1e0c4386eSCy Schubert /*
2*a7148ab3SEnji Cooper * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3e0c4386eSCy Schubert *
4e0c4386eSCy Schubert * Licensed under the Apache License 2.0 (the "License"). You may not use
5e0c4386eSCy Schubert * this file except in compliance with the License. You can obtain a copy
6e0c4386eSCy Schubert * in the file LICENSE in the source distribution or at
7e0c4386eSCy Schubert * https://www.openssl.org/source/license.html
8e0c4386eSCy Schubert */
9e0c4386eSCy Schubert
10e0c4386eSCy Schubert #include <string.h>
11e0c4386eSCy Schubert #include <openssl/core_dispatch.h>
12e0c4386eSCy Schubert #include <openssl/evp.h>
13e0c4386eSCy Schubert #include <openssl/pem.h>
14e0c4386eSCy Schubert #include <openssl/rsa.h>
15e0c4386eSCy Schubert #include <openssl/x509.h>
16e0c4386eSCy Schubert #include <openssl/core_names.h>
17e0c4386eSCy Schubert #include <openssl/params.h>
18e0c4386eSCy Schubert #include <openssl/param_build.h>
19e0c4386eSCy Schubert #include <openssl/encoder.h>
20e0c4386eSCy Schubert #include <openssl/decoder.h>
21e0c4386eSCy Schubert
22e0c4386eSCy Schubert #include "internal/cryptlib.h" /* ossl_assert */
23e0c4386eSCy Schubert #include "crypto/pem.h" /* For PVK and "blob" PEM headers */
24e0c4386eSCy Schubert #include "crypto/evp.h" /* For evp_pkey_is_provided() */
25e0c4386eSCy Schubert
26e0c4386eSCy Schubert #include "helpers/predefined_dhparams.h"
27e0c4386eSCy Schubert #include "testutil.h"
28e0c4386eSCy Schubert
29e0c4386eSCy Schubert /* Extended test macros to allow passing file & line number */
30e0c4386eSCy Schubert #define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
31e0c4386eSCy Schubert #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n)
32e0c4386eSCy Schubert #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n)
33e0c4386eSCy Schubert #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
34e0c4386eSCy Schubert #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b)
35e0c4386eSCy Schubert #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b)
36e0c4386eSCy Schubert #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b)
37e0c4386eSCy Schubert #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b)
38e0c4386eSCy Schubert #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0)
39e0c4386eSCy Schubert
40e0c4386eSCy Schubert #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
41e0c4386eSCy Schubert # define OPENSSL_NO_KEYPARAMS
42e0c4386eSCy Schubert #endif
43e0c4386eSCy Schubert
44e0c4386eSCy Schubert static int default_libctx = 1;
45e0c4386eSCy Schubert static int is_fips = 0;
46e0c4386eSCy Schubert static int is_fips_3_0_0 = 0;
47e0c4386eSCy Schubert
48e0c4386eSCy Schubert static OSSL_LIB_CTX *testctx = NULL;
49e0c4386eSCy Schubert static OSSL_LIB_CTX *keyctx = NULL;
50e0c4386eSCy Schubert static char *testpropq = NULL;
51e0c4386eSCy Schubert
52e0c4386eSCy Schubert static OSSL_PROVIDER *nullprov = NULL;
53e0c4386eSCy Schubert static OSSL_PROVIDER *deflprov = NULL;
54e0c4386eSCy Schubert static OSSL_PROVIDER *keyprov = NULL;
55e0c4386eSCy Schubert
56e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
57e0c4386eSCy Schubert static BN_CTX *bnctx = NULL;
58e0c4386eSCy Schubert static OSSL_PARAM_BLD *bld_prime_nc = NULL;
59e0c4386eSCy Schubert static OSSL_PARAM_BLD *bld_prime = NULL;
60e0c4386eSCy Schubert static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
61e0c4386eSCy Schubert static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
62e0c4386eSCy Schubert
63e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
64e0c4386eSCy Schubert static OSSL_PARAM_BLD *bld_tri_nc = NULL;
65e0c4386eSCy Schubert static OSSL_PARAM_BLD *bld_tri = NULL;
66e0c4386eSCy Schubert static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
67e0c4386eSCy Schubert static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
68e0c4386eSCy Schubert # endif
69e0c4386eSCy Schubert #endif
70e0c4386eSCy Schubert
71e0c4386eSCy Schubert #ifndef OPENSSL_NO_KEYPARAMS
make_template(const char * type,OSSL_PARAM * genparams)72e0c4386eSCy Schubert static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
73e0c4386eSCy Schubert {
74e0c4386eSCy Schubert EVP_PKEY *pkey = NULL;
75e0c4386eSCy Schubert EVP_PKEY_CTX *ctx = NULL;
76e0c4386eSCy Schubert
77e0c4386eSCy Schubert # ifndef OPENSSL_NO_DH
78e0c4386eSCy Schubert /*
79e0c4386eSCy Schubert * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
80e0c4386eSCy Schubert * for testing only. Use a minimum key size of 2048 for security purposes.
81e0c4386eSCy Schubert */
82e0c4386eSCy Schubert if (strcmp(type, "DH") == 0)
83e0c4386eSCy Schubert return get_dh512(keyctx);
84e0c4386eSCy Schubert
85e0c4386eSCy Schubert if (strcmp(type, "X9.42 DH") == 0)
86e0c4386eSCy Schubert return get_dhx512(keyctx);
87e0c4386eSCy Schubert # endif
88e0c4386eSCy Schubert
89e0c4386eSCy Schubert /*
90e0c4386eSCy Schubert * No real need to check the errors other than for the cascade
91e0c4386eSCy Schubert * effect. |pkey| will simply remain NULL if something goes wrong.
92e0c4386eSCy Schubert */
93e0c4386eSCy Schubert (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL
94e0c4386eSCy Schubert && EVP_PKEY_paramgen_init(ctx) > 0
95e0c4386eSCy Schubert && (genparams == NULL
96e0c4386eSCy Schubert || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
97e0c4386eSCy Schubert && EVP_PKEY_generate(ctx, &pkey) > 0);
98e0c4386eSCy Schubert EVP_PKEY_CTX_free(ctx);
99e0c4386eSCy Schubert
100e0c4386eSCy Schubert return pkey;
101e0c4386eSCy Schubert }
102e0c4386eSCy Schubert #endif
103e0c4386eSCy Schubert
104e0c4386eSCy Schubert #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key(const char * type,EVP_PKEY * template,OSSL_PARAM * genparams)105e0c4386eSCy Schubert static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
106e0c4386eSCy Schubert OSSL_PARAM *genparams)
107e0c4386eSCy Schubert {
108e0c4386eSCy Schubert EVP_PKEY *pkey = NULL;
109e0c4386eSCy Schubert EVP_PKEY_CTX *ctx =
110e0c4386eSCy Schubert template != NULL
111e0c4386eSCy Schubert ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
112e0c4386eSCy Schubert : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);
113e0c4386eSCy Schubert
114e0c4386eSCy Schubert /*
115e0c4386eSCy Schubert * No real need to check the errors other than for the cascade
116e0c4386eSCy Schubert * effect. |pkey| will simply remain NULL if something goes wrong.
117e0c4386eSCy Schubert */
118e0c4386eSCy Schubert (void)(ctx != NULL
119e0c4386eSCy Schubert && EVP_PKEY_keygen_init(ctx) > 0
120e0c4386eSCy Schubert && (genparams == NULL
121e0c4386eSCy Schubert || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
122e0c4386eSCy Schubert && EVP_PKEY_keygen(ctx, &pkey) > 0);
123e0c4386eSCy Schubert EVP_PKEY_CTX_free(ctx);
124e0c4386eSCy Schubert return pkey;
125e0c4386eSCy Schubert }
126e0c4386eSCy Schubert #endif
127e0c4386eSCy Schubert
128e0c4386eSCy Schubert /* Main test driver */
129e0c4386eSCy Schubert
130e0c4386eSCy Schubert typedef int (encoder)(const char *file, const int line,
131e0c4386eSCy Schubert void **encoded, long *encoded_len,
132e0c4386eSCy Schubert void *object, int selection,
133e0c4386eSCy Schubert const char *output_type, const char *output_structure,
134e0c4386eSCy Schubert const char *pass, const char *pcipher);
135e0c4386eSCy Schubert typedef int (decoder)(const char *file, const int line,
136e0c4386eSCy Schubert void **object, void *encoded, long encoded_len,
137e0c4386eSCy Schubert const char *input_type, const char *structure_type,
138e0c4386eSCy Schubert const char *keytype, int selection, const char *pass);
139e0c4386eSCy Schubert typedef int (tester)(const char *file, const int line,
140e0c4386eSCy Schubert const void *data1, size_t data1_len,
141e0c4386eSCy Schubert const void *data2, size_t data2_len);
142e0c4386eSCy Schubert typedef int (checker)(const char *file, const int line,
143e0c4386eSCy Schubert const char *type, const void *data, size_t data_len);
144e0c4386eSCy Schubert typedef void (dumper)(const char *label, const void *data, size_t data_len);
145e0c4386eSCy Schubert
146e0c4386eSCy Schubert #define FLAG_DECODE_WITH_TYPE 0x0001
147e0c4386eSCy Schubert #define FLAG_FAIL_IF_FIPS 0x0002
148e0c4386eSCy Schubert
test_encode_decode(const char * file,const int line,const char * type,EVP_PKEY * pkey,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher,encoder * encode_cb,decoder * decode_cb,tester * test_cb,checker * check_cb,dumper * dump_cb,int flags)149e0c4386eSCy Schubert static int test_encode_decode(const char *file, const int line,
150e0c4386eSCy Schubert const char *type, EVP_PKEY *pkey,
151e0c4386eSCy Schubert int selection, const char *output_type,
152e0c4386eSCy Schubert const char *output_structure,
153e0c4386eSCy Schubert const char *pass, const char *pcipher,
154e0c4386eSCy Schubert encoder *encode_cb, decoder *decode_cb,
155e0c4386eSCy Schubert tester *test_cb, checker *check_cb,
156e0c4386eSCy Schubert dumper *dump_cb, int flags)
157e0c4386eSCy Schubert {
158e0c4386eSCy Schubert void *encoded = NULL;
159e0c4386eSCy Schubert long encoded_len = 0;
160e0c4386eSCy Schubert EVP_PKEY *pkey2 = NULL;
161e0c4386eSCy Schubert EVP_PKEY *pkey3 = NULL;
162e0c4386eSCy Schubert void *encoded2 = NULL;
163e0c4386eSCy Schubert long encoded2_len = 0;
164e0c4386eSCy Schubert int ok = 0;
165e0c4386eSCy Schubert
166e0c4386eSCy Schubert /*
167e0c4386eSCy Schubert * Encode |pkey|, decode the result into |pkey2|, and finish off by
168e0c4386eSCy Schubert * encoding |pkey2| as well. That last encoding is for checking and
169e0c4386eSCy Schubert * dumping purposes.
