xref: /freebsd/crypto/openssl/test/acvp_test.c (revision 95eb4b873b6a8b527c5bd78d7191975dfca38998)
1 /*
2  * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12  *
13  * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14  * providers/fips/self_test_kats.c
15  */
16 
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32 
33 typedef enum OPTION_choice {
34     OPT_ERR = -1,
35     OPT_EOF = 0,
36     OPT_CONFIG_FILE,
37     OPT_TEST_ENUM
38 } OPTION_CHOICE;
39 
40 typedef struct st_args {
41     int enable;
42     int called;
43 } SELF_TEST_ARGS;
44 
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49 
50 const OPTIONS *test_get_options(void)
51 {
52     static const OPTIONS test_options[] = {
53         OPT_TEST_OPTIONS_DEFAULT_USAGE,
54         { "config", OPT_CONFIG_FILE, '<',
55           "The configuration file to use for the libctx" },
56         { NULL }
57     };
58     return test_options;
59 }
60 
61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62                              unsigned char **out, size_t *out_len)
63 {
64     unsigned char *buf = NULL;
65     BIGNUM *bn = NULL;
66     int sz;
67 
68     if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69         goto err;
70     sz = BN_num_bytes(bn);
71     buf = OPENSSL_zalloc(sz);
72     if (buf == NULL)
73         goto err;
74     if (BN_bn2binpad(bn, buf, sz) <= 0)
75         goto err;
76 
77     *out_len = sz;
78     *out = buf;
79     BN_free(bn);
80     return 1;
81 err:
82     OPENSSL_free(buf);
83     BN_free(bn);
84     return 0;
85 }
86 
87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88                    const unsigned char *msg, size_t msg_len,
89                    unsigned char **sig_out, size_t *sig_out_len)
90 {
91     int ret = 0;
92     EVP_MD_CTX *md_ctx = NULL;
93     unsigned char *sig = NULL;
94     size_t sig_len;
95     size_t sz = EVP_PKEY_get_size(pkey);
96 
97     sig_len = sz;
98     if (!TEST_ptr(sig = OPENSSL_malloc(sz))
99         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
100         || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
101                                               NULL, pkey, NULL), 1)
102         || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
103         goto err;
104     *sig_out = sig;
105     *sig_out_len = sig_len;
106     sig = NULL;
107     ret = 1;
108 err:
109     OPENSSL_free(sig);
110     EVP_MD_CTX_free(md_ctx);
111     return ret;
112 }
113 
114 #ifndef OPENSSL_NO_EC
115 static int ecdsa_keygen_test(int id)
116 {
117     int ret = 0;
118     EVP_PKEY *pkey = NULL;
119     unsigned char *priv = NULL;
120     unsigned char *pubx = NULL, *puby = NULL;
121     size_t priv_len = 0, pubx_len = 0, puby_len = 0;
122     const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
123 
124     self_test_args.called = 0;
125     self_test_args.enable = 1;
126     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
127         || !TEST_int_ge(self_test_args.called, 3)
128         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
129                                         &priv_len))
130         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
131                                         &pubx_len))
132         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
133                                         &puby_len)))
134         goto err;
135 
136     test_output_memory("qy", puby, puby_len);
137     test_output_memory("qx", pubx, pubx_len);
138     test_output_memory("d", priv, priv_len);
139     ret = 1;
140 err:
141     self_test_args.enable = 0;
142     self_test_args.called = 0;
143     OPENSSL_clear_free(priv, priv_len);
144     OPENSSL_free(pubx);
145     OPENSSL_free(puby);
146     EVP_PKEY_free(pkey);
147     return ret;
148 }
149 
150 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
151                              const unsigned char *pub, size_t pub_len,
152                              int expected)
153 {
154     int ret = 0;
155     EVP_PKEY_CTX *ctx = NULL;
156     OSSL_PARAM_BLD *bld = NULL;
157     OSSL_PARAM *params = NULL;
158 
159     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
160         || (curve_name != NULL
161             && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
162                               bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
163         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
164                                                        OSSL_PKEY_PARAM_PUB_KEY,
165                                                        pub, pub_len) > 0)
166         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
167         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
168         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
169         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
170                                           params), expected))
171     goto err;
172 
173     ret = 1;
174 err:
175     OSSL_PARAM_free(params);
176     OSSL_PARAM_BLD_free(bld);
177     EVP_PKEY_CTX_free(ctx);
178     return ret;
179 }
180 
181 static int ecdsa_pub_verify_test(int id)
182 {
183     const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
184 
185     int ret = 0;
186     EVP_PKEY_CTX *key_ctx = NULL;
187     EVP_PKEY *pkey = NULL;
188 
189     if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
190                                      tst->pub, tst->pub_len, tst->pass)))
191         goto err;
192 
193     if (tst->pass) {
194         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
195             || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
196             goto err;
197     }
198     ret = 1;
199 err:
200     EVP_PKEY_free(pkey);
201     EVP_PKEY_CTX_free(key_ctx);
202     return ret;
203 }
204 
205 /* Extract r and s  from an ecdsa signature */
206 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
207                                   unsigned char **r, unsigned char **s,
208                                   size_t *rlen, size_t *slen)
209 {
210     int ret = 0;
211     unsigned char *rbuf = NULL, *sbuf = NULL;
212     size_t r1_len, s1_len;
213     const BIGNUM *r1, *s1;
214     ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
215 
216     if (sign == NULL)
217         return 0;
218     r1 = ECDSA_SIG_get0_r(sign);
219     s1 = ECDSA_SIG_get0_s(sign);
220     if (r1 == NULL || s1 == NULL)
221         goto err;
222 
223     r1_len = BN_num_bytes(r1);
224     s1_len = BN_num_bytes(s1);
225     rbuf = OPENSSL_zalloc(r1_len);
226     sbuf = OPENSSL_zalloc(s1_len);
227     if (rbuf == NULL || sbuf == NULL)
228         goto err;
229     if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
230         goto err;
231     if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
232         goto err;
233     *r = rbuf;
234     *s = sbuf;
235     *rlen = r1_len;
236     *slen = s1_len;
237     ret = 1;
238 err:
239     if (ret == 0) {
240         OPENSSL_free(rbuf);
241         OPENSSL_free(sbuf);
242     }
243     ECDSA_SIG_free(sign);
244     return ret;
245 }
246 
247 static int ecdsa_siggen_test(int id)
