xref: /freebsd/crypto/openssl/test/evp_pkey_provided_test.c (revision 5b56413d04e608379c9a306373554a8e4d321bc0)
1 /*
2  * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h"          /* For the internal API */
20 #include "crypto/bn_dh.h"        /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
22 #include "testutil.h"
23 
24 static char *datadir = NULL;
25 
26 /*
27  * Do not change the order of the following defines unless you also
28  * update the for loop bounds used inside test_print_key_using_encoder() and
29  * test_print_key_using_encoder_public().
30  */
31 #define PRIV_TEXT    0
32 #define PRIV_PEM     1
33 #define PRIV_DER     2
34 #define PUB_TEXT     3
35 #define PUB_PEM      4
36 #define PUB_DER      5
37 
38 static void stripcr(char *buf, size_t *len)
39 {
40     size_t i;
41     char *curr, *writ;
42 
43     for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
44         if (*curr == '\r') {
45             (*len)--;
46             continue;
47         }
48         if (curr != writ)
49             *writ = *curr;
50         writ++;
51     }
52 }
53 
54 static int compare_with_file(const char *alg, int type, BIO *membio)
55 {
56     char filename[80];
57     BIO *file = NULL;
58     char buf[4096];
59     char *memdata, *fullfile = NULL;
60     const char *suffix;
61     size_t readbytes;
62     int ret = 0;
63     int len;
64     size_t slen;
65 
66     switch (type) {
67     case PRIV_TEXT:
68         suffix = "priv.txt";
69         break;
70 
71     case PRIV_PEM:
72         suffix = "priv.pem";
73         break;
74 
75     case PRIV_DER:
76         suffix = "priv.der";
77         break;
78 
79     case PUB_TEXT:
80         suffix = "pub.txt";
81         break;
82 
83     case PUB_PEM:
84         suffix = "pub.pem";
85         break;
86 
87     case PUB_DER:
88         suffix = "pub.der";
89         break;
90 
91     default:
92         TEST_error("Invalid file type");
93         goto err;
94     }
95 
96     BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97     fullfile = test_mk_file_path(datadir, filename);
98     if (!TEST_ptr(fullfile))
99         goto err;
100 
101     file = BIO_new_file(fullfile, "rb");
102     if (!TEST_ptr(file))
103         goto err;
104 
105     if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106             || !TEST_true(BIO_eof(file))
107             || !TEST_size_t_lt(readbytes, sizeof(buf)))
108         goto err;
109 
110     len = BIO_get_mem_data(membio, &memdata);
111     if (!TEST_int_gt(len, 0))
112         goto err;
113 
114     slen = len;
115     if (type != PRIV_DER && type != PUB_DER) {
116         stripcr(memdata, &slen);
117         stripcr(buf, &readbytes);
118     }
119 
120     if (!TEST_mem_eq(memdata, slen, buf, readbytes))
121         goto err;
122 
123     ret = 1;
124  err:
125     OPENSSL_free(fullfile);
126     (void)BIO_reset(membio);
127     BIO_free(file);
128     return ret;
129 }
130 
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
132 {
133     return 0;
134 }
135 
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
137 {
138     return -1;
139 }
140 
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
142 {
143     BIO *membio = BIO_new(BIO_s_mem());
144     int ret = 0;
145 
146     if (!TEST_ptr(membio))
147         goto err;
148 
149     if (/* Output Encrypted private key in PEM form */
150         !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151                                             (unsigned char *)"pass", 4,
152                                             NULL, NULL))
153         /* Output zero-length passphrase encrypted private key in PEM form */
154         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
155                                                     EVP_aes_256_cbc(),
156                                                     (const char *)~0, 0,
157                                                     NULL, NULL))
158         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
159                                                     EVP_aes_256_cbc(),
160                                                     NULL, 0, NULL, ""))
161         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
162                                                     EVP_aes_256_cbc(),
163                                                     NULL, 0, pass_cb, NULL))
164         || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
165                                                      EVP_aes_256_cbc(),
166                                                      NULL, 0, pass_cb_error,
167                                                      NULL))
168 #ifndef OPENSSL_NO_DES
169         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171             (const char *)~0, 0, NULL, NULL))
172         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
174             NULL, ""))
175         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
177             pass_cb, NULL))
178         || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180             pass_cb_error, NULL))
181 #endif
182         /* Private key in text form */
183         || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184         || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185         /* Public key in PEM form */
186         || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187         || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188         /* Unencrypted private key in PEM form */
189         || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190                                                NULL, NULL, 0, NULL, NULL))
191         || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
192         /* NULL key */
193         || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194                                                NULL, NULL, 0, NULL, NULL))
195         || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196                                                NULL, NULL, 0, NULL, NULL)))
197         goto err;
198 
199     ret = 1;
200  err:
201     BIO_free(membio);
202     return ret;
203 }
204 
205 static int test_print_key_type_using_encoder(const char *alg, int type,
206                                              const EVP_PKEY *pk)
207 {
208     const char *output_type, *output_structure;
209     int selection;
210     OSSL_ENCODER_CTX *ctx = NULL;
211     BIO *membio = BIO_new(BIO_s_mem());
212     int ret = 0;
213 
214     switch (type) {
215     case PRIV_TEXT:
216         output_type = "TEXT";
217         output_structure = NULL;
218         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
220         break;
221 
222     case PRIV_PEM:
223         output_type = "PEM";
224         output_structure = "PrivateKeyInfo";
225         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
227         break;
228 
229     case PRIV_DER:
230         output_type = "DER";
231         output_structure = "PrivateKeyInfo";
232         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
234         break;
235 
236     case PUB_TEXT:
237         output_type = "TEXT";
238         output_structure = NULL;