170e0c4386eSCy Schubert */
171e0c4386eSCy Schubert if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
172e0c4386eSCy Schubert output_type, output_structure, pass, pcipher)))
173e0c4386eSCy Schubert goto end;
174e0c4386eSCy Schubert
175e0c4386eSCy Schubert if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) {
176e0c4386eSCy Schubert if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
177e0c4386eSCy Schubert encoded_len, output_type, output_structure,
178e0c4386eSCy Schubert (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
179e0c4386eSCy Schubert selection, pass)))
180e0c4386eSCy Schubert ok = 1;
181e0c4386eSCy Schubert goto end;
182e0c4386eSCy Schubert }
183e0c4386eSCy Schubert
184e0c4386eSCy Schubert if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
185e0c4386eSCy Schubert || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
186e0c4386eSCy Schubert output_type, output_structure,
187e0c4386eSCy Schubert (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
188e0c4386eSCy Schubert selection, pass))
189e0c4386eSCy Schubert || ((output_structure == NULL
190e0c4386eSCy Schubert || strcmp(output_structure, "type-specific") != 0)
191e0c4386eSCy Schubert && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len,
192e0c4386eSCy Schubert output_type, output_structure,
193e0c4386eSCy Schubert (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
194e0c4386eSCy Schubert 0, pass)))
195e0c4386eSCy Schubert || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
196e0c4386eSCy Schubert output_type, output_structure, pass, pcipher)))
197e0c4386eSCy Schubert goto end;
198e0c4386eSCy Schubert
199e0c4386eSCy Schubert if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
200e0c4386eSCy Schubert if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)
201e0c4386eSCy Schubert || (pkey3 != NULL
202e0c4386eSCy Schubert && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1)))
203e0c4386eSCy Schubert goto end;
204e0c4386eSCy Schubert } else {
205e0c4386eSCy Schubert if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)
206e0c4386eSCy Schubert || (pkey3 != NULL
207e0c4386eSCy Schubert && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1)))
208e0c4386eSCy Schubert goto end;
209e0c4386eSCy Schubert }
210e0c4386eSCy Schubert
211e0c4386eSCy Schubert /*
212e0c4386eSCy Schubert * Double check the encoding, but only for unprotected keys,
213e0c4386eSCy Schubert * as protected keys have a random component, which makes the output
214e0c4386eSCy Schubert * differ.
215e0c4386eSCy Schubert */
216e0c4386eSCy Schubert if ((pass == NULL && pcipher == NULL)
217e0c4386eSCy Schubert && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
218e0c4386eSCy Schubert goto end;
219e0c4386eSCy Schubert
220e0c4386eSCy Schubert ok = 1;
221e0c4386eSCy Schubert end:
222e0c4386eSCy Schubert if (!ok) {
223e0c4386eSCy Schubert if (encoded != NULL && encoded_len != 0)
224e0c4386eSCy Schubert dump_cb("|pkey| encoded", encoded, encoded_len);
225e0c4386eSCy Schubert if (encoded2 != NULL && encoded2_len != 0)
226e0c4386eSCy Schubert dump_cb("|pkey2| encoded", encoded2, encoded2_len);
227e0c4386eSCy Schubert }
228e0c4386eSCy Schubert
229e0c4386eSCy Schubert OPENSSL_free(encoded);
230e0c4386eSCy Schubert OPENSSL_free(encoded2);
231e0c4386eSCy Schubert EVP_PKEY_free(pkey2);
232e0c4386eSCy Schubert EVP_PKEY_free(pkey3);
233e0c4386eSCy Schubert return ok;
234e0c4386eSCy Schubert }
235e0c4386eSCy Schubert
236e0c4386eSCy Schubert /* Encoding and decoding methods */
237e0c4386eSCy Schubert
encode_EVP_PKEY_prov(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,const char * output_type,const char * output_structure,const char * pass,const char * pcipher)238e0c4386eSCy Schubert static int encode_EVP_PKEY_prov(const char *file, const int line,
239e0c4386eSCy Schubert void **encoded, long *encoded_len,
240e0c4386eSCy Schubert void *object, int selection,
241e0c4386eSCy Schubert const char *output_type,
242e0c4386eSCy Schubert const char *output_structure,
243e0c4386eSCy Schubert const char *pass, const char *pcipher)
244e0c4386eSCy Schubert {
245e0c4386eSCy Schubert EVP_PKEY *pkey = object;
246e0c4386eSCy Schubert OSSL_ENCODER_CTX *ectx = NULL;
247e0c4386eSCy Schubert BIO *mem_ser = NULL;
248e0c4386eSCy Schubert BUF_MEM *mem_buf = NULL;
249e0c4386eSCy Schubert const unsigned char *upass = (const unsigned char *)pass;
250e0c4386eSCy Schubert int ok = 0;
251e0c4386eSCy Schubert
252e0c4386eSCy Schubert if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
253e0c4386eSCy Schubert output_type,
254e0c4386eSCy Schubert output_structure,
255e0c4386eSCy Schubert testpropq))
256e0c4386eSCy Schubert || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
257e0c4386eSCy Schubert || (pass != NULL
258e0c4386eSCy Schubert && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
259e0c4386eSCy Schubert strlen(pass))))
260e0c4386eSCy Schubert || (pcipher != NULL
261e0c4386eSCy Schubert && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
262e0c4386eSCy Schubert || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
263e0c4386eSCy Schubert || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
264e0c4386eSCy Schubert || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
265e0c4386eSCy Schubert || !TEST_FL_ptr(*encoded = mem_buf->data)
266e0c4386eSCy Schubert || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
267e0c4386eSCy Schubert goto end;
268e0c4386eSCy Schubert
269e0c4386eSCy Schubert /* Detach the encoded output */
270e0c4386eSCy Schubert mem_buf->data = NULL;
271e0c4386eSCy Schubert mem_buf->length = 0;
272e0c4386eSCy Schubert ok = 1;
273e0c4386eSCy Schubert end:
274e0c4386eSCy Schubert BIO_free(mem_ser);
275e0c4386eSCy Schubert OSSL_ENCODER_CTX_free(ectx);
276e0c4386eSCy Schubert return ok;
277e0c4386eSCy Schubert }
278e0c4386eSCy Schubert
decode_EVP_PKEY_prov(const char * file,const int line,void ** object,void * encoded,long encoded_len,const char * input_type,const char * structure_type,const char * keytype,int selection,const char * pass)279e0c4386eSCy Schubert static int decode_EVP_PKEY_prov(const char *file, const int line,
280e0c4386eSCy Schubert void **object, void *encoded, long encoded_len,
281e0c4386eSCy Schubert const char *input_type,
282e0c4386eSCy Schubert const char *structure_type,
283e0c4386eSCy Schubert const char *keytype, int selection,
284e0c4386eSCy Schubert const char *pass)
285e0c4386eSCy Schubert {
286e0c4386eSCy Schubert EVP_PKEY *pkey = NULL, *testpkey = NULL;
287e0c4386eSCy Schubert OSSL_DECODER_CTX *dctx = NULL;
288e0c4386eSCy Schubert BIO *encoded_bio = NULL;
289e0c4386eSCy Schubert const unsigned char *upass = (const unsigned char *)pass;
290e0c4386eSCy Schubert int ok = 0;
291e0c4386eSCy Schubert int i;
292e0c4386eSCy Schubert const char *badtype;
293e0c4386eSCy Schubert
294e0c4386eSCy Schubert if (strcmp(input_type, "DER") == 0)
295e0c4386eSCy Schubert badtype = "PEM";
296e0c4386eSCy Schubert else
297e0c4386eSCy Schubert badtype = "DER";
298e0c4386eSCy Schubert
299e0c4386eSCy Schubert if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
300e0c4386eSCy Schubert goto end;
301e0c4386eSCy Schubert
302e0c4386eSCy Schubert /*
303e0c4386eSCy Schubert * We attempt the decode 3 times. The first time we provide the expected
304e0c4386eSCy Schubert * starting input type. The second time we provide NULL for the starting
305e0c4386eSCy Schubert * type. The third time we provide a bad starting input type.
306e0c4386eSCy Schubert * The bad starting input type should fail. The other two should succeed
307e0c4386eSCy Schubert * and produce the same result.