248 {
249     int ret = 0;
250     EVP_PKEY *pkey = NULL;
251     size_t sig_len = 0, rlen = 0, slen = 0;
252     unsigned char *sig = NULL;
253     unsigned char *r = NULL, *s = NULL;
254     const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
255 
256     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
257         goto err;
258 
259     if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
260                            &sig, &sig_len))
261         || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
262         goto err;
263     test_output_memory("r", r, rlen);
264     test_output_memory("s", s, slen);
265     ret = 1;
266 err:
267     OPENSSL_free(r);
268     OPENSSL_free(s);
269     OPENSSL_free(sig);
270     EVP_PKEY_free(pkey);
271     return ret;
272 }
273 
274 static int ecdsa_sigver_test(int id)
275 {
276     int ret = 0;
277     EVP_MD_CTX *md_ctx = NULL;
278     EVP_PKEY *pkey = NULL;
279     ECDSA_SIG *sign = NULL;
280     size_t sig_len;
281     unsigned char *sig = NULL;
282     BIGNUM *rbn = NULL, *sbn = NULL;
283     const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
284 
285     if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
286                                      tst->pub, tst->pub_len, 1)))
287         goto err;
288 
289     if (!TEST_ptr(sign = ECDSA_SIG_new())
290         || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
291         || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
292         || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
293         goto err;
294     rbn = sbn = NULL;
295 
296     ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
297           && TEST_ptr(md_ctx = EVP_MD_CTX_new())
298           && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
299                                                libctx, NULL, pkey, NULL)
300           && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
301                                           tst->msg, tst->msg_len), tst->pass));
302 err:
303     BN_free(rbn);
304     BN_free(sbn);
305     OPENSSL_free(sig);
306     ECDSA_SIG_free(sign);
307     EVP_PKEY_free(pkey);
308     EVP_MD_CTX_free(md_ctx);
309     return ret;
310 
311 }
312 #endif /* OPENSSL_NO_EC */
313 
314 #ifndef OPENSSL_NO_DSA
315 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
316                                 unsigned char **out, size_t *out_len)
317 {
318     size_t len = 0;
319     unsigned char *buf = NULL;
320 
321     if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
322         goto err;
323 
324     buf = OPENSSL_zalloc(len);
325     if (buf == NULL)
326         goto err;
327 
328     if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
329         goto err;
330     *out = buf;
331     return 1;
332 err:
333     OPENSSL_free(buf);
334     return 0;
335 }
336 
337 static EVP_PKEY *dsa_paramgen(int L, int N)
338 {
339     EVP_PKEY_CTX *paramgen_ctx = NULL;
340     EVP_PKEY *param_key = NULL;
341 
342     if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
343         || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
344         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
345         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
346         || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
347         return NULL;
348     EVP_PKEY_CTX_free(paramgen_ctx);
349     return param_key;
350 }
351 
352 static EVP_PKEY *dsa_keygen(int L, int N)
353 {
354     EVP_PKEY *param_key = NULL, *key = NULL;
355     EVP_PKEY_CTX *keygen_ctx = NULL;
356 
357     if (!TEST_ptr(param_key = dsa_paramgen(L, N))
358         || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
359                                                              NULL))
360         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
361         || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
362         goto err;
363 err:
364     EVP_PKEY_free(param_key);
365     EVP_PKEY_CTX_free(keygen_ctx);
366     return key;
367 }
368 
369 static int dsa_keygen_test(int id)
370 {
371     int ret = 0, i;
372     EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
373     EVP_PKEY *param_key = NULL, *key = NULL;
374     unsigned char *priv = NULL, *pub = NULL;
375     size_t priv_len = 0, pub_len = 0;
376     const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
377 
378     if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
379         || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
380                                                              NULL))
381         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
382         goto err;
383     for (i = 0; i < 2; ++i) {
384         if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
385             || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
386                                             &priv, &priv_len))
387             || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
388                                             &pub, &pub_len)))
389             goto err;
390         test_output_memory("y", pub, pub_len);
391         test_output_memory("x", priv, priv_len);
392         EVP_PKEY_free(key);
393         OPENSSL_clear_free(priv, priv_len);
394         OPENSSL_free(pub);
395         key = NULL;
396         pub = priv = NULL;
397     }
398     ret = 1;
399 err:
400     OPENSSL_clear_free(priv, priv_len);
401     OPENSSL_free(pub);
402     EVP_PKEY_free(param_key);
403     EVP_PKEY_free(key);
404     EVP_PKEY_CTX_free(keygen_ctx);
405     EVP_PKEY_CTX_free(paramgen_ctx);
406     return ret;
407 }
408 
409 static int dsa_paramgen_test(int id)
410 {
411     int ret = 0, counter = 0;
412     EVP_PKEY_CTX *paramgen_ctx = NULL;
413     EVP_PKEY *param_key = NULL;
414     unsigned char *p = NULL, *q = NULL, *seed = NULL;
415     size_t plen = 0, qlen = 0, seedlen = 0;
416     const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
417 
418     if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
419         || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
420         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
421         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
422         || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
423         || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
424                                         &p, &plen))
425         || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
426                                         &q, &qlen))
427         || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
428                                            &seed, &seedlen))
429         || !TEST_true(EVP_PKEY_get_int_param(param_key,
430                                              OSSL_PKEY_PARAM_FFC_PCOUNTER,
431                                              &counter)))
432         goto err;
433 
434     test_output_memory("p", p, plen);
435     test_output_memory("q", q, qlen);
436     test_output_memory("domainSeed", seed, seedlen);
437     test_printf_stderr("%s: %d\n", "counter", counter);
438     ret = 1;
439 err:
440     OPENSSL_free(p);
441     OPENSSL_free(q);
442     OPENSSL_free(seed);
443     EVP_PKEY_free(param_key);
444     EVP_PKEY_CTX_free(paramgen_ctx);
445     return ret;
446 }
447 
448 static int dsa_create_pkey(EVP_PKEY **pkey,
449                            const unsigned char *p, size_t p_len,
450                            const unsigned char *q, size_t q_len,
451                            const unsigned char *g, size_t g_len,
452                            const unsigned char *seed, size_t seed_len,
453                            int counter,
454                            int validate_pq, int validate_g,
455                            const unsigned char *pub, size_t pub_len,
456                            BN_CTX *bn_ctx)
457 {
458     int ret = 0;
459     EVP_PKEY_CTX *ctx = NULL;
460     OSSL_PARAM_BLD *bld = NULL;
461     OSSL_PARAM *params = NULL;
462     BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
463 
464     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
465         || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
466         || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
467         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
468                                               OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
469                                               validate_pq))
470         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
471                                               OSSL_PKEY_PARAM_FFC_VALIDATE_G,
472                                               validate_g))
473         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
474         || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
475         || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
476         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
477         goto err;
478 
479      if (g != NULL) {
480          if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
481              || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
482              || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
483                                                   OSSL_PKEY_PARAM_FFC_G, g_bn)))
484              goto err;
485      }
486      if (seed != NULL) {
487          if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
488                             OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
489              goto err;
490      }
491      if (counter != -1) {
492          if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
493                                                 OSSL_PKEY_PARAM_FFC_PCOUNTER,
494                                                 counter)))
495              goto err;
496      }
497      if (pub != NULL) {
498          if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
499              || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
500              || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
501                                                   OSSL_PKEY_PARAM_PUB_KEY,
502                                                   pub_bn)))
503              goto err;
504      }
505      if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
506          || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
507          || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
508          || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
509                                            params), 1))
510          goto err;
511 
512     ret = 1;
513 err:
514     OSSL_PARAM_free(params);
515     OSSL_PARAM_BLD_free(bld);
516     EVP_PKEY_CTX_free(ctx);
517     return ret;
518 }
519 
520 static int dsa_pqver_test(int id)
521 {
522     int ret = 0;
523     BN_CTX *bn_ctx = NULL;
524     EVP_PKEY_CTX *key_ctx = NULL;
525     EVP_PKEY *param_key = NULL;
526     const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
527 
528     if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
529         || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
530                                       tst->q, tst->q_len, NULL, 0,
531                                       tst->seed, tst->seed_len, tst->counter,
532                                       1, 0,
533                                       NULL, 0,
534                                       bn_ctx))
535         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
536                                                           NULL))
537         || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
538         goto err;
539 
540     ret = 1;
541 err:
542     BN_CTX_free(bn_ctx);
543     EVP_PKEY_free(param_key);
544     EVP_PKEY_CTX_free(key_ctx);
545     return ret;
546 }
547 
548 /* Extract r and s from a dsa signature */
549 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
550                                 unsigned char **r, unsigned char **s,
551                                 size_t *r_len, size_t *s_len)
552 {
553     int ret = 0;
554     unsigned char *rbuf = NULL, *sbuf = NULL;
555     size_t r1_len, s1_len;
556     const BIGNUM *r1, *s1;
557     DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
558 
559     if (sign == NULL)
560         return 0;
561     DSA_SIG_get0(sign, &r1, &s1);
562     if (r1 == NULL || s1 == NULL)
563         goto err;
564 
565     r1_len = BN_num_bytes(r1);
566     s1_len = BN_num_bytes(s1);
567     rbuf = OPENSSL_zalloc(r1_len);
568     sbuf = OPENSSL_zalloc(s1_len);
569     if (rbuf == NULL || sbuf == NULL)
570         goto err;
571     if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
572         goto err;
573     if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
574         goto err;
575     *r = rbuf;
576     *s = sbuf;
577     *r_len = r1_len;
578     *s_len = s1_len;
579     ret = 1;
580 err:
581     if (ret == 0) {
582         OPENSSL_free(rbuf);
583         OPENSSL_free(sbuf);
584     }
585     DSA_SIG_free(sign);
586     return ret;
587 }
588 
589 static int dsa_siggen_test(int id)
590 {
591     int ret = 0;
592     EVP_PKEY *pkey = NULL;
593     unsigned char *sig = NULL, *r = NULL, *s = NULL;
594     size_t sig_len = 0, rlen = 0, slen = 0;
595     const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
596 
597     if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
598         goto err;
599 
600     if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
601                            &sig, &sig_len))
602         || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
603         goto err;
604     test_output_memory("r", r, rlen);
605     test_output_memory("s", s, slen);
606     ret = 1;
607 err:
608     OPENSSL_free(r);
609     OPENSSL_free(s);
610     OPENSSL_free(sig);
611     EVP_PKEY_free(pkey);
612     return ret;
613 }
614 
615 static int dsa_sigver_test(int id)
616 {
617     int ret = 0;
618     EVP_PKEY_CTX *ctx = NULL;
619     EVP_PKEY *pkey = NULL;
620     DSA_SIG *sign = NULL;
621     size_t sig_len;
622     unsigned char *sig = NULL;
623     BIGNUM *rbn = NULL, *sbn = NULL;
624     EVP_MD *md = NULL;
