xref: /openssl/test/endecode_test.c (revision 7ed6de99)
1 /*
2  * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/evp.h>
13 #include <openssl/pem.h>
14 #include <openssl/rsa.h>
15 #include <openssl/x509.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include <openssl/param_build.h>
19 #include <openssl/encoder.h>
20 #include <openssl/decoder.h>
21 
22 #include "internal/cryptlib.h"   /* ossl_assert */
23 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
24 #include "crypto/evp.h"          /* For evp_pkey_is_provided() */
25 
26 #include "helpers/predefined_dhparams.h"
27 #include "testutil.h"
28 
29 #ifdef STATIC_LEGACY
30 OSSL_provider_init_fn ossl_legacy_provider_init;
31 #endif
32 
33 /* Extended test macros to allow passing file & line number */
34 #define TEST_FL_ptr(a)               test_ptr(file, line, #a, a)
35 #define TEST_FL_mem_eq(a, m, b, n)   test_mem_eq(file, line, #a, #b, a, m, b, n)
36 #define TEST_FL_strn_eq(a, b, n)     test_strn_eq(file, line, #a, #b, a, n, b, n)
37 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
38 #define TEST_FL_int_eq(a, b)         test_int_eq(file, line, #a, #b, a, b)
39 #define TEST_FL_int_ge(a, b)         test_int_ge(file, line, #a, #b, a, b)
40 #define TEST_FL_int_gt(a, b)         test_int_gt(file, line, #a, #b, a, b)
41 #define TEST_FL_long_gt(a, b)        test_long_gt(file, line, #a, #b, a, b)
42 #define TEST_FL_true(a)              test_true(file, line, #a, (a) != 0)
43 
44 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
45 # define OPENSSL_NO_KEYPARAMS
46 #endif
47 
48 static int default_libctx = 1;
49 static int is_fips = 0;
50 static int is_fips_3_0_0 = 0;
51 
52 static OSSL_LIB_CTX *testctx = NULL;
53 static OSSL_LIB_CTX *keyctx = NULL;
54 static char *testpropq = NULL;
55 
56 static OSSL_PROVIDER *nullprov = NULL;
57 static OSSL_PROVIDER *deflprov = NULL;
58 static OSSL_PROVIDER *keyprov = NULL;
59 
60 #ifndef OPENSSL_NO_EC
61 static BN_CTX *bnctx = NULL;
62 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
63 static OSSL_PARAM_BLD *bld_prime = NULL;
64 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
65 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
66 
67 # ifndef OPENSSL_NO_EC2M
68 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
69 static OSSL_PARAM_BLD *bld_tri = NULL;
70 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
71 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
72 # endif
73 #endif
74 
75 #ifndef OPENSSL_NO_KEYPARAMS
make_template(const char * type,OSSL_PARAM * genparams)76 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
77 {
78     EVP_PKEY *pkey = NULL;
79     EVP_PKEY_CTX *ctx = NULL;
80 
81 # ifndef OPENSSL_NO_DH
82     /*
83      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
84      * for testing only. Use a minimum key size of 2048 for security purposes.
85      */
86     if (strcmp(type, "DH") == 0)
87         return get_dh512(keyctx);
88 
89     if (strcmp(type, "X9.42 DH") == 0)
90         return get_dhx512(keyctx);
91 # endif
92 
93     /*
94      * No real need to check the errors other than for the cascade
95      * effect.  |pkey| will simply remain NULL if something goes wrong.
96      */
97     (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL
98            && EVP_PKEY_paramgen_init(ctx) > 0
99            && (genparams == NULL
100                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
101            && EVP_PKEY_generate(ctx, &pkey) > 0);
102     EVP_PKEY_CTX_free(ctx);
103 
104     return pkey;
105 }
106 #endif
107 
108 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key(const char * type,EVP_PKEY * template,OSSL_PARAM * genparams)109 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
110                           OSSL_PARAM *genparams)
111 {
112     EVP_PKEY *pkey = NULL;
113     EVP_PKEY_CTX *ctx =
114         template != NULL
115         ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
116         : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);
117 
118     /*
119      * No real need to check the errors other than for the cascade
120      * effect.  |pkey| will simply remain NULL if something goes wrong.
121      */
122     (void)(ctx != NULL
123            && EVP_PKEY_keygen_init(ctx) > 0
124            && (genparams == NULL
125                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
126            && EVP_PKEY_keygen(ctx, &pkey) > 0);
127     EVP_PKEY_CTX_free(ctx);
128     return pkey;
129 }
130 #endif
131 
132 /* Main test driver */
133 
134 typedef int (encoder)(const char *file, const int line,
135                       void **encoded, long *encoded_len,
136                       void *object, int selection,
137                       const char *output_type, const char *output_structure,
138                       const char *pass, const char *pcipher);
139 typedef int (decoder)(const char *file, const int line,
140                       void **object, void *encoded, long encoded_len,
141                       const char *input_type, const char *structure_type,
142                       const char *keytype, int selection, const char *pass);
143 typedef int (tester)(const char *file, const int line,
144                      const void *data1, size_t data1_len,
145                      const void *data2, size_t data2_len);
146 typedef int (checker)(const char *file, const int line,
147                       const char *type, const void *data, size_t data_len);
148 typedef void (dumper)(const char *label, const void *data, size_t data_len);
149 
150 #define FLAG_DECODE_WITH_TYPE   0x0001
151 #define FLAG_FAIL_IF_FIPS       0x0002
152 
test_encode_decode(const char * file,const int line,const char * type,EVP_PKEY * pkey,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher,encoder * encode_cb,decoder * decode_cb,tester * test_cb,checker * check_cb,dumper * dump_cb,int flags)153 static int test_encode_decode(const char *file, const int line,
154                               const char *type, EVP_PKEY *pkey,
155                               int selection, const char *output_type,
156                               const char *output_structure,
157                               const char *pass, const char *pcipher,
158                               encoder *encode_cb, decoder *decode_cb,
159                               tester *test_cb, checker *check_cb,
160                               dumper *dump_cb, int flags)
161 {
162     void *encoded = NULL;
163     long encoded_len = 0;
164     EVP_PKEY *pkey2 = NULL;
165     EVP_PKEY *pkey3 = NULL;
166     void *encoded2 = NULL;
167     long encoded2_len = 0;
168     int ok = 0;
169 
170     /*
171      * Encode |pkey|, decode the result into |pkey2|, and finish off by
172      * encoding |pkey2| as well.  That last encoding is for checking and
173      * dumping purposes.