239         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
241         break;
242 
243     case PUB_PEM:
244         output_type = "PEM";
245         output_structure = "SubjectPublicKeyInfo";
246         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
248         break;
249 
250     case PUB_DER:
251         output_type = "DER";
252         output_structure = "SubjectPublicKeyInfo";
253         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
255         break;
256 
257     default:
258         TEST_error("Invalid encoding type");
259         goto err;
260     }
261 
262     if (!TEST_ptr(membio))
263         goto err;
264 
265     /* Make a context, it's valid for several prints */
266     TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267     if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
268                                                       output_type,
269                                                       output_structure,
270                                                       NULL))
271         /* Check that this operation is supported */
272         || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
273         goto err;
274 
275     /* Use no cipher.  This should give us an unencrypted PEM */
276     TEST_note("Testing with no encryption");
277     if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278         || !TEST_true(compare_with_file(alg, type, membio)))
279         goto err;
280 
281     if (type == PRIV_PEM) {
282         /* Set a passphrase to be used later */
283         if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284                                                           (unsigned char *)"pass",
285                                                           4)))
286             goto err;
287 
288         /* Use a valid cipher name */
289         TEST_note("Displaying PEM encrypted with AES-256-CBC");
290         if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291             || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
292             goto err;
293 
294         /* Use an invalid cipher name, which should generate no output */
295         TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296         if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297             || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
298             goto err;
299 
300         /* Clear the cipher.  This should give us an unencrypted PEM again */
301         TEST_note("Testing with encryption cleared (no encryption)");
302         if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303             || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304             || !TEST_true(compare_with_file(alg, type, membio)))
305             goto err;
306     }
307     ret = 1;
308 err:
309     BIO_free(membio);
310     OSSL_ENCODER_CTX_free(ctx);
311     return ret;
312 }
313 
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
315 {
316     int i;
317     int ret = 1;
318 
319     for (i = PRIV_TEXT; i <= PUB_DER; i++)
320         ret = ret && test_print_key_type_using_encoder(alg, i, pk);
321 
322     return ret;
323 }
324 
325 #ifndef OPENSSL_NO_EC
326 static int test_print_key_using_encoder_public(const char *alg,
327                                                const EVP_PKEY *pk)
328 {
329     int i;
330     int ret = 1;
331 
332     for (i = PUB_TEXT; i <= PUB_DER; i++)
333         ret = ret && test_print_key_type_using_encoder(alg, i, pk);
334 
335     return ret;
336 }
337 #endif
338 
339 /* Array indexes used in test_fromdata_rsa */
340 #define N       0
341 #define E       1
342 #define D       2
343 #define P       3
344 #define Q       4
345 #define DP      5
346 #define DQ      6
347 #define QINV    7
348 
349 static int test_fromdata_rsa(void)
350 {
351     int ret = 0, i;
352     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
354     /*
355      * 32-bit RSA key, extracted from this command,
356      * executed with OpenSSL 1.0.2:
357      *
358      * openssl genrsa 32 | openssl rsa -text
359      */
360     static unsigned long key_numbers[] = {
361         0xbc747fc5,              /* N */
362         0x10001,                 /* E */
363         0x7b133399,              /* D */
364         0xe963,                  /* P */
365         0xceb7,                  /* Q */
366         0x8599,                  /* DP */
367         0xbd87,                  /* DQ */
368         0xcc3b,                  /* QINV */
369     };
370     OSSL_PARAM fromdata_params[] = {
371         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
379         OSSL_PARAM_END
380     };
381     BIGNUM *bn = BN_new();
382     BIGNUM *bn_from = BN_new();
383 
384     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
385         goto err;
386 
387     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389                                           fromdata_params), 1))
390         goto err;
391 
392     for (;;) {
393         ret = 0;
394         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396             || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
398             goto err;
399 
400         EVP_PKEY_CTX_free(key_ctx);
401         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
402             goto err;
403 
404         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
408             goto err;
409 
410         /* EVP_PKEY_copy_parameters() should fail for RSA */
411         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412             || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
413             goto err;
414         EVP_PKEY_free(copy_pk);
415         copy_pk = NULL;
416 
417         ret = test_print_key_using_pem("RSA", pk)
418               && test_print_key_using_encoder("RSA", pk);
419 
420         if (!ret || dup_pk != NULL)
421             break;
422 
423         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
424             goto err;
425         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
426         EVP_PKEY_free(pk);
427         pk = dup_pk;
428         if (!ret)
429             goto err;
430     }
431  err:
432     /* for better diagnostics always compare key params */
433     for (i = 0; fromdata_params[i].key != NULL; ++i) {
434         if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
435             || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, &bn))
436             || !TEST_BN_eq(bn, bn_from))
437             ret = 0;
438     }
439     BN_free(bn_from);
440     BN_free(bn);
441     EVP_PKEY_free(pk);
442     EVP_PKEY_free(copy_pk);
443     EVP_PKEY_CTX_free(key_ctx);
444     EVP_PKEY_CTX_free(ctx);
445 
446     return ret;
447 }
448 
449 static int test_evp_pkey_get_bn_param_large(void)
450 {
451     int ret = 0;
452     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
453     EVP_PKEY *pk = NULL;
454     OSSL_PARAM_BLD *bld = NULL;
455     OSSL_PARAM *fromdata_params = NULL;
456     BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
457     /*
458      * The buffer size chosen here for n_data larger than the buffer used
459      * internally in EVP_PKEY_get_bn_param.
