1b0d17251Schristos /* 2*97e3c585Schristos * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3b0d17251Schristos * 4b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use 5b0d17251Schristos * this file except in compliance with the License. You can obtain a copy 6b0d17251Schristos * in the file LICENSE in the source distribution or at 7b0d17251Schristos * https://www.openssl.org/source/license.html 8b0d17251Schristos */ 9b0d17251Schristos 10b0d17251Schristos #include <string.h> 11b0d17251Schristos #include <openssl/core_dispatch.h> 12b0d17251Schristos #include <openssl/evp.h> 13b0d17251Schristos #include <openssl/pem.h> 14b0d17251Schristos #include <openssl/rsa.h> 15b0d17251Schristos #include <openssl/x509.h> 16b0d17251Schristos #include <openssl/core_names.h> 17b0d17251Schristos #include <openssl/params.h> 18b0d17251Schristos #include <openssl/param_build.h> 19b0d17251Schristos #include <openssl/encoder.h> 20b0d17251Schristos #include <openssl/decoder.h> 21b0d17251Schristos 22b0d17251Schristos #include "internal/cryptlib.h" /* ossl_assert */ 23b0d17251Schristos #include "crypto/pem.h" /* For PVK and "blob" PEM headers */ 24b0d17251Schristos #include "crypto/evp.h" /* For evp_pkey_is_provided() */ 25b0d17251Schristos 26b0d17251Schristos #include "helpers/predefined_dhparams.h" 27b0d17251Schristos #include "testutil.h" 28b0d17251Schristos 29b0d17251Schristos /* Extended test macros to allow passing file & line number */ 30b0d17251Schristos #define TEST_FL_ptr(a) test_ptr(file, line, #a, a) 31b0d17251Schristos #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) 32b0d17251Schristos #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) 33b0d17251Schristos #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n) 34b0d17251Schristos #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) 35b0d17251Schristos #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) 36b0d17251Schristos #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) 37b0d17251Schristos #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) 38b0d17251Schristos #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) 39b0d17251Schristos 40b0d17251Schristos #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 41b0d17251Schristos # define OPENSSL_NO_KEYPARAMS 42b0d17251Schristos #endif 43b0d17251Schristos 44b0d17251Schristos static int default_libctx = 1; 45b0d17251Schristos static int is_fips = 0; 46b0d17251Schristos static int is_fips_3_0_0 = 0; 47b0d17251Schristos 48b0d17251Schristos static OSSL_LIB_CTX *testctx = NULL; 49b0d17251Schristos static OSSL_LIB_CTX *keyctx = NULL; 50b0d17251Schristos static char *testpropq = NULL; 51b0d17251Schristos 52b0d17251Schristos static OSSL_PROVIDER *nullprov = NULL; 53b0d17251Schristos static OSSL_PROVIDER *deflprov = NULL; 54b0d17251Schristos static OSSL_PROVIDER *keyprov = NULL; 55b0d17251Schristos 56b0d17251Schristos #ifndef OPENSSL_NO_EC 57b0d17251Schristos static BN_CTX *bnctx = NULL; 58b0d17251Schristos static OSSL_PARAM_BLD *bld_prime_nc = NULL; 59b0d17251Schristos static OSSL_PARAM_BLD *bld_prime = NULL; 60b0d17251Schristos static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; 61b0d17251Schristos static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; 62b0d17251Schristos 63b0d17251Schristos # ifndef OPENSSL_NO_EC2M 64b0d17251Schristos static OSSL_PARAM_BLD *bld_tri_nc = NULL; 65b0d17251Schristos static OSSL_PARAM_BLD *bld_tri = NULL; 66b0d17251Schristos static OSSL_PARAM *ec_explicit_tri_params_nc = NULL; 67b0d17251Schristos static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; 68b0d17251Schristos # endif 69b0d17251Schristos #endif 70b0d17251Schristos 71b0d17251Schristos #ifndef OPENSSL_NO_KEYPARAMS 72b0d17251Schristos static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) 73b0d17251Schristos { 74b0d17251Schristos EVP_PKEY *pkey = NULL; 75b0d17251Schristos EVP_PKEY_CTX *ctx = NULL; 76b0d17251Schristos 77b0d17251Schristos # ifndef OPENSSL_NO_DH 78b0d17251Schristos /* 79b0d17251Schristos * Use 512-bit DH(X) keys with predetermined parameters for efficiency, 80b0d17251Schristos * for testing only. Use a minimum key size of 2048 for security purposes. 81b0d17251Schristos */ 82b0d17251Schristos if (strcmp(type, "DH") == 0) 83b0d17251Schristos return get_dh512(keyctx); 84b0d17251Schristos 85b0d17251Schristos if (strcmp(type, "X9.42 DH") == 0) 86b0d17251Schristos return get_dhx512(keyctx); 87b0d17251Schristos # endif 88b0d17251Schristos 89b0d17251Schristos /* 90b0d17251Schristos * No real need to check the errors other than for the cascade 91b0d17251Schristos * effect. |pkey| will simply remain NULL if something goes wrong. 92b0d17251Schristos */ 93b0d17251Schristos (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL 94b0d17251Schristos && EVP_PKEY_paramgen_init(ctx) > 0 95b0d17251Schristos && (genparams == NULL 96b0d17251Schristos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 97b0d17251Schristos && EVP_PKEY_generate(ctx, &pkey) > 0); 98b0d17251Schristos EVP_PKEY_CTX_free(ctx); 99b0d17251Schristos 100b0d17251Schristos return pkey; 101b0d17251Schristos } 102b0d17251Schristos #endif 103b0d17251Schristos 104b0d17251Schristos #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 105b0d17251Schristos static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, 106b0d17251Schristos OSSL_PARAM *genparams) 107b0d17251Schristos { 108b0d17251Schristos EVP_PKEY *pkey = NULL; 109b0d17251Schristos EVP_PKEY_CTX *ctx = 110b0d17251Schristos template != NULL 111b0d17251Schristos ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) 112b0d17251Schristos : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); 113b0d17251Schristos 114b0d17251Schristos /* 115b0d17251Schristos * No real need to check the errors other than for the cascade 116b0d17251Schristos * effect. |pkey| will simply remain NULL if something goes wrong. 117b0d17251Schristos */ 118b0d17251Schristos (void)(ctx != NULL 119b0d17251Schristos && EVP_PKEY_keygen_init(ctx) > 0 120b0d17251Schristos && (genparams == NULL 121b0d17251Schristos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 122b0d17251Schristos && EVP_PKEY_keygen(ctx, &pkey) > 0); 123b0d17251Schristos EVP_PKEY_CTX_free(ctx); 124b0d17251Schristos return pkey; 125b0d17251Schristos } 126b0d17251Schristos #endif 127b0d17251Schristos 128b0d17251Schristos /* Main test driver */ 129b0d17251Schristos 130b0d17251Schristos typedef int (encoder)(const char *file, const int line, 131b0d17251Schristos void **encoded, long *encoded_len, 132b0d17251Schristos void *object, int selection, 133b0d17251Schristos const char *output_type, const char *output_structure, 134b0d17251Schristos const char *pass, const char *pcipher); 135b0d17251Schristos typedef int (decoder)(const char *file, const int line, 136b0d17251Schristos void **object, void *encoded, long encoded_len, 137b0d17251Schristos const char *input_type, const char *structure_type, 138b0d17251Schristos const char *keytype, int selection, const char *pass); 139b0d17251Schristos typedef int (tester)(const char *file, const int line, 140b0d17251Schristos const void *data1, size_t data1_len, 141b0d17251Schristos const void *data2, size_t data2_len); 142b0d17251Schristos typedef int (checker)(const char *file, const int line, 143b0d17251Schristos const char *type, const void *data, size_t data_len); 144b0d17251Schristos typedef void (dumper)(const char *label, const void *data, size_t data_len); 145b0d17251Schristos 146b0d17251Schristos #define FLAG_DECODE_WITH_TYPE 0x0001 147b0d17251Schristos #define FLAG_FAIL_IF_FIPS 0x0002 148b0d17251Schristos 149b0d17251Schristos static int test_encode_decode(const char *file, const int line, 150b0d17251Schristos const char *type, EVP_PKEY *pkey, 151b0d17251Schristos int selection, const char *output_type, 152b0d17251Schristos const char *output_structure, 153b0d17251Schristos const char *pass, const char *pcipher, 154b0d17251Schristos encoder *encode_cb, decoder *decode_cb, 155b0d17251Schristos tester *test_cb, checker *check_cb, 156b0d17251Schristos dumper *dump_cb, int flags) 157b0d17251Schristos { 158b0d17251Schristos void *encoded = NULL; 159b0d17251Schristos long encoded_len = 0; 160b0d17251Schristos EVP_PKEY *pkey2 = NULL; 1614778aedeSchristos EVP_PKEY *pkey3 = NULL; 162b0d17251Schristos void *encoded2 = NULL; 163b0d17251Schristos long encoded2_len = 0; 164b0d17251Schristos int ok = 0; 165b0d17251Schristos 166b0d17251Schristos /* 167b0d17251Schristos * Encode |pkey|, decode the result into |pkey2|, and finish off by 168b0d17251Schristos * encoding |pkey2| as well. That last encoding is for checking and 169b0d17251Schristos * dumping purposes. 