1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/evp.h>
13 #include <openssl/pem.h>
14 #include <openssl/rsa.h>
15 #include <openssl/x509.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include <openssl/param_build.h>
19 #include <openssl/encoder.h>
20 #include <openssl/decoder.h>
21
22 #include "internal/cryptlib.h" /* ossl_assert */
23 #include "crypto/pem.h" /* For PVK and "blob" PEM headers */
24 #include "crypto/evp.h" /* For evp_pkey_is_provided() */
25
26 #include "helpers/predefined_dhparams.h"
27 #include "testutil.h"
28
29 /* Extended test macros to allow passing file & line number */
30 #define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
31 #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n)
32 #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n)
33 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
34 #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b)
35 #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b)
36 #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b)
37 #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b)
38 #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0)
39
40 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
41 # define OPENSSL_NO_KEYPARAMS
42 #endif
43
44 static int default_libctx = 1;
45 static int is_fips = 0;
46 static int is_fips_3_0_0 = 0;
47
48 static OSSL_LIB_CTX *testctx = NULL;
49 static OSSL_LIB_CTX *keyctx = NULL;
50 static char *testpropq = NULL;
51
52 static OSSL_PROVIDER *nullprov = NULL;
53 static OSSL_PROVIDER *deflprov = NULL;
54 static OSSL_PROVIDER *keyprov = NULL;
55
56 #ifndef OPENSSL_NO_EC
57 static BN_CTX *bnctx = NULL;
58 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
59 static OSSL_PARAM_BLD *bld_prime = NULL;
60 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
61 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
62
63 # ifndef OPENSSL_NO_EC2M
64 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
65 static OSSL_PARAM_BLD *bld_tri = NULL;
66 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
67 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
68 # endif
69 #endif
70
71 #ifndef OPENSSL_NO_KEYPARAMS
make_template(const char * type,OSSL_PARAM * genparams)72 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
73 {
74 EVP_PKEY *pkey = NULL;
75 EVP_PKEY_CTX *ctx = NULL;
76
77 # ifndef OPENSSL_NO_DH
78 /*
79 * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
80 * for testing only. Use a minimum key size of 2048 for security purposes.
81 */
82 if (strcmp(type, "DH") == 0)
83 return get_dh512(keyctx);
84
85 if (strcmp(type, "X9.42 DH") == 0)
86 return get_dhx512(keyctx);
87 # endif
88
89 /*
90 * No real need to check the errors other than for the cascade
91 * effect. |pkey| will simply remain NULL if something goes wrong.
92 */
93 (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL
94 && EVP_PKEY_paramgen_init(ctx) > 0
95 && (genparams == NULL
96 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
97 && EVP_PKEY_generate(ctx, &pkey) > 0);
98 EVP_PKEY_CTX_free(ctx);
99
100 return pkey;
101 }
102 #endif
103
104 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key(const char * type,EVP_PKEY * template,OSSL_PARAM * genparams)105 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
106 OSSL_PARAM *genparams)
107 {
108 EVP_PKEY *pkey = NULL;
109 EVP_PKEY_CTX *ctx =
110 template != NULL
111 ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
112 : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);
113
114 /*
115 * No real need to check the errors other than for the cascade
116 * effect. |pkey| will simply remain NULL if something goes wrong.
117 */
118 (void)(ctx != NULL
119 && EVP_PKEY_keygen_init(ctx) > 0
120 && (genparams == NULL
121 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
122 && EVP_PKEY_keygen(ctx, &pkey) > 0);
123 EVP_PKEY_CTX_free(ctx);
124 return pkey;
125 }
126 #endif
127
128 /* Main test driver */
129
130 typedef int (encoder)(const char *file, const int line,
131 void **encoded, long *encoded_len,
132 void *object, int selection,
133 const char *output_type, const char *output_structure,
134 const char *pass, const char *pcipher);
135 typedef int (decoder)(const char *file, const int line,
136 void **object, void *encoded, long encoded_len,
137 const char *input_type, const char *structure_type,
138 const char *keytype, int selection, const char *pass);
139 typedef int (tester)(const char *file, const int line,
140 const void *data1, size_t data1_len,
141 const void *data2, size_t data2_len);
142 typedef int (checker)(const char *file, const int line,
143 const char *type, const void *data, size_t data_len);
144 typedef void (dumper)(const char *label, const void *data, size_t data_len);
145
146 #define FLAG_DECODE_WITH_TYPE 0x0001
147 #define FLAG_FAIL_IF_FIPS 0x0002
148
test_encode_decode(const char * file,const int line,const char * type,EVP_PKEY * pkey,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher,encoder * encode_cb,decoder * decode_cb,tester * test_cb,checker * check_cb,dumper * dump_cb,int flags)149 static int test_encode_decode(const char *file, const int line,
150 const char *type, EVP_PKEY *pkey,
151 int selection, const char *output_type,
152 const char *output_structure,
153 const char *pass, const char *pcipher,
154 encoder *encode_cb, decoder *decode_cb,
155 tester *test_cb, checker *check_cb,
156 dumper *dump_cb, int flags)
157 {
158 void *encoded = NULL;
159 long encoded_len = 0;
160 EVP_PKEY *pkey2 = NULL;
161 EVP_PKEY *pkey3 = NULL;
162 void *encoded2 = NULL;
163 long encoded2_len = 0;
164 int ok = 0;
165
166 /*
167 * Encode |pkey|, decode the result into |pkey2|, and finish off by
168 * encoding |pkey2| as well. That last encoding is for checking and
169 * dumping purposes.
