* 3657 * We should be able to query the parameters now. 3658 */ 3659 params = EVP_PKEY_CTX_settable_params(ctx); 3660 if (!TEST_ptr(params) 3661 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3662 OSSL_SIGNATURE_PARAM_DIGEST))) 3663 goto err; 3664 3665 params = EVP_PKEY_CTX_gettable_params(ctx); 3666 if (!TEST_ptr(params) 3667 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3668 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 3669 || !TEST_ptr(OSSL_PARAM_locate_const(params, 3670 OSSL_SIGNATURE_PARAM_DIGEST))) 3671 goto err; 3672 3673 /* 3674 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 3675 * EVP_PKEY_CTX_get_params() 3676 */ 3677 strcpy(mdname, "SHA512"); 3678 param_md = param; 3679 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3680 mdname, 0); 3681 *param++ = OSSL_PARAM_construct_end(); 3682 3683 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 3684 goto err; 3685 3686 mdname[0] = '\0'; 3687 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 3688 mdname, sizeof(mdname)); 3689 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 3690 || !TEST_str_eq(mdname, "SHA512")) 3691 goto err; 3692 3693 /* 3694 * Test the TEST_PKEY_CTX_set_signature_md() and 3695 * TEST_PKEY_CTX_get_signature_md() functions 3696 */ 3697 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 3698 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 3699 || !TEST_ptr_eq(md, EVP_sha256())) 3700 goto err; 3701 3702 /* 3703 * Test getting MD parameters via an associated EVP_PKEY_CTX 3704 */ 3705 mdctx = EVP_MD_CTX_new(); 3706 if (!TEST_ptr(mdctx) 3707 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 3708 pkey, NULL))) 3709 goto err; 3710 3711 /* 3712 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 3713 * able to obtain the digest's settable parameters from the provider. 3714 */ 3715 params = EVP_MD_CTX_settable_params(mdctx); 3716 if (!TEST_ptr(params) 3717 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 3718 /* The final key should be NULL */ 3719 || !TEST_ptr_null(params[1].key)) 3720 goto err; 3721 3722 param = ourparams; 3723 memset(ssl3ms, 0, sizeof(ssl3ms)); 3724 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 3725 ssl3ms, sizeof(ssl3ms)); 3726 *param++ = OSSL_PARAM_construct_end(); 3727 3728 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 3729 goto err; 3730 3731 ret = 1; 3732 3733 err: 3734 EVP_MD_CTX_free(mdctx); 3735 EVP_PKEY_CTX_free(ctx); 3736 3737 return ret; 3738 } 3739 3740 #ifndef OPENSSL_NO_DSA 3741 static int test_DSA_get_set_params(void) 3742 { 3743 OSSL_PARAM_BLD *bld = NULL; 3744 OSSL_PARAM *params = NULL; 3745 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 3746 EVP_PKEY_CTX *pctx = NULL; 3747 EVP_PKEY *pkey = NULL; 3748 int ret = 0; 3749 3750 /* 3751 * Setup the parameters for our DSA object. For our purposes they don't 3752 * have to actually be *valid* parameters. We just need to set something. 3753 */ 3754 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 3755 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3756 || !TEST_ptr(p = BN_new()) 3757 || !TEST_ptr(q = BN_new()) 3758 || !TEST_ptr(g = BN_new()) 3759 || !TEST_ptr(pub = BN_new()) 3760 || !TEST_ptr(priv = BN_new())) 3761 goto err; 3762 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 3763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 3764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 3765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 3766 pub)) 3767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 3768 priv))) 3769 goto err; 3770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3771 goto err; 3772 3773 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3774 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3775 params), 0)) 3776 goto err; 3777 3778 if (!TEST_ptr(pkey)) 3779 goto err; 3780 3781 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3782 3783 err: 3784 EVP_PKEY_free(pkey); 3785 EVP_PKEY_CTX_free(pctx); 3786 OSSL_PARAM_free(params); 3787 OSSL_PARAM_BLD_free(bld); 3788 BN_free(p); 3789 BN_free(q); 3790 BN_free(g); 3791 BN_free(pub); 3792 BN_free(priv); 3793 3794 return ret; 3795 } 3796 3797 /* 3798 * Test combinations of private, public, missing and private + public key 3799 * params to ensure they are all accepted 3800 */ 3801 static int test_DSA_priv_pub(void) 3802 { 3803 return test_EVP_PKEY_ffc_priv_pub("DSA"); 3804 } 3805 3806 #endif /* !OPENSSL_NO_DSA */ 3807 3808 static int test_RSA_get_set_params(void) 3809 { 3810 OSSL_PARAM_BLD *bld = NULL; 3811 OSSL_PARAM *params = NULL; 3812 BIGNUM *n = NULL, *e = NULL, *d = NULL; 3813 EVP_PKEY_CTX *pctx = NULL; 3814 EVP_PKEY *pkey = NULL; 3815 int ret = 0; 3816 3817 /* 3818 * Setup the parameters for our RSA object. For our purposes they don't 3819 * have to actually be *valid* parameters. We just need to set something. 3820 */ 3821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 3822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 3823 || !TEST_ptr(n = BN_new()) 3824 || !TEST_ptr(e = BN_new()) 3825 || !TEST_ptr(d = BN_new())) 3826 goto err; 3827 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 3828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 3829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 3830 goto err; 3831 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 3832 goto err; 3833 3834 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 3835 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 3836 params), 0)) 3837 goto err; 3838 3839 if (!TEST_ptr(pkey)) 3840 goto err; 3841 3842 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 3843 3844 err: 3845 EVP_PKEY_free(pkey); 3846 EVP_PKEY_CTX_free(pctx); 3847 OSSL_PARAM_free(params); 3848 OSSL_PARAM_BLD_free(bld); 3849 BN_free(n); 3850 BN_free(e); 3851 BN_free(d); 3852 3853 return ret; 3854 } 3855 3856 static int test_RSA_OAEP_set_get_params(void) 3857 { 3858 int ret = 0; 3859 EVP_PKEY *key = NULL; 3860 EVP_PKEY_CTX *key_ctx = NULL; 3861 3862 if (nullprov != NULL) 3863 return TEST_skip("Test does not support a non-default library context"); 3864 3865 if (!TEST_ptr(key = load_example_rsa_key()) 3866 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 3867 goto err; 3868 3869 { 3870 int padding = RSA_PKCS1_OAEP_PADDING; 3871 OSSL_PARAM params[4]; 3872 3873 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 3874 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3875 OSSL_DIGEST_NAME_SHA2_256, 0); 3876 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3877 OSSL_DIGEST_NAME_SHA1, 0); 3878 params[3] = OSSL_PARAM_construct_end(); 3879 3880 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) 3881 goto err; 3882 } 3883 { 3884 OSSL_PARAM params[3]; 3885 char oaepmd[30] = { '\0' }; 3886 char mgf1md[30] = { '\0' }; 3887 3888 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 3889 oaepmd, sizeof(oaepmd)); 3890 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 3891 mgf1md, sizeof(mgf1md)); 3892 params[2] = OSSL_PARAM_construct_end(); 3893 3894 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 3895 goto err; 3896 3897 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 3898 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 3899 goto err; 3900 } 3901 3902 ret = 1; 3903 3904 err: 3905 EVP_PKEY_free(key); 3906 EVP_PKEY_CTX_free(key_ctx); 3907 3908 return ret; 3909 } 3910 3911 /* https://github.com/openssl/openssl/issues/21288 */ 3912 static int test_RSA_OAEP_set_null_label(void) 3913 { 3914 int ret = 0; 3915 EVP_PKEY *key = NULL; 3916 EVP_PKEY_CTX *key_ctx = NULL; 3917 3918 if (!TEST_ptr(key = load_example_rsa_key()) 3919 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 3920 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 3921 goto err; 3922 3923 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 3924 goto err; 3925 3926 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 3927 goto err; 3928 3929 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 3930 goto err; 3931 3932 ret = 1; 3933 3934 err: 3935 EVP_PKEY_free(key); 3936 EVP_PKEY_CTX_free(key_ctx); 3937 3938 return ret; 3939 } 3940 3941 #ifndef OPENSSL_NO_DEPRECATED_3_0 3942 static int test_RSA_legacy(void) 3943 { 3944 int ret = 0; 3945 BIGNUM *p = NULL; 3946 BIGNUM *q = NULL; 3947 BIGNUM *n = NULL; 3948 BIGNUM *e = NULL; 3949 BIGNUM *d = NULL; 3950 const EVP_MD *md = EVP_sha256(); 3951 EVP_MD_CTX *ctx = NULL; 3952 EVP_PKEY *pkey = NULL; 3953 RSA *rsa = NULL; 3954 3955 if (nullprov != NULL) 3956 return TEST_skip("Test does not support a non-default library context"); 3957 3958 if (!TEST_ptr(p = BN_dup(BN_value_one())) 3959 || !TEST_ptr(q = BN_dup(BN_value_one())) 3960 || !TEST_ptr(n = BN_dup(BN_value_one())) 3961 || !TEST_ptr(e = BN_dup(BN_value_one())) 3962 || !TEST_ptr(d = BN_dup(BN_value_one()))) 3963 goto err; 3964 3965 if (!TEST_ptr(rsa = RSA_new()) 3966 || !TEST_ptr(pkey = EVP_PKEY_new()) 3967 || !TEST_ptr(ctx = EVP_MD_CTX_new())) 3968 goto err; 3969 3970 if (!TEST_true(RSA_set0_factors(rsa, p, q))) 3971 goto err; 3972 p = NULL; 3973 q = NULL; 3974 3975 if (!TEST_true(RSA_set0_key(rsa, n, e, d))) 3976 goto err; 3977 n = NULL; 3978 e = NULL; 3979 d = NULL; 3980 3981 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) 3982 goto err; 3983 3984 rsa = NULL; 3985 3986 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) 3987 goto err; 3988 3989 ret = 1; 3990 3991 err: 3992 RSA_free(rsa); 3993 EVP_MD_CTX_free(ctx); 3994 EVP_PKEY_free(pkey); 3995 BN_free(p); 3996 BN_free(q); 3997 BN_free(n); 3998 BN_free(e); 3999 BN_free(d); 4000 4001 return ret; 4002 } 4003 #endif 4004 4005 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4006 static int test_decrypt_null_chunks(void) 4007 { 4008 EVP_CIPHER_CTX* ctx = NULL; 4009 EVP_CIPHER *cipher = NULL; 4010 const unsigned char key[32] = { 4011 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4012 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4013 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 4014 }; 4015 unsigned char iv[12] = { 4016 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 4017 }; 4018 unsigned char msg[] = "It was the best of times, it was the worst of times"; 4019 unsigned char ciphertext[80]; 4020 unsigned char plaintext[80]; 4021 /* We initialise tmp to a non zero value on purpose */ 4022 int ctlen, ptlen, tmp = 99; 4023 int ret = 0; 4024 const int enc_offset = 10, dec_offset = 20; 4025 4026 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 4027 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4028 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 4029 key, iv)) 4030 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 4031 enc_offset)) 4032 /* Deliberate add a zero length update */ 4033 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 4034 0)) 4035 || !TEST_int_eq(tmp, 0) 4036 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 4037 msg + enc_offset, 4038 sizeof(msg) - enc_offset)) 4039 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 4040 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 4041 || !TEST_int_eq(tmp, 0)) 4042 goto err; 4043 4044 /* Deliberately initialise tmp to a non zero value */ 4045 tmp = 99; 4046 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 4047 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 4048 dec_offset)) 4049 /* 4050 * Deliberately add a zero length update. We also deliberately do 4051 * this at a different offset than for encryption. 