170b0d17251Schristos */ 171b0d17251Schristos if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, 172b0d17251Schristos output_type, output_structure, pass, pcipher))) 173b0d17251Schristos goto end; 174b0d17251Schristos 175b0d17251Schristos if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { 176b0d17251Schristos if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, 177b0d17251Schristos encoded_len, output_type, output_structure, 178b0d17251Schristos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 179b0d17251Schristos selection, pass))) 180b0d17251Schristos ok = 1; 181b0d17251Schristos goto end; 182b0d17251Schristos } 183b0d17251Schristos 184b0d17251Schristos if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) 185b0d17251Schristos || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, 186b0d17251Schristos output_type, output_structure, 187b0d17251Schristos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 188b0d17251Schristos selection, pass)) 1894778aedeSchristos || ((output_structure == NULL 1904778aedeSchristos || strcmp(output_structure, "type-specific") != 0) 1914778aedeSchristos && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len, 1924778aedeSchristos output_type, output_structure, 1934778aedeSchristos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 1944778aedeSchristos 0, pass))) 195b0d17251Schristos || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, 196b0d17251Schristos output_type, output_structure, pass, pcipher))) 197b0d17251Schristos goto end; 198b0d17251Schristos 199b0d17251Schristos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 2004778aedeSchristos if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1) 2014778aedeSchristos || (pkey3 != NULL 2024778aedeSchristos && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1))) 203b0d17251Schristos goto end; 204b0d17251Schristos } else { 2054778aedeSchristos if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1) 2064778aedeSchristos || (pkey3 != NULL 2074778aedeSchristos && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1))) 208b0d17251Schristos goto end; 209b0d17251Schristos } 210b0d17251Schristos 211b0d17251Schristos /* 212b0d17251Schristos * Double check the encoding, but only for unprotected keys, 213b0d17251Schristos * as protected keys have a random component, which makes the output 214b0d17251Schristos * differ. 215b0d17251Schristos */ 216b0d17251Schristos if ((pass == NULL && pcipher == NULL) 217b0d17251Schristos && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len)) 218b0d17251Schristos goto end; 219b0d17251Schristos 220b0d17251Schristos ok = 1; 221b0d17251Schristos end: 222b0d17251Schristos if (!ok) { 223b0d17251Schristos if (encoded != NULL && encoded_len != 0) 224b0d17251Schristos dump_cb("|pkey| encoded", encoded, encoded_len); 225b0d17251Schristos if (encoded2 != NULL && encoded2_len != 0) 226b0d17251Schristos dump_cb("|pkey2| encoded", encoded2, encoded2_len); 227b0d17251Schristos } 228b0d17251Schristos 229b0d17251Schristos OPENSSL_free(encoded); 230b0d17251Schristos OPENSSL_free(encoded2); 231b0d17251Schristos EVP_PKEY_free(pkey2); 2324778aedeSchristos EVP_PKEY_free(pkey3); 233b0d17251Schristos return ok; 234b0d17251Schristos } 235b0d17251Schristos 236b0d17251Schristos /* Encoding and decoding methods */ 237b0d17251Schristos 238b0d17251Schristos static int encode_EVP_PKEY_prov(const char *file, const int line, 239b0d17251Schristos void **encoded, long *encoded_len, 240b0d17251Schristos void *object, int selection, 241b0d17251Schristos const char *output_type, 242b0d17251Schristos const char *output_structure, 243b0d17251Schristos const char *pass, const char *pcipher) 244b0d17251Schristos { 245b0d17251Schristos EVP_PKEY *pkey = object; 246b0d17251Schristos OSSL_ENCODER_CTX *ectx = NULL; 247b0d17251Schristos BIO *mem_ser = NULL; 248b0d17251Schristos BUF_MEM *mem_buf = NULL; 249b0d17251Schristos const unsigned char *upass = (const unsigned char *)pass; 250b0d17251Schristos int ok = 0; 251b0d17251Schristos 252b0d17251Schristos if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, 253b0d17251Schristos output_type, 254b0d17251Schristos output_structure, 255b0d17251Schristos testpropq)) 256b0d17251Schristos || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) 257b0d17251Schristos || (pass != NULL 258b0d17251Schristos && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, 259b0d17251Schristos strlen(pass)))) 260b0d17251Schristos || (pcipher != NULL 261b0d17251Schristos && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL))) 262b0d17251Schristos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 263b0d17251Schristos || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser)) 264b0d17251Schristos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 265b0d17251Schristos || !TEST_FL_ptr(*encoded = mem_buf->data) 266b0d17251Schristos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 267b0d17251Schristos goto end; 268b0d17251Schristos 269b0d17251Schristos /* Detach the encoded output */ 270b0d17251Schristos mem_buf->data = NULL; 271b0d17251Schristos mem_buf->length = 0; 272b0d17251Schristos ok = 1; 273b0d17251Schristos end: 274b0d17251Schristos BIO_free(mem_ser); 275b0d17251Schristos OSSL_ENCODER_CTX_free(ectx); 276b0d17251Schristos return ok; 277b0d17251Schristos } 278b0d17251Schristos 279b0d17251Schristos static int decode_EVP_PKEY_prov(const char *file, const int line, 280b0d17251Schristos void **object, void *encoded, long encoded_len, 281b0d17251Schristos const char *input_type, 282b0d17251Schristos const char *structure_type, 283b0d17251Schristos const char *keytype, int selection, 284b0d17251Schristos const char *pass) 285b0d17251Schristos { 286b0d17251Schristos EVP_PKEY *pkey = NULL, *testpkey = NULL; 287b0d17251Schristos OSSL_DECODER_CTX *dctx = NULL; 288b0d17251Schristos BIO *encoded_bio = NULL; 289b0d17251Schristos const unsigned char *upass = (const unsigned char *)pass; 290b0d17251Schristos int ok = 0; 291b0d17251Schristos int i; 292b0d17251Schristos const char *badtype; 293b0d17251Schristos 294b0d17251Schristos if (strcmp(input_type, "DER") == 0) 295b0d17251Schristos badtype = "PEM"; 296b0d17251Schristos else 297b0d17251Schristos badtype = "DER"; 298b0d17251Schristos 299b0d17251Schristos if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len))) 300b0d17251Schristos goto end; 301b0d17251Schristos 302b0d17251Schristos /* 303b0d17251Schristos * We attempt the decode 3 times. The first time we provide the expected 304b0d17251Schristos * starting input type. The second time we provide NULL for the starting 305b0d17251Schristos * type. The third time we provide a bad starting input type. 306b0d17251Schristos * The bad starting input type should fail. The other two should succeed 307b0d17251Schristos * and produce the same result. 308b0d17251Schristos */ 309b0d17251Schristos for (i = 0; i < 3; i++) { 310b0d17251Schristos const char *testtype = (i == 0) ? input_type 311b0d17251Schristos : ((i == 1) ? NULL : badtype); 312b0d17251Schristos 313b0d17251Schristos if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey, 314b0d17251Schristos testtype, 315b0d17251Schristos structure_type, 316b0d17251Schristos keytype, 317b0d17251Schristos selection, 318b0d17251Schristos testctx, testpropq)) 319b0d17251Schristos || (pass != NULL 320b0d17251Schristos && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) 321b0d17251Schristos || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) 322b0d17251Schristos /* We expect to fail when using a bad input type */ 323b0d17251Schristos || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio), 324b0d17251Schristos (i == 2) ? 0 : 1)) 325b0d17251Schristos goto end; 326b0d17251Schristos OSSL_DECODER_CTX_free(dctx); 327b0d17251Schristos dctx = NULL; 328b0d17251Schristos 329b0d17251Schristos if (i == 0) { 330b0d17251Schristos pkey = testpkey; 331b0d17251Schristos testpkey = NULL; 332b0d17251Schristos } else if (i == 1) { 333b0d17251Schristos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 334b0d17251Schristos if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1)) 335b0d17251Schristos goto end; 336b0d17251Schristos } else { 337b0d17251Schristos if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1)) 338b0d17251Schristos goto end; 339b0d17251Schristos } 340b0d17251Schristos } 341b0d17251Schristos } 342b0d17251Schristos ok = 1; 343b0d17251Schristos *object = pkey; 344b0d17251Schristos pkey = NULL; 345b0d17251Schristos 346b0d17251Schristos end: 347b0d17251Schristos EVP_PKEY_free(pkey); 348b0d17251Schristos EVP_PKEY_free(testpkey); 349b0d17251Schristos BIO_free(encoded_bio); 350b0d17251Schristos OSSL_DECODER_CTX_free(dctx); 351b0d17251Schristos return ok; 352b0d17251Schristos } 353b0d17251Schristos 354b0d17251Schristos static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, 355b0d17251Schristos void **encoded, long *encoded_len, 356b0d17251Schristos void *object, ossl_unused int selection, 357b0d17251Schristos ossl_unused const char *output_type, 358b0d17251Schristos ossl_unused const char *output_structure, 359b0d17251Schristos const char *pass, const char *pcipher) 360b0d17251Schristos { 361b0d17251Schristos EVP_PKEY *pkey = object; 362b0d17251Schristos EVP_CIPHER *cipher = NULL; 363b0d17251Schristos BIO *mem_ser = NULL; 364b0d17251Schristos BUF_MEM *mem_buf = NULL; 365b0d17251Schristos const unsigned char *upass = (const unsigned char *)pass; 366b0d17251Schristos size_t passlen = 0; 367b0d17251Schristos int ok = 0; 368b0d17251Schristos 369b0d17251Schristos if (pcipher != NULL && pass != NULL) { 370b0d17251Schristos passlen = strlen(pass); 371b0d17251Schristos if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq))) 372b0d17251Schristos goto end; 373b0d17251Schristos } 374b0d17251Schristos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 375b0d17251Schristos || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, 376b0d17251Schristos cipher, 377b0d17251Schristos upass, passlen, 378b0d17251Schristos NULL, NULL)) 379b0d17251Schristos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 380b0d17251Schristos || !TEST_FL_ptr(*encoded = mem_buf->data) 381b0d17251Schristos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 382b0d17251Schristos goto end; 383b0d17251Schristos 384b0d17251Schristos /* Detach the encoded output */ 385b0d17251Schristos mem_buf->data = NULL; 