625     unsigned char digest[EVP_MAX_MD_SIZE];
626     unsigned int digest_len;
627     BN_CTX *bn_ctx = NULL;
628     const struct dsa_sigver_st *tst  = &dsa_sigver_data[id];
629 
630     if (!TEST_ptr(bn_ctx = BN_CTX_new())
631         || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
632                                       tst->q, tst->q_len, tst->g, tst->g_len,
633                                       NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
634                                       bn_ctx)))
635         goto err;
636 
637     if (!TEST_ptr(sign = DSA_SIG_new())
638         || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
639         || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
640         || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
641         goto err;
642     rbn = sbn = NULL;
643 
644     if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
645         || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
646                                  digest, &digest_len, md, NULL)))
647         goto err;
648 
649     if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
650         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
651         || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
652         || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
653                         tst->pass))
654         goto err;
655     ret = 1;
656 err:
657     EVP_PKEY_CTX_free(ctx);
658     OPENSSL_free(sig);
659     EVP_MD_free(md);
660     DSA_SIG_free(sign);
661     EVP_PKEY_free(pkey);
662     BN_free(rbn);
663     BN_free(sbn);
664     BN_CTX_free(bn_ctx);
665     return ret;
666 }
667 #endif /* OPENSSL_NO_DSA */
668 
669 
670 /* cipher encrypt/decrypt */
671 static int cipher_enc(const char *alg,
672                       const unsigned char *pt, size_t pt_len,
673                       const unsigned char *key, size_t key_len,
674                       const unsigned char *iv, size_t iv_len,
675                       const unsigned char *ct, size_t ct_len,
676                       int enc)
677 {
678     int ret = 0, out_len = 0, len = 0;
679     EVP_CIPHER_CTX *ctx = NULL;
680     EVP_CIPHER *cipher = NULL;
681     unsigned char out[256] = { 0 };
682 
683     TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
684     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
685         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
686         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
687         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
688         || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
689         || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
690         goto err;
691     out_len += len;
692     if (!TEST_mem_eq(out, out_len, ct, ct_len))
693         goto err;
694     ret = 1;
695 err:
696     EVP_CIPHER_free(cipher);
697     EVP_CIPHER_CTX_free(ctx);
698     return ret;
699 }
700 
701 static int cipher_enc_dec_test(int id)
702 {
703     const struct cipher_st *tst = &cipher_enc_data[id];
704     const int enc = 1;
705 
706     return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
707                                 tst->key, tst->key_len,
708                                 tst->iv, tst->iv_len,
709                                 tst->ct, tst->ct_len, enc))
710            && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
711                                    tst->key, tst->key_len,
712                                    tst->iv, tst->iv_len,
713                                    tst->pt, tst->pt_len, !enc));
714 }
715 
716 static int aes_ccm_enc_dec(const char *alg,
717                            const unsigned char *pt, size_t pt_len,
718                            const unsigned char *key, size_t key_len,
719                            const unsigned char *iv, size_t iv_len,
720                            const unsigned char *aad, size_t aad_len,
721                            const unsigned char *ct, size_t ct_len,
722                            const unsigned char *tag, size_t tag_len,
723                            int enc, int pass)
724 {
725     int ret = 0;
726     EVP_CIPHER_CTX *ctx;
727     EVP_CIPHER *cipher = NULL;
728     int out_len, len;
729     unsigned char out[1024];
730 
731     TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
732               pass ? "pass" : "fail");
733 
734     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
735         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
736         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
737         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
738                                           NULL), 0)
739         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
740                                           enc ? NULL : (void *)tag), 0)
741         || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
742         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
743         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
744         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
745         || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
746         goto err;
747 
748     if (!pass) {
749         ret = 1;
750         goto err;
751     }
752     if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
753         goto err;
754     if (enc) {
755         out_len += len;
756         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
757                                            tag_len, out + out_len), 0)
758             || !TEST_mem_eq(out, out_len, ct, ct_len)
759             || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
760             goto err;
761     } else {
762         if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
763             goto err;
764     }
765 
766     ret = 1;
767 err:
768     EVP_CIPHER_free(cipher);
769     EVP_CIPHER_CTX_free(ctx);
770     return ret;
771 }
772 
773 static int aes_ccm_enc_dec_test(int id)
774 {
775     const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
776 
777     /* The tag is on the end of the cipher text */
778     const size_t tag_len = tst->ct_len - tst->pt_len;
779     const size_t ct_len = tst->ct_len - tag_len;
780     const unsigned char *tag = tst->ct + ct_len;
781     const int enc = 1;
782     const int pass = 1;
783 
784     if (ct_len < 1)
785         return 0;
786 
787     return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
788                            tst->key, tst->key_len,
789                            tst->iv, tst->iv_len, tst->aad, tst->aad_len,
790                            tst->ct, ct_len, tag, tag_len, enc, pass)
791             && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
792                                tst->key, tst->key_len,
793                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
794                                tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
795             /* test that it fails if the tag is incorrect */
796             && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