170 */
171 if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
172 output_type, output_structure, pass, pcipher)))
173 goto end;
174
175 if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) {
176 if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
177 encoded_len, output_type, output_structure,
178 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
179 selection, pass)))
180 ok = 1;
181 goto end;
182 }
183
184 if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
185 || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
186 output_type, output_structure,
187 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
188 selection, pass))
189 || ((output_structure == NULL
190 || strcmp(output_structure, "type-specific") != 0)
191 && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len,
192 output_type, output_structure,
193 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
194 0, pass)))
195 || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
196 output_type, output_structure, pass, pcipher)))
197 goto end;
198
199 if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
200 if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)
201 || (pkey3 != NULL
202 && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1)))
203 goto end;
204 } else {
205 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)
206 || (pkey3 != NULL
207 && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1)))
208 goto end;
209 }
210
211 /*
212 * Double check the encoding, but only for unprotected keys,
213 * as protected keys have a random component, which makes the output
214 * differ.
215 */
216 if ((pass == NULL && pcipher == NULL)
217 && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
218 goto end;
219
220 ok = 1;
221 end:
222 if (!ok) {
223 if (encoded != NULL && encoded_len != 0)
224 dump_cb("|pkey| encoded", encoded, encoded_len);
225 if (encoded2 != NULL && encoded2_len != 0)
226 dump_cb("|pkey2| encoded", encoded2, encoded2_len);
227 }
228
229 OPENSSL_free(encoded);
230 OPENSSL_free(encoded2);
231 EVP_PKEY_free(pkey2);
232 EVP_PKEY_free(pkey3);
233 return ok;
234 }
235
236 /* Encoding and decoding methods */
237
encode_EVP_PKEY_prov(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher)238 static int encode_EVP_PKEY_prov(const char *file, const int line,
239 void **encoded, long *encoded_len,
240 void *object, int selection,
241 const char *output_type,
242 const char *output_structure,
243 const char *pass, const char *pcipher)
244 {
245 EVP_PKEY *pkey = object;
246 OSSL_ENCODER_CTX *ectx = NULL;
247 BIO *mem_ser = NULL;
248 BUF_MEM *mem_buf = NULL;
249 const unsigned char *upass = (const unsigned char *)pass;
250 int ok = 0;
251
252 if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
253 output_type,
254 output_structure,
255 testpropq))
256 || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
257 || (pass != NULL
258 && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
259 strlen(pass))))
260 || (pcipher != NULL
261 && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
262 || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
263 || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
264 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
265 || !TEST_FL_ptr(*encoded = mem_buf->data)
266 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
267 goto end;
268
269 /* Detach the encoded output */
270 mem_buf->data = NULL;
271 mem_buf->length = 0;
272 ok = 1;
273 end:
274 BIO_free(mem_ser);
275 OSSL_ENCODER_CTX_free(ectx);
276 return ok;
277 }
278
decode_EVP_PKEY_prov(const char * file,const int line,void ** object,void * encoded,long encoded_len,const char * input_type,const char * structure_type,const char * keytype,int selection,const char * pass)279 static int decode_EVP_PKEY_prov(const char *file, const int line,
280 void **object, void *encoded, long encoded_len,
281 const char *input_type,
282 const char *structure_type,
283 const char *keytype, int selection,
284 const char *pass)
285 {
286 EVP_PKEY *pkey = NULL, *testpkey = NULL;
287 OSSL_DECODER_CTX *dctx = NULL;
288 BIO *encoded_bio = NULL;
289 const unsigned char *upass = (const unsigned char *)pass;
290 int ok = 0;
291 int i;
292 const char *badtype;
293
294 if (strcmp(input_type, "DER") == 0)
295 badtype = "PEM";
296 else
297 badtype = "DER";
298
299 if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
300 goto end;
301
302 /*
303 * We attempt the decode 3 times. The first time we provide the expected
304 * starting input type. The second time we provide NULL for the starting
305 * type. The third time we provide a bad starting input type.
306 * The bad starting input type should fail. The other two should succeed
307 * and produce the same result.
308 */
309 for (i = 0; i < 3; i++) {
310 const char *testtype = (i == 0) ? input_type
311 : ((i == 1) ? NULL : badtype);
312
313 if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
314 testtype,
315 structure_type,
316 keytype,
317 selection,
318 testctx, testpropq))
319 || (pass != NULL
320 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
321 || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
322 /* We expect to fail when using a bad input type */
323 || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
324 (i == 2) ? 0 : 1))
325 goto end;
326 OSSL_DECODER_CTX_free(dctx);
327 dctx = NULL;
328
329 if (i == 0) {
330 pkey = testpkey;
331 testpkey = NULL;
332 } else if (i == 1) {
333 if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
334 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
335 goto end;
336 } else {
337 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
338 goto end;
339 }
340 }
341 }
342 ok = 1;
343 *object = pkey;
344 pkey = NULL;
345
346 end:
347 EVP_PKEY_free(pkey);
348 EVP_PKEY_free(testpkey);
349 BIO_free(encoded_bio);
350 OSSL_DECODER_CTX_free(dctx);
351 return ok;
352 }
353
encode_EVP_PKEY_legacy_PEM(const char * file,const int line,void ** encoded,long * encoded_len,void * object,ossl_unused int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,const char * pcipher)354 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
355 void **encoded, long *encoded_len,
356 void *object, ossl_unused int selection,
357 ossl_unused const char *output_type,
358 ossl_unused const char *output_structure,
359 const char *pass, const char *pcipher)
360 {
361 EVP_PKEY *pkey = object;
362 EVP_CIPHER *cipher = NULL;
363 BIO *mem_ser = NULL;
364 BUF_MEM *mem_buf = NULL;
365 const unsigned char *upass = (const unsigned char *)pass;
366 size_t passlen = 0;
367 int ok = 0;
368
369 if (pcipher != NULL && pass != NULL) {
370 passlen = strlen(pass);
371 if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq)))
372 goto end;
373 }
374 if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
375 || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
376 cipher,
377 upass, passlen,
378 NULL, NULL))
379 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
380 || !TEST_FL_ptr(*encoded = mem_buf->data)
381 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
382 goto end;
383
384 /* Detach the encoded output */
385 mem_buf->data = NULL;
386 mem_buf->length = 0;
387 ok = 1;
388 end:
389 BIO_free(mem_ser);
390 EVP_CIPHER_free(cipher);
391 return ok;
392 }
393
encode_EVP_PKEY_MSBLOB(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,ossl_unused const char * pass,ossl_unused const char * pcipher)394 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
395 void **encoded, long *encoded_len,