308e0c4386eSCy Schubert */
309e0c4386eSCy Schubert for (i = 0; i < 3; i++) {
310e0c4386eSCy Schubert const char *testtype = (i == 0) ? input_type
311e0c4386eSCy Schubert : ((i == 1) ? NULL : badtype);
312e0c4386eSCy Schubert
313e0c4386eSCy Schubert if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
314e0c4386eSCy Schubert testtype,
315e0c4386eSCy Schubert structure_type,
316e0c4386eSCy Schubert keytype,
317e0c4386eSCy Schubert selection,
318e0c4386eSCy Schubert testctx, testpropq))
319e0c4386eSCy Schubert || (pass != NULL
320e0c4386eSCy Schubert && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
321e0c4386eSCy Schubert || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
322e0c4386eSCy Schubert /* We expect to fail when using a bad input type */
323e0c4386eSCy Schubert || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
324e0c4386eSCy Schubert (i == 2) ? 0 : 1))
325e0c4386eSCy Schubert goto end;
326e0c4386eSCy Schubert OSSL_DECODER_CTX_free(dctx);
327e0c4386eSCy Schubert dctx = NULL;
328e0c4386eSCy Schubert
329e0c4386eSCy Schubert if (i == 0) {
330e0c4386eSCy Schubert pkey = testpkey;
331e0c4386eSCy Schubert testpkey = NULL;
332e0c4386eSCy Schubert } else if (i == 1) {
333e0c4386eSCy Schubert if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
334e0c4386eSCy Schubert if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
335e0c4386eSCy Schubert goto end;
336e0c4386eSCy Schubert } else {
337e0c4386eSCy Schubert if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
338e0c4386eSCy Schubert goto end;
339e0c4386eSCy Schubert }
340e0c4386eSCy Schubert }
341e0c4386eSCy Schubert }
342e0c4386eSCy Schubert ok = 1;
343e0c4386eSCy Schubert *object = pkey;
344e0c4386eSCy Schubert pkey = NULL;
345e0c4386eSCy Schubert
346e0c4386eSCy Schubert end:
347e0c4386eSCy Schubert EVP_PKEY_free(pkey);
348e0c4386eSCy Schubert EVP_PKEY_free(testpkey);
349e0c4386eSCy Schubert BIO_free(encoded_bio);
350e0c4386eSCy Schubert OSSL_DECODER_CTX_free(dctx);
351e0c4386eSCy Schubert return ok;
352e0c4386eSCy Schubert }
353e0c4386eSCy Schubert
encode_EVP_PKEY_legacy_PEM(const char * file,const int line,void ** encoded,long * encoded_len,void * object,ossl_unused int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,const char * pcipher)354e0c4386eSCy Schubert static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
355e0c4386eSCy Schubert void **encoded, long *encoded_len,
356e0c4386eSCy Schubert void *object, ossl_unused int selection,
357e0c4386eSCy Schubert ossl_unused const char *output_type,
358e0c4386eSCy Schubert ossl_unused const char *output_structure,
359e0c4386eSCy Schubert const char *pass, const char *pcipher)
360e0c4386eSCy Schubert {
361e0c4386eSCy Schubert EVP_PKEY *pkey = object;
362e0c4386eSCy Schubert EVP_CIPHER *cipher = NULL;
363e0c4386eSCy Schubert BIO *mem_ser = NULL;
364e0c4386eSCy Schubert BUF_MEM *mem_buf = NULL;
365e0c4386eSCy Schubert const unsigned char *upass = (const unsigned char *)pass;
366e0c4386eSCy Schubert size_t passlen = 0;
367e0c4386eSCy Schubert int ok = 0;
368e0c4386eSCy Schubert
369e0c4386eSCy Schubert if (pcipher != NULL && pass != NULL) {
370e0c4386eSCy Schubert passlen = strlen(pass);
371e0c4386eSCy Schubert if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq)))
372e0c4386eSCy Schubert goto end;
373e0c4386eSCy Schubert }
374e0c4386eSCy Schubert if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
375e0c4386eSCy Schubert || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
376e0c4386eSCy Schubert cipher,
377e0c4386eSCy Schubert upass, passlen,
378e0c4386eSCy Schubert NULL, NULL))
379e0c4386eSCy Schubert || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
380e0c4386eSCy Schubert || !TEST_FL_ptr(*encoded = mem_buf->data)
381e0c4386eSCy Schubert || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
382e0c4386eSCy Schubert goto end;
383e0c4386eSCy Schubert
384e0c4386eSCy Schubert /* Detach the encoded output */
385e0c4386eSCy Schubert mem_buf->data = NULL;
386e0c4386eSCy Schubert mem_buf->length = 0;
387e0c4386eSCy Schubert ok = 1;
388e0c4386eSCy Schubert end:
389e0c4386eSCy Schubert BIO_free(mem_ser);
390e0c4386eSCy Schubert EVP_CIPHER_free(cipher);
391e0c4386eSCy Schubert return ok;
392e0c4386eSCy Schubert }
393e0c4386eSCy Schubert
encode_EVP_PKEY_MSBLOB(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,ossl_unused const char * pass,ossl_unused const char * pcipher)394e0c4386eSCy Schubert static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
395e0c4386eSCy Schubert void **encoded, long *encoded_len,
396e0c4386eSCy Schubert void *object, int selection,
397e0c4386eSCy Schubert ossl_unused const char *output_type,
398e0c4386eSCy Schubert ossl_unused const char *output_structure,
399e0c4386eSCy Schubert ossl_unused const char *pass,
400e0c4386eSCy Schubert ossl_unused const char *pcipher)
401e0c4386eSCy Schubert {
402e0c4386eSCy Schubert EVP_PKEY *pkey = object;
403e0c4386eSCy Schubert BIO *mem_ser = NULL;
404e0c4386eSCy Schubert BUF_MEM *mem_buf = NULL;
405e0c4386eSCy Schubert int ok = 0;
406e0c4386eSCy Schubert
407e0c4386eSCy Schubert if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
408e0c4386eSCy Schubert goto end;
409e0c4386eSCy Schubert
410e0c4386eSCy Schubert if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
411e0c4386eSCy Schubert if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
412e0c4386eSCy Schubert goto end;
413e0c4386eSCy Schubert } else {
414e0c4386eSCy Schubert if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
415e0c4386eSCy Schubert goto end;
416e0c4386eSCy Schubert }
417e0c4386eSCy Schubert
418e0c4386eSCy Schubert if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
419e0c4386eSCy Schubert || !TEST_FL_ptr(*encoded = mem_buf->data)
420e0c4386eSCy Schubert || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
421e0c4386eSCy Schubert goto end;
422e0c4386eSCy Schubert
423e0c4386eSCy Schubert /* Detach the encoded output */
424e0c4386eSCy Schubert mem_buf->data = NULL;
425e0c4386eSCy Schubert mem_buf->length = 0;
426e0c4386eSCy Schubert ok = 1;
427e0c4386eSCy Schubert end:
428e0c4386eSCy Schubert BIO_free(mem_ser);
429e0c4386eSCy Schubert return ok;
430e0c4386eSCy Schubert }
431e0c4386eSCy Schubert
432e0c4386eSCy Schubert static pem_password_cb pass_pw;
pass_pw(char * buf,int size,int rwflag,void * userdata)433e0c4386eSCy Schubert static int pass_pw(char *buf, int size, int rwflag, void *userdata)
434e0c4386eSCy Schubert {
435e0c4386eSCy Schubert OPENSSL_strlcpy(buf, userdata, size);
436e0c4386eSCy Schubert return strlen(userdata);
437e0c4386eSCy Schubert }
438e0c4386eSCy Schubert
encode_EVP_PKEY_PVK(const char * file,const int line,void ** encoded,long * encoded_len,void * object,int selection,ossl_unused const char * output_type,ossl_unused const char * output_structure,const char * pass,ossl_unused const char * pcipher)439e0c4386eSCy Schubert static int encode_EVP_PKEY_PVK(const char *file, const int line,
440e0c4386eSCy Schubert void **encoded, long *encoded_len,
441e0c4386eSCy Schubert void *object, int selection,
442e0c4386eSCy Schubert ossl_unused const char *output_type,
443e0c4386eSCy Schubert ossl_unused const char *output_structure,
444e0c4386eSCy Schubert const char *pass,
445e0c4386eSCy Schubert ossl_unused const char *pcipher)
446e0c4386eSCy Schubert {
447e0c4386eSCy Schubert EVP_PKEY *pkey = object;
448e0c4386eSCy Schubert BIO *mem_ser = NULL;
449e0c4386eSCy Schubert BUF_MEM *mem_buf = NULL;
450e0c4386eSCy Schubert int enc = (pass != NULL);
451e0c4386eSCy Schubert int ok = 0;
452e0c4386eSCy Schubert
453e0c4386eSCy Schubert if (!TEST_FL_true(ossl_assert((selection
454e0c4386eSCy Schubert & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
455e0c4386eSCy Schubert || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
456e0c4386eSCy Schubert || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc,
457e0c4386eSCy Schubert pass_pw, (void *)pass, testctx, testpropq), 0)
458e0c4386eSCy Schubert || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
459e0c4386eSCy Schubert || !TEST_FL_ptr(*encoded = mem_buf->data)
460e0c4386eSCy Schubert || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
461e0c4386eSCy Schubert goto end;
462e0c4386eSCy Schubert
463e0c4386eSCy Schubert /* Detach the encoded output */
464e0c4386eSCy Schubert mem_buf->data = NULL;
465e0c4386eSCy Schubert mem_buf->length = 0;
466e0c4386eSCy Schubert ok = 1;
467e0c4386eSCy Schubert end:
468e0c4386eSCy Schubert BIO_free(mem_ser);
469e0c4386eSCy Schubert return ok;
470e0c4386eSCy Schubert }
471e0c4386eSCy Schubert
test_text(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)472e0c4386eSCy Schubert static int test_text(const char *file, const int line,
473e0c4386eSCy Schubert const void *data1, size_t data1_len,
474e0c4386eSCy Schubert const void *data2, size_t data2_len)
475e0c4386eSCy Schubert {
476e0c4386eSCy Schubert return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
477e0c4386eSCy Schubert }
478e0c4386eSCy Schubert
test_mem(const char * file,const int line,const void * data1,size_t data1_len,const void * data2,size_t data2_len)479e0c4386eSCy Schubert static int test_mem(const char *file, const int line,
480e0c4386eSCy Schubert const void *data1, size_t data1_len,
481e0c4386eSCy Schubert const void *data2, size_t data2_len)
482e0c4386eSCy Schubert {
483e0c4386eSCy Schubert return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
484e0c4386eSCy Schubert }
485e0c4386eSCy Schubert
486e0c4386eSCy Schubert /* Test cases and their dumpers / checkers */
487e0c4386eSCy Schubert
collect_name(const char * name,void * arg)488e0c4386eSCy Schubert static void collect_name(const char *name, void *arg)
489e0c4386eSCy Schubert {
490e0c4386eSCy Schubert char **namelist = arg;
491e0c4386eSCy Schubert char *new_namelist;
492e0c4386eSCy Schubert size_t space;
493e0c4386eSCy Schubert
494e0c4386eSCy Schubert space = strlen(name);
495e0c4386eSCy Schubert if (*namelist != NULL)
496e0c4386eSCy Schubert space += strlen(*namelist) + 2 /* for comma and space */;
497e0c4386eSCy Schubert space++; /* for terminating null byte */
498e0c4386eSCy Schubert
499e0c4386eSCy Schubert new_namelist = OPENSSL_realloc(*namelist, space);
500e0c4386eSCy Schubert if (new_namelist == NULL)
501e0c4386eSCy Schubert return;
502e0c4386eSCy Schubert if (*namelist != NULL) {