174      */
175     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
176                              output_type, output_structure, pass, pcipher)))
177         goto end;
178 
179     if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) {
180         if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
181                                   encoded_len, output_type, output_structure,
182                                   (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
183                                   selection, pass)))
184             ok = 1;
185         goto end;
186     }
187 
188     if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
189         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
190                                 output_type, output_structure,
191                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
192                                 selection, pass))
193         || ((output_structure == NULL
194              || strcmp(output_structure, "type-specific") != 0)
195             && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len,
196                                     output_type, output_structure,
197                                     (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
198                                     0, pass)))
199         || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
200                                 output_type, output_structure, pass, pcipher)))
201         goto end;
202 
203     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
204         if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)
205             || (pkey3 != NULL
206                 && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1)))
207             goto end;
208     } else {
209         if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)
210             || (pkey3 != NULL
211                 && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1)))
212             goto end;
213     }
214 
215     /*
216      * Double check the encoding, but only for unprotected keys,
217      * as protected keys have a random component, which makes the output
218      * differ.
219      */
220     if ((pass == NULL && pcipher == NULL)
221         && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
222         goto end;
223 
224     ok = 1;
225  end:
226     if (!ok) {
227         if (encoded != NULL && encoded_len != 0)
228             dump_cb("|pkey| encoded", encoded, encoded_len);
229         if (encoded2 != NULL && encoded2_len != 0)
230             dump_cb("|pkey2| encoded", encoded2, encoded2_len);
231     }
232 
233     OPENSSL_free(encoded);
234     OPENSSL_free(encoded2);
235     EVP_PKEY_free(pkey2);
236     EVP_PKEY_free(pkey3);
237     return ok;
238 }
239 
240 /* Encoding and decoding methods */
241 
encode_EVP_PKEY_prov(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher)242 static int encode_EVP_PKEY_prov(const char *file, const int line,
243                                 void **encoded, long *encoded_len,
244                                 void *object, int selection,
245                                 const char *output_type,
246                                 const char *output_structure,
247                                 const char *pass, const char *pcipher)
248 {
249     EVP_PKEY *pkey = object;
250     OSSL_ENCODER_CTX *ectx = NULL;
251     BIO *mem_ser = NULL;
252     BUF_MEM *mem_buf = NULL;
253     const unsigned char *upass = (const unsigned char *)pass;
254     int ok = 0;
255 
256     if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
257                                                        output_type,
258                                                        output_structure,
259                                                        testpropq))
260         || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
261         || (pass != NULL
262             && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
263                                                           strlen(pass))))
264         || (pcipher != NULL
265             && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
266         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
267         || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
268         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
269         || !TEST_FL_ptr(*encoded = mem_buf->data)
270         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
271         goto end;
272 
273     /* Detach the encoded output */
274     mem_buf->data = NULL;
275     mem_buf->length = 0;
276     ok = 1;
277  end:
278     BIO_free(mem_ser);
279     OSSL_ENCODER_CTX_free(ectx);
280     return ok;
281 }
282 
decode_EVP_PKEY_prov(const char * file,const int line,void ** object,void * encoded,long encoded_len,const char * input_type,const char * structure_type,const char * keytype,int selection,const char * pass)283 static int decode_EVP_PKEY_prov(const char *file, const int line,
284                                 void **object, void *encoded, long encoded_len,
285                                 const char *input_type,
286                                 const char *structure_type,
287                                 const char *keytype, int selection,
288                                 const char *pass)
289 {
290     EVP_PKEY *pkey = NULL, *testpkey = NULL;
291     OSSL_DECODER_CTX *dctx = NULL;
292     BIO *encoded_bio = NULL;
293     const unsigned char *upass = (const unsigned char *)pass;
294     int ok = 0;
295     int i;
296     const char *badtype;
297 
298     if (strcmp(input_type, "DER") == 0)
299         badtype = "PEM";
300     else
301         badtype = "DER";
302 
303     if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
304         goto end;
305 
306     /*
307      * We attempt the decode 3 times. The first time we provide the expected
308      * starting input type. The second time we provide NULL for the starting
309      * type. The third time we provide a bad starting input type.
310      * The bad starting input type should fail. The other two should succeed
311      * and produce the same result.