396 void *object, int selection,
397 ossl_unused const char *output_type,
398 ossl_unused const char *output_structure,
399 ossl_unused const char *pass,
400 ossl_unused const char *pcipher)
401 {
402 EVP_PKEY *pkey = object;
403 BIO *mem_ser = NULL;
404 BUF_MEM *mem_buf = NULL;
405 int ok = 0;
406
407 if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
408 goto end;
409
410 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
411 if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
412 goto end;
413 } else {
414 if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
415 goto end;
416 }
417
418 if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
419 || !TEST_FL_ptr(*encoded = mem_buf->data)
420 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
421 goto end;
422
423 /* Detach the encoded output */
424 mem_buf->data = NULL;
425 mem_buf->length = 0;
426 ok = 1;
427 end:
428 BIO_free(mem_ser);
429 return ok;
430 }
431
432 static pem_password_cb pass_pw;
pass_pw(char * buf,int size,int rwflag,void * userdata)433 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
434 {
435 OPENSSL_strlcpy(buf, userdata, size);
436 return strlen(userdata);
437 }
438
encode_EVP_PKEY_PVK(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,ossl_unused const char * pcipher)439 static int encode_EVP_PKEY_PVK(const char *file, const int line,
440 void **encoded, long *encoded_len,
441 void *object, int selection,
442 ossl_unused const char *output_type,
443 ossl_unused const char *output_structure,
444 const char *pass,
445 ossl_unused const char *pcipher)
446 {
447 EVP_PKEY *pkey = object;
448 BIO *mem_ser = NULL;
449 BUF_MEM *mem_buf = NULL;
450 int enc = (pass != NULL);
451 int ok = 0;
452
453 if (!TEST_FL_true(ossl_assert((selection
454 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
455 || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
456 || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc,
457 pass_pw, (void *)pass, testctx, testpropq), 0)
458 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
459 || !TEST_FL_ptr(*encoded = mem_buf->data)
460 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
461 goto end;
462
463 /* Detach the encoded output */
464 mem_buf->data = NULL;
465 mem_buf->length = 0;
466 ok = 1;
467 end:
468 BIO_free(mem_ser);
469 return ok;
470 }
471
test_text(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)472 static int test_text(const char *file, const int line,
473 const void *data1, size_t data1_len,
474 const void *data2, size_t data2_len)
475 {
476 return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
477 }
478
test_mem(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)479 static int test_mem(const char *file, const int line,
480 const void *data1, size_t data1_len,
481 const void *data2, size_t data2_len)
482 {
483 return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
484 }
485
486 /* Test cases and their dumpers / checkers */
487
collect_name(const char * name,void * arg)488 static void collect_name(const char *name, void *arg)
489 {
490 char **namelist = arg;
491 char *new_namelist;
492 size_t space;
493
494 space = strlen(name);
495 if (*namelist != NULL)
496 space += strlen(*namelist) + 2 /* for comma and space */;
497 space++; /* for terminating null byte */
498
499 new_namelist = OPENSSL_realloc(*namelist, space);
500 if (new_namelist == NULL)
501 return;
502 if (*namelist != NULL) {
503 strcat(new_namelist, ", ");
504 strcat(new_namelist, name);
505 } else {
506 strcpy(new_namelist, name);
507 }
508 *namelist = new_namelist;
509 }
510
dump_der(const char * label,const void * data,size_t data_len)511 static void dump_der(const char *label, const void *data, size_t data_len)
512 {
513 test_output_memory(label, data, data_len);
514 }
515
dump_pem(const char * label,const void * data,size_t data_len)516 static void dump_pem(const char *label, const void *data, size_t data_len)
517 {
518 test_output_string(label, data, data_len - 1);
519 }
520
check_unprotected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)521 static int check_unprotected_PKCS8_DER(const char *file, const int line,
522 const char *type,
523 const void *data, size_t data_len)
524 {
525 const unsigned char *datap = data;
526 PKCS8_PRIV_KEY_INFO *p8inf =
527 d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
528 int ok = 0;
529
530 if (TEST_FL_ptr(p8inf)) {
531 EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq);
532 char *namelist = NULL;
533
534 if (TEST_FL_ptr(pkey)) {
535 if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
536 EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist);
537 if (namelist != NULL)
538 TEST_note("%s isn't any of %s", type, namelist);
539 OPENSSL_free(namelist);
540 }
541 ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
542 EVP_PKEY_free(pkey);
543 }
544 }
545 PKCS8_PRIV_KEY_INFO_free(p8inf);
546 return ok;
547 }
548
test_unprotected_via_DER(const char * type,EVP_PKEY * key,int fips)549 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
550 {
551 return test_encode_decode(__FILE__, __LINE__, type, key,
552 OSSL_KEYMGMT_SELECT_KEYPAIR
553 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
554 "DER", "PrivateKeyInfo", NULL, NULL,
555 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
556 test_mem, check_unprotected_PKCS8_DER,
557 dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
558 }
559
check_unprotected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)560 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
561 const char *type,
562 const void *data, size_t data_len)
563 {
564 static const char expected_pem_header[] =
565 "-----BEGIN " PEM_STRING_PKCS8INF "-----";
566
567 return TEST_FL_strn_eq(data, expected_pem_header,
568 sizeof(expected_pem_header) - 1);
569 }
570
test_unprotected_via_PEM(const char * type,EVP_PKEY * key,int fips)571 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
572 {
573 return test_encode_decode(__FILE__, __LINE__, type, key,
574 OSSL_KEYMGMT_SELECT_KEYPAIR
575 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
576 "PEM", "PrivateKeyInfo", NULL, NULL,
577 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
578 test_text, check_unprotected_PKCS8_PEM,
579 dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
580 }
581
582 #ifndef OPENSSL_NO_KEYPARAMS
check_params_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)583 static int check_params_DER(const char *file, const int line,
584 const char *type, const void *data, size_t data_len)
585 {
586 const unsigned char *datap = data;
587 int ok = 0;
588 int itype = NID_undef;
589 EVP_PKEY *pkey = NULL;
590
591 if (strcmp(type, "DH") == 0)
592 itype = EVP_PKEY_DH;
593 else if (strcmp(type, "X9.42 DH") == 0)
594 itype = EVP_PKEY_DHX;
595 else if (strcmp(type, "DSA") == 0)
596 itype = EVP_PKEY_DSA;
597 else if (strcmp(type, "EC") == 0)
598 itype = EVP_PKEY_EC;
599
600 if (itype != NID_undef) {
601 pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
602 ok = (pkey != NULL);
603 EVP_PKEY_free(pkey);
604 }
605
606 return ok;
607 }
608
check_params_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)609 static int check_params_PEM(const char *file, const int line,
610 const char *type,
611 const void *data, size_t data_len)
612 {
613 static char expected_pem_header[80];
614
615 return
616 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
617 sizeof(expected_pem_header),
618 "-----BEGIN %s PARAMETERS-----", type), 0)
619 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
620 }