4052 */ 4053 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 4054 0)) 4055 || !TEST_int_eq(tmp, 0) 4056 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 4057 ciphertext + dec_offset, 4058 ctlen - dec_offset)) 4059 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 4060 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 4061 || !TEST_int_eq(tmp, 0) 4062 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 4063 goto err; 4064 4065 ret = 1; 4066 err: 4067 EVP_CIPHER_CTX_free(ctx); 4068 EVP_CIPHER_free(cipher); 4069 return ret; 4070 } 4071 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 4072 4073 #ifndef OPENSSL_NO_DH 4074 /* 4075 * Test combinations of private, public, missing and private + public key 4076 * params to ensure they are all accepted 4077 */ 4078 static int test_DH_priv_pub(void) 4079 { 4080 return test_EVP_PKEY_ffc_priv_pub("DH"); 4081 } 4082 4083 # ifndef OPENSSL_NO_DEPRECATED_3_0 4084 static int test_EVP_PKEY_set1_DH(void) 4085 { 4086 DH *x942dh = NULL, *noqdh = NULL; 4087 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 4088 int ret = 0; 4089 BIGNUM *p, *g = NULL; 4090 BIGNUM *pubkey = NULL; 4091 unsigned char pub[2048 / 8]; 4092 size_t len = 0; 4093 4094 if (!TEST_ptr(p = BN_new()) 4095 || !TEST_ptr(g = BN_new()) 4096 || !TEST_ptr(pubkey = BN_new()) 4097 || !TEST_true(BN_set_word(p, 9999)) 4098 || !TEST_true(BN_set_word(g, 2)) 4099 || !TEST_true(BN_set_word(pubkey, 4321)) 4100 || !TEST_ptr(noqdh = DH_new()) 4101 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 4102 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 4103 || !TEST_ptr(pubkey = BN_new()) 4104 || !TEST_true(BN_set_word(pubkey, 4321))) 4105 goto err; 4106 p = g = NULL; 4107 4108 x942dh = DH_get_2048_256(); 4109 pkey1 = EVP_PKEY_new(); 4110 pkey2 = EVP_PKEY_new(); 4111 if (!TEST_ptr(x942dh) 4112 || !TEST_ptr(noqdh) 4113 || !TEST_ptr(pkey1) 4114 || !TEST_ptr(pkey2) 4115 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 4116 goto err; 4117 pubkey = NULL; 4118 4119 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 4120 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 4121 goto err; 4122 4123 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 4124 &pubkey)) 4125 || !TEST_ptr(pubkey)) 4126 goto err; 4127 4128 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 4129 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 4130 goto err; 4131 4132 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 4133 OSSL_PKEY_PARAM_PUB_KEY, 4134 pub, sizeof(pub), &len)) 4135 || !TEST_size_t_ne(len, 0)) 4136 goto err; 4137 4138 ret = 1; 4139 err: 4140 BN_free(p); 4141 BN_free(g); 4142 BN_free(pubkey); 4143 EVP_PKEY_free(pkey1); 4144 EVP_PKEY_free(pkey2); 4145 DH_free(x942dh); 4146 DH_free(noqdh); 4147 4148 return ret; 4149 } 4150 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 4151 #endif /* !OPENSSL_NO_DH */ 4152 4153 /* 4154 * We test what happens with an empty template. For the sake of this test, 4155 * the template must be ignored, and we know that's the case for RSA keys 4156 * (this might arguably be a misfeature, but that's what we currently do, 4157 * even in provider code, since that's how the legacy RSA implementation 4158 * does things) 4159 */ 4160 static int test_keygen_with_empty_template(int n) 4161 { 4162 EVP_PKEY_CTX *ctx = NULL; 4163 EVP_PKEY *pkey = NULL; 4164 EVP_PKEY *tkey = NULL; 4165 int ret = 0; 4166 4167 if (nullprov != NULL) 4168 return TEST_skip("Test does not support a non-default library context"); 4169 4170 switch (n) { 4171 case 0: 4172 /* We do test with no template at all as well */ 4173 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 4174 goto err; 4175 break; 4176 case 1: 4177 /* Here we create an empty RSA key that serves as our template */ 4178 if (!TEST_ptr(tkey = EVP_PKEY_new()) 4179 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 4180 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 4181 goto err; 4182 break; 4183 } 4184 4185 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4186 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 4187 goto err; 4188 4189 ret = 1; 4190 err: 4191 EVP_PKEY_CTX_free(ctx); 4192 EVP_PKEY_free(pkey); 4193 EVP_PKEY_free(tkey); 4194 return ret; 4195 } 4196 4197 /* 4198 * Test that we fail if we attempt to use an algorithm that is not available 4199 * in the current library context (unless we are using an algorithm that 4200 * should be made available via legacy codepaths). 4201 * 4202 * 0: RSA 4203 * 1: SM2 4204 */ 4205 static int test_pkey_ctx_fail_without_provider(int tst) 4206 { 4207 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 4208 OSSL_PROVIDER *tmpnullprov = NULL; 4209 EVP_PKEY_CTX *pctx = NULL; 4210 const char *keytype = NULL; 4211 int expect_null = 0; 4212 int ret = 0; 4213 4214 if (!TEST_ptr(tmpctx)) 4215 goto err; 4216 4217 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 4218 if (!TEST_ptr(tmpnullprov)) 4219 goto err; 4220 4221 /* 4222 * We check for certain algos in the null provider. 4223 * If an algo is expected to have a provider keymgmt, constructing an 4224 * EVP_PKEY_CTX is expected to fail (return NULL). 4225 * Otherwise, if it's expected to have legacy support, constructing an 4226 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 4227 */ 4228 switch (tst) { 4229 case 0: 4230 keytype = "RSA"; 4231 expect_null = 1; 4232 break; 4233 case 1: 4234 keytype = "SM2"; 4235 expect_null = 1; 4236 #ifdef OPENSSL_NO_EC 4237 TEST_info("EC disable, skipping SM2 check..."); 4238 goto end; 4239 #endif 4240 #ifdef OPENSSL_NO_SM2 4241 TEST_info("SM2 disable, skipping SM2 check..."); 4242 goto end; 4243 #endif 4244 break; 4245 default: 4246 TEST_error("No test for case %d", tst); 4247 goto err; 4248 } 4249 4250 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 4251 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 4252 goto err; 4253 4254 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 4255 end: 4256 #endif 4257 ret = 1; 4258 4259 err: 4260 EVP_PKEY_CTX_free(pctx); 4261 OSSL_PROVIDER_unload(tmpnullprov); 4262 OSSL_LIB_CTX_free(tmpctx); 4263 return ret; 4264 } 4265 4266 static int test_rand_agglomeration(void) 4267 { 4268 EVP_RAND *rand; 4269 EVP_RAND_CTX *ctx; 4270 OSSL_PARAM params[3], *p = params; 4271 int res; 4272 unsigned int step = 7; 4273 static unsigned char seed[] = "It does not matter how slowly you go " 4274 "as long as you do not stop."; 4275 unsigned char out[sizeof(seed)]; 4276 4277 if (!TEST_int_ne(sizeof(seed) % step, 0) 4278 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 4279 return 0; 4280 ctx = EVP_RAND_CTX_new(rand, NULL); 4281 EVP_RAND_free(rand); 4282 if (!TEST_ptr(ctx)) 4283 return 0; 4284 4285 memset(out, 0, sizeof(out)); 4286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 4287 seed, sizeof(seed)); 4288 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 4289 *p = OSSL_PARAM_construct_end(); 4290 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 4291 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 4292 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 4293 EVP_RAND_CTX_free(ctx); 4294 return res; 4295 } 4296 4297 /* 4298 * Test that we correctly return the original or "running" IV after 4299 * an encryption operation. 4300 * Run multiple times for some different relevant algorithms/modes. 4301 */ 4302 static int test_evp_iv_aes(int idx) 4303 { 4304 int ret = 0; 4305 EVP_CIPHER_CTX *ctx = NULL; 4306 unsigned char key[16] = { 4307 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 4308 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 4309 }; 4310 unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 4311 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4312 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4313 }; 4314 static const unsigned char msg[] = { 4315 1, 2, 3, 4, 5, 6, 7, 8, 4316 9, 10, 11, 12, 13, 14, 15, 16 4317 }; 4318 unsigned char ciphertext[32], oiv[16], iv[16]; 4319 unsigned char *ref_iv; 4320 unsigned char cbc_state[16] = { 4321 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 4322 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e 4323 }; 4324 4325 unsigned char ofb_state[16] = { 4326 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 4327 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd 4328 }; 4329 unsigned char cfb_state[16] = { 4330 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 4331 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed 4332 }; 4333 unsigned char gcm_state[12] = { 4334 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4335 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4336 }; 4337 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; 4338 #ifndef OPENSSL_NO_OCB 4339 unsigned char ocb_state[12] = { 4340 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 4341 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 4342 }; 4343 #endif 4344 int len = sizeof(ciphertext); 4345 size_t ivlen, ref_len; 4346 const EVP_CIPHER *type = NULL; 4347 int iv_reset = 0; 4348 4349 if (nullprov != NULL && idx < 6) 4350 return TEST_skip("Test does not support a non-default library context"); 4351 4352 switch (idx) { 4353 case 0: 4354 type = EVP_aes_128_cbc(); 4355 /* FALLTHROUGH */ 4356 case 6: 4357 type = (type != NULL) ? type : 4358 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 4359 ref_iv = cbc_state; 4360 ref_len = sizeof(cbc_state); 4361 iv_reset = 1; 4362 break; 4363 case 1: 4364 type = EVP_aes_128_ofb(); 4365 /* FALLTHROUGH */ 4366 case 7: 4367 type = (type != NULL) ? type : 4368 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 4369 ref_iv = ofb_state; 4370 ref_len = sizeof(ofb_state); 4371 iv_reset = 1; 4372 break; 4373 case 2: 4374 type = EVP_aes_128_cfb(); 4375 /* FALLTHROUGH */ 4376 case 8: 4377 type = (type != NULL) ? type : 4378 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 4379 ref_iv = cfb_state; 4380 ref_len = sizeof(cfb_state); 4381 iv_reset = 1; 4382 break; 4383 case 3: 4384 type = EVP_aes_128_gcm(); 4385 /* FALLTHROUGH */ 4386 case 9: 4387 type = (type != NULL) ? type : 4388 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 4389 ref_iv = gcm_state; 4390 ref_len = sizeof(gcm_state); 4391 break; 4392 case 4: 4393 type = EVP_aes_128_ccm(); 4394 /* FALLTHROUGH */ 4395 case 10: 4396 type = (type != NULL) ? type : 4397 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 4398 ref_iv = ccm_state; 4399 ref_len = sizeof(ccm_state); 4400 break; 4401 #ifdef OPENSSL_NO_OCB 4402 case 5: 4403 case 11: 4404 return 1; 4405 #else 4406 case 5: 4407 type = EVP_aes_128_ocb(); 4408 /* FALLTHROUGH */ 4409 case 11: 4410 type = (type != NULL) ? type : 4411 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 4412 ref_iv = ocb_state; 4413 ref_len = sizeof(ocb_state); 4414 break; 4415 #endif 4416 default: 4417 return 0; 4418 } 4419 4420 if (!TEST_ptr(type) 4421 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4422 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4423 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4424 (int)sizeof(msg))) 4425 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4426 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4427 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4428 goto err; 4429 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4430 4431 if (!TEST_int_gt(ivlen, 0)) 4432 goto err; 4433 4434 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4435 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4436 goto err; 4437 4438 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 4439 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4440 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4441 goto err; 4442 if (iv_reset) { 4443 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4444 goto err; 4445 } else { 4446 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 4447 goto err; 4448 } 4449 4450 ret = 1; 4451 err: 4452 EVP_CIPHER_CTX_free(ctx); 4453 if (idx >= 6) 4454 EVP_CIPHER_free((EVP_CIPHER *)type); 4455 return ret; 4456 } 4457 4458 #ifndef OPENSSL_NO_DES 4459 static int test_evp_iv_des(int idx) 4460 { 4461 int ret = 0; 4462 EVP_CIPHER_CTX *ctx = NULL; 4463 static const unsigned char key[24] = { 4464 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 4465 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 4466 