1 /* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <stdint.h>
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <string.h>
19
20 #include <utility>
21 #include <vector>
22
23 #include <gtest/gtest.h>
24
25 #include <openssl/bytestring.h>
26 #include <openssl/crypto.h>
27 #include <openssl/digest.h>
28 #include <openssl/err.h>
29 #include <openssl/pkcs8.h>
30 #include <openssl/rsa.h>
31
32 #include "../internal.h"
33 #include "../test/test_util.h"
34
35
36 // kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
37 // should never use this key anywhere but in an example.
38 static const uint8_t kExampleRSAKeyDER[] = {
39 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
40 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
41 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
42 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
43 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
44 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
45 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
46 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
47 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
48 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
49 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
50 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
51 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
52 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
53 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
54 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
55 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
56 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
57 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
58 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
59 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
60 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
61 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
62 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
63 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
64 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
65 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
66 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
67 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
68 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
69 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
70 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
71 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
72 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
73 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
74 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
75 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
76 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
77 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
78 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
79 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
80 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
81 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
82 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
83 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
84 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
85 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
86 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
87 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
88 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
89 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
90 };
91
92 static const uint8_t kExampleDSAKeyDER[] = {
93 0x30, 0x82, 0x03, 0x56, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
94 0x9e, 0x12, 0xfa, 0xb3, 0xde, 0x12, 0x21, 0x35, 0x01, 0xdd, 0x82, 0xaa,
95 0x10, 0xca, 0x2d, 0x10, 0x1d, 0x2d, 0x4e, 0xbf, 0xef, 0x4d, 0x2a, 0x3f,
96 0x8d, 0xaa, 0x0f, 0xe0, 0xce, 0xda, 0xd8, 0xd6, 0xaf, 0x85, 0x61, 0x6a,
97 0xa2, 0xf3, 0x25, 0x2c, 0x0a, 0x2b, 0x5a, 0x6d, 0xb0, 0x9e, 0x6f, 0x14,
98 0x90, 0x0e, 0x0d, 0xdb, 0x83, 0x11, 0x87, 0x6d, 0xd8, 0xf9, 0x66, 0x95,
99 0x25, 0xf9, 0x9e, 0xd6, 0x59, 0x49, 0xe1, 0x84, 0xd5, 0x06, 0x47, 0x93,
100 0x27, 0x11, 0x69, 0xa2, 0x28, 0x68, 0x0b, 0x95, 0xec, 0x12, 0xf5, 0x9a,
101 0x8e, 0x20, 0xb2, 0x1f, 0x2b, 0x58, 0xeb, 0x2a, 0x20, 0x12, 0xd3, 0x5b,
102 0xde, 0x2e, 0xe3, 0x51, 0x82, 0x2f, 0xe8, 0xf3, 0x2d, 0x0a, 0x33, 0x05,
103 0x65, 0xdc, 0xce, 0x5c, 0x67, 0x2b, 0x72, 0x59, 0xc1, 0x4b, 0x24, 0x33,
104 0xd0, 0xb5, 0xb2, 0xca, 0x2b, 0x2d, 0xb0, 0xab, 0x62, 0x6e, 0x8f, 0x13,
105 0xf4, 0x7f, 0xe0, 0x34, 0x5d, 0x90, 0x4e, 0x72, 0x94, 0xbb, 0x03, 0x8e,
106 0x9c, 0xe2, 0x1a, 0x9e, 0x58, 0x0b, 0x83, 0x35, 0x62, 0x78, 0x70, 0x6c,
107 0xfe, 0x76, 0x84, 0x36, 0xc6, 0x9d, 0xe1, 0x49, 0xcc, 0xff, 0x98, 0xb4,
108 0xaa, 0xb8, 0xcb, 0x4f, 0x63, 0x85, 0xc9, 0xf1, 0x02, 0xce, 0x59, 0x34,
109 0x6e, 0xae, 0xef, 0x27, 0xe0, 0xad, 0x22, 0x2d, 0x53, 0xd6, 0xe8, 0x9c,