621
test_params_via_DER(const char * type,EVP_PKEY * key)622 static int test_params_via_DER(const char *type, EVP_PKEY *key)
623 {
624 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
625 "DER", "type-specific", NULL, NULL,
626 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
627 test_mem, check_params_DER,
628 dump_der, FLAG_DECODE_WITH_TYPE);
629 }
630
test_params_via_PEM(const char * type,EVP_PKEY * key)631 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
632 {
633 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
634 "PEM", "type-specific", NULL, NULL,
635 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
636 test_text, check_params_PEM,
637 dump_pem, 0);
638 }
639 #endif /* !OPENSSL_NO_KEYPARAMS */
640
check_unprotected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)641 static int check_unprotected_legacy_PEM(const char *file, const int line,
642 const char *type,
643 const void *data, size_t data_len)
644 {
645 static char expected_pem_header[80];
646
647 return
648 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
649 sizeof(expected_pem_header),
650 "-----BEGIN %s PRIVATE KEY-----", type), 0)
651 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
652 }
653
test_unprotected_via_legacy_PEM(const char * type,EVP_PKEY * key)654 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
655 {
656 if (!default_libctx || is_fips)
657 return TEST_skip("Test not available if using a non-default library context or FIPS provider");
658
659 return test_encode_decode(__FILE__, __LINE__, type, key,
660 OSSL_KEYMGMT_SELECT_KEYPAIR
661 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
662 "PEM", "type-specific", NULL, NULL,
663 encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
664 test_text, check_unprotected_legacy_PEM,
665 dump_pem, 0);
666 }
667
check_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)668 static int check_MSBLOB(const char *file, const int line,
669 const char *type, const void *data, size_t data_len)
670 {
671 const unsigned char *datap = data;
672 EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
673 int ok = TEST_FL_ptr(pkey);
674
675 EVP_PKEY_free(pkey);
676 return ok;
677 }
678
test_unprotected_via_MSBLOB(const char * type,EVP_PKEY * key)679 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
680 {
681 return test_encode_decode(__FILE__, __LINE__, type, key,
682 OSSL_KEYMGMT_SELECT_KEYPAIR
683 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
684 "MSBLOB", NULL, NULL, NULL,
685 encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
686 test_mem, check_MSBLOB,
687 dump_der, 0);
688 }
689
check_PVK(const char * file,const int line,const char * type,const void * data,size_t data_len)690 static int check_PVK(const char *file, const int line,
691 const char *type, const void *data, size_t data_len)
692 {
693 const unsigned char *in = data;
694 unsigned int saltlen = 0, keylen = 0;
695 int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
696
697 return ok;
698 }
699
test_unprotected_via_PVK(const char * type,EVP_PKEY * key)700 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
701 {
702 return test_encode_decode(__FILE__, __LINE__, type, key,
703 OSSL_KEYMGMT_SELECT_KEYPAIR
704 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
705 "PVK", NULL, NULL, NULL,
706 encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
707 test_mem, check_PVK,
708 dump_der, 0);
709 }
710
711 static const char *pass_cipher = "AES-256-CBC";
712 static const char *pass = "the holy handgrenade of antioch";
713
check_protected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)714 static int check_protected_PKCS8_DER(const char *file, const int line,
715 const char *type,
716 const void *data, size_t data_len)
717 {
718 const unsigned char *datap = data;
719 X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
720 int ok = TEST_FL_ptr(p8);
721
722 X509_SIG_free(p8);
723 return ok;
724 }
725
test_protected_via_DER(const char * type,EVP_PKEY * key,int fips)726 static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
727 {
728 return test_encode_decode(__FILE__, __LINE__, type, key,
729 OSSL_KEYMGMT_SELECT_KEYPAIR
730 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
731 "DER", "EncryptedPrivateKeyInfo",
732 pass, pass_cipher,
733 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
734 test_mem, check_protected_PKCS8_DER,
735 dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
736 }
737
check_protected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)738 static int check_protected_PKCS8_PEM(const char *file, const int line,
739 const char *type,
740 const void *data, size_t data_len)
741 {
742 static const char expected_pem_header[] =
743 "-----BEGIN " PEM_STRING_PKCS8 "-----";
744
745 return TEST_FL_strn_eq(data, expected_pem_header,
746 sizeof(expected_pem_header) - 1);
747 }
748
test_protected_via_PEM(const char * type,EVP_PKEY * key,int fips)749 static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
750 {
751 return test_encode_decode(__FILE__, __LINE__, type, key,
752 OSSL_KEYMGMT_SELECT_KEYPAIR
753 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
754 "PEM", "EncryptedPrivateKeyInfo",
755 pass, pass_cipher,
756 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
757 test_text, check_protected_PKCS8_PEM,
758 dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
759 }
760
check_protected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)761 static int check_protected_legacy_PEM(const char *file, const int line,
762 const char *type,
763 const void *data, size_t data_len)
764 {
765 static char expected_pem_header[80];
766
767 return
768 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
769 sizeof(expected_pem_header),
770 "-----BEGIN %s PRIVATE KEY-----", type), 0)
771 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
772 && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
773 }
774
test_protected_via_legacy_PEM(const char * type,EVP_PKEY * key)775 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
776 {
777 if (!default_libctx || is_fips)
778 return TEST_skip("Test not available if using a non-default library context or FIPS provider");
779
780 return test_encode_decode(__FILE__, __LINE__, type, key,
781 OSSL_KEYMGMT_SELECT_KEYPAIR
782 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
783 "PEM", "type-specific", pass, pass_cipher,
784 encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
785 test_text, check_protected_legacy_PEM,
786 dump_pem, 0);
787 }
788
789 #ifndef OPENSSL_NO_RC4
test_protected_via_PVK(const char * type,EVP_PKEY * key)790 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
791 {
792 int ret = 0;
793 OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
794 if (lgcyprov == NULL)
795 return TEST_skip("Legacy provider not available");
796
797 ret = test_encode_decode(__FILE__, __LINE__, type, key,
798 OSSL_KEYMGMT_SELECT_KEYPAIR
799 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
800 "PVK", NULL, pass, NULL,
801 encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
802 test_mem, check_PVK, dump_der, 0);
803 OSSL_PROVIDER_unload(lgcyprov);
804 return ret;
805 }
806 #endif
807
check_public_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)808 static int check_public_DER(const char *file, const int line,
809 const char *type, const void *data, size_t data_len)
810 {
811 const unsigned char *datap = data;
812 EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq);
813 int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