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4467 }; 4468 static const unsigned char init_iv[8] = { 4469 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 4470 }; 4471 static const unsigned char msg[] = { 4472 1, 2, 3, 4, 5, 6, 7, 8, 4473 9, 10, 11, 12, 13, 14, 15, 16 4474 }; 4475 unsigned char ciphertext[32], oiv[8], iv[8]; 4476 unsigned const char *ref_iv; 4477 static const unsigned char cbc_state_des[8] = { 4478 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 4479 }; 4480 static const unsigned char cbc_state_3des[8] = { 4481 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 4482 }; 4483 static const unsigned char ofb_state_des[8] = { 4484 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 4485 }; 4486 static const unsigned char ofb_state_3des[8] = { 4487 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 4488 }; 4489 static const unsigned char cfb_state_des[8] = { 4490 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 4491 }; 4492 static const unsigned char cfb_state_3des[8] = { 4493 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 4494 }; 4495 int len = sizeof(ciphertext); 4496 size_t ivlen, ref_len; 4497 EVP_CIPHER *type = NULL; 4498 4499 if (lgcyprov == NULL && idx < 3) 4500 return TEST_skip("Test requires legacy provider to be loaded"); 4501 4502 switch (idx) { 4503 case 0: 4504 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 4505 ref_iv = cbc_state_des; 4506 ref_len = sizeof(cbc_state_des); 4507 break; 4508 case 1: 4509 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 4510 ref_iv = ofb_state_des; 4511 ref_len = sizeof(ofb_state_des); 4512 break; 4513 case 2: 4514 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 4515 ref_iv = cfb_state_des; 4516 ref_len = sizeof(cfb_state_des); 4517 break; 4518 case 3: 4519 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 4520 ref_iv = cbc_state_3des; 4521 ref_len = sizeof(cbc_state_3des); 4522 break; 4523 case 4: 4524 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 4525 ref_iv = ofb_state_3des; 4526 ref_len = sizeof(ofb_state_3des); 4527 break; 4528 case 5: 4529 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 4530 ref_iv = cfb_state_3des; 4531 ref_len = sizeof(cfb_state_3des); 4532 break; 4533 default: 4534 return 0; 4535 } 4536 4537 if (!TEST_ptr(type) 4538 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 4539 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 4540 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 4541 (int)sizeof(msg))) 4542 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 4543 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 4544 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 4545 goto err; 4546 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 4547 4548 if (!TEST_int_gt(ivlen, 0)) 4549 goto err; 4550 4551 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 4552 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 4553 goto err; 4554 4555 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 4556 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 4557 goto err; 4558 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 4559 goto err; 4560 4561 ret = 1; 4562 err: 4563 EVP_CIPHER_CTX_free(ctx); 4564 EVP_CIPHER_free(type); 4565 return ret; 4566 } 4567 #endif 4568 4569 #ifndef OPENSSL_NO_BF 4570 static int test_evp_bf_default_keylen(int idx) 4571 { 4572 int ret = 0; 4573 static const char *algos[4] = { 4574 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 4575 }; 4576 int ivlen[4] = { 0, 8, 8, 8 }; 4577 EVP_CIPHER *cipher = NULL; 4578 4579 if (lgcyprov == NULL) 4580 return TEST_skip("Test requires legacy provider to be loaded"); 4581 4582 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 4583 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 4584 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 4585 goto err; 4586 4587 ret = 1; 4588 err: 4589 EVP_CIPHER_free(cipher); 4590 return ret; 4591 } 4592 #endif 4593 4594 #ifndef OPENSSL_NO_EC 4595 static int ecpub_nids[] = { 4596 NID_brainpoolP256r1, NID_X9_62_prime256v1, 4597 NID_secp384r1, NID_secp521r1, 4598 # ifndef OPENSSL_NO_EC2M 4599 NID_sect233k1, NID_sect233r1, NID_sect283r1, 4600 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 4601 # endif 4602 NID_brainpoolP384r1, NID_brainpoolP512r1 4603 }; 4604 4605 static int test_ecpub(int idx) 4606 { 4607 int ret = 0, len, savelen; 4608 int nid; 4609 unsigned char buf[1024]; 4610 unsigned char *p; 4611 EVP_PKEY *pkey = NULL; 4612 EVP_PKEY_CTX *ctx = NULL; 4613 # ifndef OPENSSL_NO_DEPRECATED_3_0 4614 const unsigned char *q; 4615 EVP_PKEY *pkey2 = NULL; 4616 EC_KEY *ec = NULL; 4617 # endif 4618 4619 if (nullprov != NULL) 4620 return TEST_skip("Test does not support a non-default library context"); 4621 4622 nid = ecpub_nids[idx]; 4623 4624 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 4625 if (!TEST_ptr(ctx) 4626 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4627 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 4628 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 4629 goto done; 4630 len = i2d_PublicKey(pkey, NULL); 4631 savelen = len; 4632 if (!TEST_int_ge(len, 1) 4633 || !TEST_int_lt(len, 1024)) 4634 goto done; 4635 p = buf; 4636 len = i2d_PublicKey(pkey, &p); 4637 if (!TEST_int_ge(len, 1) 4638 || !TEST_int_eq(len, savelen)) 4639 goto done; 4640 4641 # ifndef OPENSSL_NO_DEPRECATED_3_0 4642 /* Now try to decode the just-created DER. */ 4643 q = buf; 4644 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 4645 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 4646 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 4647 goto done; 4648 /* EC_KEY ownership transferred */ 4649 ec = NULL; 4650 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 4651 goto done; 4652 /* The keys should match. */ 4653 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 4654 goto done; 4655 # endif 4656 4657 ret = 1; 4658 4659 done: 4660 EVP_PKEY_CTX_free(ctx); 4661 EVP_PKEY_free(pkey); 4662 # ifndef OPENSSL_NO_DEPRECATED_3_0 4663 EVP_PKEY_free(pkey2); 4664 EC_KEY_free(ec); 4665 # endif 4666 return ret; 4667 } 4668 #endif 4669 4670 static int test_EVP_rsa_pss_with_keygen_bits(void) 4671 { 4672 int ret = 0; 4673 EVP_PKEY_CTX *ctx = NULL; 4674 EVP_PKEY *pkey = NULL; 4675 EVP_MD *md; 4676 4677 md = EVP_MD_fetch(testctx, "sha256", testpropq); 4678 ret = TEST_ptr(md) 4679 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 4680 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 4681 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 4682 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 4683 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 4684 4685 EVP_MD_free(md); 4686 EVP_PKEY_free(pkey); 4687 EVP_PKEY_CTX_free(ctx); 4688 return ret; 4689 } 4690 4691 static int test_EVP_rsa_pss_set_saltlen(void) 4692 { 4693 int ret = 0; 4694 EVP_PKEY *pkey = NULL; 4695 EVP_PKEY_CTX *pkey_ctx = NULL; 4696 EVP_MD *sha256 = NULL; 4697 EVP_MD_CTX *sha256_ctx = NULL; 4698 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 4699 const int test_value = 32; 4700 4701 ret = TEST_ptr(pkey = load_example_rsa_key()) 4702 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 4703 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 4704 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 4705 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 4706 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 4707 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 4708 && TEST_int_eq(saltlen, test_value); 4709 4710 EVP_MD_CTX_free(sha256_ctx); 4711 EVP_PKEY_free(pkey); 4712 EVP_MD_free(sha256); 4713 4714 return ret; 4715 } 4716 4717 static int test_EVP_rsa_invalid_key(void) 4718 { 4719 int ret = 0; 4720 EVP_PKEY *pkey = NULL; 4721 4722 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); 4723 /* we expect to fail to load bogus key */ 4724 ret = !TEST_ptr(pkey); 4725 EVP_PKEY_free(pkey); 4726 4727 return ret; 4728 } 4729 4730 static int success = 1; 4731 static void md_names(const char *name, void *vctx) 4732 { 4733 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 4734 /* Force a namemap update */ 4735 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 4736 4737 if (!TEST_ptr(aes128)) 4738 success = 0; 4739 4740 EVP_CIPHER_free(aes128); 4741 } 4742 4743 /* 4744 * Test that changing the namemap in a user callback works in a names_do_all 4745 * function. 4746 */ 4747 static int test_names_do_all(void) 4748 { 4749 /* We use a custom libctx so that we know the state of the namemap */ 4750 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 4751 EVP_MD *sha256 = NULL; 4752 int testresult = 0; 4753 4754 if (!TEST_ptr(ctx)) 4755 goto err; 4756 4757 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 4758 if (!TEST_ptr(sha256)) 4759 goto err; 4760 4761 /* 4762 * We loop through all the names for a given digest. This should still work 4763 * even if the namemap changes part way through. 4764 */ 4765 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 4766 goto err; 4767 4768 if (!TEST_true(success)) 4769 goto err; 4770 4771 testresult = 1; 4772 err: 4773 EVP_MD_free(sha256); 4774 OSSL_LIB_CTX_free(ctx); 4775 return testresult; 4776 } 4777 4778 typedef struct { 4779 const char *cipher; 4780 const unsigned char *key; 4781 const unsigned char *iv; 4782 const unsigned char *input; 4783 const unsigned char *expected; 4784 const unsigned char *tag; 4785 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 4786 size_t inlen; 4787 size_t expectedlen; 4788 size_t taglen; 4789 int keyfirst; 4790 int initenc; 4791 int finalenc; 4792 } EVP_INIT_TEST_st; 4793 4794 static const EVP_INIT_TEST_st evp_init_tests[] = { 4795 { 4796 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4797 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4798 0, 1, 0, 1 4799 }, 4800 { 4801 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4802 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4803 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4804 sizeof(gcmDefaultTag), 1, 0, 1 4805 }, 4806 { 4807 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 4808 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 4809 0, 0, 0, 1 4810 }, 4811 { 4812 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 4813 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4814 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 4815 sizeof(gcmDefaultTag), 0, 0, 1 4816 }, 4817 { 4818 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4819 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4820 0, 1, 1, 0 4821 }, 4822 { 4823 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4824 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4825 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4826 sizeof(gcmDefaultTag), 1, 1, 0 4827 }, 4828 { 4829 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 4830 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 4831 0, 0, 1, 0 4832 }, 4833 { 4834 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 4835 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 4836 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 4837 sizeof(gcmDefaultTag), 0, 1, 0 4838 } 4839 }; 4840 4841 /* use same key, iv and plaintext for cfb and ofb */ 4842 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 4843 { 4844 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4845 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4846 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 4847 }, 4848 { 4849 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 4850 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 4851 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 4852 }, 4853 { 4854 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 4855 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 4856 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 4857 }, 4858 { 4859 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 4860 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 4861 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 4862 }, 4863 }; 4864 4865 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 4866 { 4867 int res = 0; 4868 4869 if (t->ivlen != 0) { 4870 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 4871 goto err; 4872 } 4873 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 4874 goto err; 4875 res = 1; 4876 err: 4877 return res; 4878 } 4879 4880 /* 4881 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 4882 * arguments are given one at a time and a final adjustment to the enc 4883 * parameter sets the correct operation. 