110 0xc8, 0xcd, 0xe5, 0x77, 0x6d, 0xd0, 0x00, 0x57, 0xb0, 0x3f, 0x2d, 0x88,
111 0xab, 0x3c, 0xed, 0xba, 0xfd, 0x7b, 0x58, 0x5f, 0x0b, 0x7f, 0x78, 0x35,
112 0xe1, 0x7a, 0x37, 0x28, 0xbb, 0xf2, 0x5e, 0xa6, 0x25, 0x72, 0xf2, 0x45,
113 0xdc, 0x11, 0x1f, 0x3c, 0xe3, 0x9c, 0xb6, 0xff, 0xac, 0xc3, 0x1b, 0x0a,
114 0x27, 0x90, 0xe7, 0xbd, 0xe9, 0x02, 0x24, 0xea, 0x9b, 0x09, 0x31, 0x53,
115 0x62, 0xaf, 0x3d, 0x2b, 0x02, 0x21, 0x00, 0xf3, 0x81, 0xdc, 0xf5, 0x3e,
116 0xbf, 0x72, 0x4f, 0x8b, 0x2e, 0x5c, 0xa8, 0x2c, 0x01, 0x0f, 0xb4, 0xb5,
117 0xed, 0xa9, 0x35, 0x8d, 0x0f, 0xd8, 0x8e, 0xd2, 0x78, 0x58, 0x94, 0x88,
118 0xb5, 0x4f, 0xc3, 0x02, 0x82, 0x01, 0x00, 0x0c, 0x40, 0x2a, 0x72, 0x5d,
119 0xcc, 0x3a, 0x62, 0xe0, 0x2b, 0xf4, 0xcf, 0x43, 0xcd, 0x17, 0xf4, 0xa4,
120 0x93, 0x59, 0x12, 0x20, 0x22, 0x36, 0x69, 0xcf, 0x41, 0x93, 0xed, 0xab,
121 0x42, 0x3a, 0xd0, 0x8d, 0xfb, 0x55, 0x2e, 0x30, 0x8a, 0x6a, 0x57, 0xa5,
122 0xff, 0xbc, 0x7c, 0xd0, 0xfb, 0x20, 0x87, 0xf8, 0x1f, 0x8d, 0xf0, 0xcb,
123 0x08, 0xab, 0x21, 0x33, 0x28, 0x7d, 0x2b, 0x69, 0x68, 0x71, 0x4a, 0x94,
124 0xf6, 0x33, 0xc9, 0x40, 0x84, 0x5a, 0x48, 0xa3, 0xe1, 0x67, 0x08, 0xdd,
125 0xe7, 0x61, 0xcc, 0x6a, 0x8e, 0xab, 0x2d, 0x84, 0xdb, 0x21, 0xb6, 0xea,
126 0x5b, 0x07, 0x68, 0x14, 0x93, 0xcc, 0x9c, 0x31, 0xfb, 0xc3, 0x68, 0xb2,
127 0x43, 0xf6, 0xdd, 0xf8, 0xc9, 0x32, 0xa8, 0xb4, 0x03, 0x8f, 0x44, 0xe7,
128 0xb1, 0x5c, 0xa8, 0x76, 0x34, 0x4a, 0x14, 0x78, 0x59, 0xf2, 0xb4, 0x3b,
129 0x39, 0x45, 0x86, 0x68, 0xad, 0x5e, 0x0a, 0x1a, 0x9a, 0x66, 0x95, 0x46,
130 0xdd, 0x28, 0x12, 0xe3, 0xb3, 0x61, 0x7a, 0x0a, 0xef, 0x99, 0xd5, 0x8e,
131 0x3b, 0xb4, 0xcc, 0x87, 0xfd, 0x94, 0x22, 0x5e, 0x01, 0xd2, 0xdc, 0xc4,
132 0x69, 0xa7, 0x72, 0x68, 0x14, 0x6c, 0x51, 0x91, 0x8f, 0x18, 0xe8, 0xb4,
133 0xd7, 0x0a, 0xa1, 0xf0, 0xc7, 0x62, 0x3b, 0xcc, 0x52, 0xcf, 0x37, 0x31,
134 0xd3, 0x86, 0x41, 0xb2, 0xd2, 0x83, 0x0b, 0x7e, 0xec, 0xb2, 0xf0, 0x95,
135 0x52, 0xff, 0x13, 0x7d, 0x04, 0x6e, 0x49, 0x4e, 0x7f, 0x33, 0xc3, 0x59,
136 0x00, 0x02, 0xb1, 0x6d, 0x1b, 0x97, 0xd9, 0x36, 0xfd, 0xa2, 0x8f, 0x90,
137 0xc3, 0xed, 0x3c, 0xa3, 0x53, 0x38, 0x16, 0x8a, 0xc1, 0x6f, 0x77, 0xc3,
138 0xc5, 0x7a, 0xdc, 0x2e, 0x8f, 0x7c, 0x6c, 0x22, 0x56, 0xe4, 0x1a, 0x5f,
139 0x65, 0x45, 0x05, 0x90, 0xdb, 0xb5, 0xbc, 0xf0, 0x6d, 0x66, 0x61, 0x02,
140 0x82, 0x01, 0x00, 0x31, 0x97, 0x31, 0xa1, 0x4e, 0x38, 0x56, 0x88, 0xdb,
141 0x94, 0x1d, 0xbf, 0x65, 0x5c, 0xda, 0x4b, 0xc2, 0x10, 0xde, 0x74, 0x20,
142 0x03, 0xce, 0x13, 0x60, 0xf2, 0x25, 0x1d, 0x55, 0x7c, 0x5d, 0x94, 0x82,
143 0x54, 0x08, 0x53, 0xdb, 0x85, 0x95, 0xbf, 0xdd, 0x5e, 0x50, 0xd5, 0x96,
144 0xe0, 0x79, 0x51, 0x1b, 0xbf, 0x4d, 0x4e, 0xb9, 0x3a, 0xc5, 0xee, 0xc4,
145 0x5e, 0x98, 0x75, 0x7b, 0xbe, 0xff, 0x30, 0xe6, 0xd0, 0x7b, 0xa6, 0xf1,
146 0xbc, 0x29, 0xea, 0xdf, 0xec, 0xf3, 0x8b, 0xfa, 0x83, 0x11, 0x9f, 0x3f,
147 0xf0, 0x5d, 0x06, 0x51, 0x32, 0xaa, 0x21, 0xfc, 0x26, 0x17, 0xe7, 0x50,
148 0xc2, 0x16, 0xba, 0xfa, 0x54, 0xb7, 0x7e, 0x1d, 0x2c, 0xa6, 0xa3, 0x41,
149 0x66, 0x33, 0x94, 0x83, 0xb9, 0xbf, 0xa0, 0x4f, 0xbd, 0xa6, 0xfd, 0x2c,
150 0x81, 0x58, 0x35, 0x33, 0x39, 0xc0, 0x6d, 0x33, 0x40, 0x56, 0x64, 0x12,
151 0x5a, 0xcd, 0x35, 0x53, 0x21, 0x78, 0x8f, 0x27, 0x24, 0x37, 0x66, 0x8a,
152 0xdf, 0x5e, 0x5f, 0x63, 0xfc, 0x8b, 0x2d, 0xef, 0x57, 0xdb, 0x40, 0x25,
153 0xd5, 0x17, 0x53, 0x0b, 0xe4, 0xa5, 0xae, 0x54, 0xbf, 0x46, 0x4f, 0xa6,
154 0x79, 0xc3, 0x74, 0xfa, 0x1f, 0x85, 0x34, 0x64, 0x6d, 0xc5, 0x03, 0xeb,
155 0x72, 0x98, 0x80, 0x7b, 0xc0, 0x8f, 0x35, 0x11, 0xa7, 0x09, 0xeb, 0x51,
156 0xe0, 0xb0, 0xac, 0x92, 0x14, 0xf2, 0xad, 0x37, 0x95, 0x5a, 0xba, 0x8c,
157 0xc4, 0xdb, 0xed, 0xc4, 0x4e, 0x8b, 0x8f, 0x84, 0x33, 0x64, 0xf8, 0x57,
158 0x12, 0xd7, 0x08, 0x7e, 0x90, 0x66, 0xdf, 0x91, 0x50, 0x23, 0xf2, 0x73,
159 0xc0, 0x6b, 0xb1, 0x15, 0xdd, 0x64, 0xd7, 0xc9, 0x75, 0x17, 0x73, 0x72,
160 0xda, 0x33, 0xc4, 0x6f, 0xa5, 0x47, 0xa1, 0xcc, 0xd1, 0xc6, 0x62, 0xe5,
161 0xca, 0xab, 0x5f, 0x2a, 0x8f, 0x6b, 0xcc, 0x02, 0x21, 0x00, 0xb0, 0xc7,
162 0x68, 0x70, 0x27, 0x43, 0xbc, 0x51, 0x24, 0x29, 0x93, 0xa9, 0x71, 0xa5,
163 0x28, 0x89, 0x79, 0x54, 0x44, 0xf7, 0xc6, 0x45, 0x22, 0x03, 0xd0, 0xce,
164 0x84, 0xfe, 0x61, 0x17, 0xd4, 0x6e,
165 };
166
167 static const uint8_t kMsg[] = {1, 2, 3, 4};
168
169 static const uint8_t kSignature[] = {
170 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
171 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
172 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
173 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
174 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
175 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
176 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
177 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
178 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
179 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
180 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
181 };
182
183 // kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