814
815 EVP_PKEY_free(pkey);
816 return ok;
817 }
818
test_public_via_DER(const char * type,EVP_PKEY * key,int fips)819 static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
820 {
821 return test_encode_decode(__FILE__, __LINE__, type, key,
822 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
823 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
824 "DER", "SubjectPublicKeyInfo", NULL, NULL,
825 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
826 test_mem, check_public_DER, dump_der,
827 fips ? 0 : FLAG_FAIL_IF_FIPS);
828 }
829
check_public_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)830 static int check_public_PEM(const char *file, const int line,
831 const char *type, const void *data, size_t data_len)
832 {
833 static const char expected_pem_header[] =
834 "-----BEGIN " PEM_STRING_PUBLIC "-----";
835
836 return
837 TEST_FL_strn_eq(data, expected_pem_header,
838 sizeof(expected_pem_header) - 1);
839 }
840
test_public_via_PEM(const char * type,EVP_PKEY * key,int fips)841 static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
842 {
843 return test_encode_decode(__FILE__, __LINE__, type, key,
844 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
845 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
846 "PEM", "SubjectPublicKeyInfo", NULL, NULL,
847 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
848 test_text, check_public_PEM, dump_pem,
849 fips ? 0 : FLAG_FAIL_IF_FIPS);
850 }
851
check_public_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)852 static int check_public_MSBLOB(const char *file, const int line,
853 const char *type,
854 const void *data, size_t data_len)
855 {
856 const unsigned char *datap = data;
857 EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
858 int ok = TEST_FL_ptr(pkey);
859
860 EVP_PKEY_free(pkey);
861 return ok;
862 }
863
test_public_via_MSBLOB(const char * type,EVP_PKEY * key)864 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
865 {
866 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
867 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
868 "MSBLOB", NULL, NULL, NULL,
869 encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
870 test_mem, check_public_MSBLOB, dump_der, 0);
871 }
872
873 #define KEYS(KEYTYPE) \
874 static EVP_PKEY *key_##KEYTYPE = NULL
875 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \
876 ok = ok \
877 && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
878 #define FREE_KEYS(KEYTYPE) \
879 EVP_PKEY_free(key_##KEYTYPE); \
880
881 #define DOMAIN_KEYS(KEYTYPE) \
882 static EVP_PKEY *template_##KEYTYPE = NULL; \
883 static EVP_PKEY *key_##KEYTYPE = NULL
884 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \
885 ok = ok \
886 && TEST_ptr(template_##KEYTYPE = \
887 make_template(KEYTYPEstr, params)) \
888 && TEST_ptr(key_##KEYTYPE = \
889 make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
890 #define FREE_DOMAIN_KEYS(KEYTYPE) \
891 EVP_PKEY_free(template_##KEYTYPE); \
892 EVP_PKEY_free(key_##KEYTYPE)
893
894 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
895 static int test_unprotected_##KEYTYPE##_via_DER(void) \
896 { \
897 return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
898 } \
899 static int test_unprotected_##KEYTYPE##_via_PEM(void) \
900 { \
901 return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
902 } \
903 static int test_protected_##KEYTYPE##_via_DER(void) \
904 { \
905 return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
906 } \
907 static int test_protected_##KEYTYPE##_via_PEM(void) \
908 { \
909 return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
910 } \
911 static int test_public_##KEYTYPE##_via_DER(void) \
912 { \
913 return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
914 } \
915 static int test_public_##KEYTYPE##_via_PEM(void) \
916 { \
917 return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
918 }
919
920 #define ADD_TEST_SUITE(KEYTYPE) \
921 ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \
922 ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \
923 ADD_TEST(test_protected_##KEYTYPE##_via_DER); \
924 ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \
925 ADD_TEST(test_public_##KEYTYPE##_via_DER); \
926 ADD_TEST(test_public_##KEYTYPE##_via_PEM)
927
928 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \
929 static int test_params_##KEYTYPE##_via_DER(void) \
930 { \
931 return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \
932 } \
933 static int test_params_##KEYTYPE##_via_PEM(void) \
934 { \
935 return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
936 }
937
938 #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \
939 ADD_TEST(test_params_##KEYTYPE##_via_DER); \
940 ADD_TEST(test_params_##KEYTYPE##_via_PEM)
941
942 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \
943 static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \
944 { \
945 return \
946 test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
947 } \
948 static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \
949 { \
950 return \
951 test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
952 }
953
954 #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
955 ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
956 ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
957
958 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
959 static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
960 { \
961 return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
962 } \
963 static int test_public_##KEYTYPE##_via_MSBLOB(void) \
964 { \
965 return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
966 }
967
968 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
969 ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
970 ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
971
972 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
973 static int test_unprotected_##KEYTYPE##_via_PVK(void) \
974 { \
975 return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
976 }
977 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
978 ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
979 #ifndef OPENSSL_NO_RC4
980 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
981 static int test_protected_##KEYTYPE##_via_PVK(void) \
982 { \
983 return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
984 }
985 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \
986 ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
987 #endif
988
989 #ifndef OPENSSL_NO_DH
990 DOMAIN_KEYS(DH);
991 IMPLEMENT_TEST_SUITE(DH, "DH", 1)
992 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
993 DOMAIN_KEYS(DHX);
994 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
995 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
996 /*
997 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
998 * so no legacy tests.
999 */
1000 #endif
1001 #ifndef OPENSSL_NO_DSA
1002 DOMAIN_KEYS(DSA);
1003 IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
1004 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
1005 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
1006 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
1007 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
1008 # ifndef OPENSSL_NO_RC4
1009 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
1010 # endif
1011 #endif
1012 #ifndef OPENSSL_NO_EC
1013 DOMAIN_KEYS(EC);
1014 IMPLEMENT_TEST_SUITE(EC, "EC", 1)
1015 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
