xref: /freebsd/crypto/openssl/test/evp_pkey_provided_test.c (revision e1e636193db45630c7881246d25902e57c43d24e)
1 /*
2  * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h"          /* For the internal API */
20 #include "crypto/bn_dh.h"        /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
22 #include "testutil.h"
23 
24 static char *datadir = NULL;
25 
26 /*
27  * Do not change the order of the following defines unless you also
28  * update the for loop bounds used inside test_print_key_using_encoder() and
29  * test_print_key_using_encoder_public().
30  */
31 #define PRIV_TEXT    0
32 #define PRIV_PEM     1
33 #define PRIV_DER     2
34 #define PUB_TEXT     3
35 #define PUB_PEM      4
36 #define PUB_DER      5
37 
38 static void stripcr(char *buf, size_t *len)
39 {
40     size_t i;
41     char *curr, *writ;
42 
43     for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
44         if (*curr == '\r') {
45             (*len)--;
46             continue;
47         }
48         if (curr != writ)
49             *writ = *curr;
50         writ++;
51     }
52 }
53 
54 static int compare_with_file(const char *alg, int type, BIO *membio)
55 {
56     char filename[80];
57     BIO *file = NULL;
58     char buf[4096];
59     char *memdata, *fullfile = NULL;
60     const char *suffix;
61     size_t readbytes;
62     int ret = 0;
63     int len;
64     size_t slen;
65 
66     switch (type) {
67     case PRIV_TEXT:
68         suffix = "priv.txt";
69         break;
70 
71     case PRIV_PEM:
72         suffix = "priv.pem";
73         break;
74 
75     case PRIV_DER:
76         suffix = "priv.der";
77         break;
78 
79     case PUB_TEXT:
80         suffix = "pub.txt";
81         break;
82 
83     case PUB_PEM:
84         suffix = "pub.pem";
85         break;
86 
87     case PUB_DER:
88         suffix = "pub.der";
89         break;
90 
91     default:
92         TEST_error("Invalid file type");
93         goto err;
94     }
95 
96     BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97     fullfile = test_mk_file_path(datadir, filename);
98     if (!TEST_ptr(fullfile))
99         goto err;
100 
101     file = BIO_new_file(fullfile, "rb");
102     if (!TEST_ptr(file))
103         goto err;
104 
105     if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106             || !TEST_true(BIO_eof(file))
107             || !TEST_size_t_lt(readbytes, sizeof(buf)))
108         goto err;
109 
110     len = BIO_get_mem_data(membio, &memdata);
111     if (!TEST_int_gt(len, 0))
112         goto err;
113 
114     slen = len;
115     if (type != PRIV_DER && type != PUB_DER) {
116         stripcr(memdata, &slen);
117         stripcr(buf, &readbytes);
118     }
119 
120     if (!TEST_mem_eq(memdata, slen, buf, readbytes))
121         goto err;
122 
123     ret = 1;
124  err:
125     OPENSSL_free(fullfile);
126     (void)BIO_reset(membio);
127     BIO_free(file);
128     return ret;
129 }
130 
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
132 {
133     return 0;
134 }
135 
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
137 {
138     return -1;
139 }
140 
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
142 {
143     BIO *membio = BIO_new(BIO_s_mem());
144     int ret = 0;
145 
146     if (!TEST_ptr(membio))
147         goto err;
148 
149     if (/* Output Encrypted private key in PEM form */
150         !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151                                             (unsigned char *)"pass", 4,
152                                             NULL, NULL))
153         /* Output zero-length passphrase encrypted private key in PEM form */
154         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
155                                                     EVP_aes_256_cbc(),
156                                                     (const char *)~0, 0,
157                                                     NULL, NULL))
158         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
159                                                     EVP_aes_256_cbc(),
160                                                     NULL, 0, NULL, ""))
161         || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
162                                                     EVP_aes_256_cbc(),
163                                                     NULL, 0, pass_cb, NULL))
164         || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
165                                                      EVP_aes_256_cbc(),
166                                                      NULL, 0, pass_cb_error,
167                                                      NULL))
168 #ifndef OPENSSL_NO_DES
169         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171             (const char *)~0, 0, NULL, NULL))
172         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
174             NULL, ""))
175         || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
177             pass_cb, NULL))
178         || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179             bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180             pass_cb_error, NULL))
181 #endif
182         /* Private key in text form */
183         || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184         || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185         /* Public key in PEM form */
186         || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187         || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188         /* Unencrypted private key in PEM form */
189         || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190                                                NULL, NULL, 0, NULL, NULL))
191         || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
192         /* NULL key */
193         || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194                                                NULL, NULL, 0, NULL, NULL))
195         || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196                                                NULL, NULL, 0, NULL, NULL)))
197         goto err;
198 
199     ret = 1;
200  err:
201     BIO_free(membio);
202     return ret;
203 }
204 
205 static int test_print_key_type_using_encoder(const char *alg, int type,
206                                              const EVP_PKEY *pk)
207 {
208     const char *output_type, *output_structure;
209     int selection;
210     OSSL_ENCODER_CTX *ctx = NULL;
211     BIO *membio = BIO_new(BIO_s_mem());
212     int ret = 0;
213 
214     switch (type) {
215     case PRIV_TEXT:
216         output_type = "TEXT";
217         output_structure = NULL;