184 // PrivateKeyInfo.
185 static const uint8_t kExampleRSAKeyPKCS8[] = {
186 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
187 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
188 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
189 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
190 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
191 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
192 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
193 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
194 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
195 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
196 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
197 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
198 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
199 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
200 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
201 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
202 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
203 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
204 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
205 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
206 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
207 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
208 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
209 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
210 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
211 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
212 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
213 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
214 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
215 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
216 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
217 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
218 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
219 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
220 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
221 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
222 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
223 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
224 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
225 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
226 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
227 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
228 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
229 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
230 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
231 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
232 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
233 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
234 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
235 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
236 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
237 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
238 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
239 };
240
241 // kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
242 // structure.
243 static const uint8_t kExampleECKeyDER[] = {
244 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
245 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
246 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
247 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
248 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
249 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
250 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
251 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
252 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
253 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
254 0xc1,
255 };
256
257 // kExampleECKeyPKCS8 is a sample EC private key encoded as a PKCS#8
258 // PrivateKeyInfo.
259 static const uint8_t kExampleECKeyPKCS8[] = {
260 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
261 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
262 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
263 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
264 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
265 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
266 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
267 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
268 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
269 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
270 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
271 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
272 };
273
274 // kExampleECKeySpecifiedCurvePKCS8 is a sample EC private key encoded as a
275 // PKCS#8 PrivateKeyInfo with P-256's parameters spelled out rather than using
276 // the curve OID.