1016 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
1017 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1018 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
1019 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
1020 DOMAIN_KEYS(ECExplicitPrime2G);
1021 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
1022 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
1023 # ifndef OPENSSL_NO_EC2M
1024 DOMAIN_KEYS(ECExplicitTriNamedCurve);
1025 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
1026 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
1027 DOMAIN_KEYS(ECExplicitTri2G);
1028 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
1029 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1030 # endif
1031 # ifndef OPENSSL_NO_SM2
1032 KEYS(SM2);
1033 IMPLEMENT_TEST_SUITE(SM2, "SM2", 0)
1034 # endif
1035 KEYS(ED25519);
1036 IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
1037 KEYS(ED448);
1038 IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
1039 KEYS(X25519);
1040 IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
1041 KEYS(X448);
1042 IMPLEMENT_TEST_SUITE(X448, "X448", 1)
1043 /*
1044 * ED25519, ED448, X25519 and X448 have no support for
1045 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1046 */
1047 #endif
1048 KEYS(RSA);
1049 IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
1050 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1051 KEYS(RSA_PSS);
1052 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
1053 /*
1054 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1055 * so no legacy tests.
1056 */
1057 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
1058 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
1059 #ifndef OPENSSL_NO_RC4
1060 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1061 #endif
1062
1063 #ifndef OPENSSL_NO_EC
1064 /* Explicit parameters that match a named curve */
do_create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1065 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1066 const unsigned char *gen,
1067 size_t gen_len)
1068 {
1069 BIGNUM *a, *b, *prime, *order;
1070
1071 /* Curve prime256v1 */
1072 static const unsigned char prime_data[] = {
1073 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1074 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1075 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1076 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1077 0xff
1078 };
1079 static const unsigned char a_data[] = {
1080 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1081 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1082 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1083 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1084 0xfc
1085 };
1086 static const unsigned char b_data[] = {
1087 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1088 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1089 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1090 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1091 };
1092 static const unsigned char seed[] = {
1093 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1094 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1095 0x81, 0x9f, 0x7e, 0x90
1096 };
1097 static const unsigned char order_data[] = {
1098 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1099 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1100 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1101 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1102 };
1103 return TEST_ptr(a = BN_CTX_get(bnctx))
1104 && TEST_ptr(b = BN_CTX_get(bnctx))
1105 && TEST_ptr(prime = BN_CTX_get(bnctx))
1106 && TEST_ptr(order = BN_CTX_get(bnctx))
1107 && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1108 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1109 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1110 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1111 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1112 OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1113 0))
1114 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1115 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1116 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1117 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1118 OSSL_PKEY_PARAM_EC_ORDER, order))
1119 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1120 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1121 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1122 OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1123 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1124 BN_value_one()));
1125 }
1126
create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD * bld)1127 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1128 {
1129 static const unsigned char prime256v1_gen[] = {
1130 0x04,
1131 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1132 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1133 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1134 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1135 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1136 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1137 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1138 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1139 };
1140 return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1141 sizeof(prime256v1_gen));
1142 }
1143
create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld)1144 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1145 {
1146 /* 2G */
1147 static const unsigned char prime256v1_gen2[] = {
1148 0x04,
1149 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1150 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1151 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1152 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1153 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1154 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1155 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1156 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1157 };
1158 return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1159 sizeof(prime256v1_gen2));
1160 }
1161
1162 # ifndef OPENSSL_NO_EC2M
do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1163 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1164 const unsigned char *gen,
1165 size_t gen_len)
1166 {
1167 BIGNUM *a, *b, *poly, *order, *cofactor;
1168 /* sect233k1 characteristic-two-field tpBasis */
1169 static const unsigned char poly_data[] = {
1170 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1171 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1172 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1173 };
1174 static const unsigned char a_data[] = {
1175 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1178 };
1179 static const unsigned char b_data[] = {
1180 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1181 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1182 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1183 };
1184 static const unsigned char order_data[] = {
1185 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1186 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1187 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1188 };
1189 static const unsigned char cofactor_data[]= {
1190 0x4
1191 };
1192 return TEST_ptr(a = BN_CTX_get(bnctx))
1193 && TEST_ptr(b = BN_CTX_get(bnctx))
1194 && TEST_ptr(poly = BN_CTX_get(bnctx))
1195 && TEST_ptr(order = BN_CTX_get(bnctx))