312      */
313     for (i = 0; i < 3; i++) {
314         const char *testtype = (i == 0) ? input_type
315                                         : ((i == 1) ? NULL : badtype);
316 
317         if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
318                                                            testtype,
319                                                            structure_type,
320                                                            keytype,
321                                                            selection,
322                                                            testctx, testpropq))
323             || (pass != NULL
324                 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
325             || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
326                /* We expect to fail when using a bad input type */
327             || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
328                             (i == 2) ? 0 : 1))
329             goto end;
330         OSSL_DECODER_CTX_free(dctx);
331         dctx = NULL;
332 
333         if (i == 0) {
334             pkey = testpkey;
335             testpkey = NULL;
336         } else if (i == 1) {
337             if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
338                 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
339                     goto end;
340             } else {
341                 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
342                     goto end;
343             }
344         }
345     }
346     ok = 1;
347     *object = pkey;
348     pkey = NULL;
349 
350  end:
351     EVP_PKEY_free(pkey);
352     EVP_PKEY_free(testpkey);
353     BIO_free(encoded_bio);
354     OSSL_DECODER_CTX_free(dctx);
355     return ok;
356 }
357 
encode_EVP_PKEY_legacy_PEM(const char * file,const int line,void ** encoded,long * encoded_len,void * object,ossl_unused int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,const char * pcipher)358 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
359                                       void **encoded, long *encoded_len,
360                                       void *object, ossl_unused int selection,
361                                       ossl_unused const char *output_type,
362                                       ossl_unused const char *output_structure,
363                                       const char *pass, const char *pcipher)
364 {
365     EVP_PKEY *pkey = object;
366     EVP_CIPHER *cipher = NULL;
367     BIO *mem_ser = NULL;
368     BUF_MEM *mem_buf = NULL;
369     const unsigned char *upass = (const unsigned char *)pass;
370     size_t passlen = 0;
371     int ok = 0;
372 
373     if (pcipher != NULL && pass != NULL) {
374         passlen = strlen(pass);
375         if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq)))
376             goto end;
377     }
378     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
379         || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
380                                                            cipher,
381                                                            upass, passlen,
382                                                            NULL, NULL))
383         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
384         || !TEST_FL_ptr(*encoded = mem_buf->data)
385         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
386         goto end;
387 
388     /* Detach the encoded output */
389     mem_buf->data = NULL;
390     mem_buf->length = 0;
391     ok = 1;
392  end:
393     BIO_free(mem_ser);
394     EVP_CIPHER_free(cipher);
395     return ok;
396 }
397 
encode_EVP_PKEY_MSBLOB(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,ossl_unused const char * pass,ossl_unused const char * pcipher)398 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
399                                   void **encoded, long *encoded_len,
400                                   void *object, int selection,
401                                   ossl_unused const char *output_type,
402                                   ossl_unused const char *output_structure,
403                                   ossl_unused const char *pass,
404                                   ossl_unused const char *pcipher)
405 {
406     EVP_PKEY *pkey = object;
407     BIO *mem_ser = NULL;
408     BUF_MEM *mem_buf = NULL;
409     int ok = 0;
410 
411     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
412         goto end;
413 
414     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
415         if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
416             goto end;
417     } else {
418         if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
419             goto end;
420     }
421 
422     if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
423         || !TEST_FL_ptr(*encoded = mem_buf->data)
424         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
425         goto end;
426 
427     /* Detach the encoded output */
428     mem_buf->data = NULL;
429     mem_buf->length = 0;
430     ok = 1;
431  end:
432     BIO_free(mem_ser);
433     return ok;
434 }
435 
436 static pem_password_cb pass_pw;
pass_pw(char * buf,int size,int rwflag,void * userdata)437 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
438 {
439     OPENSSL_strlcpy(buf, userdata, size);
440     return strlen(userdata);
441 }
442 
encode_EVP_PKEY_PVK(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,ossl_unused const char * pcipher)443 static int encode_EVP_PKEY_PVK(const char *file, const int line,
444                                void **encoded, long *encoded_len,
445                                void *object, int selection,
446                                ossl_unused const char *output_type,
447                                ossl_unused const char *output_structure,
448                                const char *pass,
449                                ossl_unused const char *pcipher)
450 {
451     EVP_PKEY *pkey = object;
452     BIO *mem_ser = NULL;
453     BUF_MEM *mem_buf = NULL;
454     int enc = (pass != NULL);
455     int ok = 0;
456 
457     if (!TEST_FL_true(ossl_assert((selection
458                                 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
459         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
460         || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc,
461                                           pass_pw, (void *)pass, testctx, testpropq), 0)
462         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
463         || !TEST_FL_ptr(*encoded = mem_buf->data)
464         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
465         goto end;
466 
467     /* Detach the encoded output */
468     mem_buf->data = NULL;
469     mem_buf->length = 0;
470     ok = 1;
471  end:
472     BIO_free(mem_ser);
473     return ok;
474 }
475 
test_text(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)476 static int test_text(const char *file, const int line,
477                      const void *data1, size_t data1_len,
478                      const void *data2, size_t data2_len)
479 {
480     return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
481 }
482 
test_mem(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)483 static int test_mem(const char *file, const int line,
484                     const void *data1, size_t data1_len,
485                     const void *data2, size_t data2_len)
486 {
487     return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
488 }
489 
490 /* Test cases and their dumpers / checkers */
491 
collect_name(const char * name,void * arg)492 static void collect_name(const char *name, void *arg)
493 {
494     char **namelist = arg;
495     char *new_namelist;
496     size_t space;
497 
498     space = strlen(name);
499     if (*namelist != NULL)
500         space += strlen(*namelist) + 2 /* for comma and space */;
501     space++; /* for terminating null byte */
502 
503     new_namelist = OPENSSL_realloc(*namelist, space);
504     if (new_namelist == NULL)
505         return;
506     if (*namelist != NULL) {
507         strcat(new_namelist, ", ");
508         strcat(new_namelist, name);
509     } else {
510         strcpy(new_namelist, name);
511     }
512     *namelist = new_namelist;
513 }
514 
dump_der(const char * label,const void * data,size_t data_len)515 static void dump_der(const char *label, const void *data, size_t data_len)
516 {
517     test_output_memory(label, data, data_len);
518 }
519 
dump_pem(const char * label,const void * data,size_t data_len)520 static void dump_pem(const char *label, const void *data, size_t data_len)
521 {
522     test_output_string(label, data, data_len - 1);
523 }
524 
check_unprotected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)525 static int check_unprotected_PKCS8_DER(const char *file, const int line,
526                                        const char *type,
527                                        const void *data, size_t data_len)
528 {
529     const unsigned char *datap = data;
530     PKCS8_PRIV_KEY_INFO *p8inf =
531         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
532     int ok = 0;
533 
534     if (TEST_FL_ptr(p8inf)) {
535         EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq);
536         char *namelist = NULL;
537 
538         if (TEST_FL_ptr(pkey)) {
539             if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
540                 EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist);
541                 if (namelist != NULL)