386b0d17251Schristos mem_buf->length = 0; 387b0d17251Schristos ok = 1; 388b0d17251Schristos end: 389b0d17251Schristos BIO_free(mem_ser); 390b0d17251Schristos EVP_CIPHER_free(cipher); 391b0d17251Schristos return ok; 392b0d17251Schristos } 393b0d17251Schristos 394b0d17251Schristos static int encode_EVP_PKEY_MSBLOB(const char *file, const int line, 395b0d17251Schristos void **encoded, long *encoded_len, 396b0d17251Schristos void *object, int selection, 397b0d17251Schristos ossl_unused const char *output_type, 398b0d17251Schristos ossl_unused const char *output_structure, 399b0d17251Schristos ossl_unused const char *pass, 400b0d17251Schristos ossl_unused const char *pcipher) 401b0d17251Schristos { 402b0d17251Schristos EVP_PKEY *pkey = object; 403b0d17251Schristos BIO *mem_ser = NULL; 404b0d17251Schristos BUF_MEM *mem_buf = NULL; 405b0d17251Schristos int ok = 0; 406b0d17251Schristos 407b0d17251Schristos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))) 408b0d17251Schristos goto end; 409b0d17251Schristos 410b0d17251Schristos if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 411b0d17251Schristos if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)) 412b0d17251Schristos goto end; 413b0d17251Schristos } else { 414b0d17251Schristos if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)) 415b0d17251Schristos goto end; 416b0d17251Schristos } 417b0d17251Schristos 418b0d17251Schristos if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 419b0d17251Schristos || !TEST_FL_ptr(*encoded = mem_buf->data) 420b0d17251Schristos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 421b0d17251Schristos goto end; 422b0d17251Schristos 423b0d17251Schristos /* Detach the encoded output */ 424b0d17251Schristos mem_buf->data = NULL; 425b0d17251Schristos mem_buf->length = 0; 426b0d17251Schristos ok = 1; 427b0d17251Schristos end: 428b0d17251Schristos BIO_free(mem_ser); 429b0d17251Schristos return ok; 430b0d17251Schristos } 431b0d17251Schristos 432b0d17251Schristos static pem_password_cb pass_pw; 433b0d17251Schristos static int pass_pw(char *buf, int size, int rwflag, void *userdata) 434b0d17251Schristos { 435b0d17251Schristos OPENSSL_strlcpy(buf, userdata, size); 436b0d17251Schristos return strlen(userdata); 437b0d17251Schristos } 438b0d17251Schristos 439b0d17251Schristos static int encode_EVP_PKEY_PVK(const char *file, const int line, 440b0d17251Schristos void **encoded, long *encoded_len, 441b0d17251Schristos void *object, int selection, 442b0d17251Schristos ossl_unused const char *output_type, 443b0d17251Schristos ossl_unused const char *output_structure, 444b0d17251Schristos const char *pass, 445b0d17251Schristos ossl_unused const char *pcipher) 446b0d17251Schristos { 447b0d17251Schristos EVP_PKEY *pkey = object; 448b0d17251Schristos BIO *mem_ser = NULL; 449b0d17251Schristos BUF_MEM *mem_buf = NULL; 450b0d17251Schristos int enc = (pass != NULL); 451b0d17251Schristos int ok = 0; 452b0d17251Schristos 453b0d17251Schristos if (!TEST_FL_true(ossl_assert((selection 454b0d17251Schristos & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) 455b0d17251Schristos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 456b0d17251Schristos || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, 457b0d17251Schristos pass_pw, (void *)pass, testctx, testpropq), 0) 458b0d17251Schristos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 459b0d17251Schristos || !TEST_FL_ptr(*encoded = mem_buf->data) 460b0d17251Schristos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 461b0d17251Schristos goto end; 462b0d17251Schristos 463b0d17251Schristos /* Detach the encoded output */ 464b0d17251Schristos mem_buf->data = NULL; 465b0d17251Schristos mem_buf->length = 0; 466b0d17251Schristos ok = 1; 467b0d17251Schristos end: 468b0d17251Schristos BIO_free(mem_ser); 469b0d17251Schristos return ok; 470b0d17251Schristos } 471b0d17251Schristos 472b0d17251Schristos static int test_text(const char *file, const int line, 473b0d17251Schristos const void *data1, size_t data1_len, 474b0d17251Schristos const void *data2, size_t data2_len) 475b0d17251Schristos { 476b0d17251Schristos return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len); 477b0d17251Schristos } 478b0d17251Schristos 479b0d17251Schristos static int test_mem(const char *file, const int line, 480b0d17251Schristos const void *data1, size_t data1_len, 481b0d17251Schristos const void *data2, size_t data2_len) 482b0d17251Schristos { 483b0d17251Schristos return TEST_FL_mem_eq(data1, data1_len, data2, data2_len); 484b0d17251Schristos } 485b0d17251Schristos 486b0d17251Schristos /* Test cases and their dumpers / checkers */ 487b0d17251Schristos 488b0d17251Schristos static void collect_name(const char *name, void *arg) 489b0d17251Schristos { 490b0d17251Schristos char **namelist = arg; 491b0d17251Schristos char *new_namelist; 492b0d17251Schristos size_t space; 493b0d17251Schristos 494b0d17251Schristos space = strlen(name); 495b0d17251Schristos if (*namelist != NULL) 496b0d17251Schristos space += strlen(*namelist) + 2 /* for comma and space */; 497b0d17251Schristos space++; /* for terminating null byte */ 498b0d17251Schristos 499b0d17251Schristos new_namelist = OPENSSL_realloc(*namelist, space); 500b0d17251Schristos if (new_namelist == NULL) 501b0d17251Schristos return; 502b0d17251Schristos if (*namelist != NULL) { 503b0d17251Schristos strcat(new_namelist, ", "); 504b0d17251Schristos strcat(new_namelist, name); 505b0d17251Schristos } else { 506b0d17251Schristos strcpy(new_namelist, name); 507b0d17251Schristos } 508b0d17251Schristos *namelist = new_namelist; 509b0d17251Schristos } 510b0d17251Schristos 511b0d17251Schristos static void dump_der(const char *label, const void *data, size_t data_len) 512b0d17251Schristos { 513b0d17251Schristos test_output_memory(label, data, data_len); 514b0d17251Schristos } 515b0d17251Schristos 516b0d17251Schristos static void dump_pem(const char *label, const void *data, size_t data_len) 517b0d17251Schristos { 518b0d17251Schristos test_output_string(label, data, data_len - 1); 519b0d17251Schristos } 520b0d17251Schristos 521b0d17251Schristos static int check_unprotected_PKCS8_DER(const char *file, const int line, 522b0d17251Schristos const char *type, 523b0d17251Schristos const void *data, size_t data_len) 524b0d17251Schristos { 525b0d17251Schristos const unsigned char *datap = data; 526b0d17251Schristos PKCS8_PRIV_KEY_INFO *p8inf = 527b0d17251Schristos d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); 528b0d17251Schristos int ok = 0; 529b0d17251Schristos 530b0d17251Schristos if (TEST_FL_ptr(p8inf)) { 531b0d17251Schristos EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq); 532b0d17251Schristos char *namelist = NULL; 533b0d17251Schristos 534b0d17251Schristos if (TEST_FL_ptr(pkey)) { 535b0d17251Schristos if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) { 536b0d17251Schristos EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist); 537b0d17251Schristos if (namelist != NULL) 538b0d17251Schristos TEST_note("%s isn't any of %s", type, namelist); 539b0d17251Schristos OPENSSL_free(namelist); 540b0d17251Schristos } 541b0d17251Schristos ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey)); 542b0d17251Schristos EVP_PKEY_free(pkey); 543b0d17251Schristos } 544b0d17251Schristos } 545b0d17251Schristos PKCS8_PRIV_KEY_INFO_free(p8inf); 546b0d17251Schristos return ok; 547b0d17251Schristos } 548b0d17251Schristos 549b0d17251Schristos static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) 550b0d17251Schristos { 551b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 552b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 553b0d17251Schristos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 554b0d17251Schristos "DER", "PrivateKeyInfo", NULL, NULL, 555b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 556b0d17251Schristos test_mem, check_unprotected_PKCS8_DER, 557b0d17251Schristos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 558b0d17251Schristos } 559b0d17251Schristos 560b0d17251Schristos static int check_unprotected_PKCS8_PEM(const char *file, const int line, 561b0d17251Schristos const char *type, 562b0d17251Schristos const void *data, size_t data_len) 563b0d17251Schristos { 564b0d17251Schristos static const char expected_pem_header[] = 565b0d17251Schristos "-----BEGIN " PEM_STRING_PKCS8INF "-----"; 566b0d17251Schristos 567b0d17251Schristos return TEST_FL_strn_eq(data, expected_pem_header, 568b0d17251Schristos sizeof(expected_pem_header) - 1); 569b0d17251Schristos } 570b0d17251Schristos 571b0d17251Schristos static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) 572b0d17251Schristos { 573b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 574b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 575b0d17251Schristos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 576b0d17251Schristos "PEM", "PrivateKeyInfo", NULL, NULL, 577b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 578b0d17251Schristos test_text, check_unprotected_PKCS8_PEM, 579b0d17251Schristos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 580b0d17251Schristos } 581b0d17251Schristos 582b0d17251Schristos #ifndef OPENSSL_NO_KEYPARAMS 583b0d17251Schristos static int check_params_DER(const char *file, const int line, 584b0d17251Schristos const char *type, const void *data, size_t data_len) 585b0d17251Schristos { 586b0d17251Schristos const unsigned char *datap = data; 587b0d17251Schristos int ok = 0; 588b0d17251Schristos int itype = NID_undef; 589b0d17251Schristos EVP_PKEY *pkey = NULL; 590b0d17251Schristos 591b0d17251Schristos if (strcmp(type, "DH") == 0) 592b0d17251Schristos itype = EVP_PKEY_DH; 593b0d17251Schristos else if (strcmp(type, "X9.42 DH") == 0) 594b0d17251Schristos itype = EVP_PKEY_DHX; 595b0d17251Schristos else if (strcmp(type, "DSA") == 0) 596b0d17251Schristos itype = EVP_PKEY_DSA; 597b0d17251Schristos else if (strcmp(type, "EC") == 0) 598b0d17251Schristos itype = EVP_PKEY_EC; 599b0d17251Schristos 600b0d17251Schristos if (itype != NID_undef) { 601b0d17251Schristos pkey = d2i_KeyParams(itype, NULL, &datap, data_len); 602b0d17251Schristos ok = (pkey != NULL); 603b0d17251Schristos EVP_PKEY_free(pkey); 604b0d17251Schristos } 605b0d17251Schristos 606b0d17251Schristos return ok; 607b0d17251Schristos } 608b0d17251Schristos 609b0d17251Schristos static int check_params_PEM(const char *file, const int line, 610b0d17251Schristos const char *type, 611b0d17251Schristos const void *data, size_t data_len) 612b0d17251Schristos { 613b0d17251Schristos static char expected_pem_header[80]; 614b0d17251Schristos 615b0d17251Schristos return 616b0d17251Schristos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 617b0d17251Schristos sizeof(expected_pem_header), 618b0d17251Schristos "-----BEGIN %s PARAMETERS-----", type), 0) 619b0d17251Schristos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 620b0d17251Schristos } 621b0d17251Schristos 622b0d17251Schristos static int test_params_via_DER(const char *type, EVP_PKEY *key) 623b0d17251Schristos { 624b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 625b0d17251Schristos "DER", "type-specific", NULL, NULL, 626b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 627b0d17251Schristos test_mem, check_params_DER, 628b0d17251Schristos dump_der, FLAG_DECODE_WITH_TYPE); 629b0d17251Schristos } 630b0d17251Schristos 631b0d17251Schristos static int test_params_via_PEM(const char *type, EVP_PKEY *key) 632b0d17251Schristos { 633b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 634b0d17251Schristos "PEM", "type-specific", NULL, NULL, 635b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 636b0d17251Schristos test_text, check_params_PEM, 637b0d17251Schristos dump_pem, 0); 638b0d17251Schristos } 639b0d17251Schristos #endif /* !OPENSSL_NO_KEYPARAMS */ 640b0d17251Schristos 641b0d17251Schristos static int check_unprotected_legacy_PEM(const char *file, const int line, 642b0d17251Schristos const char *type, 643b0d17251Schristos const void *data, size_t data_len) 644b0d17251Schristos { 645b0d17251Schristos static char expected_pem_header[80]; 646b0d17251Schristos 647b0d17251Schristos return 648b0d17251Schristos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 649b0d17251Schristos sizeof(expected_pem_header), 650b0d17251Schristos "-----BEGIN %s PRIVATE KEY-----", type), 0) 651b0d17251Schristos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 652b0d17251Schristos } 653b0d17251Schristos 654b0d17251Schristos static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) 655b0d17251Schristos { 656b0d17251Schristos if (!default_libctx || is_fips) 657b0d17251Schristos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 658b0d17251Schristos 659b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 660b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 661b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 662b0d17251Schristos "PEM", "type-specific", NULL, NULL, 663b0d17251Schristos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 664b0d17251Schristos test_text, check_unprotected_legacy_PEM, 665b0d17251Schristos dump_pem, 0); 666b0d17251Schristos } 667b0d17251Schristos 668b0d17251Schristos static int check_MSBLOB(const char *file, const int line, 669b0d17251Schristos const char *type, const void *data, size_t data_len) 670b0d17251Schristos { 671b0d17251Schristos const unsigned char *datap = data; 672b0d17251Schristos EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len); 673b0d17251Schristos int ok = TEST_FL_ptr(pkey); 674b0d17251Schristos 675b0d17251Schristos EVP_PKEY_free(pkey); 676b0d17251Schristos return ok; 677b0d17251Schristos } 678b0d17251Schristos 679b0d17251Schristos static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) 680b0d17251Schristos { 681b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 682b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 683b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 684b0d17251Schristos "MSBLOB", NULL, NULL, NULL, 685b0d17251Schristos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 686b0d17251Schristos test_mem, check_MSBLOB, 687b0d17251Schristos dump_der, 0); 688b0d17251Schristos } 689b0d17251Schristos 690b0d17251Schristos static int check_PVK(const char *file, const int line, 691b0d17251Schristos const char *type, const void *data, size_t data_len) 692b0d17251Schristos { 693b0d17251Schristos const unsigned char *in = data; 694b0d17251Schristos unsigned int saltlen = 0, keylen = 0; 695b0d17251Schristos int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen); 696b0d17251Schristos 697b0d17251Schristos return ok; 698b0d17251Schristos } 699b0d17251Schristos 700b0d17251Schristos static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) 701b0d17251Schristos { 702b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 703b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 704b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 705b0d17251Schristos "PVK", NULL, NULL, NULL, 706b0d17251Schristos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 707b0d17251Schristos test_mem, check_PVK, 708b0d17251Schristos dump_der, 0); 709b0d17251Schristos } 710b0d17251Schristos 711b0d17251Schristos static const char *pass_cipher = "AES-256-CBC"; 712b0d17251Schristos static const char *pass = "the holy handgrenade of antioch"; 713b0d17251Schristos 714b0d17251Schristos static int check_protected_PKCS8_DER(const char *file, const int line, 715b0d17251Schristos const char *type, 716b0d17251Schristos const void *data, size_t data_len) 717b0d17251Schristos { 718b0d17251Schristos const unsigned char *datap = data; 719b0d17251Schristos X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); 720b0d17251Schristos int ok = TEST_FL_ptr(p8); 721b0d17251Schristos 722b0d17251Schristos X509_SIG_free(p8); 723b0d17251Schristos return ok; 724b0d17251Schristos } 725b0d17251Schristos 726b0d17251Schristos static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) 727b0d17251Schristos { 728b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 729b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 730b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 731b0d17251Schristos "DER", "EncryptedPrivateKeyInfo", 732b0d17251Schristos pass, pass_cipher, 733b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 734b0d17251Schristos test_mem, check_protected_PKCS8_DER, 735b0d17251Schristos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 736b0d17251Schristos } 737b0d17251Schristos 738b0d17251Schristos static int check_protected_PKCS8_PEM(const char *file, const int line, 739b0d17251Schristos const char *type, 740b0d17251Schristos const void *data, size_t data_len) 741b0d17251Schristos { 742b0d17251Schristos static const char expected_pem_header[] = 743b0d17251Schristos "-----BEGIN " PEM_STRING_PKCS8 "-----"; 744b0d17251Schristos 745b0d17251Schristos return TEST_FL_strn_eq(data, expected_pem_header, 746b0d17251Schristos sizeof(expected_pem_header) - 1); 747b0d17251Schristos } 748b0d17251Schristos 749b0d17251Schristos static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) 750b0d17251Schristos { 751b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 752b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 753b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 754b0d17251Schristos "PEM", "EncryptedPrivateKeyInfo", 755b0d17251Schristos pass, pass_cipher, 756b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 757b0d17251Schristos test_text, check_protected_PKCS8_PEM, 758b0d17251Schristos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 759b0d17251Schristos } 760b0d17251Schristos 761b0d17251Schristos static int check_protected_legacy_PEM(const char *file, const int line, 762b0d17251Schristos const char *type, 763b0d17251Schristos const void *data, size_t data_len) 764b0d17251Schristos { 765b0d17251Schristos static char expected_pem_header[80]; 766b0d17251Schristos 767b0d17251Schristos return 768b0d17251Schristos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 769b0d17251Schristos sizeof(expected_pem_header), 770b0d17251Schristos "-----BEGIN %s PRIVATE KEY-----", type), 0) 771b0d17251Schristos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)) 772b0d17251Schristos && TEST_FL_ptr(strstr(data, "\nDEK-Info: ")); 773b0d17251Schristos } 774b0d17251Schristos 775b0d17251Schristos static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) 776b0d17251Schristos { 777b0d17251Schristos if (!default_libctx || is_fips) 778b0d17251Schristos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 779b0d17251Schristos 780b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 781b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 782b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 783b0d17251Schristos "PEM", "type-specific", pass, pass_cipher, 784b0d17251Schristos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 785b0d17251Schristos test_text, check_protected_legacy_PEM, 786b0d17251Schristos dump_pem, 0); 787b0d17251Schristos } 788b0d17251Schristos 789b0d17251Schristos #ifndef OPENSSL_NO_RC4 