460      */
461     static unsigned char n_data[2050];
462     static const unsigned char e_data[] = {
463         0x1, 0x00, 0x01
464     };
465     static const unsigned char d_data[]= {
466        0x99, 0x33, 0x13, 0x7b
467     };
468 
469     /* N is a large buffer */
470     memset(n_data, 0xCE, sizeof(n_data));
471 
472     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
473         || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
474         || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
475         || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
476         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
477         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
478         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
479         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
480         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
481         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
482         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
483                                           fromdata_params), 1)
484         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
485         || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
486         || !TEST_BN_eq(n, n_out))
487         goto err;
488     ret = 1;
489  err:
490     BN_free(n_out);
491     BN_free(n);
492     BN_free(e);
493     BN_free(d);
494     EVP_PKEY_free(pk);
495     EVP_PKEY_CTX_free(key_ctx);
496     EVP_PKEY_CTX_free(ctx);
497     OSSL_PARAM_free(fromdata_params);
498     OSSL_PARAM_BLD_free(bld);
499     return ret;
500 }
501 
502 
503 #ifndef OPENSSL_NO_DH
504 static int test_fromdata_dh_named_group(void)
505 {
506     int ret = 0;
507     int gindex = 0, pcounter = 0, hindex = 0;
508     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
509     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
510     size_t len;
511     BIGNUM *pub = NULL, *priv = NULL;
512     BIGNUM *pub_out = NULL, *priv_out = NULL;
513     BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
514     OSSL_PARAM *fromdata_params = NULL;
515     OSSL_PARAM_BLD *bld = NULL;
516     char name_out[80];
517     unsigned char seed_out[32];
518 
519     /*
520      * DH key data was generated using the following:
521      * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
522      *                 -pkeyopt priv_len:224 -text
523      */
524     static const unsigned char priv_data[] = {
525         0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
526         0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
527         0x87, 0xe8, 0xa9, 0x7b,
528     };
529     static const unsigned char pub_data[] = {
530         0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
531         0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
532         0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
533         0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
534         0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
535         0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
536         0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
537         0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
538         0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
539         0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
540         0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
541         0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
542         0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
543         0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
544         0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
545         0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
546         0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
547         0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
548         0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
549         0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
550         0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
551         0xcf, 0x33, 0x42, 0x83, 0x42
552     };
553     static const char group_name[] = "ffdhe2048";
554     static const long priv_len = 224;
555 
556     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
557         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
558         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
559         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
560                                                       OSSL_PKEY_PARAM_GROUP_NAME,
561                                                       group_name, 0))
562         || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
563                                                priv_len))
564         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
565         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
566         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
567         goto err;
568 
569     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
570         goto err;
571 
572     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
573         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
574                                           fromdata_params), 1))
575         goto err;
576 
577     /*
578      * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
579      * it behaves as expected with regards to string length and terminating
580      * NUL byte.
581      */
582     if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
583                                                   OSSL_PKEY_PARAM_GROUP_NAME,
584                                                   NULL, sizeof(name_out),
585                                                   &len))
586         || !TEST_size_t_eq(len, sizeof(group_name) - 1)
587         /* Just enough space to hold the group name and a terminating NUL */
588         || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
589                                                      OSSL_PKEY_PARAM_GROUP_NAME,
590                                                      name_out,
591                                                      sizeof(group_name),
592                                                      &len))
593         || !TEST_size_t_eq(len, sizeof(group_name) - 1)
594         /* Too small buffer to hold the terminating NUL byte */
595         || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
596                                                       OSSL_PKEY_PARAM_GROUP_NAME,
597                                                       name_out,
598                                                       sizeof(group_name) - 1,
599                                                       &len))
600         /* Too small buffer to hold the whole group name, even! */
601         || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
602                                                       OSSL_PKEY_PARAM_GROUP_NAME,
603                                                       name_out,
604                                                       sizeof(group_name) - 2,
605                                                       &len)))
606         goto err;
607 
608     for (;;) {
609         ret = 0;
610         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
611             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
612             || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
613             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
614             goto err;
615 
616         if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
617                                                       OSSL_PKEY_PARAM_GROUP_NAME,
618                                                       name_out,
619                                                       sizeof(name_out),
620                                                       &len))
621             || !TEST_str_eq(name_out, group_name)
622             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
623                                                 &pub_out))
624 
625             || !TEST_BN_eq(pub, pub_out)
626             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
627                                                 &priv_out))
628             || !TEST_BN_eq(priv, priv_out)
629             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
630             || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
631             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
632             || !TEST_ptr(q)
633             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
634             || !TEST_BN_eq(&ossl_bignum_const_2, g)
635             || !TEST_false(EVP_PKEY_get_bn_param(pk,
636                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
637                                                  &j))
638             || !TEST_ptr_null(j)
639             || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
640                                                            OSSL_PKEY_PARAM_FFC_SEED,
641                                                            seed_out,
642                                                            sizeof(seed_out),
643                                                            &len))
644             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
645                                                  &gindex))
646             || !TEST_int_eq(gindex, -1)
647             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
648                                                  &hindex))
649             || !TEST_int_eq(hindex, 0)
650             || !TEST_true(EVP_PKEY_get_int_param(pk,
651                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
652                                                  &pcounter))
653             || !TEST_int_eq(pcounter, -1))
654             goto err;
655         BN_free(p);
656         p = NULL;
657         BN_free(q);
658         q = NULL;
659         BN_free(g);
660         g = NULL;
661         BN_free(j);
662         j = NULL;