542                     TEST_note("%s isn't any of %s", type, namelist);
543                 OPENSSL_free(namelist);
544             }
545             ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
546             EVP_PKEY_free(pkey);
547         }
548     }
549     PKCS8_PRIV_KEY_INFO_free(p8inf);
550     return ok;
551 }
552 
test_unprotected_via_DER(const char * type,EVP_PKEY * key,int fips)553 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
554 {
555     return test_encode_decode(__FILE__, __LINE__, type, key,
556                               OSSL_KEYMGMT_SELECT_KEYPAIR
557                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
558                               "DER", "PrivateKeyInfo", NULL, NULL,
559                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
560                               test_mem, check_unprotected_PKCS8_DER,
561                               dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
562 }
563 
check_unprotected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)564 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
565                                        const char *type,
566                                        const void *data, size_t data_len)
567 {
568     static const char expected_pem_header[] =
569         "-----BEGIN " PEM_STRING_PKCS8INF "-----";
570 
571     return TEST_FL_strn_eq(data, expected_pem_header,
572                         sizeof(expected_pem_header) - 1);
573 }
574 
test_unprotected_via_PEM(const char * type,EVP_PKEY * key,int fips)575 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
576 {
577     return test_encode_decode(__FILE__, __LINE__, type, key,
578                               OSSL_KEYMGMT_SELECT_KEYPAIR
579                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
580                               "PEM", "PrivateKeyInfo", NULL, NULL,
581                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
582                               test_text, check_unprotected_PKCS8_PEM,
583                               dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
584 }
585 
586 #ifndef OPENSSL_NO_KEYPARAMS
check_params_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)587 static int check_params_DER(const char *file, const int line,
588                             const char *type, const void *data, size_t data_len)
589 {
590     const unsigned char *datap = data;
591     int ok = 0;
592     int itype = NID_undef;
593     EVP_PKEY *pkey = NULL;
594 
595     if (strcmp(type, "DH") == 0)
596         itype = EVP_PKEY_DH;
597     else if (strcmp(type, "X9.42 DH") == 0)
598         itype = EVP_PKEY_DHX;
599     else if (strcmp(type, "DSA") ==  0)
600         itype = EVP_PKEY_DSA;
601     else if (strcmp(type, "EC") ==  0)
602         itype = EVP_PKEY_EC;
603 
604     if (itype != NID_undef) {
605         pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
606         ok = (pkey != NULL);
607         EVP_PKEY_free(pkey);
608     }
609 
610     return ok;
611 }
612 
check_params_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)613 static int check_params_PEM(const char *file, const int line,
614                             const char *type,
615                             const void *data, size_t data_len)
616 {
617     static char expected_pem_header[80];
618 
619     return
620         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
621                                  sizeof(expected_pem_header),
622                                  "-----BEGIN %s PARAMETERS-----", type), 0)
623         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
624 }
625 
test_params_via_DER(const char * type,EVP_PKEY * key)626 static int test_params_via_DER(const char *type, EVP_PKEY *key)
627 {
628     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
629                               "DER", "type-specific", NULL, NULL,
630                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
631                               test_mem, check_params_DER,
632                               dump_der, FLAG_DECODE_WITH_TYPE);
633 }
634 
test_params_via_PEM(const char * type,EVP_PKEY * key)635 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
636 {
637     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
638                               "PEM", "type-specific", NULL, NULL,
639                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
640                               test_text, check_params_PEM,
641                               dump_pem, 0);
642 }
643 #endif /* !OPENSSL_NO_KEYPARAMS */
644 
check_unprotected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)645 static int check_unprotected_legacy_PEM(const char *file, const int line,
646                                         const char *type,
647                                         const void *data, size_t data_len)
648 {
649     static char expected_pem_header[80];
650 
651     return
652         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
653                                  sizeof(expected_pem_header),
654                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
655         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
656 }
657 
test_unprotected_via_legacy_PEM(const char * type,EVP_PKEY * key)658 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
659 {
660     if (!default_libctx || is_fips)
661         return TEST_skip("Test not available if using a non-default library context or FIPS provider");
662 
663     return test_encode_decode(__FILE__, __LINE__, type, key,
664                               OSSL_KEYMGMT_SELECT_KEYPAIR
665                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
666                               "PEM", "type-specific", NULL, NULL,
667                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
668                               test_text, check_unprotected_legacy_PEM,
669                               dump_pem, 0);
670 }
671 
check_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)672 static int check_MSBLOB(const char *file, const int line,
673                         const char *type, const void *data, size_t data_len)
674 {
675     const unsigned char *datap = data;
676     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
677     int ok = TEST_FL_ptr(pkey);
678 
679     EVP_PKEY_free(pkey);
680     return ok;
681 }
682 
test_unprotected_via_MSBLOB(const char * type,EVP_PKEY * key)683 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
684 {
685     return test_encode_decode(__FILE__, __LINE__, type, key,
686                               OSSL_KEYMGMT_SELECT_KEYPAIR
687                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
688                               "MSBLOB", NULL, NULL, NULL,
689                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
690                               test_mem, check_MSBLOB,
691                               dump_der, 0);
692 }
693 
check_PVK(const char * file,const int line,const char * type,const void * data,size_t data_len)694 static int check_PVK(const char *file, const int line,
695                      const char *type, const void *data, size_t data_len)
696 {
697     const unsigned char *in = data;
698     unsigned int saltlen = 0, keylen = 0;
699     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
700 
701     return ok;
702 }
703 
test_unprotected_via_PVK(const char * type,EVP_PKEY * key)704 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
705 {
706     return test_encode_decode(__FILE__, __LINE__, type, key,
707                               OSSL_KEYMGMT_SELECT_KEYPAIR
708                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
709                               "PVK", NULL, NULL, NULL,
710                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
711                               test_mem, check_PVK,
712                               dump_der, 0);
713 }
714 
715 static const char *pass_cipher = "AES-256-CBC";
716 static const char *pass = "the holy handgrenade of antioch";
717 
check_protected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)718 static int check_protected_PKCS8_DER(const char *file, const int line,
719                                      const char *type,
720                                      const void *data, size_t data_len)
721 {
722     const unsigned char *datap = data;
723     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
724     int ok = TEST_FL_ptr(p8);
725 
726     X509_SIG_free(p8);
727     return ok;
728 }
729 
test_protected_via_DER(const char * type,EVP_PKEY * key,int fips)730 static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
731 {
732     return test_encode_decode(__FILE__, __LINE__, type, key,
733                               OSSL_KEYMGMT_SELECT_KEYPAIR
734                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
735                               "DER", "EncryptedPrivateKeyInfo",
736                               pass, pass_cipher,
737                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
738                               test_mem, check_protected_PKCS8_DER,
739                               dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
740 }
741 
check_protected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)742 static int check_protected_PKCS8_PEM(const char *file, const int line,
743                                      const char *type,
744                                      const void *data, size_t data_len)
745 {
746     static const char expected_pem_header[] =
747         "-----BEGIN " PEM_STRING_PKCS8 "-----";
748 