503e0c4386eSCy Schubert strcat(new_namelist, ", ");
504e0c4386eSCy Schubert strcat(new_namelist, name);
505e0c4386eSCy Schubert } else {
506e0c4386eSCy Schubert strcpy(new_namelist, name);
507e0c4386eSCy Schubert }
508e0c4386eSCy Schubert *namelist = new_namelist;
509e0c4386eSCy Schubert }
510e0c4386eSCy Schubert
dump_der(const char * label,const void * data,size_t data_len)511e0c4386eSCy Schubert static void dump_der(const char *label, const void *data, size_t data_len)
512e0c4386eSCy Schubert {
513e0c4386eSCy Schubert test_output_memory(label, data, data_len);
514e0c4386eSCy Schubert }
515e0c4386eSCy Schubert
dump_pem(const char * label,const void * data,size_t data_len)516e0c4386eSCy Schubert static void dump_pem(const char *label, const void *data, size_t data_len)
517e0c4386eSCy Schubert {
518e0c4386eSCy Schubert test_output_string(label, data, data_len - 1);
519e0c4386eSCy Schubert }
520e0c4386eSCy Schubert
check_unprotected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)521e0c4386eSCy Schubert static int check_unprotected_PKCS8_DER(const char *file, const int line,
522e0c4386eSCy Schubert const char *type,
523e0c4386eSCy Schubert const void *data, size_t data_len)
524e0c4386eSCy Schubert {
525e0c4386eSCy Schubert const unsigned char *datap = data;
526e0c4386eSCy Schubert PKCS8_PRIV_KEY_INFO *p8inf =
527e0c4386eSCy Schubert d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
528e0c4386eSCy Schubert int ok = 0;
529e0c4386eSCy Schubert
530e0c4386eSCy Schubert if (TEST_FL_ptr(p8inf)) {
531e0c4386eSCy Schubert EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq);
532e0c4386eSCy Schubert char *namelist = NULL;
533e0c4386eSCy Schubert
534e0c4386eSCy Schubert if (TEST_FL_ptr(pkey)) {
535e0c4386eSCy Schubert if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
536e0c4386eSCy Schubert EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist);
537e0c4386eSCy Schubert if (namelist != NULL)
538e0c4386eSCy Schubert TEST_note("%s isn't any of %s", type, namelist);
539e0c4386eSCy Schubert OPENSSL_free(namelist);
540e0c4386eSCy Schubert }
541e0c4386eSCy Schubert ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
542e0c4386eSCy Schubert EVP_PKEY_free(pkey);
543e0c4386eSCy Schubert }
544e0c4386eSCy Schubert }
545e0c4386eSCy Schubert PKCS8_PRIV_KEY_INFO_free(p8inf);
546e0c4386eSCy Schubert return ok;
547e0c4386eSCy Schubert }
548e0c4386eSCy Schubert
test_unprotected_via_DER(const char * type,EVP_PKEY * key,int fips)549e0c4386eSCy Schubert static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
550e0c4386eSCy Schubert {
551e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
552e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
553e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
554e0c4386eSCy Schubert "DER", "PrivateKeyInfo", NULL, NULL,
555e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
556e0c4386eSCy Schubert test_mem, check_unprotected_PKCS8_DER,
557e0c4386eSCy Schubert dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
558e0c4386eSCy Schubert }
559e0c4386eSCy Schubert
check_unprotected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)560e0c4386eSCy Schubert static int check_unprotected_PKCS8_PEM(const char *file, const int line,
561e0c4386eSCy Schubert const char *type,
562e0c4386eSCy Schubert const void *data, size_t data_len)
563e0c4386eSCy Schubert {
564e0c4386eSCy Schubert static const char expected_pem_header[] =
565e0c4386eSCy Schubert "-----BEGIN " PEM_STRING_PKCS8INF "-----";
566e0c4386eSCy Schubert
567e0c4386eSCy Schubert return TEST_FL_strn_eq(data, expected_pem_header,
568e0c4386eSCy Schubert sizeof(expected_pem_header) - 1);
569e0c4386eSCy Schubert }
570e0c4386eSCy Schubert
test_unprotected_via_PEM(const char * type,EVP_PKEY * key,int fips)571e0c4386eSCy Schubert static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
572e0c4386eSCy Schubert {
573e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
574e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
575e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
576e0c4386eSCy Schubert "PEM", "PrivateKeyInfo", NULL, NULL,
577e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
578e0c4386eSCy Schubert test_text, check_unprotected_PKCS8_PEM,
579e0c4386eSCy Schubert dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
580e0c4386eSCy Schubert }
581e0c4386eSCy Schubert
582e0c4386eSCy Schubert #ifndef OPENSSL_NO_KEYPARAMS
check_params_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)583e0c4386eSCy Schubert static int check_params_DER(const char *file, const int line,
584e0c4386eSCy Schubert const char *type, const void *data, size_t data_len)
585e0c4386eSCy Schubert {
586e0c4386eSCy Schubert const unsigned char *datap = data;
587e0c4386eSCy Schubert int ok = 0;
588e0c4386eSCy Schubert int itype = NID_undef;
589e0c4386eSCy Schubert EVP_PKEY *pkey = NULL;
590e0c4386eSCy Schubert
591e0c4386eSCy Schubert if (strcmp(type, "DH") == 0)
592e0c4386eSCy Schubert itype = EVP_PKEY_DH;
593e0c4386eSCy Schubert else if (strcmp(type, "X9.42 DH") == 0)
594e0c4386eSCy Schubert itype = EVP_PKEY_DHX;
595e0c4386eSCy Schubert else if (strcmp(type, "DSA") == 0)
596e0c4386eSCy Schubert itype = EVP_PKEY_DSA;
597e0c4386eSCy Schubert else if (strcmp(type, "EC") == 0)
598e0c4386eSCy Schubert itype = EVP_PKEY_EC;
599e0c4386eSCy Schubert
600e0c4386eSCy Schubert if (itype != NID_undef) {
601e0c4386eSCy Schubert pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
602e0c4386eSCy Schubert ok = (pkey != NULL);
603e0c4386eSCy Schubert EVP_PKEY_free(pkey);
604e0c4386eSCy Schubert }
605e0c4386eSCy Schubert
606e0c4386eSCy Schubert return ok;
607e0c4386eSCy Schubert }
608e0c4386eSCy Schubert
check_params_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)609e0c4386eSCy Schubert static int check_params_PEM(const char *file, const int line,
610e0c4386eSCy Schubert const char *type,
611e0c4386eSCy Schubert const void *data, size_t data_len)
612e0c4386eSCy Schubert {
613e0c4386eSCy Schubert static char expected_pem_header[80];
614e0c4386eSCy Schubert
615e0c4386eSCy Schubert return
616e0c4386eSCy Schubert TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
617e0c4386eSCy Schubert sizeof(expected_pem_header),
618e0c4386eSCy Schubert "-----BEGIN %s PARAMETERS-----", type), 0)
619e0c4386eSCy Schubert && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
620e0c4386eSCy Schubert }
621e0c4386eSCy Schubert
test_params_via_DER(const char * type,EVP_PKEY * key)622e0c4386eSCy Schubert static int test_params_via_DER(const char *type, EVP_PKEY *key)
623e0c4386eSCy Schubert {
624e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
625e0c4386eSCy Schubert "DER", "type-specific", NULL, NULL,
626e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
627e0c4386eSCy Schubert test_mem, check_params_DER,
628e0c4386eSCy Schubert dump_der, FLAG_DECODE_WITH_TYPE);
629e0c4386eSCy Schubert }
630e0c4386eSCy Schubert
test_params_via_PEM(const char * type,EVP_PKEY * key)631e0c4386eSCy Schubert static int test_params_via_PEM(const char *type, EVP_PKEY *key)
632e0c4386eSCy Schubert {
633e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
634e0c4386eSCy Schubert "PEM", "type-specific", NULL, NULL,
635e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
636e0c4386eSCy Schubert test_text, check_params_PEM,
637e0c4386eSCy Schubert dump_pem, 0);
638e0c4386eSCy Schubert }
639e0c4386eSCy Schubert #endif /* !OPENSSL_NO_KEYPARAMS */
640e0c4386eSCy Schubert
check_unprotected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)641e0c4386eSCy Schubert static int check_unprotected_legacy_PEM(const char *file, const int line,
642e0c4386eSCy Schubert const char *type,
643e0c4386eSCy Schubert const void *data, size_t data_len)
644e0c4386eSCy Schubert {
645e0c4386eSCy Schubert static char expected_pem_header[80];
646e0c4386eSCy Schubert
647e0c4386eSCy Schubert return
648e0c4386eSCy Schubert TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
649e0c4386eSCy Schubert sizeof(expected_pem_header),
650e0c4386eSCy Schubert "-----BEGIN %s PRIVATE KEY-----", type), 0)
651e0c4386eSCy Schubert && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
652e0c4386eSCy Schubert }
653e0c4386eSCy Schubert
test_unprotected_via_legacy_PEM(const char * type,EVP_PKEY * key)654e0c4386eSCy Schubert static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
655e0c4386eSCy Schubert {
656e0c4386eSCy Schubert if (!default_libctx || is_fips)
657e0c4386eSCy Schubert return TEST_skip("Test not available if using a non-default library context or FIPS provider");
658e0c4386eSCy Schubert
659e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
660e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
661e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
662e0c4386eSCy Schubert "PEM", "type-specific", NULL, NULL,
663e0c4386eSCy Schubert encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
664e0c4386eSCy Schubert test_text, check_unprotected_legacy_PEM,
665e0c4386eSCy Schubert dump_pem, 0);
666e0c4386eSCy Schubert }
667e0c4386eSCy Schubert
check_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)668e0c4386eSCy Schubert static int check_MSBLOB(const char *file, const int line,
669e0c4386eSCy Schubert const char *type, const void *data, size_t data_len)
670e0c4386eSCy Schubert {
671e0c4386eSCy Schubert const unsigned char *datap = data;
672e0c4386eSCy Schubert EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
673e0c4386eSCy Schubert int ok = TEST_FL_ptr(pkey);
674e0c4386eSCy Schubert
675e0c4386eSCy Schubert EVP_PKEY_free(pkey);
676e0c4386eSCy Schubert return ok;
677e0c4386eSCy Schubert }
678e0c4386eSCy Schubert
test_unprotected_via_MSBLOB(const char * type,EVP_PKEY * key)679e0c4386eSCy Schubert static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
680e0c4386eSCy Schubert {
681e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
682e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
683e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
684e0c4386eSCy Schubert "MSBLOB", NULL, NULL, NULL,
685e0c4386eSCy Schubert encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
686e0c4386eSCy Schubert test_mem, check_MSBLOB,
687e0c4386eSCy Schubert dump_der, 0);
688e0c4386eSCy Schubert }
689e0c4386eSCy Schubert
check_PVK(const char * file,const int line,const char * type,const void * data,size_t data_len)690e0c4386eSCy Schubert static int check_PVK(const char *file, const int line,