218         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
220         break;
221 
222     case PRIV_PEM:
223         output_type = "PEM";
224         output_structure = "PrivateKeyInfo";
225         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
227         break;
228 
229     case PRIV_DER:
230         output_type = "DER";
231         output_structure = "PrivateKeyInfo";
232         selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
234         break;
235 
236     case PUB_TEXT:
237         output_type = "TEXT";
238         output_structure = NULL;
239         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
241         break;
242 
243     case PUB_PEM:
244         output_type = "PEM";
245         output_structure = "SubjectPublicKeyInfo";
246         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
248         break;
249 
250     case PUB_DER:
251         output_type = "DER";
252         output_structure = "SubjectPublicKeyInfo";
253         selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254             | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
255         break;
256 
257     default:
258         TEST_error("Invalid encoding type");
259         goto err;
260     }
261 
262     if (!TEST_ptr(membio))
263         goto err;
264 
265     /* Make a context, it's valid for several prints */
266     TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267     if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
268                                                       output_type,
269                                                       output_structure,
270                                                       NULL))
271         /* Check that this operation is supported */
272         || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
273         goto err;
274 
275     /* Use no cipher.  This should give us an unencrypted PEM */
276     TEST_note("Testing with no encryption");
277     if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278         || !TEST_true(compare_with_file(alg, type, membio)))
279         goto err;
280 
281     if (type == PRIV_PEM) {
282         /* Set a passphrase to be used later */
283         if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284                                                           (unsigned char *)"pass",
285                                                           4)))
286             goto err;
287 
288         /* Use a valid cipher name */
289         TEST_note("Displaying PEM encrypted with AES-256-CBC");
290         if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291             || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
292             goto err;
293 
294         /* Use an invalid cipher name, which should generate no output */
295         TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296         if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297             || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
298             goto err;
299 
300         /* Clear the cipher.  This should give us an unencrypted PEM again */
301         TEST_note("Testing with encryption cleared (no encryption)");
302         if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303             || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304             || !TEST_true(compare_with_file(alg, type, membio)))
305             goto err;
306     }
307     ret = 1;
308 err:
309     BIO_free(membio);
310     OSSL_ENCODER_CTX_free(ctx);
311     return ret;
312 }
313 
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
315 {
316     int i;
317     int ret = 1;
318 
319     for (i = PRIV_TEXT; i <= PUB_DER; i++)
320         ret = ret && test_print_key_type_using_encoder(alg, i, pk);
321 
322     return ret;
323 }
324 
325 #ifndef OPENSSL_NO_EC
326 static int test_print_key_using_encoder_public(const char *alg,
327                                                const EVP_PKEY *pk)
328 {
329     int i;
330     int ret = 1;
331 
332     for (i = PUB_TEXT; i <= PUB_DER; i++)
333         ret = ret && test_print_key_type_using_encoder(alg, i, pk);
334 
335     return ret;
336 }
337 #endif
338 
339 /* Array indexes used in test_fromdata_rsa */
340 #define N       0
341 #define E       1
342 #define D       2
343 #define P       3
344 #define Q       4
345 #define DP      5
346 #define DQ      6
347 #define QINV    7
348 
349 static int test_fromdata_rsa(void)
350 {
351     int ret = 0, i;
352     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
354     /*
355      * 32-bit RSA key, extracted from this command,
356      * executed with OpenSSL 1.0.2:
357      *
358      * openssl genrsa 32 | openssl rsa -text
359      */
360     static unsigned long key_numbers[] = {
361         0xbc747fc5,              /* N */
362         0x10001,                 /* E */
363         0x7b133399,              /* D */
364         0xe963,                  /* P */
365         0xceb7,                  /* Q */
366         0x8599,                  /* DP */
367         0xbd87,                  /* DQ */
368         0xcc3b,                  /* QINV */
369     };
370     OSSL_PARAM fromdata_params[] = {
371         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
379         OSSL_PARAM_END
380     };
381     BIGNUM *bn = BN_new();
382     BIGNUM *bn_from = BN_new();
383 
384     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
385         goto err;
386 
387     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389                                           fromdata_params), 1))
390         goto err;
391 
392     while (dup_pk == NULL) {
393         ret = 0;
394         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396             || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
398             goto err;
399 
400         EVP_PKEY_CTX_free(key_ctx);
401         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
402             goto err;
403 
404         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
408             goto err;
409 
410         /* EVP_PKEY_copy_parameters() should fail for RSA */
411         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412             || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
413             goto err;
414         EVP_PKEY_free(copy_pk);
415         copy_pk = NULL;
416 
417         ret = test_print_key_using_pem("RSA", pk)
418               && test_print_key_using_encoder("RSA", pk);
419 
420         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
421             goto err;
422         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