4884 */ 4885 static int test_evp_init_seq(int idx) 4886 { 4887 int outlen1, outlen2; 4888 int testresult = 0; 4889 unsigned char outbuf[1024]; 4890 unsigned char tag[16]; 4891 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 4892 EVP_CIPHER_CTX *ctx = NULL; 4893 EVP_CIPHER *type = NULL; 4894 size_t taglen = sizeof(tag); 4895 char *errmsg = NULL; 4896 4897 ctx = EVP_CIPHER_CTX_new(); 4898 if (ctx == NULL) { 4899 errmsg = "CTX_ALLOC"; 4900 goto err; 4901 } 4902 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 4903 errmsg = "CIPHER_FETCH"; 4904 goto err; 4905 } 4906 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 4907 errmsg = "EMPTY_ENC_INIT"; 4908 goto err; 4909 } 4910 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4911 errmsg = "PADDING"; 4912 goto err; 4913 } 4914 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4915 errmsg = "KEY_INIT (before iv)"; 4916 goto err; 4917 } 4918 if (!evp_init_seq_set_iv(ctx, t)) { 4919 errmsg = "IV_INIT"; 4920 goto err; 4921 } 4922 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 4923 errmsg = "KEY_INIT (after iv)"; 4924 goto err; 4925 } 4926 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 4927 errmsg = "FINAL_ENC_INIT"; 4928 goto err; 4929 } 4930 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4931 errmsg = "CIPHER_UPDATE"; 4932 goto err; 4933 } 4934 if (t->finalenc == 0 && t->tag != NULL) { 4935 /* Set expected tag */ 4936 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 4937 t->taglen, (void *)t->tag), 0)) { 4938 errmsg = "SET_TAG"; 4939 goto err; 4940 } 4941 } 4942 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4943 errmsg = "CIPHER_FINAL"; 4944 goto err; 4945 } 4946 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4947 errmsg = "WRONG_RESULT"; 4948 goto err; 4949 } 4950 if (t->finalenc != 0 && t->tag != NULL) { 4951 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4952 errmsg = "GET_TAG"; 4953 goto err; 4954 } 4955 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 4956 errmsg = "TAG_ERROR"; 4957 goto err; 4958 } 4959 } 4960 testresult = 1; 4961 err: 4962 if (errmsg != NULL) 4963 TEST_info("evp_init_test %d: %s", idx, errmsg); 4964 EVP_CIPHER_CTX_free(ctx); 4965 EVP_CIPHER_free(type); 4966 return testresult; 4967 } 4968 4969 /* 4970 * Test re-initialization of cipher context without changing key or iv. 4971 * The result of both iteration should be the same. 4972 */ 4973 static int test_evp_reinit_seq(int idx) 4974 { 4975 int outlen1, outlen2, outlen_final; 4976 int testresult = 0; 4977 unsigned char outbuf1[1024]; 4978 unsigned char outbuf2[1024]; 4979 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 4980 EVP_CIPHER_CTX *ctx = NULL; 4981 EVP_CIPHER *type = NULL; 4982 4983 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4984 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 4985 /* setup cipher context */ 4986 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 4987 /* first iteration */ 4988 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 4989 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 4990 /* check test results iteration 1 */ 4991 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 4992 /* now re-init the context (same cipher, key and iv) */ 4993 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 4994 /* second iteration */ 4995 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 4996 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 4997 /* check test results iteration 2 */ 4998 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 4999 goto err; 5000 testresult = 1; 5001 err: 5002 EVP_CIPHER_CTX_free(ctx); 5003 EVP_CIPHER_free(type); 5004 return testresult; 5005 } 5006 5007 typedef struct { 5008 const unsigned char *input; 5009 const unsigned char *expected; 5010 size_t inlen; 5011 size_t expectedlen; 5012 int enc; 5013 } EVP_RESET_TEST_st; 5014 5015 static const EVP_RESET_TEST_st evp_reset_tests[] = { 5016 { 5017 cfbPlaintext, cfbCiphertext, 5018 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 5019 }, 5020 { 5021 cfbCiphertext, cfbPlaintext, 5022 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 5023 } 5024 }; 5025 5026 /* 5027 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 5028 * been used. 5029 */ 5030 static int test_evp_reset(int idx) 5031 { 5032 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 5033 int outlen1, outlen2; 5034 int testresult = 0; 5035 unsigned char outbuf[1024]; 5036 EVP_CIPHER_CTX *ctx = NULL; 5037 EVP_CIPHER *type = NULL; 5038 char *errmsg = NULL; 5039 5040 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5041 errmsg = "CTX_ALLOC"; 5042 goto err; 5043 } 5044 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 5045 errmsg = "CIPHER_FETCH"; 5046 goto err; 5047 } 5048 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5049 errmsg = "CIPHER_INIT"; 5050 goto err; 5051 } 5052 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5053 errmsg = "PADDING"; 5054 goto err; 5055 } 5056 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5057 errmsg = "CIPHER_UPDATE"; 5058 goto err; 5059 } 5060 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5061 errmsg = "CIPHER_FINAL"; 5062 goto err; 5063 } 5064 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5065 errmsg = "WRONG_RESULT"; 5066 goto err; 5067 } 5068 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 5069 errmsg = "CIPHER_REINIT"; 5070 goto err; 5071 } 5072 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 5073 errmsg = "CIPHER_UPDATE (reinit)"; 5074 goto err; 5075 } 5076 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5077 errmsg = "CIPHER_FINAL (reinit)"; 5078 goto err; 5079 } 5080 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 5081 errmsg = "WRONG_RESULT (reinit)"; 5082 goto err; 5083 } 5084 testresult = 1; 5085 err: 5086 if (errmsg != NULL) 5087 TEST_info("test_evp_reset %d: %s", idx, errmsg); 5088 EVP_CIPHER_CTX_free(ctx); 5089 EVP_CIPHER_free(type); 5090 return testresult; 5091 } 5092 5093 typedef struct { 5094 const char *cipher; 5095 int enc; 5096 } EVP_UPDATED_IV_TEST_st; 5097 5098 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 5099 { 5100 "aes-128-cfb", 1 5101 }, 5102 { 5103 "aes-128-cfb", 0 5104 }, 5105 { 5106 "aes-128-cfb1", 1 5107 }, 5108 { 5109 "aes-128-cfb1", 0 5110 }, 5111 { 5112 "aes-128-cfb8", 1 5113 }, 5114 { 5115 "aes-128-cfb8", 0 5116 }, 5117 { 5118 "aes-128-ofb", 1 5119 }, 5120 { 5121 "aes-128-ofb", 0 5122 }, 5123 { 5124 "aes-128-ctr", 1 5125 }, 5126 { 5127 "aes-128-ctr", 0 5128 }, 5129 { 5130 "aes-128-cbc", 1 5131 }, 5132 { 5133 "aes-128-cbc", 0 5134 } 5135 }; 5136 5137 /* 5138 * Test that the IV in the context is updated during a crypto operation for CFB 5139 * and OFB. 5140 */ 5141 static int test_evp_updated_iv(int idx) 5142 { 5143 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 5144 int outlen1, outlen2; 5145 int testresult = 0; 5146 unsigned char outbuf[1024]; 5147 EVP_CIPHER_CTX *ctx = NULL; 5148 EVP_CIPHER *type = NULL; 5149 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 5150 int iv_len; 5151 char *errmsg = NULL; 5152 5153 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5154 errmsg = "CTX_ALLOC"; 5155 goto err; 5156 } 5157 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 5158 TEST_info("cipher %s not supported, skipping", t->cipher); 5159 goto ok; 5160 } 5161 5162 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 5163 errmsg = "CIPHER_INIT"; 5164 goto err; 5165 } 5166 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 5167 errmsg = "PADDING"; 5168 goto err; 5169 } 5170 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 5171 errmsg = "CIPHER_UPDATE"; 5172 goto err; 5173 } 5174 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 5175 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 5176 goto err; 5177 } 5178 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); 5179 if (!TEST_int_ge(iv_len,0)) { 5180 errmsg = "CIPHER_CTX_GET_IV_LEN"; 5181 goto err; 5182 } 5183 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 5184 errmsg = "IV_NOT_UPDATED"; 5185 goto err; 5186 } 5187 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5188 errmsg = "CIPHER_FINAL"; 5189 goto err; 5190 } 5191 ok: 5192 testresult = 1; 5193 err: 5194 if (errmsg != NULL) 5195 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 5196 EVP_CIPHER_CTX_free(ctx); 5197 EVP_CIPHER_free(type); 5198 return testresult; 5199 } 5200 5201 typedef struct { 5202 const unsigned char *iv1; 5203 const unsigned char *iv2; 5204 const unsigned char *expected1; 5205 const unsigned char *expected2; 5206 const unsigned char *tag1; 5207 const unsigned char *tag2; 5208 size_t ivlen1; 5209 size_t ivlen2; 5210 size_t expectedlen1; 5211 size_t expectedlen2; 5212 } TEST_GCM_IV_REINIT_st; 5213 5214 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 5215 { 5216 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 5217 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 5218 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 5219 }, 5220 { 5221 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 5222 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 5223 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 5224 } 5225 }; 5226 5227 static int test_gcm_reinit(int idx) 5228 { 5229 int outlen1, outlen2, outlen3; 5230 int testresult = 0; 5231 unsigned char outbuf[1024]; 5232 unsigned char tag[16]; 5233 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 5234 EVP_CIPHER_CTX *ctx = NULL; 5235 EVP_CIPHER *type = NULL; 5236 size_t taglen = sizeof(tag); 5237 char *errmsg = NULL; 5238 5239 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 5240 errmsg = "CTX_ALLOC"; 5241 goto err; 5242 } 5243 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 5244 errmsg = "CIPHER_FETCH"; 5245 goto err; 5246 } 5247 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 5248 errmsg = "ENC_INIT"; 5249 goto err; 5250 } 5251 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 5252 errmsg = "SET_IVLEN1"; 5253 goto err; 5254 } 5255 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 5256 errmsg = "SET_IV1"; 5257 goto err; 5258 } 5259 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5260 errmsg = "AAD1"; 5261 goto err; 5262 } 5263 EVP_CIPHER_CTX_set_padding(ctx, 0); 5264 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5265 sizeof(gcmResetPlaintext)))) { 5266 errmsg = "CIPHER_UPDATE1"; 5267 goto err; 5268 } 5269 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5270 errmsg = "CIPHER_FINAL1"; 5271 goto err; 5272 } 5273 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 5274 errmsg = "WRONG_RESULT1"; 5275 goto err; 5276 } 5277 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5278 errmsg = "GET_TAG1"; 5279 goto err; 5280 } 5281 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 5282 errmsg = "TAG_ERROR1"; 5283 goto err; 5284 } 5285 /* Now reinit */ 5286 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 5287 errmsg = "SET_IVLEN2"; 5288 goto err; 5289 } 5290 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 5291 errmsg = "SET_IV2"; 5292 goto err; 5293 } 5294 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 5295 errmsg = "AAD2"; 5296 goto err; 5297 } 5298 