277 static const uint8_t kExampleECKeySpecifiedCurvePKCS8[] = {
278 0x30, 0x82, 0x01, 0x79, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x03, 0x06,
279 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02,
280 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01,
281 0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
282 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
283 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
284 0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01,
285 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
286 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
287 0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
288 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53,
289 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15,
290 0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78,
291 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04,
292 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5,
293 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
294 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2,
295 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
296 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68,
297 0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
298 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc,
299 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc,
300 0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01,
301 0x01, 0x04, 0x20, 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8,
302 0xfa, 0x16, 0xdf, 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47,
303 0x91, 0x95, 0xab, 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1,
304 0x44, 0x03, 0x42, 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f,
305 0x37, 0x9a, 0xd5, 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7,
306 0x20, 0xcb, 0x90, 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38,
307 0xc0, 0xdb, 0xba, 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5,
308 0x61, 0x99, 0x73, 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b,
309 0x0d, 0x10, 0xa7, 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
310 };
311
312 // kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
313 // structure. The private key is equal to the order and will fail to import.
314 static const uint8_t kExampleBadECKeyDER[] = {
315 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
316 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
317 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
318 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
319 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
320 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
321 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
322 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
323 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
324 };
325
326 // kExampleBadECKeyDER2 is a sample EC private key encoded as an ECPrivateKey
327 // structure, but with the curve OID swapped out for 1.1.1.1.1.1.1.1.1. It is
328 // then concatenated with an ECPrivateKey wrapped in a PrivateKeyInfo,
329 // optional public key omitted, and with the private key chopped off.
330 static const uint8_t kExampleBadECKeyDER2[] = {
331 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
332 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
333 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
334 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x29, 0x01, 0x01, 0x01, 0x01,
335 0x01, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
336 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
337 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
338 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
339 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
340 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
341 0xc1, 0x30, 0x41, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
342 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0x04, 0x27, 0x30, 0x25, 0x02, 0x01, 0x01, 0x04, 0x20,
344 0x07,
345 };
346
347 // kInvalidPrivateKey is an invalid private key. See
348 // https://rt.openssl.org/Ticket/Display.html?id=4131.
349 static const uint8_t kInvalidPrivateKey[] = {
350 0x30, 0x39, 0x02, 0x01, 0x02, 0x30, 0x09, 0x06, 0x01, 0x38, 0x08,
351 0x04, 0x69, 0x30, 0x30, 0x80, 0x30, 0x19, 0x01, 0x02, 0x9f, 0xf8,
352 0x8b, 0x29, 0x80, 0x30, 0xb0, 0x1b, 0x06, 0x09, 0x22, 0xbe, 0x08,
353 0x04, 0xe9, 0x30, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x3a, 0x01, 0x80,
354 0x09, 0x30, 0x80, 0x06, 0x01, 0x02, 0x30, 0x80, 0x30, 0x01, 0x3b,
355 0x02, 0x00, 0x00, 0x04, 0x20, 0x30, 0x82, 0x04, 0xe9, 0x30, 0xc3,
356 0xe8, 0x30, 0x01, 0x05, 0x30, 0x80, 0x30, 0x01, 0x3b, 0x01, 0x04,
357 0x02, 0x02, 0xff, 0x00, 0x30, 0x29, 0x02, 0x11, 0x03, 0x29, 0x29,
358 0x02, 0x00, 0x99, 0x30, 0x80, 0x06, 0x21, 0x02, 0x24, 0x04, 0xe8,
359 0x30, 0x01, 0x01, 0x04, 0x30, 0x80, 0x1b, 0x06, 0x09, 0x2a, 0x86,
360 0x48, 0x30, 0x01, 0xaa, 0x02, 0x86, 0xc0, 0x30, 0xdf, 0xe9, 0x80,
361 };
362
LoadExampleRSAKey()363 static bssl::UniquePtr<EVP_PKEY> LoadExampleRSAKey() {
364 bssl::UniquePtr<RSA> rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
365 sizeof(kExampleRSAKeyDER)));
366 if (!rsa) {
367 return nullptr;
368 }
369 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
370 if (!pkey || !EVP_PKEY_set1_RSA(pkey.get(), rsa.get())) {
371 return nullptr;
372 }
373 return pkey;
374 }
375
TEST(EVPExtraTest,DigestSignInit)376 TEST(EVPExtraTest, DigestSignInit) {
377 bssl::UniquePtr<EVP_PKEY> pkey = LoadExampleRSAKey();
378 ASSERT_TRUE(pkey);
379 bssl::ScopedEVP_MD_CTX md_ctx;
380 ASSERT_TRUE(
381 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
382 ASSERT_TRUE(EVP_DigestSignUpdate(md_ctx.get(), kMsg, sizeof(kMsg)));
383
384 // Determine the size of the signature.
385 size_t sig_len = 0;
386 ASSERT_TRUE(EVP_DigestSignFinal(md_ctx.get(), NULL, &sig_len));
387
388 // Sanity check for testing.