790b0d17251Schristos static int test_protected_via_PVK(const char *type, EVP_PKEY *key) 791b0d17251Schristos { 792b0d17251Schristos int ret = 0; 793b0d17251Schristos OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 794b0d17251Schristos if (lgcyprov == NULL) 795b0d17251Schristos return TEST_skip("Legacy provider not available"); 796b0d17251Schristos 797b0d17251Schristos ret = test_encode_decode(__FILE__, __LINE__, type, key, 798b0d17251Schristos OSSL_KEYMGMT_SELECT_KEYPAIR 799b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 800b0d17251Schristos "PVK", NULL, pass, NULL, 801b0d17251Schristos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 802b0d17251Schristos test_mem, check_PVK, dump_der, 0); 803b0d17251Schristos OSSL_PROVIDER_unload(lgcyprov); 804b0d17251Schristos return ret; 805b0d17251Schristos } 806b0d17251Schristos #endif 807b0d17251Schristos 808b0d17251Schristos static int check_public_DER(const char *file, const int line, 809b0d17251Schristos const char *type, const void *data, size_t data_len) 810b0d17251Schristos { 811b0d17251Schristos const unsigned char *datap = data; 812b0d17251Schristos EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); 813b0d17251Schristos int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type))); 814b0d17251Schristos 815b0d17251Schristos EVP_PKEY_free(pkey); 816b0d17251Schristos return ok; 817b0d17251Schristos } 818b0d17251Schristos 819b0d17251Schristos static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) 820b0d17251Schristos { 821b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 822b0d17251Schristos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 823b0d17251Schristos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 824b0d17251Schristos "DER", "SubjectPublicKeyInfo", NULL, NULL, 825b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 826b0d17251Schristos test_mem, check_public_DER, dump_der, 827b0d17251Schristos fips ? 0 : FLAG_FAIL_IF_FIPS); 828b0d17251Schristos } 829b0d17251Schristos 830b0d17251Schristos static int check_public_PEM(const char *file, const int line, 831b0d17251Schristos const char *type, const void *data, size_t data_len) 832b0d17251Schristos { 833b0d17251Schristos static const char expected_pem_header[] = 834b0d17251Schristos "-----BEGIN " PEM_STRING_PUBLIC "-----"; 835b0d17251Schristos 836b0d17251Schristos return 837b0d17251Schristos TEST_FL_strn_eq(data, expected_pem_header, 838b0d17251Schristos sizeof(expected_pem_header) - 1); 839b0d17251Schristos } 840b0d17251Schristos 841b0d17251Schristos static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) 842b0d17251Schristos { 843b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, 844b0d17251Schristos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 845b0d17251Schristos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 846b0d17251Schristos "PEM", "SubjectPublicKeyInfo", NULL, NULL, 847b0d17251Schristos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 848b0d17251Schristos test_text, check_public_PEM, dump_pem, 849b0d17251Schristos fips ? 0 : FLAG_FAIL_IF_FIPS); 850b0d17251Schristos } 851b0d17251Schristos 852b0d17251Schristos static int check_public_MSBLOB(const char *file, const int line, 853b0d17251Schristos const char *type, 854b0d17251Schristos const void *data, size_t data_len) 855b0d17251Schristos { 856b0d17251Schristos const unsigned char *datap = data; 857b0d17251Schristos EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len); 858b0d17251Schristos int ok = TEST_FL_ptr(pkey); 859b0d17251Schristos 860b0d17251Schristos EVP_PKEY_free(pkey); 861b0d17251Schristos return ok; 862b0d17251Schristos } 863b0d17251Schristos 864b0d17251Schristos static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) 865b0d17251Schristos { 866b0d17251Schristos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY 867b0d17251Schristos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 868b0d17251Schristos "MSBLOB", NULL, NULL, NULL, 869b0d17251Schristos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 870b0d17251Schristos test_mem, check_public_MSBLOB, dump_der, 0); 871b0d17251Schristos } 872b0d17251Schristos 873b0d17251Schristos #define KEYS(KEYTYPE) \ 874b0d17251Schristos static EVP_PKEY *key_##KEYTYPE = NULL 875b0d17251Schristos #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ 876b0d17251Schristos ok = ok \ 877b0d17251Schristos && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) 878b0d17251Schristos #define FREE_KEYS(KEYTYPE) \ 879b0d17251Schristos EVP_PKEY_free(key_##KEYTYPE); \ 880b0d17251Schristos 881b0d17251Schristos #define DOMAIN_KEYS(KEYTYPE) \ 882b0d17251Schristos static EVP_PKEY *template_##KEYTYPE = NULL; \ 883b0d17251Schristos static EVP_PKEY *key_##KEYTYPE = NULL 884b0d17251Schristos #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ 885b0d17251Schristos ok = ok \ 886b0d17251Schristos && TEST_ptr(template_##KEYTYPE = \ 887b0d17251Schristos make_template(KEYTYPEstr, params)) \ 888b0d17251Schristos && TEST_ptr(key_##KEYTYPE = \ 889b0d17251Schristos make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) 890b0d17251Schristos #define FREE_DOMAIN_KEYS(KEYTYPE) \ 891b0d17251Schristos EVP_PKEY_free(template_##KEYTYPE); \ 892b0d17251Schristos EVP_PKEY_free(key_##KEYTYPE) 893b0d17251Schristos 894b0d17251Schristos #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ 895b0d17251Schristos static int test_unprotected_##KEYTYPE##_via_DER(void) \ 896b0d17251Schristos { \ 897b0d17251Schristos return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 898b0d17251Schristos } \ 899b0d17251Schristos static int test_unprotected_##KEYTYPE##_via_PEM(void) \ 900b0d17251Schristos { \ 901b0d17251Schristos return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 902b0d17251Schristos } \ 903b0d17251Schristos static int test_protected_##KEYTYPE##_via_DER(void) \ 904b0d17251Schristos { \ 905b0d17251Schristos return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 906b0d17251Schristos } \ 907b0d17251Schristos static int test_protected_##KEYTYPE##_via_PEM(void) \ 908b0d17251Schristos { \ 909b0d17251Schristos return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 910b0d17251Schristos } \ 911b0d17251Schristos static int test_public_##KEYTYPE##_via_DER(void) \ 912b0d17251Schristos { \ 913b0d17251Schristos return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 914b0d17251Schristos } \ 915b0d17251Schristos static int test_public_##KEYTYPE##_via_PEM(void) \ 916b0d17251Schristos { \ 917b0d17251Schristos return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 918b0d17251Schristos } 919b0d17251Schristos 920b0d17251Schristos #define ADD_TEST_SUITE(KEYTYPE) \ 921b0d17251Schristos ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ 922b0d17251Schristos ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ 923b0d17251Schristos ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ 924b0d17251Schristos ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ 925b0d17251Schristos ADD_TEST(test_public_##KEYTYPE##_via_DER); \ 926b0d17251Schristos ADD_TEST(test_public_##KEYTYPE##_via_PEM) 927b0d17251Schristos 928b0d17251Schristos #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ 929b0d17251Schristos static int test_params_##KEYTYPE##_via_DER(void) \ 930b0d17251Schristos { \ 931b0d17251Schristos return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ 932b0d17251Schristos } \ 933b0d17251Schristos static int test_params_##KEYTYPE##_via_PEM(void) \ 934b0d17251Schristos { \ 935b0d17251Schristos return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ 936b0d17251Schristos } 937b0d17251Schristos 938b0d17251Schristos #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ 939b0d17251Schristos ADD_TEST(test_params_##KEYTYPE##_via_DER); \ 940b0d17251Schristos ADD_TEST(test_params_##KEYTYPE##_via_PEM) 941b0d17251Schristos 942b0d17251Schristos #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ 943b0d17251Schristos static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ 944b0d17251Schristos { \ 945b0d17251Schristos return \ 946b0d17251Schristos test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 947b0d17251Schristos } \ 948b0d17251Schristos static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ 949b0d17251Schristos { \ 950b0d17251Schristos return \ 951b0d17251Schristos test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 952b0d17251Schristos } 953b0d17251Schristos 954b0d17251Schristos #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ 955b0d17251Schristos ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ 956b0d17251Schristos ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) 957b0d17251Schristos 958b0d17251Schristos #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ 959b0d17251Schristos static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ 960b0d17251Schristos { \ 961b0d17251Schristos return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 962b0d17251Schristos } \ 963b0d17251Schristos static int test_public_##KEYTYPE##_via_MSBLOB(void) \ 964b0d17251Schristos { \ 965b0d17251Schristos return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 966b0d17251Schristos } 967b0d17251Schristos 968b0d17251Schristos #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ 969b0d17251Schristos ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ 970b0d17251Schristos ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB) 971b0d17251Schristos 972b0d17251Schristos #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 973b0d17251Schristos static int test_unprotected_##KEYTYPE##_via_PVK(void) \ 974b0d17251Schristos { \ 975b0d17251Schristos return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 976b0d17251Schristos } 977b0d17251Schristos # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ 978b0d17251Schristos ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) 979b0d17251Schristos #ifndef OPENSSL_NO_RC4 980b0d17251Schristos # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 981b0d17251Schristos static int test_protected_##KEYTYPE##_via_PVK(void) \ 982b0d17251Schristos { \ 983b0d17251Schristos return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 984b0d17251Schristos } 985b0d17251Schristos # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ 986b0d17251Schristos ADD_TEST(test_protected_##KEYTYPE##_via_PVK) 987b0d17251Schristos #endif 988b0d17251Schristos 989b0d17251Schristos #ifndef OPENSSL_NO_DH 990b0d17251Schristos DOMAIN_KEYS(DH); 991b0d17251Schristos IMPLEMENT_TEST_SUITE(DH, "DH", 1) 992b0d17251Schristos IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") 993b0d17251Schristos DOMAIN_KEYS(DHX); 994b0d17251Schristos IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) 995b0d17251Schristos IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") 996b0d17251Schristos /* 997b0d17251Schristos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 998b0d17251Schristos * so no legacy tests. 