797                                tst->key, tst->key_len,
798                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
799                                tst->pt, tst->pt_len,
800                                tag - 1, tag_len, !enc, !pass);
801 }
802 
803 static int aes_gcm_enc_dec(const char *alg,
804                            const unsigned char *pt, size_t pt_len,
805                            const unsigned char *key, size_t key_len,
806                            const unsigned char *iv, size_t iv_len,
807                            const unsigned char *aad, size_t aad_len,
808                            const unsigned char *ct, size_t ct_len,
809                            const unsigned char *tag, size_t tag_len,
810                            int enc, int pass)
811 {
812     int ret = 0;
813     EVP_CIPHER_CTX *ctx;
814     EVP_CIPHER *cipher = NULL;
815     int out_len, len;
816     unsigned char out[1024];
817 
818     TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
819               pass ? "pass" : "fail");
820 
821     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
822         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
823         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
824         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
825                                           NULL), 0))
826         goto err;
827 
828     if (!enc) {
829         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
830                                            (void *)tag), 0))
831             goto err;
832     }
833     /*
834      * For testing purposes the IV it being set here. In a compliant application
835      * the IV would be generated internally. A fake entropy source could also
836      * be used to feed in the random IV bytes (see fake_random.c)
837      */
838     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
839         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
840         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
841         || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
842         goto err;
843 
844     if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
845         goto err;
846     if (!pass) {
847         ret = 1;
848         goto err;
849     }
850     out_len += len;
851     if (enc) {
852         if (!TEST_mem_eq(out, out_len, ct, ct_len)
853             || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
854                                               tag_len, out + out_len), 0)
855             || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
856                     goto err;
857     } else {
858         if (!TEST_mem_eq(out, out_len, ct, ct_len))
859             goto err;
860     }
861 
862     ret = 1;
863 err:
864     EVP_CIPHER_free(cipher);
865     EVP_CIPHER_CTX_free(ctx);
866     return ret;
867 }
868 
869 static int aes_gcm_enc_dec_test(int id)
870 {
871     const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
872     int enc = 1;
873     int pass = 1;
874 
875     return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
876                            tst->key, tst->key_len,
877                            tst->iv, tst->iv_len, tst->aad, tst->aad_len,
878                            tst->ct, tst->ct_len, tst->tag, tst->tag_len,
879                            enc, pass)
880             && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
881                                tst->key, tst->key_len,
882                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
883                                tst->pt, tst->pt_len, tst->tag, tst->tag_len,
884                                !enc, pass)
885             /* Fail if incorrect tag passed to decrypt */
886             && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
887                                tst->key, tst->key_len,
888                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
889                                tst->pt, tst->pt_len, tst->aad, tst->tag_len,
890                                !enc, !pass);
891 }
892 
893 #ifndef OPENSSL_NO_DH
894 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
895                           const unsigned char *pub, size_t pub_len,
896                           const unsigned char *priv, size_t priv_len,
897                           BN_CTX *bn_ctx, int pass)
898 {
899     int ret = 0;
900     EVP_PKEY_CTX *ctx = NULL;
901     OSSL_PARAM_BLD *bld = NULL;
902     OSSL_PARAM *params = NULL;
903     BIGNUM *pub_bn = NULL, *priv_bn = NULL;
904 
905     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
906         || (group_name != NULL
907             && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
908                               bld, OSSL_PKEY_PARAM_GROUP_NAME,
909                               group_name, 0), 0)))
910         goto err;
911 
912     if (pub != NULL) {
913         if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
914             || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
915             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
916                                                  pub_bn)))
917             goto err;
918     }
919     if (priv != NULL) {
920         if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
921             || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
922             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
923                                                  priv_bn)))
924             goto err;
925     }
926 
927     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
928         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
929         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
930         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
931                         pass))
932     goto err;
933 
934     ret = 1;
935 err:
936     OSSL_PARAM_free(params);
937     OSSL_PARAM_BLD_free(bld);
938     EVP_PKEY_CTX_free(ctx);
939     return ret;
940 }
941 
942 static int dh_safe_prime_keygen_test(int id)
943 {
944     int ret = 0;
945     EVP_PKEY_CTX *ctx = NULL;
946     EVP_PKEY *pkey = NULL;
947     unsigned char *priv = NULL;
948     unsigned char *pub = NULL;
949     size_t priv_len = 0, pub_len = 0;
950     OSSL_PARAM params[2];
951     const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
952 
953     params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
954                                                  (char *)tst->group_name, 0);
955     params[1] = OSSL_PARAM_construct_end();
956 
957     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
958         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
959         || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
960         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
961         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
962                                         &priv, &priv_len))
963         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
964                                         &pub, &pub_len)))