389 EXPECT_EQ(static_cast<size_t>(EVP_PKEY_size(pkey.get())), sig_len);
390
391 std::vector<uint8_t> sig;
392 sig.resize(sig_len);
393 ASSERT_TRUE(EVP_DigestSignFinal(md_ctx.get(), sig.data(), &sig_len));
394 sig.resize(sig_len);
395
396 // Ensure that the signature round-trips.
397 md_ctx.Reset();
398 ASSERT_TRUE(
399 EVP_DigestVerifyInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
400 ASSERT_TRUE(EVP_DigestVerifyUpdate(md_ctx.get(), kMsg, sizeof(kMsg)));
401 ASSERT_TRUE(EVP_DigestVerifyFinal(md_ctx.get(), sig.data(), sig_len));
402 }
403
TEST(EVPExtraTest,DigestVerifyInit)404 TEST(EVPExtraTest, DigestVerifyInit) {
405 bssl::UniquePtr<EVP_PKEY> pkey = LoadExampleRSAKey();
406 bssl::ScopedEVP_MD_CTX md_ctx;
407 ASSERT_TRUE(pkey);
408 ASSERT_TRUE(
409 EVP_DigestVerifyInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
410 ASSERT_TRUE(EVP_DigestVerifyUpdate(md_ctx.get(), kMsg, sizeof(kMsg)));
411 ASSERT_TRUE(
412 EVP_DigestVerifyFinal(md_ctx.get(), kSignature, sizeof(kSignature)));
413 }
414
TEST(EVPExtraTest,VerifyRecover)415 TEST(EVPExtraTest, VerifyRecover) {
416 bssl::UniquePtr<EVP_PKEY> pkey = LoadExampleRSAKey();
417 ASSERT_TRUE(pkey);
418 bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(pkey.get()));
419 ASSERT_TRUE(rsa);
420
421 const uint8_t kDummyHash[32] = {0};
422 uint8_t sig[2048/8];
423 unsigned sig_len = sizeof(sig);
424 ASSERT_TRUE(RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), sig,
425 &sig_len, rsa.get()));
426
427 size_t out_len;
428 bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
429 ASSERT_TRUE(EVP_PKEY_verify_recover_init(ctx.get()));
430 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_PADDING));
431 ASSERT_TRUE(EVP_PKEY_CTX_set_signature_md(ctx.get(), EVP_sha256()));
432 ASSERT_TRUE(
433 EVP_PKEY_verify_recover(ctx.get(), nullptr, &out_len, sig, sig_len));
434
435 std::vector<uint8_t> recovered;
436 recovered.resize(out_len);
437
438 ASSERT_TRUE(EVP_PKEY_verify_recover(ctx.get(), recovered.data(), &out_len,
439 sig, sig_len));
440 EXPECT_EQ(Bytes(kDummyHash), Bytes(recovered.data(), out_len));
441
442 out_len = recovered.size();
443 ASSERT_TRUE(EVP_PKEY_CTX_set_signature_md(ctx.get(), nullptr));
444 ASSERT_TRUE(EVP_PKEY_verify_recover(ctx.get(), recovered.data(), &out_len,
445 sig, sig_len));
446
447 // The size of a SHA-256 hash plus PKCS#1 v1.5 ASN.1 stuff happens to be 51
448 // bytes.
449 EXPECT_EQ(51u, out_len);
450 }
451
TestValidPrivateKey(const uint8_t * input,size_t input_len,int expected_id)452 static void TestValidPrivateKey(const uint8_t *input, size_t input_len,
453 int expected_id) {
454 const uint8_t *p = input;
455 bssl::UniquePtr<EVP_PKEY> pkey(d2i_AutoPrivateKey(NULL, &p, input_len));
456 ASSERT_TRUE(pkey);
457 EXPECT_EQ(input + input_len, p);
458 EXPECT_EQ(expected_id, EVP_PKEY_id(pkey.get()));
459 }
460
TEST(EVPExtraTest,d2i_AutoPrivateKey)461 TEST(EVPExtraTest, d2i_AutoPrivateKey) {
462 TestValidPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER),
463 EVP_PKEY_RSA);
464 TestValidPrivateKey(kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8),
465 EVP_PKEY_RSA);
466 TestValidPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC);
467 TestValidPrivateKey(kExampleECKeyPKCS8, sizeof(kExampleECKeyPKCS8),
468 EVP_PKEY_EC);
469 TestValidPrivateKey(kExampleECKeySpecifiedCurvePKCS8,
470 sizeof(kExampleECKeySpecifiedCurvePKCS8), EVP_PKEY_EC);
471 TestValidPrivateKey(kExampleDSAKeyDER, sizeof(kExampleDSAKeyDER),
472 EVP_PKEY_DSA);
473
474 const uint8_t *p = kInvalidPrivateKey;
475 bssl::UniquePtr<EVP_PKEY> pkey(
476 d2i_AutoPrivateKey(NULL, &p, sizeof(kInvalidPrivateKey)));
477 EXPECT_FALSE(pkey) << "Parsed invalid private key";
478 ERR_clear_error();
479 }
480
481 // Tests loading a bad key in PKCS8 format.