663         BN_free(pub_out);
664         pub_out = NULL;
665         BN_free(priv_out);
666         priv_out = NULL;
667 
668         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
669             goto err;
670 
671         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
672             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
673             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
674             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
675             goto err;
676         EVP_PKEY_CTX_free(key_ctx);
677         key_ctx = NULL;
678 
679         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
680             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
681             goto err;
682         EVP_PKEY_free(copy_pk);
683         copy_pk = NULL;
684 
685         ret = test_print_key_using_pem("DH", pk)
686               && test_print_key_using_encoder("DH", pk);
687 
688         if (!ret || dup_pk != NULL)
689             break;
690 
691         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
692             goto err;
693         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
694         EVP_PKEY_free(pk);
695         pk = dup_pk;
696         if (!ret)
697             goto err;
698     }
699 err:
700     BN_free(p);
701     BN_free(q);
702     BN_free(g);
703     BN_free(j);
704     BN_free(pub);
705     BN_free(priv);
706     BN_free(pub_out);
707     BN_free(priv_out);
708     EVP_PKEY_free(copy_pk);
709     EVP_PKEY_free(pk);
710     EVP_PKEY_CTX_free(ctx);
711     EVP_PKEY_CTX_free(key_ctx);
712     OSSL_PARAM_free(fromdata_params);
713     OSSL_PARAM_BLD_free(bld);
714 
715     return ret;
716 }
717 
718 static int test_fromdata_dh_fips186_4(void)
719 {
720     int ret = 0;
721     int gindex = 0, pcounter = 0, hindex = 0;
722     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
723     EVP_PKEY *pk = NULL, *dup_pk = NULL;
724     size_t len;
725     BIGNUM *pub = NULL, *priv = NULL;
726     BIGNUM *pub_out = NULL, *priv_out = NULL;
727     BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
728     OSSL_PARAM_BLD *bld = NULL;
729     OSSL_PARAM *fromdata_params = NULL;
730     char name_out[80];
731     unsigned char seed_out[32];
732 
733     /*
734      * DH key data was generated using the following:
735      * openssl genpkey -algorithm DH
736      *                 -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
737      */
738     static const unsigned char priv_data[] = {
739        0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
740        0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
741        0x87, 0xe8, 0xa9, 0x7b,
742     };
743     static const unsigned char pub_data[] = {
744        0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
745        0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
746        0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
747        0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
748        0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
749        0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
750        0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
751        0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
752        0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
753        0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
754        0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
755        0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
756        0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
757        0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
758        0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
759        0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
760        0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
761        0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
762        0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
763        0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
764        0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
765        0x33, 0x42, 0x83, 0x42
766     };
767     static const char group_name[] = "ffdhe2048";
768     static const long priv_len = 224;
769 
770 
771     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
772         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
773         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
774         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
775                                                       OSSL_PKEY_PARAM_GROUP_NAME,
776                                                       group_name, 0))
777         || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
778                                                priv_len))
779         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
780         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
781         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
782         goto err;
783 
784     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
785         goto err;
786 
787     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
788         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
789                                           fromdata_params), 1))
790         goto err;
791 
792     for (;;) {
793         ret = 0;
794         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
795             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
796             || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
797             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
798             goto err;
799 
800         if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
801                                                       OSSL_PKEY_PARAM_GROUP_NAME,
802                                                       name_out,
803                                                       sizeof(name_out),
804                                                       &len))
805             || !TEST_str_eq(name_out, group_name)
806             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
807                                                 &pub_out))
808             || !TEST_BN_eq(pub, pub_out)
809             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
810                                                 &priv_out))
811             || !TEST_BN_eq(priv, priv_out)
812             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
813             || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
814             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
815             || !TEST_ptr(q)
816             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
817             || !TEST_BN_eq(&ossl_bignum_const_2, g)
818             || !TEST_false(EVP_PKEY_get_bn_param(pk,
819                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
820                                                  &j))
821             || !TEST_ptr_null(j)
822             || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
823                                                            OSSL_PKEY_PARAM_FFC_SEED,
824                                                            seed_out,
825                                                            sizeof(seed_out),
826                                                            &len))
827             || !TEST_true(EVP_PKEY_get_int_param(pk,
828                                                  OSSL_PKEY_PARAM_FFC_GINDEX,
829                                                  &gindex))
830             || !TEST_int_eq(gindex, -1)
831             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
832                                                  &hindex))
833             || !TEST_int_eq(hindex, 0)
834             || !TEST_true(EVP_PKEY_get_int_param(pk,
835                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
836                                                  &pcounter))
837             || !TEST_int_eq(pcounter, -1))
838             goto err;
839         BN_free(p);
840         p = NULL;
841         BN_free(q);
842         q = NULL;
843         BN_free(g);
844         g = NULL;
845         BN_free(j);
846         j = NULL;
847         BN_free(pub_out);
848         pub_out = NULL;
849         BN_free(priv_out);
850         priv_out = NULL;
851 
852         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
853             goto err;
854 
855         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
856             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
857             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
858             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
859             goto err;
860         EVP_PKEY_CTX_free(key_ctx);
861         key_ctx = NULL;
862 
863         ret = test_print_key_using_pem("DH", pk)
864               && test_print_key_using_encoder("DH", pk);
865 
866         if (!ret || dup_pk != NULL)
867             break;
868 
869         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
870             goto err;
871         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
872         EVP_PKEY_free(pk);
873         pk = dup_pk;
874         if (!ret)
875             goto err;
876     }
877 err:
878     BN_free(p);
879     BN_free(q);
880     BN_free(g);
881     BN_free(j);
882     BN_free(pub);
883     BN_free(priv);
884     BN_free(pub_out);
885     BN_free(priv_out);
886     EVP_PKEY_free(pk);
887     EVP_PKEY_CTX_free(ctx);
888     EVP_PKEY_CTX_free(key_ctx);
889     OSSL_PARAM_free(fromdata_params);
890     OSSL_PARAM_BLD_free(bld);
891 
892     return ret;
893 }
894 
895 #endif
896 
897 
898 
899 #ifndef OPENSSL_NO_EC
900 /* Array indexes used in test_fromdata_ecx */
901 # define PRIV_KEY        0
902 # define PUB_KEY         1
903 
904 # define X25519_IDX      0
905 # define X448_IDX        1
906 # define ED25519_IDX     2
907 # define ED448_IDX       3
908 
909 /*
910  * tst uses indexes 0 ... (3 * 4 - 1)
911  * For the 4 ECX key types (X25519_IDX..ED448_IDX)
912  * 0..3  = public + private key.