423         EVP_PKEY_free(pk);
424         pk = dup_pk;
425         if (!ret)
426             goto err;
427     }
428  err:
429     /* for better diagnostics always compare key params */
430     for (i = 0; fromdata_params[i].key != NULL; ++i) {
431         if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
432             || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, &bn))
433             || !TEST_BN_eq(bn, bn_from))
434             ret = 0;
435     }
436     BN_free(bn_from);
437     BN_free(bn);
438     EVP_PKEY_free(pk);
439     EVP_PKEY_free(copy_pk);
440     EVP_PKEY_CTX_free(key_ctx);
441     EVP_PKEY_CTX_free(ctx);
442 
443     return ret;
444 }
445 
446 static int test_evp_pkey_get_bn_param_large(void)
447 {
448     int ret = 0;
449     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
450     EVP_PKEY *pk = NULL;
451     OSSL_PARAM_BLD *bld = NULL;
452     OSSL_PARAM *fromdata_params = NULL;
453     BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
454     /*
455      * The buffer size chosen here for n_data larger than the buffer used
456      * internally in EVP_PKEY_get_bn_param.
457      */
458     static unsigned char n_data[2050];
459     static const unsigned char e_data[] = {
460         0x1, 0x00, 0x01
461     };
462     static const unsigned char d_data[]= {
463        0x99, 0x33, 0x13, 0x7b
464     };
465 
466     /* N is a large buffer */
467     memset(n_data, 0xCE, sizeof(n_data));
468 
469     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
470         || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
471         || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
472         || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
473         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
474         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
475         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
476         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
477         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
478         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
479         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
480                                           fromdata_params), 1)
481         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
482         || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
483         || !TEST_BN_eq(n, n_out))
484         goto err;
485     ret = 1;
486  err:
487     BN_free(n_out);
488     BN_free(n);
489     BN_free(e);
490     BN_free(d);
491     EVP_PKEY_free(pk);
492     EVP_PKEY_CTX_free(key_ctx);
493     EVP_PKEY_CTX_free(ctx);
494     OSSL_PARAM_free(fromdata_params);
495     OSSL_PARAM_BLD_free(bld);
496     return ret;
497 }
498 
499 
500 #ifndef OPENSSL_NO_DH
501 static int test_fromdata_dh_named_group(void)
502 {
503     int ret = 0;
504     int gindex = 0, pcounter = 0, hindex = 0;
505     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
506     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
507     size_t len;
508     BIGNUM *pub = NULL, *priv = NULL;
509     BIGNUM *pub_out = NULL, *priv_out = NULL;
510     BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
511     OSSL_PARAM *fromdata_params = NULL;
512     OSSL_PARAM_BLD *bld = NULL;
513     char name_out[80];
514     unsigned char seed_out[32];
515 
516     /*
517      * DH key data was generated using the following:
518      * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
519      *                 -pkeyopt priv_len:224 -text
520      */
521     static const unsigned char priv_data[] = {
522         0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
523         0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
524         0x87, 0xe8, 0xa9, 0x7b,
525     };
526     static const unsigned char pub_data[] = {
527         0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
528         0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
529         0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
530         0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
531         0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
532         0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
533         0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
534         0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
535         0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
536         0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
537         0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
538         0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
539         0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
540         0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
541         0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
542         0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
543         0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
544         0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
545         0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
546         0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
547         0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
548         0xcf, 0x33, 0x42, 0x83, 0x42
549     };
550     static const char group_name[] = "ffdhe2048";
551     static const long priv_len = 224;
552 
553     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
554         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
555         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
556         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
557                                                       OSSL_PKEY_PARAM_GROUP_NAME,
558                                                       group_name, 0))
559         || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
560                                                priv_len))
561         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
562         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
563         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
564         goto err;
565 
566     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
567         goto err;
568 
569     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
570         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
571                                           fromdata_params), 1))
572         goto err;
573 
574     /*
575      * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
576      * it behaves as expected with regards to string length and terminating
577      * NUL byte.