TEST(EVPExtraTest,BadECKey)482 TEST(EVPExtraTest, BadECKey) {
483 const uint8_t *derp = kExampleBadECKeyDER;
484 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8inf(
485 d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)));
486 ASSERT_TRUE(p8inf);
487 EXPECT_EQ(kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER), derp);
488
489 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKCS82PKEY(p8inf.get()));
490 ASSERT_FALSE(pkey) << "Imported invalid EC key";
491 ERR_clear_error();
492 }
493
494 // Tests |EVP_marshal_public_key| on an empty key.
TEST(EVPExtraTest,MarshalEmptyPublicKey)495 TEST(EVPExtraTest, MarshalEmptyPublicKey) {
496 bssl::UniquePtr<EVP_PKEY> empty(EVP_PKEY_new());
497 ASSERT_TRUE(empty);
498
499 bssl::ScopedCBB cbb;
500 EXPECT_FALSE(EVP_marshal_public_key(cbb.get(), empty.get()))
501 << "Marshalled empty public key.";
502 EXPECT_EQ(EVP_R_UNSUPPORTED_ALGORITHM, ERR_GET_REASON(ERR_peek_last_error()));
503 }
504
ParsePrivateKey(int type,const uint8_t * in,size_t len)505 static bssl::UniquePtr<EVP_PKEY> ParsePrivateKey(int type, const uint8_t *in,
506 size_t len) {
507 const uint8_t *ptr = in;
508 bssl::UniquePtr<EVP_PKEY> pkey(d2i_PrivateKey(type, nullptr, &ptr, len));
509 if (!pkey) {
510 return nullptr;
511 }
512
513 EXPECT_EQ(in + len, ptr);
514 return pkey;
515 }
516
TEST(EVPExtraTest,d2i_PrivateKey)517 TEST(EVPExtraTest, d2i_PrivateKey) {
518 EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_RSA, kExampleRSAKeyDER,
519 sizeof(kExampleRSAKeyDER)));
520 EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_DSA, kExampleDSAKeyDER,
521 sizeof(kExampleDSAKeyDER)));
522 EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_RSA, kExampleRSAKeyPKCS8,
523 sizeof(kExampleRSAKeyPKCS8)));
524 EXPECT_TRUE(
525 ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));
526
527 EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleBadECKeyDER,
528 sizeof(kExampleBadECKeyDER)));
529 ERR_clear_error();
530
531 // Copy the input into a |malloc|'d vector to flag memory errors.
532 std::vector<uint8_t> copy(
533 kExampleBadECKeyDER2,
534 kExampleBadECKeyDER2 + sizeof(kExampleBadECKeyDER2));
535 EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, copy.data(), copy.size()));
536 ERR_clear_error();
537
538 // Test that an RSA key may not be imported as an EC key.
539 EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleRSAKeyPKCS8,
540 sizeof(kExampleRSAKeyPKCS8)));
541 ERR_clear_error();
542 }
543
TEST(EVPExtraTest,Ed25519)544 TEST(EVPExtraTest, Ed25519) {
545 static const uint8_t kPublicKey[32] = {
546 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b, 0xfe,
547 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3, 0xda, 0xa6,
548 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07, 0x51, 0x1a,
549 };
550
551 static const uint8_t kPublicKeySPKI[] = {
552 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21,
553 0x00, 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
554 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3, 0xda,
555 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07, 0x51, 0x1a,
556 };
557
558 static const uint8_t kPrivateKeySeed[32] = {
559 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84, 0x4a,
560 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b, 0x32,
561 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60,
562 };
563
564 static const uint8_t kPrivateKeyPKCS8[] = {
565 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
566 0x04, 0x22, 0x04, 0x20, 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60,
567 0xba, 0x84, 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
568 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60,
569 };
570
571 // Create a public key.
572 bssl::UniquePtr<EVP_PKEY> pubkey(EVP_PKEY_new_raw_public_key(
573 EVP_PKEY_ED25519, nullptr, kPublicKey, sizeof(kPublicKey)));
574 ASSERT_TRUE(pubkey);
575 EXPECT_EQ(EVP_PKEY_ED25519, EVP_PKEY_id(pubkey.get()));
576
577 // The public key must be extractable.
578 uint8_t buf[32];
579 size_t len;
580 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pubkey.get(), nullptr, &len));
581 EXPECT_EQ(len, 32u);
582 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pubkey.get(), buf, &len));
583 EXPECT_EQ(Bytes(buf, len), Bytes(kPublicKey));
584 // Passing too large of a buffer is okay. The function will still only read
585 // 32 bytes.
586 len = 64;
587 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pubkey.get(), buf, &len));
588 EXPECT_EQ(Bytes(buf, len), Bytes(kPublicKey));
589 // Passing too small of a buffer is noticed.
590 len = 31;
591 EXPECT_FALSE(EVP_PKEY_get_raw_public_key(pubkey.get(), buf, &len));
592 uint32_t err = ERR_get_error();
593 EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
594 EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
595 ERR_clear_error();
596
597 // There is no private key.