749     return TEST_FL_strn_eq(data, expected_pem_header,
750                         sizeof(expected_pem_header) - 1);
751 }
752 
test_protected_via_PEM(const char * type,EVP_PKEY * key,int fips)753 static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
754 {
755     return test_encode_decode(__FILE__, __LINE__, type, key,
756                               OSSL_KEYMGMT_SELECT_KEYPAIR
757                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
758                               "PEM", "EncryptedPrivateKeyInfo",
759                               pass, pass_cipher,
760                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
761                               test_text, check_protected_PKCS8_PEM,
762                               dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
763 }
764 
check_protected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)765 static int check_protected_legacy_PEM(const char *file, const int line,
766                                       const char *type,
767                                       const void *data, size_t data_len)
768 {
769     static char expected_pem_header[80];
770 
771     return
772         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
773                                  sizeof(expected_pem_header),
774                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
775         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
776         && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
777 }
778 
test_protected_via_legacy_PEM(const char * type,EVP_PKEY * key)779 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
780 {
781     if (!default_libctx || is_fips)
782         return TEST_skip("Test not available if using a non-default library context or FIPS provider");
783 
784     return test_encode_decode(__FILE__, __LINE__, type, key,
785                               OSSL_KEYMGMT_SELECT_KEYPAIR
786                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
787                               "PEM", "type-specific", pass, pass_cipher,
788                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
789                               test_text, check_protected_legacy_PEM,
790                               dump_pem, 0);
791 }
792 
793 #ifndef OPENSSL_NO_RC4
test_protected_via_PVK(const char * type,EVP_PKEY * key)794 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
795 {
796     int ret = 0;
797     OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
798     if (lgcyprov == NULL)
799         return TEST_skip("Legacy provider not available");
800 
801     ret = test_encode_decode(__FILE__, __LINE__, type, key,
802                               OSSL_KEYMGMT_SELECT_KEYPAIR
803                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
804                               "PVK", NULL, pass, NULL,
805                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
806                               test_mem, check_PVK, dump_der, 0);
807     OSSL_PROVIDER_unload(lgcyprov);
808     return ret;
809 }
810 #endif
811 
check_public_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)812 static int check_public_DER(const char *file, const int line,
813                             const char *type, const void *data, size_t data_len)
814 {
815     const unsigned char *datap = data;
816     EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq);
817     int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
818 
819     EVP_PKEY_free(pkey);
820     return ok;
821 }
822 
test_public_via_DER(const char * type,EVP_PKEY * key,int fips)823 static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
824 {
825     return test_encode_decode(__FILE__, __LINE__, type, key,
826                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
827                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
828                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
829                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
830                               test_mem, check_public_DER, dump_der,
831                               fips ? 0 : FLAG_FAIL_IF_FIPS);
832 }
833 
check_public_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)834 static int check_public_PEM(const char *file, const int line,
835                             const char *type, const void *data, size_t data_len)
836 {
837     static const char expected_pem_header[] =
838         "-----BEGIN " PEM_STRING_PUBLIC "-----";
839 
840     return
841         TEST_FL_strn_eq(data, expected_pem_header,
842                      sizeof(expected_pem_header) - 1);
843 }
844 
test_public_via_PEM(const char * type,EVP_PKEY * key,int fips)845 static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
846 {
847     return test_encode_decode(__FILE__, __LINE__, type, key,
848                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
849                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
850                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
851                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
852                               test_text, check_public_PEM, dump_pem,
853                               fips ? 0 : FLAG_FAIL_IF_FIPS);
854 }
855 
check_public_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)856 static int check_public_MSBLOB(const char *file, const int line,
857                                const char *type,
858                                const void *data, size_t data_len)
859 {
860     const unsigned char *datap = data;
861     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
862     int ok = TEST_FL_ptr(pkey);
863 
864     EVP_PKEY_free(pkey);
865     return ok;
866 }
867 
test_public_via_MSBLOB(const char * type,EVP_PKEY * key)868 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
869 {
870     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
871                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
872                               "MSBLOB", NULL, NULL, NULL,
873                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
874                               test_mem, check_public_MSBLOB, dump_der, 0);
875 }
876 
877 #define KEYS(KEYTYPE)                           \
878     static EVP_PKEY *key_##KEYTYPE = NULL
879 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
880     ok = ok                                                             \
881         && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
882 #define FREE_KEYS(KEYTYPE)                                              \
883     EVP_PKEY_free(key_##KEYTYPE);                                       \
884 
885 #define DOMAIN_KEYS(KEYTYPE)                    \
886     static EVP_PKEY *template_##KEYTYPE = NULL; \
887     static EVP_PKEY *key_##KEYTYPE = NULL
888 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
889     ok = ok                                                             \
890         && TEST_ptr(template_##KEYTYPE =                                \
891                     make_template(KEYTYPEstr, params))                  \
892         && TEST_ptr(key_##KEYTYPE =                                     \
893                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
894 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
895     EVP_PKEY_free(template_##KEYTYPE);                                  \
896     EVP_PKEY_free(key_##KEYTYPE)
897 
898 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips)                 \
899     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
900     {                                                                   \
901         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
902     }                                                                   \
903     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
904     {                                                                   \
905         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
906     }                                                                   \
907     static int test_protected_##KEYTYPE##_via_DER(void)                 \
908     {                                                                   \
909         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
910     }                                                                   \
911     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
912     {                                                                   \
913         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
914     }                                                                   \
915     static int test_public_##KEYTYPE##_via_DER(void)                    \
916     {                                                                   \
917         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips);    \
918     }                                                                   \
919     static int test_public_##KEYTYPE##_via_PEM(void)                    \
920     {                                                                   \
921         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips);    \
922     }
923 
924 #define ADD_TEST_SUITE(KEYTYPE)                                 \
925     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
926     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
927     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
928     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
929     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
930     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