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 5299 sizeof(gcmResetPlaintext)))) { 5300 errmsg = "CIPHER_UPDATE2"; 5301 goto err; 5302 } 5303 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 5304 errmsg = "CIPHER_FINAL2"; 5305 goto err; 5306 } 5307 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 5308 errmsg = "WRONG_RESULT2"; 5309 goto err; 5310 } 5311 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 5312 errmsg = "GET_TAG2"; 5313 goto err; 5314 } 5315 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 5316 errmsg = "TAG_ERROR2"; 5317 goto err; 5318 } 5319 testresult = 1; 5320 err: 5321 if (errmsg != NULL) 5322 TEST_info("evp_init_test %d: %s", idx, errmsg); 5323 EVP_CIPHER_CTX_free(ctx); 5324 EVP_CIPHER_free(type); 5325 return testresult; 5326 } 5327 5328 static const char *ivlen_change_ciphers[] = { 5329 "AES-256-GCM", 5330 #ifndef OPENSSL_NO_OCB 5331 "AES-256-OCB", 5332 #endif 5333 "AES-256-CCM" 5334 }; 5335 5336 /* Negative test for ivlen change after iv being set */ 5337 static int test_ivlen_change(int idx) 5338 { 5339 int outlen; 5340 int res = 0; 5341 unsigned char outbuf[1024]; 5342 static const unsigned char iv[] = { 5343 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5344 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5345 }; 5346 EVP_CIPHER_CTX *ctx = NULL; 5347 EVP_CIPHER *ciph = NULL; 5348 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5349 size_t ivlen = 13; /* non-default IV length */ 5350 5351 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5352 goto err; 5353 5354 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 5355 testpropq))) 5356 goto err; 5357 5358 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 5359 goto err; 5360 5361 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5362 sizeof(gcmDefaultPlaintext)))) 5363 goto err; 5364 5365 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5366 &ivlen); 5367 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5368 goto err; 5369 5370 ERR_set_mark(); 5371 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5372 sizeof(gcmDefaultPlaintext)))) { 5373 ERR_clear_last_mark(); 5374 goto err; 5375 } 5376 ERR_pop_to_mark(); 5377 5378 res = 1; 5379 err: 5380 EVP_CIPHER_CTX_free(ctx); 5381 EVP_CIPHER_free(ciph); 5382 return res; 5383 } 5384 5385 static const char *keylen_change_ciphers[] = { 5386 #ifndef OPENSSL_NO_BF 5387 "BF-ECB", 5388 #endif 5389 #ifndef OPENSSL_NO_CAST 5390 "CAST5-ECB", 5391 #endif 5392 #ifndef OPENSSL_NO_RC2 5393 "RC2-ECB", 5394 #endif 5395 #ifndef OPENSSL_NO_RC4 5396 "RC4", 5397 #endif 5398 #ifndef OPENSSL_NO_RC5 5399 "RC5-ECB", 5400 #endif 5401 NULL 5402 }; 5403 5404 /* Negative test for keylen change after key was set */ 5405 static int test_keylen_change(int idx) 5406 { 5407 int outlen; 5408 int res = 0; 5409 unsigned char outbuf[1024]; 5410 static const unsigned char key[] = { 5411 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 5412 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 5413 }; 5414 EVP_CIPHER_CTX *ctx = NULL; 5415 EVP_CIPHER *ciph = NULL; 5416 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 5417 size_t keylen = 12; /* non-default key length */ 5418 5419 if (lgcyprov == NULL) 5420 return TEST_skip("Test requires legacy provider to be loaded"); 5421 5422 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 5423 goto err; 5424 5425 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 5426 testpropq))) 5427 goto err; 5428 5429 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 5430 goto err; 5431 5432 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5433 sizeof(gcmDefaultPlaintext)))) 5434 goto err; 5435 5436 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5437 &keylen); 5438 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 5439 goto err; 5440 5441 ERR_set_mark(); 5442 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 5443 sizeof(gcmDefaultPlaintext)))) { 5444 ERR_clear_last_mark(); 5445 goto err; 5446 } 5447 ERR_pop_to_mark(); 5448 5449 res = 1; 5450 err: 5451 EVP_CIPHER_CTX_free(ctx); 5452 EVP_CIPHER_free(ciph); 5453 return res; 5454 } 5455 5456 #ifndef OPENSSL_NO_DEPRECATED_3_0 5457 static EVP_PKEY_METHOD *custom_pmeth = NULL; 5458 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 5459 5460 # define EVP_PKEY_CTRL_MY_COMMAND 9999 5461 5462 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 5463 { 5464 int (*pinit)(EVP_PKEY_CTX *ctx); 5465 5466 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 5467 return pinit(ctx); 5468 } 5469 5470 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 5471 { 5472 void (*pcleanup)(EVP_PKEY_CTX *ctx); 5473 5474 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 5475 pcleanup(ctx); 5476 } 5477 5478 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 5479 size_t *outlen, const unsigned char *in, 5480 size_t inlen) 5481 { 5482 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 5483 const unsigned char *tbs, size_t tbslen); 5484 5485 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 5486 return psign(ctx, out, outlen, in, inlen); 5487 } 5488 5489 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 5490 size_t *siglen, const unsigned char *tbs, 5491 size_t tbslen) 5492 { 5493 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 5494 const unsigned char *tbs, size_t tbslen); 5495 5496 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 5497 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 5498 } 5499 5500 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 5501 size_t *keylen) 5502 { 5503 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 5504 5505 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 5506 return pderive(ctx, key, keylen); 5507 } 5508 5509 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 5510 { 5511 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 5512 5513 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 5514 return pcopy(dst, src); 5515 } 5516 5517 static int ctrl_called; 5518 5519 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 5520 { 5521 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 5522 5523 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 5524 5525 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 5526 ctrl_called = 1; 5527 return 1; 5528 } 5529 5530 return pctrl(ctx, type, p1, p2); 5531 } 5532 5533 static int test_custom_pmeth(int idx) 5534 { 5535 EVP_PKEY_CTX *pctx = NULL; 5536 EVP_MD_CTX *ctx = NULL; 5537 EVP_PKEY *pkey = NULL; 5538 int id, orig_id, orig_flags; 5539 int testresult = 0; 5540 size_t reslen; 5541 unsigned char *res = NULL; 5542 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 5543 const EVP_MD *md = EVP_sha256(); 5544 int doderive = 0; 5545 5546 ctrl_called = 0; 5547 5548 /* We call deprecated APIs so this test doesn't support a custom libctx */ 5549 if (testctx != NULL) 5550 return 1; 5551 5552 switch (idx) { 5553 case 0: 5554 case 6: 5555 id = EVP_PKEY_RSA; 5556 pkey = load_example_rsa_key(); 5557 break; 5558 case 1: 5559 case 7: 5560 # ifndef OPENSSL_NO_DSA 5561 id = EVP_PKEY_DSA; 5562 pkey = load_example_dsa_key(); 5563 break; 5564 # else 5565 return 1; 5566 # endif 5567 case 2: 5568 case 8: 5569 # ifndef OPENSSL_NO_EC 5570 id = EVP_PKEY_EC; 5571 pkey = load_example_ec_key(); 5572 break; 5573 # else 5574 return 1; 5575 # endif 5576 case 3: 5577 case 9: 5578 # ifndef OPENSSL_NO_ECX 5579 id = EVP_PKEY_ED25519; 5580 md = NULL; 5581 pkey = load_example_ed25519_key(); 5582 break; 5583 # else 5584 return 1; 5585 # endif 5586 case 4: 5587 case 10: 5588 # ifndef OPENSSL_NO_DH 5589 id = EVP_PKEY_DH; 5590 doderive = 1; 5591 pkey = load_example_dh_key(); 5592 break; 5593 # else 5594 return 1; 5595 # endif 5596 case 5: 5597 case 11: 5598 # ifndef OPENSSL_NO_ECX 5599 id = EVP_PKEY_X25519; 5600 doderive = 1; 5601 pkey = load_example_x25519_key(); 5602 break; 5603 # else 5604 return 1; 5605 # endif 5606 default: 5607 TEST_error("Should not happen"); 5608 goto err; 5609 } 5610 5611 if (!TEST_ptr(pkey)) 5612 goto err; 5613 5614 if (idx < 6) { 5615 if (!TEST_true(evp_pkey_is_provided(pkey))) 5616 goto err; 5617 } else { 5618 EVP_PKEY *tmp = pkey; 5619 5620 /* Convert to a legacy key */ 5621 pkey = EVP_PKEY_new(); 5622 if (!TEST_ptr(pkey)) { 5623 pkey = tmp; 5624 goto err; 5625 } 5626 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 5627 EVP_PKEY_free(tmp); 5628 goto err; 5629 } 5630 EVP_PKEY_free(tmp); 5631 if (!TEST_true(evp_pkey_is_legacy(pkey))) 5632 goto err; 5633 } 5634 5635 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 5636 || !TEST_ptr(pkey)) 5637 goto err; 5638 5639 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 5640 if (!TEST_int_eq(orig_id, id) 5641 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 5642 goto err; 5643 5644 if (id == EVP_PKEY_ED25519) { 5645 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 5646 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 5647 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 5648 } else { 5649 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 5650 } 5651 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 5652 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 5653 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 5654 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 5655 } 5656 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 5657 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 5658 goto err; 5659 5660 if (doderive) { 5661 pctx = EVP_PKEY_CTX_new(pkey, NULL); 5662 if (!TEST_ptr(pctx) 5663 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 5664 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5665 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5666 1) 5667 || !TEST_int_eq(ctrl_called, 1) 5668 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 5669 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 5670 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 5671 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 5672 goto err; 5673 } else { 5674 ctx = EVP_MD_CTX_new(); 5675 reslen = EVP_PKEY_size(pkey); 5676 res = OPENSSL_malloc(reslen); 5677 if (!TEST_ptr(ctx) 5678 || !TEST_ptr(res) 5679 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 5680 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 5681 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 5682 1) 5683 || !TEST_int_eq(ctrl_called, 1)) 5684 goto err; 5685 5686 if (id == EVP_PKEY_ED25519) { 5687 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 5688 goto err; 5689 } else { 5690 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 5691 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 5692 goto err; 5693 } 5694 } 5695 5696 testresult = 1; 5697 err: 5698 OPENSSL_free(res); 5699 EVP_MD_CTX_free(ctx); 5700 if (doderive) 5701 EVP_PKEY_CTX_free(pctx); 5702 EVP_PKEY_free(pkey); 5703 EVP_PKEY_meth_remove(custom_pmeth); 5704 EVP_PKEY_meth_free(custom_pmeth); 5705 custom_pmeth = NULL; 5706 return testresult; 5707 } 5708 5709 static int test_evp_md_cipher_meth(void) 5710 { 5711 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 5712 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 5713 int testresult = 0; 5714 5715 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 5716 goto err; 5717 5718 testresult = 1; 5719 5720 err: 5721 EVP_MD_meth_free(md); 5722 EVP_CIPHER_meth_free(ciph); 5723 5724 return testresult; 5725 } 5726 5727 typedef struct { 5728 int data; 5729 } custom_dgst_ctx; 5730 5731 static int custom_md_init_called = 0; 5732 static int custom_md_cleanup_called = 0; 5733 5734 static int custom_md_init(EVP_MD_CTX *ctx) 5735 { 5736 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5737 5738 if (p == NULL) 5739 return 0; 5740 5741 custom_md_init_called++; 5742 return 1; 5743 } 5744 5745 static int custom_md_cleanup(EVP_MD_CTX *ctx) 5746 { 5747 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 5748 5749 if (p == NULL) 5750 /* Nothing to do */ 5751 return 1; 5752 5753 custom_md_cleanup_called++; 5754 return 1; 5755 } 5756 5757 static int test_custom_md_meth(void) 5758 { 5759 ASN1_OBJECT *o = NULL; 5760 EVP_MD_CTX *mdctx = NULL; 5761 EVP_MD *tmp = NULL; 5762 char mess[] = "Test Message\n"; 5763 unsigned char md_value[EVP_MAX_MD_SIZE]; 5764 unsigned int md_len; 5765 int testresult = 0; 5766 int nid; 5767 5768 /* 5769 * We are testing deprecated functions. We don't support a non-default 5770 * library context in this test. 5771 */ 5772 if (testctx != NULL) 5773 return TEST_skip("Non-default libctx"); 5774 5775 custom_md_init_called = custom_md_cleanup_called = 0; 5776 5777 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 5778 if (!TEST_int_ne(nid, NID_undef)) 5779 goto err; 5780 tmp = EVP_MD_meth_new(nid, NID_undef); 5781 if (!TEST_ptr(tmp)) 5782 goto err; 5783 5784 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 5785 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 5786 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 5787 sizeof(custom_dgst_ctx)))) 5788 goto err; 5789 5790 mdctx = EVP_MD_CTX_new(); 5791 if (!TEST_ptr(mdctx) 5792 /* 5793 * Initing our custom md and then initing another md should 5794 * result in the init and cleanup functions of the custom md 5795 * being called. 