913  * 4..7  = private key (This will generate the public key from the private key)
914  * 8..11 = public key
915  */
916 static int test_fromdata_ecx(int tst)
917 {
918     int ret = 0;
919     EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
920     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
921     const char *alg = NULL;
922     size_t len;
923     unsigned char out_pub[ED448_KEYLEN];
924     unsigned char out_priv[ED448_KEYLEN];
925     OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
926 
927     /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
928     static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
929         /* X25519: Keys from RFC 7748 6.1 */
930         {
931             /* Private Key */
932             {
933                 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
934                 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
935                 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
936                 0x2c, 0x2a
937             },
938             /* Public Key */
939             {
940                 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
941                 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
942                 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
943                 0x4e, 0x6a
944             }
945         },
946         /* X448: Keys from RFC 7748 6.2 */
947         {
948             /* Private Key */
949             {
950                 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
951                 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
952                 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
953                 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
954                 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
955                 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
956             },
957             /* Public Key */
958             {
959                 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
960                 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
961                 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
962                 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
963                 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
964                 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
965             }
966         },
967         /* ED25519: Keys from RFC 8032 */
968         {
969             /* Private Key */
970             {
971                 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
972                 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
973                 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
974                 0x7f, 0x60
975             },
976             /* Public Key */
977             {
978                 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
979                 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
980                 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
981                 0x51, 0x1a
982             }
983         },
984         /* ED448: Keys from RFC 8032 */
985         {
986             /* Private Key */
987             {
988                 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
989                 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
990                 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
991                 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
992                 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
993                 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
994             },
995             /* Public Key */
996             {
997                 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
998                 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
999                 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1000                 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1001                 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1002                 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1003             }
1004         }
1005     };
1006     OSSL_PARAM x25519_fromdata_params[] = {
1007         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1008                                 key_numbers[X25519_IDX][PRIV_KEY],
1009                                 X25519_KEYLEN),
1010         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1011                                 key_numbers[X25519_IDX][PUB_KEY],
1012                                 X25519_KEYLEN),
1013         OSSL_PARAM_END
1014     };
1015     OSSL_PARAM x448_fromdata_params[] = {
1016         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1017                                 key_numbers[X448_IDX][PRIV_KEY],
1018                                 X448_KEYLEN),
1019         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1020                                 key_numbers[X448_IDX][PUB_KEY],
1021                                 X448_KEYLEN),
1022         OSSL_PARAM_END
1023     };
1024     OSSL_PARAM ed25519_fromdata_params[] = {
1025         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1026                                 key_numbers[ED25519_IDX][PRIV_KEY],
1027                                 ED25519_KEYLEN),
1028         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1029                                 key_numbers[ED25519_IDX][PUB_KEY],
1030                                 ED25519_KEYLEN),
1031         OSSL_PARAM_END
1032     };
1033     OSSL_PARAM ed448_fromdata_params[] = {
1034         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1035                                 key_numbers[ED448_IDX][PRIV_KEY],
1036                                 ED448_KEYLEN),
1037         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1038                                 key_numbers[ED448_IDX][PUB_KEY],
1039                                 ED448_KEYLEN),
1040         OSSL_PARAM_END
1041     };
1042     OSSL_PARAM *fromdata_params = NULL;
1043     int bits = 0, security_bits = 0, size = 0;
1044     OSSL_PARAM *orig_fromdata_params = NULL;
1045 
1046     switch (tst & 3) {
1047     case X25519_IDX:
1048         fromdata_params = x25519_fromdata_params;
1049         bits = X25519_BITS;
1050         security_bits = X25519_SECURITY_BITS;
1051         size = X25519_KEYLEN;
1052         alg = "X25519";
1053         break;
1054 
1055     case X448_IDX:
1056         fromdata_params = x448_fromdata_params;
1057         bits = X448_BITS;
1058         security_bits = X448_SECURITY_BITS;
1059         size = X448_KEYLEN;
1060         alg = "X448";
1061         break;
1062 
1063     case ED25519_IDX:
1064         fromdata_params = ed25519_fromdata_params;
1065         bits = ED25519_BITS;
1066         security_bits = ED25519_SECURITY_BITS;
1067         size = ED25519_SIGSIZE;
1068         alg = "ED25519";
1069         break;
1070 
1071     case ED448_IDX:
1072         fromdata_params = ed448_fromdata_params;
1073         bits = ED448_BITS;
1074         security_bits = ED448_SECURITY_BITS;
1075         size = ED448_SIGSIZE;
1076         alg = "ED448";
1077         break;
1078     default:
1079         goto err;
1080     }
1081 
1082     ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1083     if (!TEST_ptr(ctx))
1084         goto err;
1085 
1086     orig_fromdata_params = fromdata_params;
1087     if (tst > 7) {
1088         /* public key only */
1089         fromdata_params++;
1090     } else if (tst > 3) {
1091         /* private key only */
1092         params[0] = fromdata_params[0];
1093         params[1] = fromdata_params[2];
1094         fromdata_params = params;
1095     }
1096 
1097     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1098         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1099                                           fromdata_params), 1))
1100         goto err;
1101 
1102     for (;;) {
1103         ret = 0;
1104         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1105             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1106             || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1107             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1108             goto err;
1109 
1110         if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1111             goto err;
1112         if (tst <= 7) {
1113             if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1114                 goto err;
1115             if (!TEST_true(EVP_PKEY_get_octet_string_param(
1116                                pk, orig_fromdata_params[PRIV_KEY].key,
1117                                out_priv, sizeof(out_priv), &len))
1118                 || !TEST_mem_eq(out_priv, len,
1119                                 orig_fromdata_params[PRIV_KEY].data,
1120                                 orig_fromdata_params[PRIV_KEY].data_size)
1121                 || !TEST_true(EVP_PKEY_get_octet_string_param(
1122                                   pk, orig_fromdata_params[PUB_KEY].key,
1123                                   out_pub, sizeof(out_pub), &len))