598 EXPECT_FALSE(EVP_PKEY_get_raw_private_key(pubkey.get(), nullptr, &len));
599 err = ERR_get_error();
600 EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
601 EXPECT_EQ(EVP_R_NOT_A_PRIVATE_KEY, ERR_GET_REASON(err));
602 ERR_clear_error();
603
604 // The public key must encode properly.
605 bssl::ScopedCBB cbb;
606 uint8_t *der;
607 size_t der_len;
608 ASSERT_TRUE(CBB_init(cbb.get(), 0));
609 ASSERT_TRUE(EVP_marshal_public_key(cbb.get(), pubkey.get()));
610 ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len));
611 bssl::UniquePtr<uint8_t> free_der(der);
612 EXPECT_EQ(Bytes(kPublicKeySPKI), Bytes(der, der_len));
613
614 // The public key must gracefully fail to encode as a private key.
615 ASSERT_TRUE(CBB_init(cbb.get(), 0));
616 EXPECT_FALSE(EVP_marshal_private_key(cbb.get(), pubkey.get()));
617 err = ERR_get_error();
618 EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
619 EXPECT_EQ(EVP_R_NOT_A_PRIVATE_KEY, ERR_GET_REASON(err));
620 ERR_clear_error();
621 cbb.Reset();
622
623 // Create a private key.
624 bssl::UniquePtr<EVP_PKEY> privkey(EVP_PKEY_new_raw_private_key(
625 EVP_PKEY_ED25519, NULL, kPrivateKeySeed, sizeof(kPrivateKeySeed)));
626 ASSERT_TRUE(privkey);
627 EXPECT_EQ(EVP_PKEY_ED25519, EVP_PKEY_id(privkey.get()));
628
629 // The private key must be extractable.
630 ASSERT_TRUE(EVP_PKEY_get_raw_private_key(privkey.get(), nullptr, &len));
631 EXPECT_EQ(len, 32u);
632 ASSERT_TRUE(EVP_PKEY_get_raw_private_key(privkey.get(), buf, &len));
633 EXPECT_EQ(Bytes(buf, len), Bytes(kPrivateKeySeed));
634 // Passing too large of a buffer is okay. The function will still only read
635 // 32 bytes.
636 len = 64;
637 ASSERT_TRUE(EVP_PKEY_get_raw_private_key(privkey.get(), buf, &len));
638 EXPECT_EQ(Bytes(buf, len), Bytes(kPrivateKeySeed));
639 // Passing too small of a buffer is noticed.
640 len = 31;
641 EXPECT_FALSE(EVP_PKEY_get_raw_private_key(privkey.get(), buf, &len));
642 err = ERR_get_error();
643 EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
644 EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
645 ERR_clear_error();
646 // The public key must be extractable.
647 len = 32;
648 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(privkey.get(), buf, &len));
649 EXPECT_EQ(Bytes(buf, len), Bytes(kPublicKey));
650
651 // The public key must encode from the private key.
652 ASSERT_TRUE(CBB_init(cbb.get(), 0));
653 ASSERT_TRUE(EVP_marshal_public_key(cbb.get(), privkey.get()));
654 ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len));
655 free_der.reset(der);
656 EXPECT_EQ(Bytes(kPublicKeySPKI), Bytes(der, der_len));
657
658 // The private key must encode properly.
659 ASSERT_TRUE(CBB_init(cbb.get(), 0));
660 ASSERT_TRUE(EVP_marshal_private_key(cbb.get(), privkey.get()));
661 ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len));
662 free_der.reset(der);
663 EXPECT_EQ(Bytes(kPrivateKeyPKCS8), Bytes(der, der_len));
664
665 // Test EVP_PKEY_cmp.
666 EXPECT_EQ(1, EVP_PKEY_cmp(pubkey.get(), privkey.get()));
667
668 static const uint8_t kZeros[32] = {0};
669 bssl::UniquePtr<EVP_PKEY> pubkey2(EVP_PKEY_new_raw_public_key(
670 EVP_PKEY_ED25519, nullptr, kZeros, sizeof(kZeros)));
671 ASSERT_TRUE(pubkey2);
672 EXPECT_EQ(0, EVP_PKEY_cmp(pubkey.get(), pubkey2.get()));
673 EXPECT_EQ(0, EVP_PKEY_cmp(privkey.get(), pubkey2.get()));
674
675 // Ed25519 may not be used streaming.
676 bssl::ScopedEVP_MD_CTX ctx;
677 ASSERT_TRUE(
678 EVP_DigestSignInit(ctx.get(), nullptr, nullptr, nullptr, privkey.get()));
679 EXPECT_FALSE(EVP_DigestSignUpdate(ctx.get(), nullptr, 0));
680 EXPECT_FALSE(EVP_DigestSignFinal(ctx.get(), nullptr, &len));
681 ERR_clear_error();
682
683 ctx.Reset();
684 ASSERT_TRUE(EVP_DigestVerifyInit(ctx.get(), nullptr, nullptr, nullptr,
685 privkey.get()));
686 EXPECT_FALSE(EVP_DigestVerifyUpdate(ctx.get(), nullptr, 0));
687 EXPECT_FALSE(EVP_DigestVerifyFinal(ctx.get(), nullptr, 0));
688 ERR_clear_error();
689
690 // The buffer length to |EVP_DigestSign| is an input/output parameter and
691 // should be checked before signing.