5796 */ 5797 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 5798 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 5799 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 5800 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 5801 || !TEST_int_eq(custom_md_init_called, 1) 5802 || !TEST_int_eq(custom_md_cleanup_called, 1)) 5803 goto err; 5804 5805 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 5806 "custom-md", "custom-md"), NID_undef) 5807 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 5808 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 5809 goto err; 5810 5811 o = ASN1_OBJECT_create(nid, (unsigned char *) 5812 "\53\6\1\4\1\201\201\134\274\373\122\1", 12, 5813 "custom-md", "custom-md"); 5814 if (!TEST_int_eq(OBJ_add_object(o), nid)) 5815 goto err; 5816 5817 testresult = 1; 5818 err: 5819 ASN1_OBJECT_free(o); 5820 EVP_MD_CTX_free(mdctx); 5821 EVP_MD_meth_free(tmp); 5822 return testresult; 5823 } 5824 5825 typedef struct { 5826 int data; 5827 } custom_ciph_ctx; 5828 5829 static int custom_ciph_init_called = 0; 5830 static int custom_ciph_cleanup_called = 0; 5831 5832 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 5833 const unsigned char *iv, int enc) 5834 { 5835 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5836 5837 if (p == NULL) 5838 return 0; 5839 5840 custom_ciph_init_called++; 5841 return 1; 5842 } 5843 5844 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 5845 { 5846 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 5847 5848 if (p == NULL) 5849 /* Nothing to do */ 5850 return 1; 5851 5852 custom_ciph_cleanup_called++; 5853 return 1; 5854 } 5855 5856 static int test_custom_ciph_meth(void) 5857 { 5858 EVP_CIPHER_CTX *ciphctx = NULL; 5859 EVP_CIPHER *tmp = NULL; 5860 int testresult = 0; 5861 int nid; 5862 5863 /* 5864 * We are testing deprecated functions. We don't support a non-default 5865 * library context in this test. 5866 */ 5867 if (testctx != NULL) 5868 return TEST_skip("Non-default libctx"); 5869 5870 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 5871 5872 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 5873 if (!TEST_int_ne(nid, NID_undef)) 5874 goto err; 5875 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 5876 if (!TEST_ptr(tmp)) 5877 goto err; 5878 5879 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 5880 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 5881 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 5882 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 5883 sizeof(custom_ciph_ctx)))) 5884 goto err; 5885 5886 ciphctx = EVP_CIPHER_CTX_new(); 5887 if (!TEST_ptr(ciphctx) 5888 /* 5889 * Initing our custom cipher and then initing another cipher 5890 * should result in the init and cleanup functions of the custom 5891 * cipher being called. 5892 */ 5893 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 5894 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 5895 NULL, NULL, 1)) 5896 || !TEST_int_eq(custom_ciph_init_called, 1) 5897 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 5898 goto err; 5899 5900 testresult = 1; 5901 err: 5902 EVP_CIPHER_CTX_free(ciphctx); 5903 EVP_CIPHER_meth_free(tmp); 5904 return testresult; 5905 } 5906 5907 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 5908 /* Test we can create a signature keys with an associated ENGINE */ 5909 static int test_signatures_with_engine(int tst) 5910 { 5911 ENGINE *e; 5912 const char *engine_id = "dasync"; 5913 EVP_PKEY *pkey = NULL; 5914 const unsigned char badcmackey[] = { 0x00, 0x01 }; 5915 const unsigned char cmackey[] = { 5916 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5917 0x0c, 0x0d, 0x0e, 0x0f 5918 }; 5919 const unsigned char ed25519key[] = { 5920 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 5921 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 5922 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 5923 }; 5924 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5925 int testresult = 0; 5926 EVP_MD_CTX *ctx = NULL; 5927 unsigned char *mac = NULL; 5928 size_t maclen = 0; 5929 int ret; 5930 5931 # ifdef OPENSSL_NO_CMAC 5932 /* Skip CMAC tests in a no-cmac build */ 5933 if (tst <= 1) 5934 return 1; 5935 # endif 5936 # ifdef OPENSSL_NO_ECX 5937 /* Skip ECX tests in a no-ecx build */ 5938 if (tst == 2) 5939 return 1; 5940 # endif 5941 5942 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 5943 return 0; 5944 5945 if (!TEST_true(ENGINE_init(e))) { 5946 ENGINE_free(e); 5947 return 0; 5948 } 5949 5950 switch (tst) { 5951 case 0: 5952 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 5953 EVP_aes_128_cbc()); 5954 break; 5955 case 1: 5956 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 5957 EVP_aes_128_cbc()); 5958 break; 5959 case 2: 5960 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 5961 sizeof(ed25519key)); 5962 break; 5963 default: 5964 TEST_error("Invalid test case"); 5965 goto err; 5966 } 5967 if (!TEST_ptr(pkey)) 5968 goto err; 5969 5970 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 5971 goto err; 5972 5973 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 5974 pkey); 5975 if (tst == 0) { 5976 if (!TEST_true(ret)) 5977 goto err; 5978 5979 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 5980 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 5981 goto err; 5982 5983 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 5984 goto err; 5985 5986 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 5987 goto err; 5988 } else { 5989 /* We used a bad key. We expect a failure here */ 5990 if (!TEST_false(ret)) 5991 goto err; 5992 } 5993 5994 testresult = 1; 5995 err: 5996 EVP_MD_CTX_free(ctx); 5997 OPENSSL_free(mac); 5998 EVP_PKEY_free(pkey); 5999 ENGINE_finish(e); 6000 ENGINE_free(e); 6001 6002 return testresult; 6003 } 6004 6005 static int test_cipher_with_engine(void) 6006 { 6007 ENGINE *e; 6008 const char *engine_id = "dasync"; 6009 const unsigned char keyiv[] = { 6010 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 6011 0x0c, 0x0d, 0x0e, 0x0f 6012 }; 6013 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6014 int testresult = 0; 6015 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 6016 unsigned char buf[AES_BLOCK_SIZE]; 6017 int len = 0; 6018 6019 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 6020 return 0; 6021 6022 if (!TEST_true(ENGINE_init(e))) { 6023 ENGINE_free(e); 6024 return 0; 6025 } 6026 6027 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6028 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 6029 goto err; 6030 6031 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 6032 goto err; 6033 6034 /* Copy the ctx, and complete the operation with the new ctx */ 6035 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 6036 goto err; 6037 6038 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 6039 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 6040 goto err; 6041 6042 testresult = 1; 6043 err: 6044 EVP_CIPHER_CTX_free(ctx); 6045 EVP_CIPHER_CTX_free(ctx2); 6046 ENGINE_finish(e); 6047 ENGINE_free(e); 6048 6049 return testresult; 6050 } 6051 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 6052 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 6053 6054 #ifndef OPENSSL_NO_ECX 6055 static int ecxnids[] = { 6056 NID_X25519, 6057 NID_X448, 6058 NID_ED25519, 6059 NID_ED448 6060 }; 6061 6062 /* Test that creating ECX keys with a short private key fails as expected */ 6063 static int test_ecx_short_keys(int tst) 6064 { 6065 unsigned char ecxkeydata = 1; 6066 EVP_PKEY *pkey; 6067 6068 6069 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 6070 NULL, &ecxkeydata, 1); 6071 if (!TEST_ptr_null(pkey)) { 6072 EVP_PKEY_free(pkey); 6073 return 0; 6074 } 6075 6076 return 1; 6077 } 6078 #endif 6079 6080 typedef enum OPTION_choice { 6081 OPT_ERR = -1, 6082 OPT_EOF = 0, 6083 OPT_CONTEXT, 6084 OPT_CONFIG_FILE, 6085 OPT_TEST_ENUM 6086 } OPTION_CHOICE; 6087 6088 const OPTIONS *test_get_options(void) 6089 { 6090 static const OPTIONS options[] = { 6091 OPT_TEST_OPTIONS_DEFAULT_USAGE, 6092 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 6093 { "config", OPT_CONFIG_FILE, '<', 6094 "The configuration file to use for the libctx" }, 6095 { NULL } 6096 }; 6097 return options; 6098 } 6099 6100 #ifndef OPENSSL_NO_ECX 6101 /* Test that trying to sign with a public key errors out gracefully */ 6102 static int test_ecx_not_private_key(int tst) 6103 { 6104 EVP_PKEY *pkey = NULL; 6105 6106 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 6107 int testresult = 0; 6108 EVP_MD_CTX *ctx = NULL; 6109 unsigned char *mac = NULL; 6110 size_t maclen = 0; 6111 const uint8_t *pubkey; 6112 size_t pubkeylen; 6113 6114 switch (keys[tst].type) { 6115 case NID_X25519: 6116 case NID_X448: 6117 case NID_undef: 6118 return TEST_skip("signing not supported for X25519/X448/ML-KEM"); 6119 } 6120 6121 /* Check if this algorithm supports public keys */ 6122 if (keys[tst].pub == NULL) 6123 return TEST_skip("no public key present"); 6124 6125 pubkey = keys[tst].pub; 6126 pubkeylen = keys[tst].publen; 6127 6128 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 6129 NULL, pubkey, pubkeylen); 6130 if (!TEST_ptr(pkey)) 6131 goto err; 6132 6133 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 6134 goto err; 6135 6136 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 6137 goto check_err; 6138 6139 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 6140 goto check_err; 6141 6142 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 6143 goto err; 6144 6145 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 6146 goto err; 6147 6148 check_err: 6149 /* 6150 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 6151 * but we relax the check to allow error also thrown by 6152 * EVP_DigestSignInit and EVP_DigestSign. 