1124                 || !TEST_mem_eq(out_pub, len,
1125                                 orig_fromdata_params[PUB_KEY].data,
1126                                 orig_fromdata_params[PUB_KEY].data_size))
1127                 goto err;
1128         } else {
1129             /* The private key check should fail if there is only a public key */
1130             if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1131                 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1132                 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1133                 goto err;
1134         }
1135         EVP_PKEY_CTX_free(ctx2);
1136         ctx2 = NULL;
1137 
1138         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1139                /* This should succeed because there are no parameters to copy */
1140             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1141             goto err;
1142         if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1143                /* This should fail because copy_pk has no pubkey */
1144             || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1145             goto err;
1146         EVP_PKEY_CTX_free(ctx2);
1147         ctx2 = NULL;
1148         EVP_PKEY_free(copy_pk);
1149         copy_pk = NULL;
1150 
1151         if (tst > 7)
1152             ret = test_print_key_using_encoder_public(alg, pk);
1153         else
1154             ret = test_print_key_using_pem(alg, pk)
1155                   && test_print_key_using_encoder(alg, pk);
1156 
1157         if (!ret || dup_pk != NULL)
1158             break;
1159 
1160         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1161             goto err;
1162         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1163         EVP_PKEY_free(pk);
1164         pk = dup_pk;
1165         if (!ret)
1166             goto err;
1167     }
1168 
1169 err:
1170     EVP_PKEY_free(pk);
1171     EVP_PKEY_free(copy_pk);
1172     EVP_PKEY_CTX_free(ctx);
1173     EVP_PKEY_CTX_free(ctx2);
1174 
1175     return ret;
1176 }
1177 
1178 static int test_fromdata_ec(void)
1179 {
1180     int ret = 0;
1181     EVP_PKEY_CTX *ctx = NULL;
1182     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1183     OSSL_PARAM_BLD *bld = NULL;
1184     BIGNUM *ec_priv_bn = NULL;
1185     BIGNUM *bn_priv = NULL;
1186     OSSL_PARAM *fromdata_params = NULL;
1187     const char *alg = "EC";
1188     const char *curve = "prime256v1";
1189     const char bad_curve[] = "nonexistent-curve";
1190     OSSL_PARAM nokey_params[2] = {
1191        OSSL_PARAM_END,
1192        OSSL_PARAM_END
1193     };
1194     /* UNCOMPRESSED FORMAT */
1195     static const unsigned char ec_pub_keydata[] = {
1196        POINT_CONVERSION_UNCOMPRESSED,
1197        0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1198        0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1199        0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1200        0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1201        0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1202        0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1203        0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1204        0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1205     };
1206     /* SAME BUT COMPRESSED FORMAT */
1207     static const unsigned char ec_pub_keydata_compressed[] = {
1208        POINT_CONVERSION_COMPRESSED+1,
1209        0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1210        0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1211        0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1212        0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1213     };
1214     static const unsigned char ec_priv_keydata[] = {
1215         0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1216         0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1217         0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1218         0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1219     };
1220     unsigned char out_pub[sizeof(ec_pub_keydata)];
1221     char out_curve_name[80];
1222     const OSSL_PARAM *gettable = NULL;
1223     size_t len;
1224     EC_GROUP *group = NULL;
1225     BIGNUM *group_a = NULL;
1226     BIGNUM *group_b = NULL;
1227     BIGNUM *group_p = NULL;
1228     BIGNUM *a = NULL;
1229     BIGNUM *b = NULL;
1230     BIGNUM *p = NULL;
1231 
1232 
1233     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1234         goto err;
1235     if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1236                                          sizeof(ec_priv_keydata), NULL)))
1237         goto err;
1238 
1239     if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1240                                         curve, 0) <= 0)
1241         goto err;
1242     /*
1243      * We intentionally provide the input point in compressed format,
1244      * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1245      *
1246      * Later on we check what format is used when exporting the
1247      * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1248      * format.
1249      */
1250     if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1251                                          ec_pub_keydata_compressed,
1252                                          sizeof(ec_pub_keydata_compressed)) <= 0)
1253         goto err;
1254     if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1255         goto err;
1256     if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1257         goto err;
1258     ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1259     if (!TEST_ptr(ctx))
1260         goto err;
1261 
1262     /* try importing parameters with bad curve first */
1263     nokey_params[0] =
1264         OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1265                                          (char *)bad_curve, sizeof(bad_curve));
1266     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1267         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1268                                           nokey_params), 0)
1269         || !TEST_ptr_null(pk))
1270         goto err;
1271 
1272     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1273         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1274                                           fromdata_params), 1))
1275         goto err;
1276 
1277     for (;;) {
1278         ret = 0;
1279         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1280             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1281             || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1282             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1283             goto err;
1284 
1285         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1286             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1287             goto err;
1288         EVP_PKEY_free(copy_pk);
1289         copy_pk = NULL;
1290 
1291         if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1292             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1293                                                  OSSL_PKEY_PARAM_GROUP_NAME))
1294             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1295                                                  OSSL_PKEY_PARAM_PUB_KEY))
1296             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1297                                                  OSSL_PKEY_PARAM_PRIV_KEY)))
1298             goto err;
1299 
1300         if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1301             || !TEST_ptr(group_p = BN_new())
1302             || !TEST_ptr(group_a = BN_new())
1303             || !TEST_ptr(group_b = BN_new())
1304             || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1305             goto err;
1306 
1307         if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1308             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1309             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1310             goto err;
1311 
1312         if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1313             || !TEST_BN_eq(group_b, b))
1314             goto err;
1315 
1316         EC_GROUP_free(group);
1317         group = NULL;
1318         BN_free(group_p);
1319         group_p = NULL;
1320         BN_free(group_a);
1321         group_a = NULL;
1322         BN_free(group_b);
1323         group_b = NULL;
1324 
1325         if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1326                                             out_curve_name,
1327                                             sizeof(out_curve_name),
1328                                             &len)
1329             || !TEST_str_eq(out_curve_name, curve)
1330             || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1331                                             out_pub, sizeof(out_pub), &len)
1332 
1333             /*
1334              * Our providers use uncompressed format by default if
1335              * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1336              * explicitly set, irrespective of the format used for the
1337              * input point given as a param to create this key.