1196 && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1197 && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1198 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1199 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1200 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1201 && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1202 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1203 OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1204 SN_X9_62_characteristic_two_field, 0))
1205 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1206 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1207 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1208 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1209 OSSL_PKEY_PARAM_EC_ORDER, order))
1210 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1211 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1212 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1213 cofactor));
1214 }
1215
create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD * bld)1216 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1217 {
1218 static const unsigned char gen[] = {
1219 0x04,
1220 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1221 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1222 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1223 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1224 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1225 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1226 };
1227 return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1228 }
1229
create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld)1230 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1231 {
1232 static const unsigned char gen2[] = {
1233 0x04,
1234 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1235 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1236 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1237 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1238 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1239 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1240 };
1241 return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1242 }
1243 # endif /* OPENSSL_NO_EC2M */
1244 #endif /* OPENSSL_NO_EC */
1245
1246 typedef enum OPTION_choice {
1247 OPT_ERR = -1,
1248 OPT_EOF = 0,
1249 OPT_CONTEXT,
1250 OPT_RSA_FILE,
1251 OPT_RSA_PSS_FILE,
1252 OPT_CONFIG_FILE,
1253 OPT_PROVIDER_NAME,
1254 OPT_TEST_ENUM
1255 } OPTION_CHOICE;
1256
test_get_options(void)1257 const OPTIONS *test_get_options(void)
1258 {
1259 static const OPTIONS options[] = {
1260 OPT_TEST_OPTIONS_DEFAULT_USAGE,
1261 { "context", OPT_CONTEXT, '-',
1262 "Explicitly use a non-default library context" },
1263 { "rsa", OPT_RSA_FILE, '<',
1264 "PEM format RSA key file to encode/decode" },
1265 { "pss", OPT_RSA_PSS_FILE, '<',
1266 "PEM format RSA-PSS key file to encode/decode" },
1267 { "config", OPT_CONFIG_FILE, '<',
1268 "The configuration file to use for the library context" },
1269 { "provider", OPT_PROVIDER_NAME, 's',
1270 "The provider to load (The default value is 'default')" },
1271 { NULL }
1272 };
1273 return options;
1274 }
1275
setup_tests(void)1276 int setup_tests(void)
1277 {
1278 const char *rsa_file = NULL;
1279 const char *rsa_pss_file = NULL;
1280 const char *prov_name = "default";
1281 char *config_file = NULL;
1282 int ok = 1;
1283
1284 #ifndef OPENSSL_NO_DSA
1285 static size_t qbits = 160; /* PVK only tolerates 160 Q bits */
1286 static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1287 OSSL_PARAM DSA_params[] = {
1288 OSSL_PARAM_size_t("pbits", &pbits),
1289 OSSL_PARAM_size_t("qbits", &qbits),
1290 OSSL_PARAM_END
1291 };
1292 #endif
1293
1294 #ifndef OPENSSL_NO_EC
1295 static char groupname[] = "prime256v1";
1296 OSSL_PARAM EC_params[] = {
1297 OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1298 OSSL_PARAM_END
1299 };
1300 #endif
1301
1302 OPTION_CHOICE o;
1303
1304 while ((o = opt_next()) != OPT_EOF) {
1305 switch (o) {
1306 case OPT_CONTEXT:
1307 default_libctx = 0;
1308 break;
1309 case OPT_PROVIDER_NAME:
1310 prov_name = opt_arg();
1311 break;
1312 case OPT_CONFIG_FILE:
1313 config_file = opt_arg();
1314 break;
1315 case OPT_RSA_FILE:
1316 rsa_file = opt_arg();
1317 break;
1318 case OPT_RSA_PSS_FILE:
1319 rsa_pss_file = opt_arg();
1320 break;
1321 case OPT_TEST_CASES:
1322 break;
1323 default:
1324 return 0;
1325 }
1326 }
1327
1328 if (strcmp(prov_name, "fips") == 0)
1329 is_fips = 1;
1330
1331 if (default_libctx) {
1332 if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name))
1333 return 0;
1334 } else {
1335 if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name))
1336 return 0;
1337 }
1338
1339 /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
1340 is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
1341
1342 /* Separate provider/ctx for generating the test data */
1343 if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
1344 return 0;
1345 if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default")))
1346 return 0;
1347
1348 #ifndef OPENSSL_NO_EC
1349 if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx))
1350 || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1351 || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1352 || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1353 || !create_ec_explicit_prime_params(bld_prime)
1354 || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1355 || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1356 # ifndef OPENSSL_NO_EC2M
1357 || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1358 || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1359 || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1360 || !create_ec_explicit_trinomial_params(bld_tri)
1361 || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1362 || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1363 # endif
1364 )
1365 return 0;
1366 #endif
1367
1368 TEST_info("Generating keys...");
1369
1370 #ifndef OPENSSL_NO_DH
1371 TEST_info("Generating DH keys...");
1372 MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1373 MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1374 #endif
1375 #ifndef OPENSSL_NO_DSA
1376 TEST_info("Generating DSA keys...");
1377 MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1378 #endif
1379 #ifndef OPENSSL_NO_EC
1380 TEST_info("Generating EC keys...");
1381 MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1382 MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1383 MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1384 # ifndef OPENSSL_NO_EC2M
1385 MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1386 MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1387 # endif
1388 # ifndef OPENSSL_NO_SM2
1389 MAKE_KEYS(SM2, "SM2", NULL);
1390 # endif
1391 MAKE_KEYS(ED25519, "ED25519", NULL);
1392 MAKE_KEYS(ED448, "ED448", NULL);
1393 MAKE_KEYS(X25519, "X25519", NULL);
1394 MAKE_KEYS(X448, "X448", NULL);
1395 #endif
1396 TEST_info("Loading RSA key...");
1397 ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
1398 TEST_info("Loading RSA_PSS key...");
1399 ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx));
1400 TEST_info("Generating keys done");
1401
1402 if (ok) {
1403 #ifndef OPENSSL_NO_DH
1404 ADD_TEST_SUITE(DH);
1405 ADD_TEST_SUITE_PARAMS(DH);
1406 ADD_TEST_SUITE(DHX);
1407 ADD_TEST_SUITE_PARAMS(DHX);
1408 /*
1409 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1410 * so no legacy tests.