965         goto err;
966 
967     test_output_memory("x", priv, priv_len);
968     test_output_memory("y", pub, pub_len);
969     ret = 1;
970 err:
971     OPENSSL_clear_free(priv, priv_len);
972     OPENSSL_free(pub);
973     EVP_PKEY_free(pkey);
974     EVP_PKEY_CTX_free(ctx);
975     return ret;
976 }
977 
978 static int dh_safe_prime_keyver_test(int id)
979 {
980     int ret = 0;
981     BN_CTX *bn_ctx = NULL;
982     EVP_PKEY_CTX *key_ctx = NULL;
983     EVP_PKEY *pkey = NULL;
984     const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
985 
986     if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
987         || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
988                                      tst->pub, tst->pub_len,
989                                      tst->priv, tst->priv_len, bn_ctx, 1))
990         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
991         || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
992         goto err;
993 
994     ret = 1;
995 err:
996     EVP_PKEY_free(pkey);
997     EVP_PKEY_CTX_free(key_ctx);
998     BN_CTX_free(bn_ctx);
999     return ret;
1000 }
1001 #endif /* OPENSSL_NO_DH */
1002 
1003 
1004 static int rsa_create_pkey(EVP_PKEY **pkey,
1005                            const unsigned char *n, size_t n_len,
1006                            const unsigned char *e, size_t e_len,
1007                            const unsigned char *d, size_t d_len,
1008                            BN_CTX *bn_ctx)
1009 {
1010     int ret = 0;
1011     EVP_PKEY_CTX *ctx = NULL;
1012     OSSL_PARAM_BLD *bld = NULL;
1013     OSSL_PARAM *params = NULL;
1014     BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1015 
1016     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1017         || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1018         || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1019         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1020         goto err;
1021 
1022     if (e != NULL) {
1023         if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1024             || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1025             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1026                           e_bn)))
1027             goto err;
1028     }
1029     if (d != NULL) {
1030         if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1031             || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1032             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1033                           d_bn)))
1034             goto err;
1035     }
1036     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1037         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1038         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1039         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1040                         1))
1041         goto err;
1042 
1043     ret = 1;
1044 err:
1045     OSSL_PARAM_free(params);
1046     OSSL_PARAM_BLD_free(bld);
1047     EVP_PKEY_CTX_free(ctx);
1048     return ret;
1049 }
1050 
1051 static int rsa_keygen_test(int id)
1052 {
1053     int ret = 0;
1054     EVP_PKEY_CTX *ctx = NULL;
1055     EVP_PKEY *pkey = NULL;
1056     BIGNUM *e_bn = NULL;
1057     BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1058     BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1059     unsigned char *n = NULL, *d = NULL;
1060     unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1061     unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1062     size_t n_len = 0, d_len = 0;
1063     size_t p_len = 0, p1_len = 0, p2_len = 0;
1064     size_t q_len = 0, q1_len = 0, q2_len = 0;
1065     OSSL_PARAM_BLD *bld = NULL;
1066     OSSL_PARAM *params = NULL;
1067     const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1068 
1069     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1070         || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1071         || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1072         || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1073         || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1074         || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1075         || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1076         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1077                                              xp1_bn))
1078         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1079                                              xp2_bn))
1080         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1081                                              xp_bn))
1082         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1083                                              xq1_bn))
1084         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1085                                              xq2_bn))
1086         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1087                                              xq_bn))
1088         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1089         goto err;
1090 
1091     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1092         || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1093         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1094         || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1095         || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1096         || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1097         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1098         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1099                                         &p1, &p1_len))
1100         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1101                                         &p2, &p2_len))
1102         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1103                                         &q1, &q1_len))
1104         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1105                                         &q2, &q2_len))
1106         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1107                                         &p, &p_len))
1108         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1109                                         &q, &q_len))
1110         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1111                                         &n, &n_len))
1112         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1113                                         &d, &d_len)))
1114         goto err;
1115 
1116     if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1117         || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1118         || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1119         || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1120         || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1121         || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1122         || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1123         || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1124         goto err;