578      */
579     if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
580                                                   OSSL_PKEY_PARAM_GROUP_NAME,
581                                                   NULL, sizeof(name_out),
582                                                   &len))
583         || !TEST_size_t_eq(len, sizeof(group_name) - 1)
584         /* Just enough space to hold the group name and a terminating NUL */
585         || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
586                                                      OSSL_PKEY_PARAM_GROUP_NAME,
587                                                      name_out,
588                                                      sizeof(group_name),
589                                                      &len))
590         || !TEST_size_t_eq(len, sizeof(group_name) - 1)
591         /* Too small buffer to hold the terminating NUL byte */
592         || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
593                                                       OSSL_PKEY_PARAM_GROUP_NAME,
594                                                       name_out,
595                                                       sizeof(group_name) - 1,
596                                                       &len))
597         /* Too small buffer to hold the whole group name, even! */
598         || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
599                                                       OSSL_PKEY_PARAM_GROUP_NAME,
600                                                       name_out,
601                                                       sizeof(group_name) - 2,
602                                                       &len)))
603         goto err;
604 
605     while (dup_pk == NULL) {
606         ret = 0;
607         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
608             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
609             || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
610             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
611             goto err;
612 
613         if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
614                                                       OSSL_PKEY_PARAM_GROUP_NAME,
615                                                       name_out,
616                                                       sizeof(name_out),
617                                                       &len))
618             || !TEST_str_eq(name_out, group_name)
619             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
620                                                 &pub_out))
621 
622             || !TEST_BN_eq(pub, pub_out)
623             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
624                                                 &priv_out))
625             || !TEST_BN_eq(priv, priv_out)
626             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
627             || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
628             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
629             || !TEST_ptr(q)
630             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
631             || !TEST_BN_eq(&ossl_bignum_const_2, g)
632             || !TEST_false(EVP_PKEY_get_bn_param(pk,
633                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
634                                                  &j))
635             || !TEST_ptr_null(j)
636             || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
637                                                            OSSL_PKEY_PARAM_FFC_SEED,
638                                                            seed_out,
639                                                            sizeof(seed_out),
640                                                            &len))
641             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
642                                                  &gindex))
643             || !TEST_int_eq(gindex, -1)
644             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
645                                                  &hindex))
646             || !TEST_int_eq(hindex, 0)
647             || !TEST_true(EVP_PKEY_get_int_param(pk,
648                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
649                                                  &pcounter))
650             || !TEST_int_eq(pcounter, -1))
651             goto err;
652         BN_free(p);
653         p = NULL;
654         BN_free(q);
655         q = NULL;
656         BN_free(g);
657         g = NULL;
658         BN_free(j);
659         j = NULL;
660         BN_free(pub_out);
661         pub_out = NULL;
662         BN_free(priv_out);
663         priv_out = NULL;
664 
665         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
666             goto err;
667 
668         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
669             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
670             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
671             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
672             goto err;
673         EVP_PKEY_CTX_free(key_ctx);
674         key_ctx = NULL;
675 
676         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
677             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
678             goto err;
679         EVP_PKEY_free(copy_pk);
680         copy_pk = NULL;
681 
682         ret = test_print_key_using_pem("DH", pk)
683               && test_print_key_using_encoder("DH", pk);
684 
685         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
686             goto err;
687         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
688         EVP_PKEY_free(pk);
689         pk = dup_pk;
690         if (!ret)
691             goto err;
692     }
693 err:
694     BN_free(p);
695     BN_free(q);
696     BN_free(g);
697     BN_free(j);
698     BN_free(pub);
699     BN_free(priv);
700     BN_free(pub_out);
701     BN_free(priv_out);
702     EVP_PKEY_free(copy_pk);
703     EVP_PKEY_free(pk);
704     EVP_PKEY_CTX_free(ctx);
705     EVP_PKEY_CTX_free(key_ctx);
706     OSSL_PARAM_free(fromdata_params);
707     OSSL_PARAM_BLD_free(bld);
708 
709     return ret;
710 }
711 
712 static int test_fromdata_dh_fips186_4(void)
713 {
714     int ret = 0;
715     int gindex = 0, pcounter = 0, hindex = 0;
716     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
717     EVP_PKEY *pk = NULL, *dup_pk = NULL;
718     size_t len;
719     BIGNUM *pub = NULL, *priv = NULL;
720     BIGNUM *pub_out = NULL, *priv_out = NULL;
721     BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
722     OSSL_PARAM_BLD *bld = NULL;
723     OSSL_PARAM *fromdata_params = NULL;
724     char name_out[80];
725     unsigned char seed_out[32];
726 
727     /*
728      * DH key data was generated using the following:
729      * openssl genpkey -algorithm DH
730      *                 -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
731      */
732     static const unsigned char priv_data[] = {
733        0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
734        0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