691e0c4386eSCy Schubert const char *type, const void *data, size_t data_len)
692e0c4386eSCy Schubert {
693e0c4386eSCy Schubert const unsigned char *in = data;
694e0c4386eSCy Schubert unsigned int saltlen = 0, keylen = 0;
695e0c4386eSCy Schubert int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
696e0c4386eSCy Schubert
697e0c4386eSCy Schubert return ok;
698e0c4386eSCy Schubert }
699e0c4386eSCy Schubert
test_unprotected_via_PVK(const char * type,EVP_PKEY * key)700e0c4386eSCy Schubert static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
701e0c4386eSCy Schubert {
702e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
703e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
704e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
705e0c4386eSCy Schubert "PVK", NULL, NULL, NULL,
706e0c4386eSCy Schubert encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
707e0c4386eSCy Schubert test_mem, check_PVK,
708e0c4386eSCy Schubert dump_der, 0);
709e0c4386eSCy Schubert }
710e0c4386eSCy Schubert
711e0c4386eSCy Schubert static const char *pass_cipher = "AES-256-CBC";
712e0c4386eSCy Schubert static const char *pass = "the holy handgrenade of antioch";
713e0c4386eSCy Schubert
check_protected_PKCS8_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)714e0c4386eSCy Schubert static int check_protected_PKCS8_DER(const char *file, const int line,
715e0c4386eSCy Schubert const char *type,
716e0c4386eSCy Schubert const void *data, size_t data_len)
717e0c4386eSCy Schubert {
718e0c4386eSCy Schubert const unsigned char *datap = data;
719e0c4386eSCy Schubert X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
720e0c4386eSCy Schubert int ok = TEST_FL_ptr(p8);
721e0c4386eSCy Schubert
722e0c4386eSCy Schubert X509_SIG_free(p8);
723e0c4386eSCy Schubert return ok;
724e0c4386eSCy Schubert }
725e0c4386eSCy Schubert
test_protected_via_DER(const char * type,EVP_PKEY * key,int fips)726e0c4386eSCy Schubert static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
727e0c4386eSCy Schubert {
728e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
729e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
730e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
731e0c4386eSCy Schubert "DER", "EncryptedPrivateKeyInfo",
732e0c4386eSCy Schubert pass, pass_cipher,
733e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
734e0c4386eSCy Schubert test_mem, check_protected_PKCS8_DER,
735e0c4386eSCy Schubert dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
736e0c4386eSCy Schubert }
737e0c4386eSCy Schubert
check_protected_PKCS8_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)738e0c4386eSCy Schubert static int check_protected_PKCS8_PEM(const char *file, const int line,
739e0c4386eSCy Schubert const char *type,
740e0c4386eSCy Schubert const void *data, size_t data_len)
741e0c4386eSCy Schubert {
742e0c4386eSCy Schubert static const char expected_pem_header[] =
743e0c4386eSCy Schubert "-----BEGIN " PEM_STRING_PKCS8 "-----";
744e0c4386eSCy Schubert
745e0c4386eSCy Schubert return TEST_FL_strn_eq(data, expected_pem_header,
746e0c4386eSCy Schubert sizeof(expected_pem_header) - 1);
747e0c4386eSCy Schubert }
748e0c4386eSCy Schubert
test_protected_via_PEM(const char * type,EVP_PKEY * key,int fips)749e0c4386eSCy Schubert static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
750e0c4386eSCy Schubert {
751e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
752e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
753e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
754e0c4386eSCy Schubert "PEM", "EncryptedPrivateKeyInfo",
755e0c4386eSCy Schubert pass, pass_cipher,
756e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
757e0c4386eSCy Schubert test_text, check_protected_PKCS8_PEM,
758e0c4386eSCy Schubert dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
759e0c4386eSCy Schubert }
760e0c4386eSCy Schubert
check_protected_legacy_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)761e0c4386eSCy Schubert static int check_protected_legacy_PEM(const char *file, const int line,
762e0c4386eSCy Schubert const char *type,
763e0c4386eSCy Schubert const void *data, size_t data_len)
764e0c4386eSCy Schubert {
765e0c4386eSCy Schubert static char expected_pem_header[80];
766e0c4386eSCy Schubert
767e0c4386eSCy Schubert return
768e0c4386eSCy Schubert TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
769e0c4386eSCy Schubert sizeof(expected_pem_header),
770e0c4386eSCy Schubert "-----BEGIN %s PRIVATE KEY-----", type), 0)
771e0c4386eSCy Schubert && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
772e0c4386eSCy Schubert && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
773e0c4386eSCy Schubert }
774e0c4386eSCy Schubert
test_protected_via_legacy_PEM(const char * type,EVP_PKEY * key)775e0c4386eSCy Schubert static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
776e0c4386eSCy Schubert {
777e0c4386eSCy Schubert if (!default_libctx || is_fips)
778e0c4386eSCy Schubert return TEST_skip("Test not available if using a non-default library context or FIPS provider");
779e0c4386eSCy Schubert
780e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
781e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
782e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
783e0c4386eSCy Schubert "PEM", "type-specific", pass, pass_cipher,
784e0c4386eSCy Schubert encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
785e0c4386eSCy Schubert test_text, check_protected_legacy_PEM,
786e0c4386eSCy Schubert dump_pem, 0);
787e0c4386eSCy Schubert }
788e0c4386eSCy Schubert
789e0c4386eSCy Schubert #ifndef OPENSSL_NO_RC4
test_protected_via_PVK(const char * type,EVP_PKEY * key)790e0c4386eSCy Schubert static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
791e0c4386eSCy Schubert {
792e0c4386eSCy Schubert int ret = 0;
793e0c4386eSCy Schubert OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
794e0c4386eSCy Schubert if (lgcyprov == NULL)
795e0c4386eSCy Schubert return TEST_skip("Legacy provider not available");
796e0c4386eSCy Schubert
797e0c4386eSCy Schubert ret = test_encode_decode(__FILE__, __LINE__, type, key,
798e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_KEYPAIR
799e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
800e0c4386eSCy Schubert "PVK", NULL, pass, NULL,
801e0c4386eSCy Schubert encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
802e0c4386eSCy Schubert test_mem, check_PVK, dump_der, 0);
803e0c4386eSCy Schubert OSSL_PROVIDER_unload(lgcyprov);
804e0c4386eSCy Schubert return ret;
805e0c4386eSCy Schubert }
806e0c4386eSCy Schubert #endif
807e0c4386eSCy Schubert
check_public_DER(const char * file,const int line,const char * type,const void * data,size_t data_len)808e0c4386eSCy Schubert static int check_public_DER(const char *file, const int line,
809e0c4386eSCy Schubert const char *type, const void *data, size_t data_len)
810e0c4386eSCy Schubert {
811e0c4386eSCy Schubert const unsigned char *datap = data;
812e0c4386eSCy Schubert EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq);
813e0c4386eSCy Schubert int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
814e0c4386eSCy Schubert
815e0c4386eSCy Schubert EVP_PKEY_free(pkey);
816e0c4386eSCy Schubert return ok;
817e0c4386eSCy Schubert }
818e0c4386eSCy Schubert
test_public_via_DER(const char * type,EVP_PKEY * key,int fips)819e0c4386eSCy Schubert static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
820e0c4386eSCy Schubert {
821e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
822e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_PUBLIC_KEY
823e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
824e0c4386eSCy Schubert "DER", "SubjectPublicKeyInfo", NULL, NULL,
825e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
826e0c4386eSCy Schubert test_mem, check_public_DER, dump_der,
827e0c4386eSCy Schubert fips ? 0 : FLAG_FAIL_IF_FIPS);
828e0c4386eSCy Schubert }
829e0c4386eSCy Schubert
check_public_PEM(const char * file,const int line,const char * type,const void * data,size_t data_len)830e0c4386eSCy Schubert static int check_public_PEM(const char *file, const int line,
831e0c4386eSCy Schubert const char *type, const void *data, size_t data_len)
832e0c4386eSCy Schubert {
833e0c4386eSCy Schubert static const char expected_pem_header[] =
834e0c4386eSCy Schubert "-----BEGIN " PEM_STRING_PUBLIC "-----";
835e0c4386eSCy Schubert
836e0c4386eSCy Schubert return
837e0c4386eSCy Schubert TEST_FL_strn_eq(data, expected_pem_header,
838e0c4386eSCy Schubert sizeof(expected_pem_header) - 1);
839e0c4386eSCy Schubert }
840e0c4386eSCy Schubert
test_public_via_PEM(const char * type,EVP_PKEY * key,int fips)841e0c4386eSCy Schubert static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
842e0c4386eSCy Schubert {
843e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key,
844e0c4386eSCy Schubert OSSL_KEYMGMT_SELECT_PUBLIC_KEY
845e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
846e0c4386eSCy Schubert "PEM", "SubjectPublicKeyInfo", NULL, NULL,
847e0c4386eSCy Schubert encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
848e0c4386eSCy Schubert test_text, check_public_PEM, dump_pem,
849e0c4386eSCy Schubert fips ? 0 : FLAG_FAIL_IF_FIPS);
850e0c4386eSCy Schubert }
851e0c4386eSCy Schubert
check_public_MSBLOB(const char * file,const int line,const char * type,const void * data,size_t data_len)852e0c4386eSCy Schubert static int check_public_MSBLOB(const char *file, const int line,
853e0c4386eSCy Schubert const char *type,
854e0c4386eSCy Schubert const void *data, size_t data_len)
855e0c4386eSCy Schubert {
856e0c4386eSCy Schubert const unsigned char *datap = data;
857e0c4386eSCy Schubert EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
858e0c4386eSCy Schubert int ok = TEST_FL_ptr(pkey);
859e0c4386eSCy Schubert
860e0c4386eSCy Schubert EVP_PKEY_free(pkey);
861e0c4386eSCy Schubert return ok;
862e0c4386eSCy Schubert }
863e0c4386eSCy Schubert
test_public_via_MSBLOB(const char * type,EVP_PKEY * key)864e0c4386eSCy Schubert static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
865e0c4386eSCy Schubert {
866e0c4386eSCy Schubert return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
867e0c4386eSCy Schubert | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
868e0c4386eSCy Schubert "MSBLOB", NULL, NULL, NULL,