1338              */
1339             || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1340             || !TEST_mem_eq(out_pub + 1, len - 1,
1341                             ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1342 
1343             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1344                                                 &bn_priv))
1345             || !TEST_BN_eq(ec_priv_bn, bn_priv))
1346             goto err;
1347         BN_free(bn_priv);
1348         bn_priv = NULL;
1349 
1350         ret = test_print_key_using_pem(alg, pk)
1351               && test_print_key_using_encoder(alg, pk);
1352 
1353         if (!ret || dup_pk != NULL)
1354             break;
1355 
1356         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1357             goto err;
1358         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1359         EVP_PKEY_free(pk);
1360         pk = dup_pk;
1361         if (!ret)
1362             goto err;
1363     }
1364 
1365 err:
1366     EC_GROUP_free(group);
1367     BN_free(group_a);
1368     BN_free(group_b);
1369     BN_free(group_p);
1370     BN_free(a);
1371     BN_free(b);
1372     BN_free(p);
1373     BN_free(bn_priv);
1374     BN_free(ec_priv_bn);
1375     OSSL_PARAM_free(fromdata_params);
1376     OSSL_PARAM_BLD_free(bld);
1377     EVP_PKEY_free(pk);
1378     EVP_PKEY_free(copy_pk);
1379     EVP_PKEY_CTX_free(ctx);
1380     return ret;
1381 }
1382 
1383 static int test_ec_dup_no_operation(void)
1384 {
1385     int ret = 0;
1386     EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1387     EVP_PKEY *param = NULL, *pkey = NULL;
1388 
1389     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1390         || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1391         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1392                         NID_X9_62_prime256v1), 0)
1393         || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1394         || !TEST_ptr(param))
1395         goto err;
1396 
1397     EVP_PKEY_CTX_free(pctx);
1398     pctx = NULL;
1399 
1400     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1401         || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1402         || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1403         || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1404         goto err;
1405     ret = 1;
1406 err:
1407     EVP_PKEY_free(pkey);
1408     EVP_PKEY_free(param);
1409     EVP_PKEY_CTX_free(ctx);
1410     EVP_PKEY_CTX_free(kctx);
1411     EVP_PKEY_CTX_free(pctx);
1412     return ret;
1413 }
1414 
1415 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1416 static int test_ec_dup_keygen_operation(void)
1417 {
1418     int ret = 0;
1419     EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1420     EVP_PKEY *param = NULL, *pkey = NULL;
1421 
1422     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1423         || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1424         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1425                         NID_X9_62_prime256v1), 0)
1426         || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1427         || !TEST_ptr(param))
1428         goto err;
1429 
1430     EVP_PKEY_CTX_free(pctx);
1431     pctx = NULL;
1432 
1433     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1434         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1435         || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1436         goto err;
1437     ret = 1;
1438 err:
1439     EVP_PKEY_free(pkey);
1440     EVP_PKEY_free(param);
1441     EVP_PKEY_CTX_free(ctx);
1442     EVP_PKEY_CTX_free(kctx);
1443     EVP_PKEY_CTX_free(pctx);
1444     return ret;
1445 }
1446 
1447 #endif /* OPENSSL_NO_EC */
1448 
1449 #ifndef OPENSSL_NO_DSA
1450 static int test_fromdata_dsa_fips186_4(void)
1451 {
1452     int ret = 0;
1453     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1454     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1455     BIGNUM *pub = NULL, *priv = NULL;
1456     BIGNUM *p = NULL, *q = NULL, *g = NULL;
1457     BIGNUM *pub_out = NULL, *priv_out = NULL;
1458     BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1459     int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1460     char name_out[80];
1461     unsigned char seed_out[32];
1462     size_t len;
1463     OSSL_PARAM_BLD *bld = NULL;
1464     OSSL_PARAM *fromdata_params = NULL;
1465 
1466     /*
1467      * DSA parameter data was generated using the following:
1468      * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1469      *                 -pkeyopt qbits:256 -pkeyopt type:0 \
1470      *                 -pkeyopt gindex:1 -out dsa_params.pem -text
1471      */
1472     static const unsigned char p_data[] = {
1473         0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1474         0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1475         0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1476         0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1477         0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1478         0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1479         0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1480         0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1481         0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1482         0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1483         0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1484         0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1485         0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1486         0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1487         0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1488         0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1489         0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1490         0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1491         0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1492         0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1493         0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1494         0x7c, 0xfe, 0xaf, 0x6a, 0x05
1495     };
1496     static const unsigned char q_data[] = {
1497         0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1498         0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1499         0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1500     };
1501     static const unsigned char g_data[] = {
1502         0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1503         0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1504         0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1505         0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1506         0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1507         0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1508         0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1509         0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1510         0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1511         0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1512         0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1513         0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1514         0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1515         0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1516         0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1517         0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1518         0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1519         0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1520         0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1521         0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1522         0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1523         0x02, 0x6f, 0x96, 0x36
1524     };
1525     static const unsigned char seed_data[] = {
1526         0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1527         0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1528         0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1529     };
1530     const int gindex = 1;
1531     const int pcounter = 53;
1532     /*
1533      * The keypair was generated using
1534      * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1535      *                 -pkeyopt gindex:1 \
1536      *                 -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1537      */
1538     static const unsigned char priv_data[] = {
1539         0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1540         0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1541         0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1542     };
1543     static const unsigned char pub_data[] = {
1544         0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1545         0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1546         0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1547         0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1548         0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1549         0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1550         0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1551         0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1552         0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1553         0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1554         0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1555         0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1556         0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1557         0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1558         0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1559         0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1560         0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1561         0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1562         0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1563         0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1564         0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1565         0x48, 0xd1, 0x8a, 0xbd