1125 
1126     test_output_memory("p1", p1, p1_len);
1127     test_output_memory("p2", p2, p2_len);
1128     test_output_memory("p", p, p_len);
1129     test_output_memory("q1", q1, q1_len);
1130     test_output_memory("q2", q2, q2_len);
1131     test_output_memory("q", q, q_len);
1132     test_output_memory("n", n, n_len);
1133     test_output_memory("d", d, d_len);
1134     ret = 1;
1135 err:
1136     BN_free(xp1_bn);
1137     BN_free(xp2_bn);
1138     BN_free(xp_bn);
1139     BN_free(xq1_bn);
1140     BN_free(xq2_bn);
1141     BN_free(xq_bn);
1142     BN_free(e_bn);
1143     OPENSSL_free(p1);
1144     OPENSSL_free(p2);
1145     OPENSSL_free(q1);
1146     OPENSSL_free(q2);
1147     OPENSSL_free(p);
1148     OPENSSL_free(q);
1149     OPENSSL_free(n);
1150     OPENSSL_free(d);
1151     EVP_PKEY_free(pkey);
1152     EVP_PKEY_CTX_free(ctx);
1153     OSSL_PARAM_free(params);
1154     OSSL_PARAM_BLD_free(bld);
1155     return ret;
1156 }
1157 
1158 static int rsa_siggen_test(int id)
1159 {
1160     int ret = 0;
1161     EVP_PKEY *pkey = NULL;
1162     unsigned char *sig = NULL, *n = NULL, *e = NULL;
1163     size_t sig_len = 0, n_len = 0, e_len = 0;
1164     OSSL_PARAM params[4], *p;
1165     const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1166     int salt_len = tst->pss_salt_len;
1167 
1168     TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1169 
1170     p = params;
1171     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1172                                             (char *)tst->sig_pad_mode, 0);
1173     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1174                                             (char *)tst->digest_alg, 0);
1175     if (salt_len >= 0)
1176         *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1177                                         &salt_len);
1178     *p++ = OSSL_PARAM_construct_end();
1179 
1180     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1181        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1182        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1183        || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1184                              tst->msg, tst->msg_len,
1185                              &sig, &sig_len)))
1186         goto err;
1187     test_output_memory("n", n, n_len);
1188     test_output_memory("e", e, e_len);
1189     test_output_memory("sig", sig, sig_len);
1190     ret = 1;
1191 err:
1192     OPENSSL_free(n);
1193     OPENSSL_free(e);
1194     OPENSSL_free(sig);
1195     EVP_PKEY_free(pkey);
1196     return ret;
1197 }
1198 
1199 static int rsa_sigver_test(int id)
1200 {
1201     int ret = 0;
1202     EVP_PKEY_CTX *pkey_ctx = NULL;
1203     EVP_PKEY *pkey = NULL;
1204     EVP_MD_CTX *md_ctx = NULL;
1205     BN_CTX *bn_ctx = NULL;
1206     OSSL_PARAM params[4], *p;
1207     const struct rsa_sigver_st *tst  = &rsa_sigver_data[id];
1208     int salt_len = tst->pss_salt_len;
1209 
1210     TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1211                tst->pass == PASS ? "pass" : "fail");
1212 
1213     p = params;
1214     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1215                                             (char *)tst->sig_pad_mode, 0);
1216     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1217                                             (char *)tst->digest_alg, 0);
1218     if (salt_len >= 0)
1219         *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1220                                         &salt_len);
1221     *p++ = OSSL_PARAM_construct_end();
1222 
1223     if (!TEST_ptr(bn_ctx = BN_CTX_new())
1224         || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1225                                       tst->e, tst->e_len, NULL, 0, bn_ctx))
1226         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1227         || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1228                                               tst->digest_alg, libctx, NULL,
1229                                               pkey, NULL))
1230         || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1231         || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1232                                          tst->msg, tst->msg_len), tst->pass))
1233         goto err;
1234     ret = 1;
1235 err:
1236     EVP_PKEY_free(pkey);
1237     BN_CTX_free(bn_ctx);
1238     EVP_MD_CTX_free(md_ctx);
1239     return ret;
1240 }
1241 
1242 static int rsa_decryption_primitive_test(int id)
1243 {
1244     int ret = 0;
1245     EVP_PKEY_CTX *ctx = NULL;
1246     EVP_PKEY *pkey = NULL;
1247     unsigned char pt[2048];
1248     size_t pt_len = sizeof(pt);
1249     unsigned char *n = NULL, *e = NULL;
1250     size_t n_len = 0, e_len = 0;
1251     BN_CTX *bn_ctx = NULL;
1252     const struct rsa_decrypt_prim_st *tst  = &rsa_decrypt_prim_data[id];
1253 
1254     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
1255         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1256         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1257         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1258         || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1259         || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1260         goto err;
1261 
1262     test_output_memory("n", n, n_len);
1263     test_output_memory("e", e, e_len);
1264     if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1265         TEST_note("Decryption Failed");
1266     else
1267         test_output_memory("pt", pt, pt_len);
1268     ret = 1;
1269 err:
1270     OPENSSL_free(n);
1271     OPENSSL_free(e);
1272     EVP_PKEY_CTX_free(ctx);
1273     EVP_PKEY_free(pkey);
1274     BN_CTX_free(bn_ctx);
1275     return ret;
1276 }
1277 
1278 static int self_test_events(const OSSL_PARAM params[], void *varg)
1279 {
1280     SELF_TEST_ARGS *args = varg;
1281     const OSSL_PARAM *p = NULL;
1282     const char *phase = NULL, *type = NULL, *desc = NULL;
1283     int ret = 0;
1284 
1285     if (!args->enable)
1286         return 1;
1287 
1288     args->called++;
1289     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1290     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1291         goto err;
1292     phase = (const char *)p->data;
1293 
1294     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1295     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1296         goto err;
1297     desc = (const char *)p->data;
1298 
1299     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1300     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1301         goto err;
1302     type = (const char *)p->data;
1303 
1304     BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1305     ret = 1;
1306 err:
1307     return ret;
1308 }
1309 
1310 static int drbg_test(int id)
1311 {
1312     OSSL_PARAM params[3];
1313     EVP_RAND *rand = NULL;
1314     EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1315     unsigned char returned_bits[64];
1316     const size_t returned_bits_len = sizeof(returned_bits);