869e0c4386eSCy Schubert encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
870e0c4386eSCy Schubert test_mem, check_public_MSBLOB, dump_der, 0);
871e0c4386eSCy Schubert }
872e0c4386eSCy Schubert
873e0c4386eSCy Schubert #define KEYS(KEYTYPE) \
874e0c4386eSCy Schubert static EVP_PKEY *key_##KEYTYPE = NULL
875e0c4386eSCy Schubert #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \
876e0c4386eSCy Schubert ok = ok \
877e0c4386eSCy Schubert && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
878e0c4386eSCy Schubert #define FREE_KEYS(KEYTYPE) \
879e0c4386eSCy Schubert EVP_PKEY_free(key_##KEYTYPE); \
880e0c4386eSCy Schubert
881e0c4386eSCy Schubert #define DOMAIN_KEYS(KEYTYPE) \
882e0c4386eSCy Schubert static EVP_PKEY *template_##KEYTYPE = NULL; \
883e0c4386eSCy Schubert static EVP_PKEY *key_##KEYTYPE = NULL
884e0c4386eSCy Schubert #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \
885e0c4386eSCy Schubert ok = ok \
886e0c4386eSCy Schubert && TEST_ptr(template_##KEYTYPE = \
887e0c4386eSCy Schubert make_template(KEYTYPEstr, params)) \
888e0c4386eSCy Schubert && TEST_ptr(key_##KEYTYPE = \
889e0c4386eSCy Schubert make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
890e0c4386eSCy Schubert #define FREE_DOMAIN_KEYS(KEYTYPE) \
891e0c4386eSCy Schubert EVP_PKEY_free(template_##KEYTYPE); \
892e0c4386eSCy Schubert EVP_PKEY_free(key_##KEYTYPE)
893e0c4386eSCy Schubert
894e0c4386eSCy Schubert #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
895e0c4386eSCy Schubert static int test_unprotected_##KEYTYPE##_via_DER(void) \
896e0c4386eSCy Schubert { \
897e0c4386eSCy Schubert return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
898e0c4386eSCy Schubert } \
899e0c4386eSCy Schubert static int test_unprotected_##KEYTYPE##_via_PEM(void) \
900e0c4386eSCy Schubert { \
901e0c4386eSCy Schubert return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
902e0c4386eSCy Schubert } \
903e0c4386eSCy Schubert static int test_protected_##KEYTYPE##_via_DER(void) \
904e0c4386eSCy Schubert { \
905e0c4386eSCy Schubert return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
906e0c4386eSCy Schubert } \
907e0c4386eSCy Schubert static int test_protected_##KEYTYPE##_via_PEM(void) \
908e0c4386eSCy Schubert { \
909e0c4386eSCy Schubert return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
910e0c4386eSCy Schubert } \
911e0c4386eSCy Schubert static int test_public_##KEYTYPE##_via_DER(void) \
912e0c4386eSCy Schubert { \
913e0c4386eSCy Schubert return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
914e0c4386eSCy Schubert } \
915e0c4386eSCy Schubert static int test_public_##KEYTYPE##_via_PEM(void) \
916e0c4386eSCy Schubert { \
917e0c4386eSCy Schubert return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
918e0c4386eSCy Schubert }
919e0c4386eSCy Schubert
920e0c4386eSCy Schubert #define ADD_TEST_SUITE(KEYTYPE) \
921e0c4386eSCy Schubert ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \
922e0c4386eSCy Schubert ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \
923e0c4386eSCy Schubert ADD_TEST(test_protected_##KEYTYPE##_via_DER); \
924e0c4386eSCy Schubert ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \
925e0c4386eSCy Schubert ADD_TEST(test_public_##KEYTYPE##_via_DER); \
926e0c4386eSCy Schubert ADD_TEST(test_public_##KEYTYPE##_via_PEM)
927e0c4386eSCy Schubert
928e0c4386eSCy Schubert #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \
929e0c4386eSCy Schubert static int test_params_##KEYTYPE##_via_DER(void) \
930e0c4386eSCy Schubert { \
931e0c4386eSCy Schubert return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \
932e0c4386eSCy Schubert } \
933e0c4386eSCy Schubert static int test_params_##KEYTYPE##_via_PEM(void) \
934e0c4386eSCy Schubert { \
935e0c4386eSCy Schubert return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
936e0c4386eSCy Schubert }
937e0c4386eSCy Schubert
938e0c4386eSCy Schubert #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \
939e0c4386eSCy Schubert ADD_TEST(test_params_##KEYTYPE##_via_DER); \
940e0c4386eSCy Schubert ADD_TEST(test_params_##KEYTYPE##_via_PEM)
941e0c4386eSCy Schubert
942e0c4386eSCy Schubert #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \
943e0c4386eSCy Schubert static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \
944e0c4386eSCy Schubert { \
945e0c4386eSCy Schubert return \
946e0c4386eSCy Schubert test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
947e0c4386eSCy Schubert } \
948e0c4386eSCy Schubert static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \
949e0c4386eSCy Schubert { \
950e0c4386eSCy Schubert return \
951e0c4386eSCy Schubert test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
952e0c4386eSCy Schubert }
953e0c4386eSCy Schubert
954e0c4386eSCy Schubert #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
955e0c4386eSCy Schubert ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
956e0c4386eSCy Schubert ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
957e0c4386eSCy Schubert
958e0c4386eSCy Schubert #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
959e0c4386eSCy Schubert static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
960e0c4386eSCy Schubert { \
961e0c4386eSCy Schubert return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
962e0c4386eSCy Schubert } \
963e0c4386eSCy Schubert static int test_public_##KEYTYPE##_via_MSBLOB(void) \
964e0c4386eSCy Schubert { \
965e0c4386eSCy Schubert return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
966e0c4386eSCy Schubert }
967e0c4386eSCy Schubert
968e0c4386eSCy Schubert #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
969e0c4386eSCy Schubert ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
970e0c4386eSCy Schubert ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
971e0c4386eSCy Schubert
972e0c4386eSCy Schubert #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
973e0c4386eSCy Schubert static int test_unprotected_##KEYTYPE##_via_PVK(void) \
974e0c4386eSCy Schubert { \
975e0c4386eSCy Schubert return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
976e0c4386eSCy Schubert }
977e0c4386eSCy Schubert # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
978e0c4386eSCy Schubert ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
979e0c4386eSCy Schubert #ifndef OPENSSL_NO_RC4
980e0c4386eSCy Schubert # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
981e0c4386eSCy Schubert static int test_protected_##KEYTYPE##_via_PVK(void) \
982e0c4386eSCy Schubert { \
983e0c4386eSCy Schubert return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
984e0c4386eSCy Schubert }
985e0c4386eSCy Schubert # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \
986e0c4386eSCy Schubert ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
987e0c4386eSCy Schubert #endif
988e0c4386eSCy Schubert
989e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
990e0c4386eSCy Schubert DOMAIN_KEYS(DH);
991e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(DH, "DH", 1)
992e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
993e0c4386eSCy Schubert DOMAIN_KEYS(DHX);
994e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
995e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
996e0c4386eSCy Schubert /*
997e0c4386eSCy Schubert * DH has no support for PEM_write_bio_PrivateKey_traditional(),
998e0c4386eSCy Schubert * so no legacy tests.
999e0c4386eSCy Schubert */
1000e0c4386eSCy Schubert #endif
1001e0c4386eSCy Schubert #ifndef OPENSSL_NO_DSA
1002e0c4386eSCy Schubert DOMAIN_KEYS(DSA);
1003e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
1004e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
1005e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
1006e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
1007e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
1008e0c4386eSCy Schubert # ifndef OPENSSL_NO_RC4
1009e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
1010e0c4386eSCy Schubert # endif
1011e0c4386eSCy Schubert #endif
1012e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1013e0c4386eSCy Schubert DOMAIN_KEYS(EC);
1014e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(EC, "EC", 1)
1015e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
1016e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
1017e0c4386eSCy Schubert DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1018e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
1019e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
1020e0c4386eSCy Schubert DOMAIN_KEYS(ECExplicitPrime2G);
1021e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
1022e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
1023e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1024e0c4386eSCy Schubert DOMAIN_KEYS(ECExplicitTriNamedCurve);
1025e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
1026e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
1027e0c4386eSCy Schubert DOMAIN_KEYS(ECExplicitTri2G);
1028e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
1029e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1030e0c4386eSCy Schubert # endif
1031*a7148ab3SEnji Cooper # ifndef OPENSSL_NO_SM2
1032*a7148ab3SEnji Cooper KEYS(SM2);
1033*a7148ab3SEnji Cooper IMPLEMENT_TEST_SUITE(SM2, "SM2", 0)
1034*a7148ab3SEnji Cooper # endif
1035e0c4386eSCy Schubert KEYS(ED25519);
1036e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
1037e0c4386eSCy Schubert KEYS(ED448);
1038e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
1039e0c4386eSCy Schubert KEYS(X25519);
1040e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
1041e0c4386eSCy Schubert KEYS(X448);
1042e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(X448, "X448", 1)
1043e0c4386eSCy Schubert /*
1044e0c4386eSCy Schubert * ED25519, ED448, X25519 and X448 have no support for
1045e0c4386eSCy Schubert * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1046e0c4386eSCy Schubert */
1047e0c4386eSCy Schubert #endif
1048e0c4386eSCy Schubert KEYS(RSA);
1049e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
1050e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1051e0c4386eSCy Schubert KEYS(RSA_PSS);
1052e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
1053e0c4386eSCy Schubert /*
1054e0c4386eSCy Schubert * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1055e0c4386eSCy Schubert * so no legacy tests.