1566     };
1567 
1568     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1569         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1570         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1571         || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1572         || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1573         || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1574 
1575         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1576         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1577         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1578         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1579                                                        OSSL_PKEY_PARAM_FFC_SEED,
1580                                                        seed_data,
1581                                                        sizeof(seed_data)))
1582         || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1583                                               gindex))
1584         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1585                                               OSSL_PKEY_PARAM_FFC_PCOUNTER,
1586                                               pcounter))
1587         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1588                                              pub))
1589         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1590                                              priv))
1591         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1592         goto err;
1593 
1594     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1595         goto err;
1596 
1597     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1598         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1599                                           fromdata_params), 1))
1600         goto err;
1601 
1602     for (;;) {
1603         ret = 0;
1604         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1605             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1606             || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
1607             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1608             goto err;
1609 
1610         if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1611                                                        OSSL_PKEY_PARAM_GROUP_NAME,
1612                                                        name_out,
1613                                                        sizeof(name_out),
1614                                                        &len))
1615             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1616                                                 &pub_out))
1617             || !TEST_BN_eq(pub, pub_out)
1618             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1619                                                 &priv_out))
1620             || !TEST_BN_eq(priv, priv_out)
1621             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
1622                                                 &p_out))
1623             || !TEST_BN_eq(p, p_out)
1624             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
1625                                                 &q_out))
1626             || !TEST_BN_eq(q, q_out)
1627             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
1628                                                 &g_out))
1629             || !TEST_BN_eq(g, g_out)
1630             || !TEST_false(EVP_PKEY_get_bn_param(pk,
1631                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
1632                                                  &j_out))
1633             || !TEST_ptr_null(j_out)
1634             || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
1635                                                           OSSL_PKEY_PARAM_FFC_SEED,
1636                                                           seed_out,
1637                                                           sizeof(seed_out),
1638                                                           &len))
1639             || !TEST_true(EVP_PKEY_get_int_param(pk,
1640                                                  OSSL_PKEY_PARAM_FFC_GINDEX,
1641                                                  &gindex_out))
1642             || !TEST_int_eq(gindex, gindex_out)
1643             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1644                                                  &hindex_out))
1645             || !TEST_int_eq(hindex_out, 0)
1646             || !TEST_true(EVP_PKEY_get_int_param(pk,
1647                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
1648                                                  &pcounter_out))
1649             || !TEST_int_eq(pcounter, pcounter_out))
1650             goto err;
1651         BN_free(p_out);
1652         p_out = NULL;
1653         BN_free(q_out);
1654         q_out = NULL;
1655         BN_free(g_out);
1656         g_out = NULL;
1657         BN_free(j_out);
1658         j_out = NULL;
1659         BN_free(pub_out);
1660         pub_out = NULL;
1661         BN_free(priv_out);
1662         priv_out = NULL;
1663 
1664         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1665             goto err;
1666 
1667         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1668             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1669             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1670             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1671             goto err;
1672         EVP_PKEY_CTX_free(key_ctx);
1673         key_ctx = NULL;
1674 
1675         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1676             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1677             goto err;
1678         EVP_PKEY_free(copy_pk);
1679         copy_pk = NULL;
1680 
1681         ret = test_print_key_using_pem("DSA", pk)
1682               && test_print_key_using_encoder("DSA", pk);
1683 
1684         if (!ret || dup_pk != NULL)
1685             break;
1686 
1687         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1688             goto err;
1689         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1690         EVP_PKEY_free(pk);
1691         pk = dup_pk;
1692         if (!ret)
1693             goto err;
1694     }
1695 
1696  err:
1697     OSSL_PARAM_free(fromdata_params);
1698     OSSL_PARAM_BLD_free(bld);
1699     BN_free(p);
1700     BN_free(q);
1701     BN_free(g);
1702     BN_free(pub);
1703     BN_free(priv);
1704     BN_free(p_out);
1705     BN_free(q_out);
1706     BN_free(g_out);
1707     BN_free(pub_out);
1708     BN_free(priv_out);
1709     BN_free(j_out);
1710     EVP_PKEY_free(pk);
1711     EVP_PKEY_free(copy_pk);
1712     EVP_PKEY_CTX_free(ctx);
1713     EVP_PKEY_CTX_free(key_ctx);
1714 
1715     return ret;
1716 }
1717 
1718 static int test_check_dsa(void)
1719 {
1720     int ret = 0;
1721     EVP_PKEY_CTX *ctx = NULL;
1722 
1723     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
1724         || !TEST_int_le(EVP_PKEY_check(ctx), 0)
1725         || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
1726         || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
1727         || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
1728        goto err;
1729 
1730     ret = 1;
1731  err:
1732     EVP_PKEY_CTX_free(ctx);
1733 
1734     return ret;
1735 }
1736 #endif /* OPENSSL_NO_DSA */
1737 
1738 
1739 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
1740                                             size_t keylen, char *salt)
1741 {
1742     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
1743     OSSL_PARAM *p = params;
1744 
1745     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
1746     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
1747                                              salt, strlen(salt));
1748     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
1749                                              (unsigned char *)key, keylen);
1750     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
1751                                             "EXTRACT_ONLY", 0);
1752     *p = OSSL_PARAM_construct_end();
1753 
1754     return params;
1755 }
1756 
1757 /* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */
1758 static int test_evp_pkey_ctx_dup_kdf_fail(void)
1759 {
1760     int ret = 0;
1761     size_t len = 0;
1762     EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
1763     OSSL_PARAM *params = NULL;
1764 
1765     if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
1766                                                     "salt")))
1767         goto err;
1768     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
1769         goto err;
1770     if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
1771         goto err;
1772     if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
1773         || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH))
1774         goto err;
1775     if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx)))
1776         goto err;
1777     ret = 1;
1778 err:
1779     OPENSSL_free(params);
1780     EVP_PKEY_CTX_free(dctx);
1781     EVP_PKEY_CTX_free(pctx);
1782     return ret;
1783 }
1784 
1785 int setup_tests(void)
1786 {
1787     if (!test_skip_common_options()) {
1788         TEST_error("Error parsing test options\n");
1789         return 0;
1790     }
1791 
1792     if (!TEST_ptr(datadir = test_get_argument(0)))
1793         return 0;
1794 
1795     ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail);
1796     ADD_TEST(test_evp_pkey_get_bn_param_large);
1797     ADD_TEST(test_fromdata_rsa);
1798 #ifndef OPENSSL_NO_DH
1799     ADD_TEST(test_fromdata_dh_fips186_4);
1800     ADD_TEST(test_fromdata_dh_named_group);
1801 #endif
1802 #ifndef OPENSSL_NO_DSA
1803     ADD_TEST(test_check_dsa);
1804     ADD_TEST(test_fromdata_dsa_fips186_4);
1805 #endif
1806 #ifndef OPENSSL_NO_EC
1807     ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
1808     ADD_TEST(test_fromdata_ec);
1809     ADD_TEST(test_ec_dup_no_operation);
1810     ADD_TEST(test_ec_dup_keygen_operation);
1811 #endif
1812     return 1;
1813 }
1814