1317     unsigned int strength = 256;
1318     const struct drbg_st *tst  = &drbg_data[id];
1319     int res = 0;
1320 
1321     /* Create the seed source */
1322     if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1323         || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1324         goto err;
1325     EVP_RAND_free(rand);
1326     rand = NULL;
1327 
1328     params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1329     params[1] = OSSL_PARAM_construct_end();
1330     if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1331         goto err;
1332 
1333     /* Get the DRBG */
1334     if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1335         || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1336         goto err;
1337 
1338     /* Set the DRBG up */
1339     params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1340                                          (int *)&tst->use_df);
1341     params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1342                                                  (char *)tst->cipher, 0);
1343     params[2] = OSSL_PARAM_construct_end();
1344     if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1345         goto err;
1346 
1347     /* Feed in the entropy and nonce */
1348     params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1349                                                   (void *)tst->entropy_input,
1350                                                   tst->entropy_input_len);
1351     params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1352                                                   (void *)tst->nonce,
1353                                                   tst->nonce_len);
1354     params[2] = OSSL_PARAM_construct_end();
1355     if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1356         goto err;
1357 
1358     /*
1359      * Run the test
1360      * A NULL personalisation string defaults to the built in so something
1361      * non-NULL is needed if there is no personalisation string
1362      */
1363     if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1364         || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1365                                         0, 0, NULL, 0))
1366         || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1367                                         0, 0, NULL, 0)))
1368         goto err;
1369 
1370     test_output_memory("returned bits", returned_bits, returned_bits_len);
1371 
1372     /* Clean up */
1373     if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1374         || !TEST_true(EVP_RAND_uninstantiate(parent)))
1375         goto err;
1376 
1377     /* Verify the output */
1378     if (!TEST_mem_eq(returned_bits, returned_bits_len,
1379                      tst->returned_bits, tst->returned_bits_len))
1380         goto err;
1381     res = 1;
1382 err:
1383     EVP_RAND_CTX_free(ctx);
1384     EVP_RAND_CTX_free(parent);
1385     EVP_RAND_free(rand);
1386     return res;
1387 }
1388 
1389 static int aes_cfb1_bits_test(void)
1390 {
1391     int ret = 0;
1392     EVP_CIPHER *cipher = NULL;
1393     EVP_CIPHER_CTX *ctx = NULL;
1394     unsigned char out[16] = { 0 };
1395     int outlen;
1396     const OSSL_PARAM *params, *p;
1397 
1398     static const unsigned char key[] = {
1399         0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1400         0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1401     };
1402     static const unsigned char iv[] = {
1403         0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1404         0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1405     };
1406     static const unsigned char pt[] = {
1407         0xB4
1408     };
1409     static const unsigned char expected[] = {
1410         0x6C
1411     };
1412 
1413     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1414         goto err;
1415     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1416         goto err;
1417     if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1418         goto err;
1419     if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1420         || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1421                                                  OSSL_CIPHER_PARAM_USE_BITS)))
1422         goto err;
1423     EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1424     if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1425         goto err;
1426     if (!TEST_int_eq(outlen, 7))
1427         goto err;
1428     if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1429         goto err;
1430     ret = 1;
1431 err:
1432     EVP_CIPHER_free(cipher);
1433     EVP_CIPHER_CTX_free(ctx);
1434     return ret;
1435 }
1436 
1437 int setup_tests(void)
1438 {
1439     char *config_file = NULL;
1440 
1441     OPTION_CHOICE o;
1442 
1443     while ((o = opt_next()) != OPT_EOF) {
1444         switch (o) {
1445         case OPT_CONFIG_FILE:
1446             config_file = opt_arg();
1447             break;
1448         case OPT_TEST_CASES:
1449            break;
1450         default:
1451         case OPT_ERR:
1452             return 0;
1453         }
1454     }
1455 
1456     if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1457         return 0;
1458 
1459     OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1460 
1461     ADD_TEST(aes_cfb1_bits_test);
1462     ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1463     ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1464     ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1465 
1466     ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1467     ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1468     ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1469     ADD_ALL_TESTS(rsa_decryption_primitive_test,
1470                   OSSL_NELEM(rsa_decrypt_prim_data));
1471 
1472 #ifndef OPENSSL_NO_DH
1473     ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1474                   OSSL_NELEM(dh_safe_prime_keygen_data));
1475     ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1476                   OSSL_NELEM(dh_safe_prime_keyver_data));
1477 #endif /* OPENSSL_NO_DH */
1478 
1479 #ifndef OPENSSL_NO_DSA
1480     ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1481     ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1482     ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1483     ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1484     ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1485 #endif /* OPENSSL_NO_DSA */
1486 
1487 #ifndef OPENSSL_NO_EC
1488     ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1489     ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1490     ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1491     ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1492 #endif /* OPENSSL_NO_EC */
1493 
1494     ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1495     return 1;
1496 }
1497 
1498 void cleanup_tests(void)
1499 {
1500     OSSL_PROVIDER_unload(prov_null);
1501     OSSL_LIB_CTX_free(libctx);
1502 }
1503