931 
932 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr)           \
933     static int test_params_##KEYTYPE##_via_DER(void)               \
934     {                                                              \
935         return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
936     }                                                              \
937     static int test_params_##KEYTYPE##_via_PEM(void)               \
938     {                                                              \
939         return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
940     }
941 
942 #define ADD_TEST_SUITE_PARAMS(KEYTYPE)                          \
943     ADD_TEST(test_params_##KEYTYPE##_via_DER);                  \
944     ADD_TEST(test_params_##KEYTYPE##_via_PEM)
945 
946 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
947     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
948     {                                                                   \
949         return                                                          \
950             test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
951     }                                                                   \
952     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
953     {                                                                   \
954         return                                                          \
955             test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE);   \
956     }
957 
958 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                  \
959     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);              \
960     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
961 
962 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)                \
963     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
964     {                                                                   \
965         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
966     }                                                                   \
967     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
968     {                                                                   \
969         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
970     }
971 
972 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                                  \
973     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);                  \
974     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
975 
976 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr)       \
977     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
978     {                                                                   \
979         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
980     }
981 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE)                        \
982     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
983 #ifndef OPENSSL_NO_RC4
984 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr)        \
985     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
986     {                                                                   \
987         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
988     }
989 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE)                          \
990     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
991 #endif
992 
993 #ifndef OPENSSL_NO_DH
994 DOMAIN_KEYS(DH);
995 IMPLEMENT_TEST_SUITE(DH, "DH", 1)
996 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
997 DOMAIN_KEYS(DHX);
998 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
999 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
1000 /*
1001  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1002  * so no legacy tests.
1003  */
1004 #endif
1005 #ifndef OPENSSL_NO_DSA
1006 DOMAIN_KEYS(DSA);
1007 IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
1008 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
1009 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
1010 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
1011 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
1012 # ifndef OPENSSL_NO_RC4
1013 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
1014 # endif
1015 #endif
1016 #ifndef OPENSSL_NO_EC
1017 DOMAIN_KEYS(EC);
1018 IMPLEMENT_TEST_SUITE(EC, "EC", 1)
1019 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
1020 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
1021 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1022 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
1023 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
1024 DOMAIN_KEYS(ECExplicitPrime2G);
1025 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
1026 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
1027 # ifndef OPENSSL_NO_EC2M
1028 DOMAIN_KEYS(ECExplicitTriNamedCurve);
1029 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
1030 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
1031 DOMAIN_KEYS(ECExplicitTri2G);
1032 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
1033 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1034 # endif
1035 # ifndef OPENSSL_NO_SM2
1036 KEYS(SM2);
1037 IMPLEMENT_TEST_SUITE(SM2, "SM2", 0)
1038 # endif
1039 KEYS(ED25519);
1040 IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
1041 KEYS(ED448);
1042 IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
1043 KEYS(X25519);
1044 IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
1045 KEYS(X448);
1046 IMPLEMENT_TEST_SUITE(X448, "X448", 1)
1047 /*
1048  * ED25519, ED448, X25519 and X448 have no support for
1049  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1050  */
1051 #endif
1052 KEYS(RSA);
1053 IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
1054 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1055 KEYS(RSA_PSS);
1056 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
1057 /*
1058  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1059  * so no legacy tests.
1060  */
1061 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
1062 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
1063 #ifndef OPENSSL_NO_RC4
1064 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1065 #endif
1066 
1067 #ifndef OPENSSL_NO_EC
1068 /* Explicit parameters that match a named curve */
do_create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1069 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1070                                               const unsigned char *gen,
1071                                               size_t gen_len)
1072 {
1073     BIGNUM *a, *b, *prime, *order;
1074 
1075     /* Curve prime256v1 */
1076     static const unsigned char prime_data[] = {
1077         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1078         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1079         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1080         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1081         0xff
1082     };
1083     static const unsigned char a_data[] = {
1084         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1085         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1086         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1087         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1088         0xfc
1089     };
1090     static const unsigned char b_data[] = {
1091         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1092         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1093         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1094         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1095     };
1096     static const unsigned char seed[] = {
1097         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1098         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1099         0x81, 0x9f, 0x7e, 0x90
1100     };
1101     static const unsigned char order_data[] = {
1102         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1103         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1104         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1105         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1106     };
1107     return TEST_ptr(a = BN_CTX_get(bnctx))
1108            && TEST_ptr(b = BN_CTX_get(bnctx))
1109            && TEST_ptr(prime = BN_CTX_get(bnctx))
1110            && TEST_ptr(order = BN_CTX_get(bnctx))
1111            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1112            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1113            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1114            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1115            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1116                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1117                             0))
1118            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1119            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1120            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1121            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1122                             OSSL_PKEY_PARAM_EC_ORDER, order))
1123            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1124                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1125            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1126                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1127            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1128                                                BN_value_one()));