1411 */
1412 #endif
1413 #ifndef OPENSSL_NO_DSA
1414 ADD_TEST_SUITE(DSA);
1415 ADD_TEST_SUITE_PARAMS(DSA);
1416 ADD_TEST_SUITE_LEGACY(DSA);
1417 ADD_TEST_SUITE_MSBLOB(DSA);
1418 ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1419 # ifndef OPENSSL_NO_RC4
1420 ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1421 # endif
1422 #endif
1423 #ifndef OPENSSL_NO_EC
1424 ADD_TEST_SUITE(EC);
1425 ADD_TEST_SUITE_PARAMS(EC);
1426 ADD_TEST_SUITE_LEGACY(EC);
1427 ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1428 ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1429 ADD_TEST_SUITE(ECExplicitPrime2G);
1430 ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1431 # ifndef OPENSSL_NO_EC2M
1432 ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1433 ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1434 ADD_TEST_SUITE(ECExplicitTri2G);
1435 ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1436 # endif
1437 # ifndef OPENSSL_NO_SM2
1438 if (!is_fips_3_0_0) {
1439 /* 3.0.0 FIPS provider imports explicit EC params and then fails. */
1440 ADD_TEST_SUITE(SM2);
1441 }
1442 # endif
1443 ADD_TEST_SUITE(ED25519);
1444 ADD_TEST_SUITE(ED448);
1445 ADD_TEST_SUITE(X25519);
1446 ADD_TEST_SUITE(X448);
1447 /*
1448 * ED25519, ED448, X25519 and X448 have no support for
1449 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1450 */
1451 #endif
1452 ADD_TEST_SUITE(RSA);
1453 ADD_TEST_SUITE_LEGACY(RSA);
1454 ADD_TEST_SUITE(RSA_PSS);
1455 /*
1456 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1457 * so no legacy tests.
1458 */
1459 ADD_TEST_SUITE_MSBLOB(RSA);
1460 ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1461 # ifndef OPENSSL_NO_RC4
1462 ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1463 # endif
1464 }
1465
1466 return 1;
1467 }
1468
cleanup_tests(void)1469 void cleanup_tests(void)
1470 {
1471 #ifndef OPENSSL_NO_EC
1472 OSSL_PARAM_free(ec_explicit_prime_params_nc);
1473 OSSL_PARAM_free(ec_explicit_prime_params_explicit);
1474 OSSL_PARAM_BLD_free(bld_prime_nc);
1475 OSSL_PARAM_BLD_free(bld_prime);
1476 # ifndef OPENSSL_NO_EC2M
1477 OSSL_PARAM_free(ec_explicit_tri_params_nc);
1478 OSSL_PARAM_free(ec_explicit_tri_params_explicit);
1479 OSSL_PARAM_BLD_free(bld_tri_nc);
1480 OSSL_PARAM_BLD_free(bld_tri);
1481 # endif
1482 BN_CTX_free(bnctx);
1483 #endif /* OPENSSL_NO_EC */
1484
1485 #ifndef OPENSSL_NO_DH
1486 FREE_DOMAIN_KEYS(DH);
1487 FREE_DOMAIN_KEYS(DHX);
1488 #endif
1489 #ifndef OPENSSL_NO_DSA
1490 FREE_DOMAIN_KEYS(DSA);
1491 #endif
1492 #ifndef OPENSSL_NO_EC
1493 FREE_DOMAIN_KEYS(EC);
1494 FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1495 FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1496 # ifndef OPENSSL_NO_EC2M
1497 FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1498 FREE_DOMAIN_KEYS(ECExplicitTri2G);
1499 # endif
1500 # ifndef OPENSSL_NO_SM2
1501 FREE_KEYS(SM2);
1502 # endif
1503 FREE_KEYS(ED25519);
1504 FREE_KEYS(ED448);
1505 FREE_KEYS(X25519);
1506 FREE_KEYS(X448);
1507 #endif
1508 FREE_KEYS(RSA);
1509 FREE_KEYS(RSA_PSS);
1510
1511 OSSL_PROVIDER_unload(nullprov);
1512 OSSL_PROVIDER_unload(deflprov);
1513 OSSL_PROVIDER_unload(keyprov);
1514 OSSL_LIB_CTX_free(testctx);
1515 OSSL_LIB_CTX_free(keyctx);
1516 }
1517