999b0d17251Schristos */ 1000b0d17251Schristos #endif 1001b0d17251Schristos #ifndef OPENSSL_NO_DSA 1002b0d17251Schristos DOMAIN_KEYS(DSA); 1003b0d17251Schristos IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) 1004b0d17251Schristos IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") 1005b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") 1006b0d17251Schristos IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") 1007b0d17251Schristos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") 1008b0d17251Schristos # ifndef OPENSSL_NO_RC4 1009b0d17251Schristos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") 1010b0d17251Schristos # endif 1011b0d17251Schristos #endif 1012b0d17251Schristos #ifndef OPENSSL_NO_EC 1013b0d17251Schristos DOMAIN_KEYS(EC); 1014b0d17251Schristos IMPLEMENT_TEST_SUITE(EC, "EC", 1) 1015b0d17251Schristos IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") 1016b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") 1017b0d17251Schristos DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1018b0d17251Schristos IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) 1019b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") 1020b0d17251Schristos DOMAIN_KEYS(ECExplicitPrime2G); 1021b0d17251Schristos IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) 1022b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") 1023b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1024b0d17251Schristos DOMAIN_KEYS(ECExplicitTriNamedCurve); 1025b0d17251Schristos IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) 1026b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") 1027b0d17251Schristos DOMAIN_KEYS(ECExplicitTri2G); 1028b0d17251Schristos IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) 1029b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") 1030b0d17251Schristos # endif 1031*97e3c585Schristos # ifndef OPENSSL_NO_SM2 1032*97e3c585Schristos KEYS(SM2); 1033*97e3c585Schristos IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) 1034*97e3c585Schristos # endif 1035b0d17251Schristos KEYS(ED25519); 1036b0d17251Schristos IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) 1037b0d17251Schristos KEYS(ED448); 1038b0d17251Schristos IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) 1039b0d17251Schristos KEYS(X25519); 1040b0d17251Schristos IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) 1041b0d17251Schristos KEYS(X448); 1042b0d17251Schristos IMPLEMENT_TEST_SUITE(X448, "X448", 1) 1043b0d17251Schristos /* 1044b0d17251Schristos * ED25519, ED448, X25519 and X448 have no support for 1045b0d17251Schristos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1046b0d17251Schristos */ 1047b0d17251Schristos #endif 1048b0d17251Schristos KEYS(RSA); 1049b0d17251Schristos IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) 1050b0d17251Schristos IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") 1051b0d17251Schristos KEYS(RSA_PSS); 1052b0d17251Schristos IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) 1053b0d17251Schristos /* 1054b0d17251Schristos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1055b0d17251Schristos * so no legacy tests. 1056b0d17251Schristos */ 1057b0d17251Schristos IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA") 1058b0d17251Schristos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") 1059b0d17251Schristos #ifndef OPENSSL_NO_RC4 1060b0d17251Schristos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") 1061b0d17251Schristos #endif 1062b0d17251Schristos 1063b0d17251Schristos #ifndef OPENSSL_NO_EC 1064b0d17251Schristos /* Explicit parameters that match a named curve */ 1065b0d17251Schristos static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, 1066b0d17251Schristos const unsigned char *gen, 1067b0d17251Schristos size_t gen_len) 1068b0d17251Schristos { 1069b0d17251Schristos BIGNUM *a, *b, *prime, *order; 1070b0d17251Schristos 1071b0d17251Schristos /* Curve prime256v1 */ 1072b0d17251Schristos static const unsigned char prime_data[] = { 1073b0d17251Schristos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1074b0d17251Schristos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1075b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1076b0d17251Schristos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1077b0d17251Schristos 0xff 1078b0d17251Schristos }; 1079b0d17251Schristos static const unsigned char a_data[] = { 1080b0d17251Schristos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1081b0d17251Schristos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1082b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1083b0d17251Schristos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1084b0d17251Schristos 0xfc 1085b0d17251Schristos }; 1086b0d17251Schristos static const unsigned char b_data[] = { 1087b0d17251Schristos 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 1088b0d17251Schristos 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 1089b0d17251Schristos 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 1090b0d17251Schristos 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b 1091b0d17251Schristos }; 1092b0d17251Schristos static const unsigned char seed[] = { 1093b0d17251Schristos 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 1094b0d17251Schristos 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 1095b0d17251Schristos 0x81, 0x9f, 0x7e, 0x90 1096b0d17251Schristos }; 1097b0d17251Schristos static const unsigned char order_data[] = { 1098b0d17251Schristos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1099b0d17251Schristos 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1100b0d17251Schristos 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 1101b0d17251Schristos 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 1102b0d17251Schristos }; 1103b0d17251Schristos return TEST_ptr(a = BN_CTX_get(bnctx)) 1104b0d17251Schristos && TEST_ptr(b = BN_CTX_get(bnctx)) 1105b0d17251Schristos && TEST_ptr(prime = BN_CTX_get(bnctx)) 1106b0d17251Schristos && TEST_ptr(order = BN_CTX_get(bnctx)) 1107b0d17251Schristos && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) 1108b0d17251Schristos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1109b0d17251Schristos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1110b0d17251Schristos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1111b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1112b0d17251Schristos OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, 1113b0d17251Schristos 0)) 1114b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) 1115b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1116b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1117b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1118b0d17251Schristos OSSL_PKEY_PARAM_EC_ORDER, order)) 1119b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1120b0d17251Schristos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1121b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1122b0d17251Schristos OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) 1123b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1124b0d17251Schristos BN_value_one())); 1125b0d17251Schristos } 1126b0d17251Schristos 1127b0d17251Schristos static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld) 1128b0d17251Schristos { 1129b0d17251Schristos static const unsigned char prime256v1_gen[] = { 1130b0d17251Schristos 0x04, 1131b0d17251Schristos 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 1132b0d17251Schristos 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 1133b0d17251Schristos 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 1134b0d17251Schristos 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 1135b0d17251Schristos 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 1136b0d17251Schristos 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 1137b0d17251Schristos 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 1138b0d17251Schristos 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 1139b0d17251Schristos }; 1140b0d17251Schristos return