1129 }
1130 
create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD * bld)1131 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1132 {
1133     static const unsigned char prime256v1_gen[] = {
1134         0x04,
1135         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1136         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1137         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1138         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1139         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1140         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1141         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1142         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1143     };
1144     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1145                                               sizeof(prime256v1_gen));
1146 }
1147 
create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld)1148 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1149 {
1150     /* 2G */
1151     static const unsigned char prime256v1_gen2[] = {
1152         0x04,
1153         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1154         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1155         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1156         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1157         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1158         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1159         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1160         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1161     };
1162     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1163                                               sizeof(prime256v1_gen2));
1164 }
1165 
1166 # ifndef OPENSSL_NO_EC2M
do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1167 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1168                                                   const unsigned char *gen,
1169                                                   size_t gen_len)
1170 {
1171     BIGNUM *a, *b, *poly, *order, *cofactor;
1172     /* sect233k1 characteristic-two-field tpBasis */
1173     static const unsigned char poly_data[] = {
1174         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1175         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1176         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1177     };
1178     static const unsigned char a_data[] = {
1179         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1180         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1181         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1182     };
1183     static const unsigned char b_data[] = {
1184         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1185         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1186         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1187     };
1188     static const unsigned char order_data[] = {
1189         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1190         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1191         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1192     };
1193     static const unsigned char cofactor_data[]= {
1194         0x4
1195     };
1196     return TEST_ptr(a = BN_CTX_get(bnctx))
1197            && TEST_ptr(b = BN_CTX_get(bnctx))
1198            && TEST_ptr(poly = BN_CTX_get(bnctx))
1199            && TEST_ptr(order = BN_CTX_get(bnctx))
1200            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1201            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1202            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1203            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1204            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1205            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1206            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1207                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1208                             SN_X9_62_characteristic_two_field, 0))
1209            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1210            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1211            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1212            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1213                             OSSL_PKEY_PARAM_EC_ORDER, order))
1214            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1215                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1216            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1217                                                cofactor));
1218 }
1219 
create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD * bld)1220 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1221 {
1222     static const unsigned char gen[] = {
1223         0x04,
1224         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1225         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1226         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1227         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1228         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1229         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1230     };
1231     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1232 }
1233 
create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld)1234 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1235 {
1236     static const unsigned char gen2[] = {
1237         0x04,
1238         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1239         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1240         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1241         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1242         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1243         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1244     };
1245     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1246 }
1247 # endif /* OPENSSL_NO_EC2M */
1248 #endif /* OPENSSL_NO_EC */
1249 
1250 typedef enum OPTION_choice {
1251     OPT_ERR = -1,
1252     OPT_EOF = 0,
1253     OPT_CONTEXT,
1254     OPT_RSA_FILE,
1255     OPT_RSA_PSS_FILE,
1256     OPT_CONFIG_FILE,
1257     OPT_PROVIDER_NAME,
1258     OPT_TEST_ENUM
1259 } OPTION_CHOICE;
1260 
test_get_options(void)1261 const OPTIONS *test_get_options(void)
1262 {
1263     static const OPTIONS options[] = {
1264         OPT_TEST_OPTIONS_DEFAULT_USAGE,
1265         { "context", OPT_CONTEXT, '-',
1266           "Explicitly use a non-default library context" },
1267         { "rsa", OPT_RSA_FILE, '<',
1268           "PEM format RSA key file to encode/decode" },
1269         { "pss", OPT_RSA_PSS_FILE, '<',
1270           "PEM format RSA-PSS key file to encode/decode" },
1271         { "config", OPT_CONFIG_FILE, '<',
1272           "The configuration file to use for the library context" },
1273         { "provider", OPT_PROVIDER_NAME, 's',
1274           "The provider to load (The default value is 'default')" },
1275         { NULL }
1276     };
1277     return options;
1278 }
1279 
setup_tests(void)1280 int setup_tests(void)
1281 {
1282     const char *rsa_file = NULL;
1283     const char *rsa_pss_file = NULL;
1284     const char *prov_name = "default";
1285     char *config_file = NULL;
1286     int ok = 1;
1287 
1288 #ifndef OPENSSL_NO_DSA
1289     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1290     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1291     OSSL_PARAM DSA_params[] = {
1292         OSSL_PARAM_size_t("pbits", &pbits),
1293         OSSL_PARAM_size_t("qbits", &qbits),
1294         OSSL_PARAM_END
1295     };
1296 #endif
1297 
1298 #ifndef OPENSSL_NO_EC
1299     static char groupname[] = "prime256v1";
1300     OSSL_PARAM EC_params[] = {
1301         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1302         OSSL_PARAM_END
1303     };
1304 #endif
1305 
1306     OPTION_CHOICE o;
1307 
1308     while ((o = opt_next()) != OPT_EOF) {
1309         switch (o) {
1310         case OPT_CONTEXT:
1311             default_libctx = 0;
1312             break;
1313         case OPT_PROVIDER_NAME:
1314             prov_name = opt_arg();
1315             break;
1316         case OPT_CONFIG_FILE:
1317             config_file = opt_arg();
1318             break;
1319         case OPT_RSA_FILE:
1320             rsa_file = opt_arg();
1321             break;
1322         case OPT_RSA_PSS_FILE:
1323             rsa_pss_file = opt_arg();
1324             break;
1325         case OPT_TEST_CASES:
1326             break;
1327         default:
1328             return 0;
1329         }
1330     }
1331 
1332     if (strcmp(prov_name, "fips") == 0)
1333         is_fips = 1;
1334 
1335     if (default_libctx) {
1336         if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name))
1337             return 0;
1338     } else {
1339         if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name))
1340             return 0;
1341     }
1342 
1343     /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
1344     is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
1345 
1346 #ifdef STATIC_LEGACY
1347     /*
1348      * This test is always statically linked against libcrypto. We must not
1349      * attempt to load legacy.so that might be dynamically linked against
1350      * libcrypto. Instead we use a built-in version of the legacy provider.