6153 */ 6154 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 6155 testresult = 1; 6156 ERR_clear_error(); 6157 } 6158 6159 err: 6160 EVP_MD_CTX_free(ctx); 6161 OPENSSL_free(mac); 6162 EVP_PKEY_free(pkey); 6163 6164 return testresult; 6165 } 6166 #endif /* OPENSSL_NO_ECX */ 6167 6168 static int test_sign_continuation(void) 6169 { 6170 OSSL_PROVIDER *fake_rsa = NULL; 6171 int testresult = 0; 6172 EVP_PKEY *pkey = NULL; 6173 EVP_PKEY_CTX *pctx = NULL; 6174 EVP_MD_CTX *mctx = NULL; 6175 const char sigbuf[] = "To Be Signed"; 6176 unsigned char signature[256]; 6177 size_t siglen = 256; 6178 static int nodupnum = 1; 6179 static const OSSL_PARAM nodup_params[] = { 6180 OSSL_PARAM_int("NO_DUP", &nodupnum), 6181 OSSL_PARAM_END 6182 }; 6183 6184 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) 6185 return 0; 6186 6187 /* Construct a pkey using precise propq to use our provider */ 6188 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", 6189 "provider=fake-rsa")) 6190 || !TEST_true(EVP_PKEY_fromdata_init(pctx)) 6191 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) 6192 || !TEST_ptr(pkey)) 6193 goto end; 6194 6195 /* First test it continues (classic behavior) */ 6196 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6197 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6198 NULL, pkey, NULL)) 6199 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6200 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6201 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6202 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) 6203 goto end; 6204 6205 EVP_MD_CTX_free(mctx); 6206 6207 /* try again but failing the continuation */ 6208 if (!TEST_ptr(mctx = EVP_MD_CTX_new()) 6209 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, 6210 NULL, pkey, nodup_params)) 6211 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6212 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) 6213 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) 6214 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) 6215 goto end; 6216 6217 testresult = 1; 6218 6219 end: 6220 EVP_MD_CTX_free(mctx); 6221 EVP_PKEY_free(pkey); 6222 EVP_PKEY_CTX_free(pctx); 6223 fake_rsa_finish(fake_rsa); 6224 return testresult; 6225 } 6226 6227 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6228 const unsigned char *gcm_iv, size_t gcm_ivlen, 6229 const unsigned char *gcm_pt, size_t gcm_pt_s, 6230 const unsigned char *gcm_aad, size_t gcm_aad_s, 6231 const unsigned char *gcm_ct, size_t gcm_ct_s, 6232 const unsigned char *gcm_tag, size_t gcm_tag_s) 6233 { 6234 int ret = 0; 6235 EVP_CIPHER_CTX *ctx; 6236 EVP_CIPHER *cipher = NULL; 6237 int outlen, tmplen; 6238 unsigned char outbuf[1024]; 6239 unsigned char outtag[16]; 6240 OSSL_PARAM params[2] = { 6241 OSSL_PARAM_END, OSSL_PARAM_END 6242 }; 6243 6244 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6245 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 6246 goto err; 6247 6248 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6249 &gcm_ivlen); 6250 6251 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6252 || (gcm_aad != NULL 6253 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6254 gcm_aad, gcm_aad_s))) 6255 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6256 gcm_pt, gcm_pt_s)) 6257 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6258 goto err; 6259 6260 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6261 outtag, sizeof(outtag)); 6262 6263 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 6264 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 6265 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 6266 goto err; 6267 6268 ret = 1; 6269 err: 6270 EVP_CIPHER_free(cipher); 6271 EVP_CIPHER_CTX_free(ctx); 6272 6273 return ret; 6274 } 6275 6276 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 6277 const unsigned char *gcm_iv, size_t gcm_ivlen, 6278 const unsigned char *gcm_pt, size_t gcm_pt_s, 6279 const unsigned char *gcm_aad, size_t gcm_aad_s, 6280 const unsigned char *gcm_ct, size_t gcm_ct_s, 6281 const unsigned char *gcm_tag, size_t gcm_tag_s) 6282 { 6283 int ret = 0; 6284 EVP_CIPHER_CTX *ctx; 6285 EVP_CIPHER *cipher = NULL; 6286 int outlen; 6287 unsigned char outbuf[1024]; 6288 OSSL_PARAM params[2] = { 6289 OSSL_PARAM_END, OSSL_PARAM_END 6290 }; 6291 6292 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6293 goto err; 6294 6295 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 6296 goto err; 6297 6298 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 6299 &gcm_ivlen); 6300 6301 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 6302 || (gcm_aad != NULL 6303 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 6304 gcm_aad, gcm_aad_s))) 6305 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6306 gcm_ct, gcm_ct_s)) 6307 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 6308 goto err; 6309 6310 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6311 (void*)gcm_tag, gcm_tag_s); 6312 6313 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6314 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 6315 goto err; 6316 6317 ret = 1; 6318 err: 6319 EVP_CIPHER_free(cipher); 6320 EVP_CIPHER_CTX_free(ctx); 6321 6322 return ret; 6323 } 6324 6325 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 6326 { 6327 /* AES-GCM test data obtained from NIST public test vectors */ 6328 static const unsigned char gcm_key[] = { 6329 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 6330 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 6331 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, 6332 }; 6333 static const unsigned char gcm_iv[] = { 6334 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 6335 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 6336 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 6337 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 6338 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 6339 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 6340 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 6341 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 6342 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 6343 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 6344 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, 6345 }; 6346 static const unsigned char gcm_pt[] = { 6347 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 6348 0x4f, 0xe3, 0x6f, 0x81, 6349 }; 6350 static const unsigned char gcm_ct[] = { 6351 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 6352 0xe2, 0xd0, 0xec, 0xed, 6353 }; 6354 static const unsigned char gcm_tag[] = { 6355 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 6356 0xdb, 0x99, 0x6c, 0x21, 6357 }; 6358 6359 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6360 gcm_pt, sizeof(gcm_pt), NULL, 0, 6361 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 6362 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 6363 gcm_pt, sizeof(gcm_pt), NULL, 0, 6364 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 6365 } 6366 6367 #ifndef OPENSSL_NO_RC4 6368 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6369 const unsigned char *rc4_pt, size_t rc4_pt_s, 6370 const unsigned char *rc4_ct, size_t rc4_ct_s) 6371 { 6372 int ret = 0; 6373 EVP_CIPHER_CTX *ctx; 6374 EVP_CIPHER *cipher = NULL; 6375 int outlen, tmplen; 6376 unsigned char outbuf[1024]; 6377 OSSL_PARAM params[2] = { 6378 OSSL_PARAM_END, OSSL_PARAM_END 6379 }; 6380 6381 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 6382 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 6383 goto err; 6384 6385 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6386 &rc4_key_s); 6387 6388 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6389 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 6390 rc4_pt, rc4_pt_s)) 6391 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 6392 goto err; 6393 6394 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 6395 goto err; 6396 6397 ret = 1; 6398 err: 6399 EVP_CIPHER_free(cipher); 6400 EVP_CIPHER_CTX_free(ctx); 6401 6402 return ret; 6403 } 6404 6405 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 6406 const unsigned char *rc4_pt, size_t rc4_pt_s, 6407 const unsigned char *rc4_ct, size_t rc4_ct_s) 6408 { 6409 int ret = 0; 6410 EVP_CIPHER_CTX *ctx; 6411 EVP_CIPHER *cipher = NULL; 6412 int outlen; 6413 unsigned char outbuf[1024]; 6414 OSSL_PARAM params[2] = { 6415 OSSL_PARAM_END, OSSL_PARAM_END 6416 }; 6417 6418 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 6419 goto err; 6420 6421 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 6422 goto err; 6423 6424 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 6425 &rc4_key_s); 6426 6427 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 6428 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 6429 rc4_ct, rc4_ct_s)) 6430 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 6431 goto err; 6432 6433 ret = 1; 6434 err: 6435 EVP_CIPHER_free(cipher); 6436 EVP_CIPHER_CTX_free(ctx); 6437 6438 return ret; 6439 } 6440 6441 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 6442 { 6443 /* RC4 test data obtained from RFC 6229 */ 6444 static const struct { 6445 unsigned char key[5]; 6446 unsigned char padding[11]; 6447 } rc4_key = { 6448 { /* Five bytes of key material */ 6449 0x83, 0x32, 0x22, 0x77, 0x2a, 6450 }, 6451 { /* Random padding to 16 bytes */ 6452 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 6453 } 6454 }; 6455 static const unsigned char rc4_pt[] = { 6456 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 6458 }; 6459 static const unsigned char rc4_ct[] = { 6460 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 6461 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 6462 }; 6463 6464 if (lgcyprov == NULL) 6465 return TEST_skip("Test requires legacy provider to be loaded"); 6466 6467 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 6468 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 6469 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 6470 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 6471 } 6472 #endif 6473 6474 static int test_invalid_ctx_for_digest(void) 6475 { 6476 int ret; 6477 EVP_MD_CTX *mdctx; 6478 6479 mdctx = EVP_MD_CTX_new(); 6480 if (!TEST_ptr(mdctx)) 6481 return 0; 6482 6483 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 6484 ret = 0; 6485 else 6486 ret = 1; 6487 6488 EVP_MD_CTX_free(mdctx); 6489 6490 return ret; 6491 } 6492 6493 static int test_evp_cipher_pipeline(void) 6494 { 6495 OSSL_PROVIDER *fake_pipeline = NULL; 6496 int testresult = 0; 6497 EVP_CIPHER *cipher = NULL; 6498 EVP_CIPHER *pipeline_cipher = NULL; 6499 EVP_CIPHER_CTX *ctx = NULL; 6500 unsigned char key[32]; 6501 size_t keylen = 32; 6502 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; 6503 size_t taglen = EVP_GCM_TLS_TAG_LEN; 6504 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; 6505 unsigned char *plaintext_array[EVP_MAX_PIPES]; 6506 unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; 6507 void **aead_tags = (void **)&tag_array; 6508 unsigned char *temp[EVP_MAX_PIPES]; 6509 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; 6510 size_t ciphertextlen_array[EVP_MAX_PIPES]; 6511 size_t inlen_array[EVP_MAX_PIPES]; 6512 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 6513 unsigned char *ciphertext, *exp_plaintext, *tag; 6514 size_t numpipes, plaintextlen, i; 6515 6516 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) 6517 return 0; 6518 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6519 "provider=fake-pipeline")) 6520 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", 6521 "provider!