do_create_ec_explicit_prime_params(bld, prime256v1_gen, 1141b0d17251Schristos sizeof(prime256v1_gen)); 1142b0d17251Schristos } 1143b0d17251Schristos 1144b0d17251Schristos static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld) 1145b0d17251Schristos { 1146b0d17251Schristos /* 2G */ 1147b0d17251Schristos static const unsigned char prime256v1_gen2[] = { 1148b0d17251Schristos 0x04, 1149b0d17251Schristos 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a, 1150b0d17251Schristos 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3, 1151b0d17251Schristos 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6, 1152b0d17251Schristos 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31, 1153b0d17251Schristos 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21, 1154b0d17251Schristos 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9, 1155b0d17251Schristos 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda, 1156b0d17251Schristos 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55 1157b0d17251Schristos }; 1158b0d17251Schristos return do_create_ec_explicit_prime_params(bld, prime256v1_gen2, 1159b0d17251Schristos sizeof(prime256v1_gen2)); 1160b0d17251Schristos } 1161b0d17251Schristos 1162b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1163b0d17251Schristos static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld, 1164b0d17251Schristos const unsigned char *gen, 1165b0d17251Schristos size_t gen_len) 1166b0d17251Schristos { 1167b0d17251Schristos BIGNUM *a, *b, *poly, *order, *cofactor; 1168b0d17251Schristos /* sect233k1 characteristic-two-field tpBasis */ 1169b0d17251Schristos static const unsigned char poly_data[] = { 1170b0d17251Schristos 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1171b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 1172b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1173b0d17251Schristos }; 1174b0d17251Schristos static const unsigned char a_data[] = { 1175b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1176b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1177b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1178b0d17251Schristos }; 1179b0d17251Schristos static const unsigned char b_data[] = { 1180b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1181b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1182b0d17251Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 1183b0d17251Schristos }; 1184b0d17251Schristos static const unsigned char order_data[] = { 1185b0d17251Schristos 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1186b0d17251Schristos 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, 1187b0d17251Schristos 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF 1188b0d17251Schristos }; 1189b0d17251Schristos static const unsigned char cofactor_data[]= { 1190b0d17251Schristos 0x4 1191b0d17251Schristos }; 1192b0d17251Schristos return TEST_ptr(a = BN_CTX_get(bnctx)) 1193b0d17251Schristos && TEST_ptr(b = BN_CTX_get(bnctx)) 1194b0d17251Schristos && TEST_ptr(poly = BN_CTX_get(bnctx)) 1195b0d17251Schristos && TEST_ptr(order = BN_CTX_get(bnctx)) 1196b0d17251Schristos && TEST_ptr(cofactor = BN_CTX_get(bnctx)) 1197b0d17251Schristos && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) 1198b0d17251Schristos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1199b0d17251Schristos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1200b0d17251Schristos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1201b0d17251Schristos && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) 1202b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1203b0d17251Schristos OSSL_PKEY_PARAM_EC_FIELD_TYPE, 1204b0d17251Schristos SN_X9_62_characteristic_two_field, 0)) 1205b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) 1206b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1207b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1208b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1209b0d17251Schristos OSSL_PKEY_PARAM_EC_ORDER, order)) 1210b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1211b0d17251Schristos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1212b0d17251Schristos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1213b0d17251Schristos cofactor)); 1214b0d17251Schristos } 1215b0d17251Schristos 1216b0d17251Schristos static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld) 1217b0d17251Schristos { 1218b0d17251Schristos static const unsigned char gen[] = { 1219b0d17251Schristos 0x04, 1220b0d17251Schristos 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2, 1221b0d17251Schristos 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, 1222b0d17251Schristos 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, 1223b0d17251Schristos 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A, 1224b0d17251Schristos 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, 1225b0d17251Schristos 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 1226b0d17251Schristos }; 1227b0d17251Schristos return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen)); 1228b0d17251Schristos } 1229b0d17251Schristos 1230b0d17251Schristos static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) 1231b0d17251Schristos { 1232b0d17251Schristos static const unsigned char gen2[] = { 1233b0d17251Schristos 0x04, 1234b0d17251Schristos 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1, 1235b0d17251Schristos 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0, 1236b0d17251Schristos 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4, 1237b0d17251Schristos 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86, 1238b0d17251Schristos 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29, 1239b0d17251Schristos 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb 1240b0d17251Schristos }; 1241b0d17251Schristos return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); 1242b0d17251Schristos } 1243b0d17251Schristos # endif /* OPENSSL_NO_EC2M */ 1244b0d17251Schristos #endif /* OPENSSL_NO_EC */ 1245b0d17251Schristos 1246b0d17251Schristos typedef enum OPTION_choice { 1247b0d17251Schristos OPT_ERR = -1, 1248b0d17251Schristos OPT_EOF = 0, 1249b0d17251Schristos OPT_CONTEXT, 1250b0d17251Schristos OPT_RSA_FILE, 1251b0d17251Schristos OPT_RSA_PSS_FILE, 1252b0d17251Schristos OPT_CONFIG_FILE, 1253b0d17251Schristos OPT_PROVIDER_NAME, 1254b0d17251Schristos OPT_TEST_ENUM 1255b0d17251Schristos } OPTION_CHOICE; 1256b0d17251Schristos 1257b0d17251Schristos const OPTIONS *test_get_options(void) 1258b0d17251Schristos { 1259b0d17251Schristos static const OPTIONS options[] = { 1260b0d17251Schristos OPT_TEST_OPTIONS_DEFAULT_USAGE, 1261b0d17251Schristos { "context", OPT_CONTEXT, '-', 1262b0d17251Schristos "Explicitly use a non-default library context" }, 1263b0d17251Schristos { "rsa", OPT_RSA_FILE, '<', 1264b0d17251Schristos "PEM format RSA key file to encode/decode" }, 1265b0d17251Schristos { "pss", OPT_RSA_PSS_FILE, '<', 1266b0d17251Schristos "PEM format RSA-PSS key file to encode/decode" }, 1267b0d17251Schristos { "config", OPT_CONFIG_FILE, '<', 1268b0d17251Schristos "The configuration file to use for the library context" }, 1269b0d17251Schristos { "provider", OPT_PROVIDER_NAME, 's', 1270b0d17251Schristos "The provider to load (The default value is 'default')" }, 1271b0d17251Schristos { NULL } 1272b0d17251Schristos }; 1273b0d17251Schristos return options; 1274b0d17251Schristos } 1275b0d17251Schristos 1276b0d17251Schristos int setup_tests(void) 1277b0d17251Schristos { 1278b0d17251Schristos const char *rsa_file = NULL; 1279b0d17251Schristos const char *rsa_pss_file = NULL; 1280b0d17251Schristos const char *prov_name = "default"; 1281b0d17251Schristos char *config_file = NULL; 1282b0d17251Schristos int ok = 1; 1283b0d17251Schristos 1284b0d17251Schristos #ifndef OPENSSL_NO_DSA 1285b0d17251Schristos static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ 1286b0d17251Schristos static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ 1287b0d17251Schristos OSSL_PARAM DSA_params[] = { 1288b0d17251Schristos OSSL_PARAM_size_t("pbits", &pbits), 1289b0d17251Schristos OSSL_PARAM_size_t("qbits", &qbits), 1290b0d17251Schristos OSSL_PARAM_END 1291b0d17251Schristos }; 1292b0d17251Schristos #endif 1293b0d17251Schristos 1294b0d17251Schristos #ifndef OPENSSL_NO_EC 1295b0d17251Schristos static char groupname[] = "prime256v1"; 1296b0d17251Schristos OSSL_PARAM EC_params[] = { 1297b0d17251Schristos OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1), 1298b0d17251Schristos OSSL_PARAM_END 1299b0d17251Schristos }; 1300b0d17251Schristos #endif 1301b0d17251Schristos 1302b0d17251Schristos OPTION_CHOICE o; 1303b0d17251Schristos 1304b0d17251Schristos while ((o = opt_next()) != OPT_EOF) { 1305b0d17251Schristos switch (o) { 1306b0d17251Schristos case OPT_CONTEXT: 1307b0d17251Schristos default_libctx = 0; 1308b0d17251Schristos break; 1309b0d17251Schristos case OPT_PROVIDER_NAME: 1310b0d17251Schristos prov_name = opt_arg(); 1311b0d17251Schristos break; 1312b0d17251Schristos case OPT_CONFIG_FILE: 1313b0d17251Schristos config_file = opt_arg(); 1314b0d17251Schristos break; 1315b0d17251Schristos case OPT_RSA_FILE: 1316b0d17251Schristos rsa_file = opt_arg(); 1317b0d17251Schristos break; 1318b0d17251Schristos case OPT_RSA_PSS_FILE: 1319b0d17251Schristos rsa_pss_file = opt_arg(); 1320b0d17251Schristos break; 1321b0d17251Schristos case OPT_TEST_CASES: 1322b0d17251Schristos break; 1323b0d17251Schristos default: 1324b0d17251Schristos return 0; 1325b0d17251Schristos } 1326b0d17251Schristos } 