1056e0c4386eSCy Schubert */
1057e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
1058e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
1059e0c4386eSCy Schubert #ifndef OPENSSL_NO_RC4
1060e0c4386eSCy Schubert IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1061e0c4386eSCy Schubert #endif
1062e0c4386eSCy Schubert
1063e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1064e0c4386eSCy Schubert /* Explicit parameters that match a named curve */
do_create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1065e0c4386eSCy Schubert static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1066e0c4386eSCy Schubert const unsigned char *gen,
1067e0c4386eSCy Schubert size_t gen_len)
1068e0c4386eSCy Schubert {
1069e0c4386eSCy Schubert BIGNUM *a, *b, *prime, *order;
1070e0c4386eSCy Schubert
1071e0c4386eSCy Schubert /* Curve prime256v1 */
1072e0c4386eSCy Schubert static const unsigned char prime_data[] = {
1073e0c4386eSCy Schubert 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1074e0c4386eSCy Schubert 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1075e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1076e0c4386eSCy Schubert 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1077e0c4386eSCy Schubert 0xff
1078e0c4386eSCy Schubert };
1079e0c4386eSCy Schubert static const unsigned char a_data[] = {
1080e0c4386eSCy Schubert 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1081e0c4386eSCy Schubert 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1082e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1083e0c4386eSCy Schubert 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1084e0c4386eSCy Schubert 0xfc
1085e0c4386eSCy Schubert };
1086e0c4386eSCy Schubert static const unsigned char b_data[] = {
1087e0c4386eSCy Schubert 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1088e0c4386eSCy Schubert 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1089e0c4386eSCy Schubert 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1090e0c4386eSCy Schubert 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1091e0c4386eSCy Schubert };
1092e0c4386eSCy Schubert static const unsigned char seed[] = {
1093e0c4386eSCy Schubert 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1094e0c4386eSCy Schubert 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1095e0c4386eSCy Schubert 0x81, 0x9f, 0x7e, 0x90
1096e0c4386eSCy Schubert };
1097e0c4386eSCy Schubert static const unsigned char order_data[] = {
1098e0c4386eSCy Schubert 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1099e0c4386eSCy Schubert 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1100e0c4386eSCy Schubert 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1101e0c4386eSCy Schubert 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1102e0c4386eSCy Schubert };
1103e0c4386eSCy Schubert return TEST_ptr(a = BN_CTX_get(bnctx))
1104e0c4386eSCy Schubert && TEST_ptr(b = BN_CTX_get(bnctx))
1105e0c4386eSCy Schubert && TEST_ptr(prime = BN_CTX_get(bnctx))
1106e0c4386eSCy Schubert && TEST_ptr(order = BN_CTX_get(bnctx))
1107e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1108e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1109e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1110e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1111e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1112e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1113e0c4386eSCy Schubert 0))
1114e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1115e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1116e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1117e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1118e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_ORDER, order))
1119e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1120e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1121e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1122e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1123e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1124e0c4386eSCy Schubert BN_value_one()));
1125e0c4386eSCy Schubert }
1126e0c4386eSCy Schubert
create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD * bld)1127e0c4386eSCy Schubert static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1128e0c4386eSCy Schubert {
1129e0c4386eSCy Schubert static const unsigned char prime256v1_gen[] = {
1130e0c4386eSCy Schubert 0x04,
1131e0c4386eSCy Schubert 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1132e0c4386eSCy Schubert 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1133e0c4386eSCy Schubert 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1134e0c4386eSCy Schubert 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1135e0c4386eSCy Schubert 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1136e0c4386eSCy Schubert 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1137e0c4386eSCy Schubert 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1138e0c4386eSCy Schubert 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1139e0c4386eSCy Schubert };
1140e0c4386eSCy Schubert return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1141e0c4386eSCy Schubert sizeof(prime256v1_gen));
1142e0c4386eSCy Schubert }
1143e0c4386eSCy Schubert
create_ec_explicit_prime_params(OSSL_PARAM_BLD * bld)1144e0c4386eSCy Schubert static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1145e0c4386eSCy Schubert {
1146e0c4386eSCy Schubert /* 2G */
1147e0c4386eSCy Schubert static const unsigned char prime256v1_gen2[] = {
1148e0c4386eSCy Schubert 0x04,
1149e0c4386eSCy Schubert 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1150e0c4386eSCy Schubert 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1151e0c4386eSCy Schubert 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1152e0c4386eSCy Schubert 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1153e0c4386eSCy Schubert 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1154e0c4386eSCy Schubert 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1155e0c4386eSCy Schubert 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1156e0c4386eSCy Schubert 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1157e0c4386eSCy Schubert };
1158e0c4386eSCy Schubert return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1159e0c4386eSCy Schubert sizeof(prime256v1_gen2));
1160e0c4386eSCy Schubert }
1161e0c4386eSCy Schubert
1162e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld,const unsigned char * gen,size_t gen_len)1163e0c4386eSCy Schubert static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1164e0c4386eSCy Schubert const unsigned char *gen,
1165e0c4386eSCy Schubert size_t gen_len)
1166e0c4386eSCy Schubert {
1167e0c4386eSCy Schubert BIGNUM *a, *b, *poly, *order, *cofactor;
1168e0c4386eSCy Schubert /* sect233k1 characteristic-two-field tpBasis */
1169e0c4386eSCy Schubert static const unsigned char poly_data[] = {
1170e0c4386eSCy Schubert 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1171e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1172e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1173e0c4386eSCy Schubert };
1174e0c4386eSCy Schubert static const unsigned char a_data[] = {
1175e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1176e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1177e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1178e0c4386eSCy Schubert };
1179e0c4386eSCy Schubert static const unsigned char b_data[] = {
1180e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1181e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1182e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1183e0c4386eSCy Schubert };
1184e0c4386eSCy Schubert static const unsigned char order_data[] = {
1185e0c4386eSCy Schubert 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1186e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1187e0c4386eSCy Schubert 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1188e0c4386eSCy Schubert };
1189e0c4386eSCy Schubert static const unsigned char cofactor_data[]= {
1190e0c4386eSCy Schubert 0x4
1191e0c4386eSCy Schubert };
1192e0c4386eSCy Schubert return TEST_ptr(a = BN_CTX_get(bnctx))
1193e0c4386eSCy Schubert && TEST_ptr(b = BN_CTX_get(bnctx))
1194e0c4386eSCy Schubert && TEST_ptr(poly = BN_CTX_get(bnctx))
1195e0c4386eSCy Schubert && TEST_ptr(order = BN_CTX_get(bnctx))
1196e0c4386eSCy Schubert && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1197e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1198e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1199e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1200e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1201e0c4386eSCy Schubert && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1202e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1203e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1204e0c4386eSCy Schubert SN_X9_62_characteristic_two_field, 0))
1205e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1206e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1207e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1208e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1209e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_ORDER, order))
1210e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1211e0c4386eSCy Schubert OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1212e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1213e0c4386eSCy Schubert cofactor));
1214e0c4386eSCy Schubert }
1215e0c4386eSCy Schubert
create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD * bld)1216e0c4386eSCy Schubert static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1217e0c4386eSCy Schubert {
1218e0c4386eSCy Schubert static const unsigned char gen[] = {
1219e0c4386eSCy Schubert 0x04,
1220e0c4386eSCy Schubert 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1221e0c4386eSCy Schubert 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1222e0c4386eSCy Schubert 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1223e0c4386eSCy Schubert 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1224e0c4386eSCy Schubert 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1225e0c4386eSCy Schubert 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1226e0c4386eSCy Schubert };
1227e0c4386eSCy Schubert return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1228e0c4386eSCy Schubert }
1229e0c4386eSCy Schubert
create_ec_explicit_trinomial_params(OSSL_PARAM_BLD * bld)1230e0c4386eSCy Schubert static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1231e0c4386eSCy Schubert {
1232e0c4386eSCy Schubert static const unsigned char gen2[] = {
1233e0c4386eSCy Schubert 0x04,
1234e0c4386eSCy Schubert 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1235e0c4386eSCy Schubert 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1236e0c4386eSCy Schubert 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1237e0c4386eSCy Schubert 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1238e0c4386eSCy Schubert 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1239e0c4386eSCy Schubert 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1240e0c4386eSCy Schubert };
1241e0c4386eSCy Schubert return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1242e0c4386eSCy Schubert }
1243e0c4386eSCy Schubert # endif /* OPENSSL_NO_EC2M */
1244e0c4386eSCy Schubert #endif /* OPENSSL_NO_EC */
1245e0c4386eSCy Schubert
1246e0c4386eSCy Schubert typedef enum OPTION_choice {
1247e0c4386eSCy Schubert OPT_ERR = -1,
1248e0c4386eSCy Schubert OPT_EOF = 0,
1249e0c4386eSCy Schubert OPT_CONTEXT,
1250e0c4386eSCy Schubert OPT_RSA_FILE,
1251e0c4386eSCy Schubert OPT_RSA_PSS_FILE,
1252e0c4386eSCy Schubert OPT_CONFIG_FILE,
1253e0c4386eSCy Schubert OPT_PROVIDER_NAME,
1254e0c4386eSCy Schubert OPT_TEST_ENUM
1255e0c4386eSCy Schubert } OPTION_CHOICE;
1256e0c4386eSCy Schubert
test_get_options(void)1257e0c4386eSCy Schubert const OPTIONS *test_get_options(void)
1258e0c4386eSCy Schubert {
1259e0c4386eSCy Schubert static const OPTIONS options[] = {
1260e0c4386eSCy Schubert OPT_TEST_OPTIONS_DEFAULT_USAGE,
1261e0c4386eSCy Schubert { "context", OPT_CONTEXT, '-',
1262e0c4386eSCy Schubert "Explicitly use a non-default library context" },
1263e0c4386eSCy Schubert { "rsa", OPT_RSA_FILE, '<',
1264e0c4386eSCy Schubert "PEM format RSA key file to encode/decode" },
1265e0c4386eSCy Schubert { "pss", OPT_RSA_PSS_FILE, '<',
1266e0c4386eSCy Schubert "PEM format RSA-PSS key file to encode/decode" },
1267e0c4386eSCy Schubert { "config", OPT_CONFIG_FILE, '<',
1268e0c4386eSCy Schubert "The configuration file to use for the library context" },