1351      */
1352     if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
1353         return 0;
1354 #endif
1355 
1356     /* Separate provider/ctx for generating the test data */
1357     if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
1358         return 0;
1359     if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default")))
1360         return 0;
1361 
1362 #ifndef OPENSSL_NO_EC
1363     if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx))
1364         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1365         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1366         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1367         || !create_ec_explicit_prime_params(bld_prime)
1368         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1369         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1370 # ifndef OPENSSL_NO_EC2M
1371         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1372         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1373         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1374         || !create_ec_explicit_trinomial_params(bld_tri)
1375         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1376         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1377 # endif
1378         )
1379         return 0;
1380 #endif
1381 
1382     TEST_info("Generating keys...");
1383 
1384 #ifndef OPENSSL_NO_DH
1385     TEST_info("Generating DH keys...");
1386     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1387     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1388 #endif
1389 #ifndef OPENSSL_NO_DSA
1390     TEST_info("Generating DSA keys...");
1391     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1392 #endif
1393 #ifndef OPENSSL_NO_EC
1394     TEST_info("Generating EC keys...");
1395     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1396     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1397     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1398 # ifndef OPENSSL_NO_EC2M
1399     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1400     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1401 # endif
1402 # ifndef OPENSSL_NO_SM2
1403     MAKE_KEYS(SM2, "SM2", NULL);
1404 # endif
1405     MAKE_KEYS(ED25519, "ED25519", NULL);
1406     MAKE_KEYS(ED448, "ED448", NULL);
1407     MAKE_KEYS(X25519, "X25519", NULL);
1408     MAKE_KEYS(X448, "X448", NULL);
1409 #endif
1410     TEST_info("Loading RSA key...");
1411     ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
1412     TEST_info("Loading RSA_PSS key...");
1413     ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx));
1414     TEST_info("Generating keys done");
1415 
1416     if (ok) {
1417 #ifndef OPENSSL_NO_DH
1418         ADD_TEST_SUITE(DH);
1419         ADD_TEST_SUITE_PARAMS(DH);
1420         ADD_TEST_SUITE(DHX);
1421         ADD_TEST_SUITE_PARAMS(DHX);
1422         /*
1423          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1424          * so no legacy tests.
1425          */
1426 #endif
1427 #ifndef OPENSSL_NO_DSA
1428         ADD_TEST_SUITE(DSA);
1429         ADD_TEST_SUITE_PARAMS(DSA);
1430         ADD_TEST_SUITE_LEGACY(DSA);
1431         ADD_TEST_SUITE_MSBLOB(DSA);
1432         ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1433 # ifndef OPENSSL_NO_RC4
1434         ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1435 # endif
1436 #endif
1437 #ifndef OPENSSL_NO_EC
1438         ADD_TEST_SUITE(EC);
1439         ADD_TEST_SUITE_PARAMS(EC);
1440         ADD_TEST_SUITE_LEGACY(EC);
1441         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1442         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1443         ADD_TEST_SUITE(ECExplicitPrime2G);
1444         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1445 # ifndef OPENSSL_NO_EC2M
1446         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1447         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1448         ADD_TEST_SUITE(ECExplicitTri2G);
1449         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1450 # endif
1451 # ifndef OPENSSL_NO_SM2
1452         if (!is_fips_3_0_0) {
1453             /* 3.0.0 FIPS provider imports explicit EC params and then fails. */
1454             ADD_TEST_SUITE(SM2);
1455         }
1456 # endif
1457         ADD_TEST_SUITE(ED25519);
1458         ADD_TEST_SUITE(ED448);
1459         ADD_TEST_SUITE(X25519);
1460         ADD_TEST_SUITE(X448);
1461         /*
1462          * ED25519, ED448, X25519 and X448 have no support for
1463          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1464          */
1465 #endif
1466         ADD_TEST_SUITE(RSA);
1467         ADD_TEST_SUITE_LEGACY(RSA);
1468         ADD_TEST_SUITE(RSA_PSS);
1469         /*
1470          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1471          * so no legacy tests.
1472          */
1473         ADD_TEST_SUITE_MSBLOB(RSA);
1474         ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1475 # ifndef OPENSSL_NO_RC4
1476         ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1477 # endif
1478     }
1479 
1480     return 1;
1481 }
1482 
cleanup_tests(void)1483 void cleanup_tests(void)
1484 {
1485 #ifndef OPENSSL_NO_EC
1486     OSSL_PARAM_free(ec_explicit_prime_params_nc);
1487     OSSL_PARAM_free(ec_explicit_prime_params_explicit);
1488     OSSL_PARAM_BLD_free(bld_prime_nc);
1489     OSSL_PARAM_BLD_free(bld_prime);
1490 # ifndef OPENSSL_NO_EC2M
1491     OSSL_PARAM_free(ec_explicit_tri_params_nc);
1492     OSSL_PARAM_free(ec_explicit_tri_params_explicit);
1493     OSSL_PARAM_BLD_free(bld_tri_nc);
1494     OSSL_PARAM_BLD_free(bld_tri);
1495 # endif
1496     BN_CTX_free(bnctx);
1497 #endif /* OPENSSL_NO_EC */
1498 
1499 #ifndef OPENSSL_NO_DH
1500     FREE_DOMAIN_KEYS(DH);
1501     FREE_DOMAIN_KEYS(DHX);
1502 #endif
1503 #ifndef OPENSSL_NO_DSA
1504     FREE_DOMAIN_KEYS(DSA);
1505 #endif
1506 #ifndef OPENSSL_NO_EC
1507     FREE_DOMAIN_KEYS(EC);
1508     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1509     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1510 # ifndef OPENSSL_NO_EC2M
1511     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1512     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1513 # endif
1514 # ifndef OPENSSL_NO_SM2
1515     FREE_KEYS(SM2);
1516 # endif
1517     FREE_KEYS(ED25519);
1518     FREE_KEYS(ED448);
1519     FREE_KEYS(X25519);
1520     FREE_KEYS(X448);
1521 #endif
1522     FREE_KEYS(RSA);
1523     FREE_KEYS(RSA_PSS);
1524 
1525     OSSL_PROVIDER_unload(nullprov);
1526     OSSL_PROVIDER_unload(deflprov);
1527     OSSL_PROVIDER_unload(keyprov);
1528     OSSL_LIB_CTX_free(testctx);
1529     OSSL_LIB_CTX_free(keyctx);
1530 }
1531