692 ctx.Reset();
693 ASSERT_TRUE(
694 EVP_DigestSignInit(ctx.get(), nullptr, nullptr, nullptr, privkey.get()));
695 len = 31;
696 EXPECT_FALSE(EVP_DigestSign(ctx.get(), buf, &len, nullptr /* msg */, 0));
697 err = ERR_get_error();
698 EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
699 EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
700 ERR_clear_error();
701 }
702
ExpectECGroupOnly(const EVP_PKEY * pkey,int nid)703 static void ExpectECGroupOnly(const EVP_PKEY *pkey, int nid) {
704 EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
705 ASSERT_TRUE(ec);
706 const EC_GROUP *group = EC_KEY_get0_group(ec);
707 ASSERT_TRUE(group);
708 EXPECT_EQ(nid, EC_GROUP_get_curve_name(group));
709 EXPECT_FALSE(EC_KEY_get0_public_key(ec));
710 EXPECT_FALSE(EC_KEY_get0_private_key(ec));
711 }
712
ExpectECGroupAndKey(const EVP_PKEY * pkey,int nid)713 static void ExpectECGroupAndKey(const EVP_PKEY *pkey, int nid) {
714 EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
715 ASSERT_TRUE(ec);
716 const EC_GROUP *group = EC_KEY_get0_group(ec);
717 ASSERT_TRUE(group);
718 EXPECT_EQ(nid, EC_GROUP_get_curve_name(group));
719 EXPECT_TRUE(EC_KEY_get0_public_key(ec));
720 EXPECT_TRUE(EC_KEY_get0_private_key(ec));
721 }
722
TEST(EVPExtraTest,ECKeygen)723 TEST(EVPExtraTest, ECKeygen) {
724 // |EVP_PKEY_paramgen| may be used as an extremely roundabout way to get an
725 // |EC_GROUP|.
726 bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr));
727 ASSERT_TRUE(ctx);
728 ASSERT_TRUE(EVP_PKEY_paramgen_init(ctx.get()));
729 ASSERT_TRUE(
730 EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx.get(), NID_X9_62_prime256v1));
731 EVP_PKEY *raw = nullptr;
732 ASSERT_TRUE(EVP_PKEY_paramgen(ctx.get(), &raw));
733 bssl::UniquePtr<EVP_PKEY> pkey(raw);
734 raw = nullptr;
735 ExpectECGroupOnly(pkey.get(), NID_X9_62_prime256v1);
736
737 // That resulting |EVP_PKEY| may be used as a template for key generation.
738 ctx.reset(EVP_PKEY_CTX_new(pkey.get(), nullptr));
739 ASSERT_TRUE(ctx);
740 ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get()));
741 raw = nullptr;
742 ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw));
743 pkey.reset(raw);
744 raw = nullptr;
745 ExpectECGroupAndKey(pkey.get(), NID_X9_62_prime256v1);
746
747 // |EVP_PKEY_paramgen| may also be skipped.
748 ctx.reset(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr));
749 ASSERT_TRUE(ctx);
750 ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get()));
751 ASSERT_TRUE(
752 EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx.get(), NID_X9_62_prime256v1));
753 raw = nullptr;
754 ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw));
755 pkey.reset(raw);
756 raw = nullptr;
757 ExpectECGroupAndKey(pkey.get(), NID_X9_62_prime256v1);
758 }
759
760 // Test that |EVP_PKEY_keygen| works for Ed25519.
TEST(EVPExtraTest,Ed25519Keygen)761 TEST(EVPExtraTest, Ed25519Keygen) {
762 bssl::UniquePtr<EVP_PKEY_CTX> pctx(
763 EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, nullptr));
764 ASSERT_TRUE(pctx);
765 ASSERT_TRUE(EVP_PKEY_keygen_init(pctx.get()));
766 EVP_PKEY *raw = nullptr;
767 ASSERT_TRUE(EVP_PKEY_keygen(pctx.get(), &raw));
768 bssl::UniquePtr<EVP_PKEY> pkey(raw);
769
770 // Round-trip a signature to sanity-check the key is good.
771 bssl::ScopedEVP_MD_CTX ctx;
772 ASSERT_TRUE(
773 EVP_DigestSignInit(ctx.get(), nullptr, nullptr, nullptr, pkey.get()));
774 uint8_t sig[64];
775 size_t len = sizeof(sig);
776 ASSERT_TRUE(EVP_DigestSign(ctx.get(), sig, &len,
777 reinterpret_cast<const uint8_t *>("hello"), 5));
778
779 ctx.Reset();
780 ASSERT_TRUE(
781 EVP_DigestVerifyInit(ctx.get(), nullptr, nullptr, nullptr, pkey.get()));
782 ASSERT_TRUE(EVP_DigestVerify(ctx.get(), sig, len,
783 reinterpret_cast<const uint8_t *>("hello"), 5));
784 }
785