1269e0c4386eSCy Schubert { "provider", OPT_PROVIDER_NAME, 's',
1270e0c4386eSCy Schubert "The provider to load (The default value is 'default')" },
1271e0c4386eSCy Schubert { NULL }
1272e0c4386eSCy Schubert };
1273e0c4386eSCy Schubert return options;
1274e0c4386eSCy Schubert }
1275e0c4386eSCy Schubert
setup_tests(void)1276e0c4386eSCy Schubert int setup_tests(void)
1277e0c4386eSCy Schubert {
1278e0c4386eSCy Schubert const char *rsa_file = NULL;
1279e0c4386eSCy Schubert const char *rsa_pss_file = NULL;
1280e0c4386eSCy Schubert const char *prov_name = "default";
1281e0c4386eSCy Schubert char *config_file = NULL;
1282e0c4386eSCy Schubert int ok = 1;
1283e0c4386eSCy Schubert
1284e0c4386eSCy Schubert #ifndef OPENSSL_NO_DSA
1285e0c4386eSCy Schubert static size_t qbits = 160; /* PVK only tolerates 160 Q bits */
1286e0c4386eSCy Schubert static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1287e0c4386eSCy Schubert OSSL_PARAM DSA_params[] = {
1288e0c4386eSCy Schubert OSSL_PARAM_size_t("pbits", &pbits),
1289e0c4386eSCy Schubert OSSL_PARAM_size_t("qbits", &qbits),
1290e0c4386eSCy Schubert OSSL_PARAM_END
1291e0c4386eSCy Schubert };
1292e0c4386eSCy Schubert #endif
1293e0c4386eSCy Schubert
1294e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1295e0c4386eSCy Schubert static char groupname[] = "prime256v1";
1296e0c4386eSCy Schubert OSSL_PARAM EC_params[] = {
1297e0c4386eSCy Schubert OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1298e0c4386eSCy Schubert OSSL_PARAM_END
1299e0c4386eSCy Schubert };
1300e0c4386eSCy Schubert #endif
1301e0c4386eSCy Schubert
1302e0c4386eSCy Schubert OPTION_CHOICE o;
1303e0c4386eSCy Schubert
1304e0c4386eSCy Schubert while ((o = opt_next()) != OPT_EOF) {
1305e0c4386eSCy Schubert switch (o) {
1306e0c4386eSCy Schubert case OPT_CONTEXT:
1307e0c4386eSCy Schubert default_libctx = 0;
1308e0c4386eSCy Schubert break;
1309e0c4386eSCy Schubert case OPT_PROVIDER_NAME:
1310e0c4386eSCy Schubert prov_name = opt_arg();
1311e0c4386eSCy Schubert break;
1312e0c4386eSCy Schubert case OPT_CONFIG_FILE:
1313e0c4386eSCy Schubert config_file = opt_arg();
1314e0c4386eSCy Schubert break;
1315e0c4386eSCy Schubert case OPT_RSA_FILE:
1316e0c4386eSCy Schubert rsa_file = opt_arg();
1317e0c4386eSCy Schubert break;
1318e0c4386eSCy Schubert case OPT_RSA_PSS_FILE:
1319e0c4386eSCy Schubert rsa_pss_file = opt_arg();
1320e0c4386eSCy Schubert break;
1321e0c4386eSCy Schubert case OPT_TEST_CASES:
1322e0c4386eSCy Schubert break;
1323e0c4386eSCy Schubert default:
1324e0c4386eSCy Schubert return 0;
1325e0c4386eSCy Schubert }
1326e0c4386eSCy Schubert }
1327e0c4386eSCy Schubert
1328e0c4386eSCy Schubert if (strcmp(prov_name, "fips") == 0)
1329e0c4386eSCy Schubert is_fips = 1;
1330e0c4386eSCy Schubert
1331e0c4386eSCy Schubert if (default_libctx) {
1332e0c4386eSCy Schubert if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name))
1333e0c4386eSCy Schubert return 0;
1334e0c4386eSCy Schubert } else {
1335e0c4386eSCy Schubert if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name))
1336e0c4386eSCy Schubert return 0;
1337e0c4386eSCy Schubert }
1338e0c4386eSCy Schubert
1339e0c4386eSCy Schubert /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
1340*a7148ab3SEnji Cooper is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
1341e0c4386eSCy Schubert
1342e0c4386eSCy Schubert /* Separate provider/ctx for generating the test data */
1343e0c4386eSCy Schubert if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
1344e0c4386eSCy Schubert return 0;
1345e0c4386eSCy Schubert if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default")))
1346e0c4386eSCy Schubert return 0;
1347e0c4386eSCy Schubert
1348e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1349e0c4386eSCy Schubert if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx))
1350e0c4386eSCy Schubert || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1351e0c4386eSCy Schubert || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1352e0c4386eSCy Schubert || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1353e0c4386eSCy Schubert || !create_ec_explicit_prime_params(bld_prime)
1354e0c4386eSCy Schubert || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1355e0c4386eSCy Schubert || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1356e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1357e0c4386eSCy Schubert || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1358e0c4386eSCy Schubert || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1359e0c4386eSCy Schubert || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1360e0c4386eSCy Schubert || !create_ec_explicit_trinomial_params(bld_tri)
1361e0c4386eSCy Schubert || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1362e0c4386eSCy Schubert || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1363e0c4386eSCy Schubert # endif
1364e0c4386eSCy Schubert )
1365e0c4386eSCy Schubert return 0;
1366e0c4386eSCy Schubert #endif
1367e0c4386eSCy Schubert
1368e0c4386eSCy Schubert TEST_info("Generating keys...");
1369e0c4386eSCy Schubert
1370e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
1371e0c4386eSCy Schubert TEST_info("Generating DH keys...");
1372e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1373e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1374e0c4386eSCy Schubert #endif
1375e0c4386eSCy Schubert #ifndef OPENSSL_NO_DSA
1376e0c4386eSCy Schubert TEST_info("Generating DSA keys...");
1377e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1378e0c4386eSCy Schubert #endif
1379e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1380e0c4386eSCy Schubert TEST_info("Generating EC keys...");
1381e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1382e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1383e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1384e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1385e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1386e0c4386eSCy Schubert MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1387e0c4386eSCy Schubert # endif
1388*a7148ab3SEnji Cooper # ifndef OPENSSL_NO_SM2
1389*a7148ab3SEnji Cooper MAKE_KEYS(SM2, "SM2", NULL);
1390*a7148ab3SEnji Cooper # endif
1391e0c4386eSCy Schubert MAKE_KEYS(ED25519, "ED25519", NULL);
1392e0c4386eSCy Schubert MAKE_KEYS(ED448, "ED448", NULL);
1393e0c4386eSCy Schubert MAKE_KEYS(X25519, "X25519", NULL);
1394e0c4386eSCy Schubert MAKE_KEYS(X448, "X448", NULL);
1395e0c4386eSCy Schubert #endif
1396e0c4386eSCy Schubert TEST_info("Loading RSA key...");
1397e0c4386eSCy Schubert ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
1398e0c4386eSCy Schubert TEST_info("Loading RSA_PSS key...");
1399e0c4386eSCy Schubert ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx));
1400e0c4386eSCy Schubert TEST_info("Generating keys done");
1401e0c4386eSCy Schubert
1402e0c4386eSCy Schubert if (ok) {
1403e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
1404e0c4386eSCy Schubert ADD_TEST_SUITE(DH);
1405e0c4386eSCy Schubert ADD_TEST_SUITE_PARAMS(DH);
1406e0c4386eSCy Schubert ADD_TEST_SUITE(DHX);
1407e0c4386eSCy Schubert ADD_TEST_SUITE_PARAMS(DHX);
1408e0c4386eSCy Schubert /*
1409e0c4386eSCy Schubert * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1410e0c4386eSCy Schubert * so no legacy tests.
1411e0c4386eSCy Schubert */
1412e0c4386eSCy Schubert #endif
1413e0c4386eSCy Schubert #ifndef OPENSSL_NO_DSA
1414e0c4386eSCy Schubert ADD_TEST_SUITE(DSA);
1415e0c4386eSCy Schubert ADD_TEST_SUITE_PARAMS(DSA);
1416e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(DSA);
1417e0c4386eSCy Schubert ADD_TEST_SUITE_MSBLOB(DSA);
1418e0c4386eSCy Schubert ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1419e0c4386eSCy Schubert # ifndef OPENSSL_NO_RC4
1420e0c4386eSCy Schubert ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1421e0c4386eSCy Schubert # endif
1422e0c4386eSCy Schubert #endif
1423e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1424e0c4386eSCy Schubert ADD_TEST_SUITE(EC);
1425e0c4386eSCy Schubert ADD_TEST_SUITE_PARAMS(EC);
1426e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(EC);
1427e0c4386eSCy Schubert ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1428e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1429e0c4386eSCy Schubert ADD_TEST_SUITE(ECExplicitPrime2G);
1430e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1431e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1432e0c4386eSCy Schubert ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1433e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1434e0c4386eSCy Schubert ADD_TEST_SUITE(ECExplicitTri2G);
1435e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1436e0c4386eSCy Schubert # endif
1437*a7148ab3SEnji Cooper # ifndef OPENSSL_NO_SM2
1438*a7148ab3SEnji Cooper if (!is_fips_3_0_0) {
1439*a7148ab3SEnji Cooper /* 3.0.0 FIPS provider imports explicit EC params and then fails. */
1440*a7148ab3SEnji Cooper ADD_TEST_SUITE(SM2);
1441*a7148ab3SEnji Cooper }
1442*a7148ab3SEnji Cooper # endif
1443e0c4386eSCy Schubert ADD_TEST_SUITE(ED25519);
1444e0c4386eSCy Schubert ADD_TEST_SUITE(ED448);
1445e0c4386eSCy Schubert ADD_TEST_SUITE(X25519);
1446e0c4386eSCy Schubert ADD_TEST_SUITE(X448);
1447e0c4386eSCy Schubert /*
1448e0c4386eSCy Schubert * ED25519, ED448, X25519 and X448 have no support for
1449e0c4386eSCy Schubert * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1450e0c4386eSCy Schubert */
1451e0c4386eSCy Schubert #endif
1452e0c4386eSCy Schubert ADD_TEST_SUITE(RSA);
1453e0c4386eSCy Schubert ADD_TEST_SUITE_LEGACY(RSA);
1454e0c4386eSCy Schubert ADD_TEST_SUITE(RSA_PSS);
1455e0c4386eSCy Schubert /*
1456e0c4386eSCy Schubert * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1457e0c4386eSCy Schubert * so no legacy tests.
1458e0c4386eSCy Schubert */
1459e0c4386eSCy Schubert ADD_TEST_SUITE_MSBLOB(RSA);
1460e0c4386eSCy Schubert ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1461e0c4386eSCy Schubert # ifndef OPENSSL_NO_RC4
1462e0c4386eSCy Schubert ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1463e0c4386eSCy Schubert # endif
1464e0c4386eSCy Schubert }
1465e0c4386eSCy Schubert
1466e0c4386eSCy Schubert return 1;
1467e0c4386eSCy Schubert }
1468e0c4386eSCy Schubert
cleanup_tests(void)1469e0c4386eSCy Schubert void cleanup_tests(void)
1470e0c4386eSCy Schubert {
1471e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1472e0c4386eSCy Schubert OSSL_PARAM_free(ec_explicit_prime_params_nc);
1473e0c4386eSCy Schubert OSSL_PARAM_free(ec_explicit_prime_params_explicit);
1474e0c4386eSCy Schubert OSSL_PARAM_BLD_free(bld_prime_nc);
1475e0c4386eSCy Schubert OSSL_PARAM_BLD_free(bld_prime);
1476e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1477e0c4386eSCy Schubert OSSL_PARAM_free(ec_explicit_tri_params_nc);
1478e0c4386eSCy Schubert OSSL_PARAM_free(ec_explicit_tri_params_explicit);
1479e0c4386eSCy Schubert OSSL_PARAM_BLD_free(bld_tri_nc);
1480e0c4386eSCy Schubert OSSL_PARAM_BLD_free(bld_tri);
1481e0c4386eSCy Schubert # endif
1482e0c4386eSCy Schubert BN_CTX_free(bnctx);
1483e0c4386eSCy Schubert #endif /* OPENSSL_NO_EC */
1484e0c4386eSCy Schubert
1485e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
1486e0c4386eSCy Schubert FREE_DOMAIN_KEYS(DH);
1487e0c4386eSCy Schubert FREE_DOMAIN_KEYS(DHX);
1488e0c4386eSCy Schubert #endif
1489e0c4386eSCy Schubert #ifndef OPENSSL_NO_DSA
1490e0c4386eSCy Schubert FREE_DOMAIN_KEYS(DSA);
1491e0c4386eSCy Schubert #endif
1492e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
1493e0c4386eSCy Schubert FREE_DOMAIN_KEYS(EC);
1494e0c4386eSCy Schubert FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1495e0c4386eSCy Schubert FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1496e0c4386eSCy Schubert # ifndef OPENSSL_NO_EC2M
1497e0c4386eSCy Schubert FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1498e0c4386eSCy Schubert FREE_DOMAIN_KEYS(ECExplicitTri2G);
1499e0c4386eSCy Schubert # endif
1500*a7148ab3SEnji Cooper # ifndef OPENSSL_NO_SM2
1501*a7148ab3SEnji Cooper FREE_KEYS(SM2);
1502*a7148ab3SEnji Cooper # endif
1503e0c4386eSCy Schubert FREE_KEYS(ED25519);
1504e0c4386eSCy Schubert FREE_KEYS(ED448);
1505e0c4386eSCy Schubert FREE_KEYS(X25519);
1506e0c4386eSCy Schubert FREE_KEYS(X448);
1507e0c4386eSCy Schubert #endif
1508e0c4386eSCy Schubert FREE_KEYS(RSA);
1509e0c4386eSCy Schubert FREE_KEYS(RSA_PSS);
1510e0c4386eSCy Schubert
1511e0c4386eSCy Schubert OSSL_PROVIDER_unload(nullprov);
1512e0c4386eSCy Schubert OSSL_PROVIDER_unload(deflprov);
1513e0c4386eSCy Schubert OSSL_PROVIDER_unload(keyprov);
1514e0c4386eSCy Schubert OSSL_LIB_CTX_free(testctx);
1515e0c4386eSCy Schubert OSSL_LIB_CTX_free(keyctx);
1516e0c4386eSCy Schubert }
1517