=fake-pipeline")) 6522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 6523 goto end; 6524 memset(key, 0x01, sizeof(key)); 6525 6526 /* Negative tests */ 6527 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) 6528 goto end; 6529 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) 6530 goto end; 6531 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6532 key, keylen, 6533 EVP_MAX_PIPES + 1, NULL, 0))) 6534 goto end; 6535 6536 /* Positive tests */ 6537 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { 6538 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { 6539 size_t ciphertextlen = 0; 6540 int outlen = 0; 6541 6542 /* Cleanup to be able to error out */ 6543 memset(iv_array, 0, sizeof(iv_array)); 6544 memset(plaintext_array, 0, sizeof(plaintext_array)); 6545 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); 6546 memset(tag_array, 0, sizeof(tag_array)); 6547 ciphertext = NULL; 6548 exp_plaintext = NULL; 6549 tag = NULL; 6550 6551 /* Allocate fresh buffers with exact size to catch buffer overwrites */ 6552 for (i = 0; i < numpipes; i++) { 6553 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) 6554 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) 6555 || !TEST_ptr(ciphertext_array_p[i] = 6556 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6557 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) 6558 goto err; 6559 6560 memset(iv_array[i], i + 33, ivlen); 6561 memset(plaintext_array[i], i + 1, plaintextlen); 6562 inlen_array[i] = plaintextlen; 6563 outlen_array[i] = 0; 6564 ciphertextlen_array[i] = 0; 6565 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; 6566 } 6567 if (!TEST_ptr(ciphertext = 6568 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) 6569 || !TEST_ptr(tag = OPENSSL_malloc(taglen)) 6570 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) 6571 goto err; 6572 6573 /* Encrypt using pipeline API */ 6574 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6575 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) 6576 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, 6577 key, keylen, numpipes, 6578 (const unsigned char **)iv_array, 6579 ivlen)) 6580 /* reuse plaintext for AAD as it won't affect test */ 6581 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6582 (const unsigned char **)plaintext_array, 6583 inlen_array)) 6584 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, 6585 outlen_array, outsize_array, 6586 (const unsigned char **)plaintext_array, 6587 inlen_array))) 6588 goto err; 6589 6590 for (i = 0; i < numpipes; i++) { 6591 ciphertextlen_array[i] = outlen_array[i]; 6592 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; 6593 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; 6594 } 6595 6596 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6597 goto err; 6598 6599 for (i = 0; i < numpipes; i++) 6600 ciphertextlen_array[i] += outlen_array[i]; 6601 6602 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6603 (void **)&aead_tags, taglen); 6604 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6605 goto err; 6606 6607 /* Encrypt using non-pipeline API and compare */ 6608 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) 6609 goto err; 6610 6611 for (i = 0; i < numpipes; i++) { 6612 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) 6613 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 6614 plaintext_array[i], 6615 plaintextlen)) 6616 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, 6617 plaintext_array[i], 6618 plaintextlen))) 6619 goto err; 6620 ciphertextlen = outlen; 6621 6622 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) 6623 goto err; 6624 ciphertextlen += outlen; 6625 6626 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 6627 (void *)tag, taglen); 6628 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 6629 goto err; 6630 6631 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], 6632 ciphertext, ciphertextlen) 6633 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) 6634 goto err; 6635 } 6636 6637 for (i = 0; i < numpipes; i++) 6638 outsize_array[i] = plaintextlen; 6639 6640 /* Decrypt using pipeline API and compare */ 6641 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, 6642 (void **)&aead_tags, taglen); 6643 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) 6644 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) 6645 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, 6646 key, keylen, numpipes, 6647 (const unsigned char **)iv_array, 6648 ivlen)) 6649 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 6650 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, 6651 (const unsigned char **)plaintext_array, 6652 inlen_array)) 6653 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, 6654 outlen_array, outsize_array, 6655 (const unsigned char **)ciphertext_array_p, 6656 ciphertextlen_array))) 6657 goto err; 6658 6659 for (i = 0; i < numpipes; i++) { 6660 temp[i] = plaintext_array[i] + outlen_array[i]; 6661 outsize_array[i] = outsize_array[i] - outlen_array[i]; 6662 } 6663 6664 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) 6665 goto err; 6666 6667 for (i = 0; i < numpipes; i++) { 6668 memset(exp_plaintext, i + 1, plaintextlen); 6669 if (!TEST_mem_eq(plaintext_array[i], plaintextlen, 6670 exp_plaintext, plaintextlen)) 6671 goto err; 6672 } 6673 6674 for (i = 0; i < numpipes; i++) { 6675 OPENSSL_free(iv_array[i]); 6676 OPENSSL_free(plaintext_array[i]); 6677 OPENSSL_free(ciphertext_array_p[i]); 6678 OPENSSL_free(tag_array[i]); 6679 } 6680 OPENSSL_free(exp_plaintext); 6681 OPENSSL_free(ciphertext); 6682 OPENSSL_free(tag); 6683 } 6684 } 6685 6686 testresult = 1; 6687 goto end; 6688 6689 err: 6690 for (i = 0; i < numpipes; i++) { 6691 OPENSSL_free(iv_array[i]); 6692 OPENSSL_free(plaintext_array[i]); 6693 OPENSSL_free(ciphertext_array_p[i]); 6694 OPENSSL_free(tag_array[i]); 6695 } 6696 OPENSSL_free(exp_plaintext); 6697 OPENSSL_free(ciphertext); 6698 OPENSSL_free(tag); 6699 end: 6700 EVP_CIPHER_CTX_free(ctx); 6701 EVP_CIPHER_free(cipher); 6702 EVP_CIPHER_free(pipeline_cipher); 6703 fake_pipeline_finish(fake_pipeline); 6704 return testresult; 6705 } 6706 6707 int setup_tests(void) 6708 { 6709 char *config_file = NULL; 6710 OPTION_CHOICE o; 6711 6712 while ((o = opt_next()) != OPT_EOF) { 6713 switch (o) { 6714 case OPT_CONTEXT: 6715 /* Set up an alternate library context */ 6716 testctx = OSSL_LIB_CTX_new(); 6717 if (!TEST_ptr(testctx)) 6718 return 0; 6719 #ifdef STATIC_LEGACY 6720 /* 6721 * This test is always statically linked against libcrypto. We must not 6722 * attempt to load legacy.so that might be dynamically linked against 6723 * libcrypto. Instead we use a built-in version of the legacy provider. 6724 */ 6725 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 6726 return 0; 6727 #endif 6728 /* Swap the libctx to test non-default context only */ 6729 nullprov = OSSL_PROVIDER_load(NULL, "null"); 6730 deflprov = OSSL_PROVIDER_load(testctx, "default"); 6731 #ifndef OPENSSL_SYS_TANDEM 6732 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 6733 #endif 6734 break; 6735 case OPT_CONFIG_FILE: 6736 config_file = opt_arg(); 6737 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) 6738 return 0; 6739 break; 6740 case OPT_TEST_CASES: 6741 break; 6742 default: 6743 return 0; 6744 } 6745 } 6746 6747 if (config_file != NULL) { 6748 ADD_TEST(test_EVP_set_config_properties); 6749 return 1; 6750 } 6751 6752 ADD_TEST(test_EVP_set_default_properties); 6753 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 6754 ADD_TEST(test_EVP_DigestVerifyInit); 6755 #ifndef OPENSSL_NO_EC 6756 ADD_TEST(test_ecdsa_digestsign_keccak); 6757 #endif 6758 #ifndef OPENSSL_NO_SIPHASH 6759 ADD_TEST(test_siphash_digestsign); 6760 #endif 6761 ADD_TEST(test_EVP_Digest); 6762 ADD_TEST(test_EVP_md_null); 6763 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 6764 #ifndef OPENSSL_NO_DEPRECATED_3_0 6765 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 6766 #endif 6767 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 6768 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 6769 ADD_TEST(test_privatekey_to_pkcs8); 6770 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 6771 ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); 6772 #ifndef OPENSSL_NO_EC 6773 ADD_TEST(test_EVP_PKCS82PKEY); 6774 #endif 6775 #ifndef OPENSSL_NO_EC 6776 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 6777 #endif 6778 #if !defined(OPENSSL_NO_SM2) 6779 ADD_TEST(test_EVP_SM2); 6780 ADD_TEST(test_EVP_SM2_verify); 6781 #endif 6782 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 6783 #ifndef OPENSSL_NO_DEPRECATED_3_0 6784 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 6785 if (!TEST_ptr(custom_pmeth)) 6786 return 0; 6787 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 6788 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 6789 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 6790 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 6791 return 0; 6792 #endif 6793 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 6794 #ifndef OPENSSL_NO_CMAC 6795 ADD_TEST(test_CMAC_keygen); 6796 #endif 6797 ADD_TEST(test_HKDF); 6798 ADD_TEST(test_emptyikm_HKDF); 6799 ADD_TEST(test_empty_salt_info_HKDF); 6800 #ifndef OPENSSL_NO_EC 6801 ADD_TEST(test_X509_PUBKEY_inplace); 6802 ADD_TEST(test_X509_PUBKEY_dup); 6803 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 6804 OSSL_NELEM(ec_der_pub_keys)); 6805 #endif 6806 #ifndef OPENSSL_NO_DSA 6807 ADD_TEST(test_DSA_get_set_params); 6808 ADD_TEST(test_DSA_priv_pub); 6809 #endif 6810 ADD_TEST(test_RSA_get_set_params); 6811 ADD_TEST(test_RSA_OAEP_set_get_params); 6812 ADD_TEST(test_RSA_OAEP_set_null_label); 6813 #ifndef OPENSSL_NO_DEPRECATED_3_0 6814 ADD_TEST(test_RSA_legacy); 6815 #endif 6816 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 6817 ADD_TEST(test_decrypt_null_chunks); 6818 #endif 6819 #ifndef OPENSSL_NO_DH 6820 ADD_TEST(test_DH_priv_pub); 6821 # ifndef OPENSSL_NO_DEPRECATED_3_0 6822 ADD_TEST(test_EVP_PKEY_set1_DH); 6823 # endif 6824 #endif 6825 #ifndef OPENSSL_NO_EC 6826 ADD_TEST(test_EC_priv_pub); 6827 ADD_TEST(test_evp_get_ec_pub); 6828 # ifndef OPENSSL_NO_DEPRECATED_3_0 6829 ADD_TEST(test_EC_priv_only_legacy); 6830 ADD_TEST(test_evp_get_ec_pub_legacy); 6831 # endif 6832 #endif 6833 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 6834 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 6835 6836 ADD_TEST(test_rand_agglomeration); 6837 ADD_ALL_TESTS(test_evp_iv_aes, 12); 6838 #ifndef OPENSSL_NO_DES 6839 ADD_ALL_TESTS(test_evp_iv_des, 6); 6840 #endif 6841 #ifndef OPENSSL_NO_BF 6842 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 6843 #endif 6844 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 6845 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 6846 ADD_TEST(test_EVP_rsa_invalid_key); 6847 #ifndef OPENSSL_NO_EC 6848 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 6849 #endif 6850 6851 ADD_TEST(test_names_do_all); 6852 6853 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 6854 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 6855 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 6856 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 6857 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 6858 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 6859 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 6860 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 6861 6862 #ifndef OPENSSL_NO_DEPRECATED_3_0 6863 ADD_ALL_TESTS(test_custom_pmeth, 12); 6864 ADD_TEST(test_evp_md_cipher_meth); 6865 ADD_TEST(test_custom_md_meth); 6866 ADD_TEST(test_custom_ciph_meth); 6867 6868 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 6869 /* Tests only support the default libctx */ 6870 if (testctx == NULL) { 6871 # ifndef OPENSSL_NO_EC 6872 ADD_ALL_TESTS(test_signatures_with_engine, 3); 6873 # else 6874 ADD_ALL_TESTS(test_signatures_with_engine, 2); 6875 # endif 6876 ADD_TEST(test_cipher_with_engine); 6877 } 6878 # endif 6879 #endif 6880 6881 #ifndef OPENSSL_NO_ECX 6882 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 6883 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 6884 #endif 6885 6886 ADD_TEST(test_sign_continuation); 6887 6888 /* Test cases for CVE-2023-5363 */ 6889 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 6890 #ifndef OPENSSL_NO_RC4 6891 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 6892 #endif 6893 6894 ADD_TEST(test_invalid_ctx_for_digest); 6895 6896 ADD_TEST(test_evp_cipher_pipeline); 6897 6898 return 1; 6899 } 6900 6901 void cleanup_tests(void) 6902 { 6903 OSSL_PROVIDER_unload(nullprov); 6904 OSSL_PROVIDER_unload(deflprov); 6905 #ifndef OPENSSL_SYS_TANDEM 6906 OSSL_PROVIDER_unload(lgcyprov); 6907 #endif 6908 OSSL_LIB_CTX_free(testctx); 6909 } 6910
Indexes created Wed Mar 04 15:26:31 UTC 2026