1327b0d17251Schristos 1328b0d17251Schristos if (strcmp(prov_name, "fips") == 0) 1329b0d17251Schristos is_fips = 1; 1330b0d17251Schristos 1331b0d17251Schristos if (default_libctx) { 1332b0d17251Schristos if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name)) 1333b0d17251Schristos return 0; 1334b0d17251Schristos } else { 1335b0d17251Schristos if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name)) 1336b0d17251Schristos return 0; 1337b0d17251Schristos } 1338b0d17251Schristos 1339b0d17251Schristos /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ 1340*97e3c585Schristos is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); 1341b0d17251Schristos 1342b0d17251Schristos /* Separate provider/ctx for generating the test data */ 1343b0d17251Schristos if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) 1344b0d17251Schristos return 0; 1345b0d17251Schristos if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default"))) 1346b0d17251Schristos return 0; 1347b0d17251Schristos 1348b0d17251Schristos #ifndef OPENSSL_NO_EC 1349b0d17251Schristos if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx)) 1350b0d17251Schristos || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new()) 1351b0d17251Schristos || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new()) 1352b0d17251Schristos || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) 1353b0d17251Schristos || !create_ec_explicit_prime_params(bld_prime) 1354b0d17251Schristos || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) 1355b0d17251Schristos || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) 1356b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1357b0d17251Schristos || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) 1358b0d17251Schristos || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) 1359b0d17251Schristos || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) 1360b0d17251Schristos || !create_ec_explicit_trinomial_params(bld_tri) 1361b0d17251Schristos || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc)) 1362b0d17251Schristos || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri)) 1363b0d17251Schristos # endif 1364b0d17251Schristos ) 1365b0d17251Schristos return 0; 1366b0d17251Schristos #endif 1367b0d17251Schristos 1368b0d17251Schristos TEST_info("Generating keys..."); 1369b0d17251Schristos 1370b0d17251Schristos #ifndef OPENSSL_NO_DH 1371b0d17251Schristos TEST_info("Generating DH keys..."); 1372b0d17251Schristos MAKE_DOMAIN_KEYS(DH, "DH", NULL); 1373b0d17251Schristos MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); 1374b0d17251Schristos #endif 1375b0d17251Schristos #ifndef OPENSSL_NO_DSA 1376b0d17251Schristos TEST_info("Generating DSA keys..."); 1377b0d17251Schristos MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params); 1378b0d17251Schristos #endif 1379b0d17251Schristos #ifndef OPENSSL_NO_EC 1380b0d17251Schristos TEST_info("Generating EC keys..."); 1381b0d17251Schristos MAKE_DOMAIN_KEYS(EC, "EC", EC_params); 1382b0d17251Schristos MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); 1383b0d17251Schristos MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); 1384b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1385b0d17251Schristos MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); 1386b0d17251Schristos MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); 1387b0d17251Schristos # endif 1388*97e3c585Schristos # ifndef OPENSSL_NO_SM2 1389*97e3c585Schristos MAKE_KEYS(SM2, "SM2", NULL); 1390*97e3c585Schristos # endif 1391b0d17251Schristos MAKE_KEYS(ED25519, "ED25519", NULL); 1392b0d17251Schristos MAKE_KEYS(ED448, "ED448", NULL); 1393b0d17251Schristos MAKE_KEYS(X25519, "X25519", NULL); 1394b0d17251Schristos MAKE_KEYS(X448, "X448", NULL); 1395b0d17251Schristos #endif 1396b0d17251Schristos TEST_info("Loading RSA key..."); 1397b0d17251Schristos ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); 1398b0d17251Schristos TEST_info("Loading RSA_PSS key..."); 1399b0d17251Schristos ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx)); 1400b0d17251Schristos TEST_info("Generating keys done"); 1401b0d17251Schristos 1402b0d17251Schristos if (ok) { 1403b0d17251Schristos #ifndef OPENSSL_NO_DH 1404b0d17251Schristos ADD_TEST_SUITE(DH); 1405b0d17251Schristos ADD_TEST_SUITE_PARAMS(DH); 1406b0d17251Schristos ADD_TEST_SUITE(DHX); 1407b0d17251Schristos ADD_TEST_SUITE_PARAMS(DHX); 1408b0d17251Schristos /* 1409b0d17251Schristos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 1410b0d17251Schristos * so no legacy tests. 1411b0d17251Schristos */ 1412b0d17251Schristos #endif 1413b0d17251Schristos #ifndef OPENSSL_NO_DSA 1414b0d17251Schristos ADD_TEST_SUITE(DSA); 1415b0d17251Schristos ADD_TEST_SUITE_PARAMS(DSA); 1416b0d17251Schristos ADD_TEST_SUITE_LEGACY(DSA); 1417b0d17251Schristos ADD_TEST_SUITE_MSBLOB(DSA); 1418b0d17251Schristos ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); 1419b0d17251Schristos # ifndef OPENSSL_NO_RC4 1420b0d17251Schristos ADD_TEST_SUITE_PROTECTED_PVK(DSA); 1421b0d17251Schristos # endif 1422b0d17251Schristos #endif 1423b0d17251Schristos #ifndef OPENSSL_NO_EC 1424b0d17251Schristos ADD_TEST_SUITE(EC); 1425b0d17251Schristos ADD_TEST_SUITE_PARAMS(EC); 1426b0d17251Schristos ADD_TEST_SUITE_LEGACY(EC); 1427b0d17251Schristos ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); 1428b0d17251Schristos ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); 1429b0d17251Schristos ADD_TEST_SUITE(ECExplicitPrime2G); 1430b0d17251Schristos ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); 1431b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1432b0d17251Schristos ADD_TEST_SUITE(ECExplicitTriNamedCurve); 1433b0d17251Schristos ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); 1434b0d17251Schristos ADD_TEST_SUITE(ECExplicitTri2G); 1435b0d17251Schristos ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); 1436b0d17251Schristos # endif 1437*97e3c585Schristos # ifndef OPENSSL_NO_SM2 1438*97e3c585Schristos if (!is_fips_3_0_0) { 1439*97e3c585Schristos /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ 1440*97e3c585Schristos ADD_TEST_SUITE(SM2); 1441*97e3c585Schristos } 1442*97e3c585Schristos # endif 1443b0d17251Schristos ADD_TEST_SUITE(ED25519); 1444b0d17251Schristos ADD_TEST_SUITE(ED448); 1445b0d17251Schristos ADD_TEST_SUITE(X25519); 1446b0d17251Schristos ADD_TEST_SUITE(X448); 1447b0d17251Schristos /* 1448b0d17251Schristos * ED25519, ED448, X25519 and X448 have no support for 1449b0d17251Schristos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1450b0d17251Schristos */ 1451b0d17251Schristos #endif 1452b0d17251Schristos ADD_TEST_SUITE(RSA); 1453b0d17251Schristos ADD_TEST_SUITE_LEGACY(RSA); 1454b0d17251Schristos ADD_TEST_SUITE(RSA_PSS); 1455b0d17251Schristos /* 1456b0d17251Schristos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1457b0d17251Schristos * so no legacy tests. 1458b0d17251Schristos */ 1459b0d17251Schristos ADD_TEST_SUITE_MSBLOB(RSA); 1460b0d17251Schristos ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); 1461b0d17251Schristos # ifndef OPENSSL_NO_RC4 1462b0d17251Schristos ADD_TEST_SUITE_PROTECTED_PVK(RSA); 1463b0d17251Schristos # endif 1464b0d17251Schristos } 1465b0d17251Schristos 1466b0d17251Schristos return 1; 1467b0d17251Schristos } 1468b0d17251Schristos 1469b0d17251Schristos void cleanup_tests(void) 1470b0d17251Schristos { 1471b0d17251Schristos #ifndef OPENSSL_NO_EC 1472b0d17251Schristos OSSL_PARAM_free(ec_explicit_prime_params_nc); 1473b0d17251Schristos OSSL_PARAM_free(ec_explicit_prime_params_explicit); 1474b0d17251Schristos OSSL_PARAM_BLD_free(bld_prime_nc); 1475b0d17251Schristos OSSL_PARAM_BLD_free(bld_prime); 1476b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1477b0d17251Schristos OSSL_PARAM_free(ec_explicit_tri_params_nc); 1478b0d17251Schristos OSSL_PARAM_free(ec_explicit_tri_params_explicit); 1479b0d17251Schristos OSSL_PARAM_BLD_free(bld_tri_nc); 1480b0d17251Schristos OSSL_PARAM_BLD_free(bld_tri); 1481b0d17251Schristos # endif 1482b0d17251Schristos BN_CTX_free(bnctx); 1483b0d17251Schristos #endif /* OPENSSL_NO_EC */ 1484b0d17251Schristos 1485b0d17251Schristos #ifndef OPENSSL_NO_DH 1486b0d17251Schristos FREE_DOMAIN_KEYS(DH); 1487b0d17251Schristos FREE_DOMAIN_KEYS(DHX); 1488b0d17251Schristos #endif 1489b0d17251Schristos #ifndef OPENSSL_NO_DSA 1490b0d17251Schristos FREE_DOMAIN_KEYS(DSA); 1491b0d17251Schristos #endif 1492b0d17251Schristos #ifndef OPENSSL_NO_EC 1493b0d17251Schristos FREE_DOMAIN_KEYS(EC); 1494b0d17251Schristos FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1495b0d17251Schristos FREE_DOMAIN_KEYS(ECExplicitPrime2G); 1496b0d17251Schristos # ifndef OPENSSL_NO_EC2M 1497b0d17251Schristos FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); 1498b0d17251Schristos FREE_DOMAIN_KEYS(ECExplicitTri2G); 1499b0d17251Schristos # endif 1500*97e3c585Schristos # ifndef OPENSSL_NO_SM2 1501*97e3c585Schristos FREE_KEYS(SM2); 1502*97e3c585Schristos # endif 1503b0d17251Schristos FREE_KEYS(ED25519); 1504b0d17251Schristos FREE_KEYS(ED448); 1505b0d17251Schristos FREE_KEYS(X25519); 1506b0d17251Schristos FREE_KEYS(X448); 1507b0d17251Schristos #endif 1508b0d17251Schristos FREE_KEYS(RSA); 1509b0d17251Schristos FREE_KEYS(RSA_PSS); 1510b0d17251Schristos 1511b0d17251Schristos OSSL_PROVIDER_unload(nullprov); 1512b0d17251Schristos OSSL_PROVIDER_unload(deflprov); 1513b0d17251Schristos OSSL_PROVIDER_unload(keyprov); 1514b0d17251Schristos OSSL_LIB_CTX_free(testctx); 1515b0d17251Schristos OSSL_LIB_CTX_free(keyctx); 1516b0d17251Schristos } 1517