735        0x87, 0xe8, 0xa9, 0x7b,
736     };
737     static const unsigned char pub_data[] = {
738        0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
739        0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
740        0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
741        0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
742        0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
743        0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
744        0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
745        0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
746        0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
747        0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
748        0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
749        0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
750        0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
751        0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
752        0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
753        0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
754        0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
755        0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
756        0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
757        0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
758        0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
759        0x33, 0x42, 0x83, 0x42
760     };
761     static const char group_name[] = "ffdhe2048";
762     static const long priv_len = 224;
763 
764 
765     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
766         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
767         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
768         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
769                                                       OSSL_PKEY_PARAM_GROUP_NAME,
770                                                       group_name, 0))
771         || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
772                                                priv_len))
773         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
774         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
775         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
776         goto err;
777 
778     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
779         goto err;
780 
781     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
782         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
783                                           fromdata_params), 1))
784         goto err;
785 
786     while (dup_pk == NULL) {
787         ret = 0;
788         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
789             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
790             || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
791             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
792             goto err;
793 
794         if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
795                                                       OSSL_PKEY_PARAM_GROUP_NAME,
796                                                       name_out,
797                                                       sizeof(name_out),
798                                                       &len))
799             || !TEST_str_eq(name_out, group_name)
800             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
801                                                 &pub_out))
802             || !TEST_BN_eq(pub, pub_out)
803             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
804                                                 &priv_out))
805             || !TEST_BN_eq(priv, priv_out)
806             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
807             || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
808             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
809             || !TEST_ptr(q)
810             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
811             || !TEST_BN_eq(&ossl_bignum_const_2, g)
812             || !TEST_false(EVP_PKEY_get_bn_param(pk,
813                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
814                                                  &j))
815             || !TEST_ptr_null(j)
816             || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
817                                                            OSSL_PKEY_PARAM_FFC_SEED,
818                                                            seed_out,
819                                                            sizeof(seed_out),
820                                                            &len))
821             || !TEST_true(EVP_PKEY_get_int_param(pk,
822                                                  OSSL_PKEY_PARAM_FFC_GINDEX,
823                                                  &gindex))
824             || !TEST_int_eq(gindex, -1)
825             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
826                                                  &hindex))
827             || !TEST_int_eq(hindex, 0)
828             || !TEST_true(EVP_PKEY_get_int_param(pk,
829                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
830                                                  &pcounter))
831             || !TEST_int_eq(pcounter, -1))
832             goto err;
833         BN_free(p);
834         p = NULL;
835         BN_free(q);
836         q = NULL;
837         BN_free(g);
838         g = NULL;
839         BN_free(j);
840         j = NULL;
841         BN_free(pub_out);
842         pub_out = NULL;
843         BN_free(priv_out);
844         priv_out = NULL;
845 
846         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
847             goto err;
848 
849         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
850             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
851             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
852             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
853             goto err;
854         EVP_PKEY_CTX_free(key_ctx);
855         key_ctx = NULL;
856 
857         ret = test_print_key_using_pem("DH", pk)
858               && test_print_key_using_encoder("DH", pk);
859 
860         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
861             goto err;
862         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
863         EVP_PKEY_free(pk);
864         pk = dup_pk;
865         if (!ret)
866             goto err;
867     }
868 err:
869     BN_free(p);
870     BN_free(q);
871     BN_free(g);
872     BN_free(j);
873     BN_free(pub);
874     BN_free(priv);
875     BN_free(pub_out);
876     BN_free(priv_out);
877     EVP_PKEY_free(pk);
878     EVP_PKEY_CTX_free(ctx);
879     EVP_PKEY_CTX_free(key_ctx);
880     OSSL_PARAM_free(fromdata_params);
881     OSSL_PARAM_BLD_free(bld);
882 
883     return ret;
884 }
885 
886 #endif
887 
888 
889 
890 #ifndef OPENSSL_NO_EC
891 /* Array indexes used in test_fromdata_ecx */
892 # define PRIV_KEY        0
893 # define PUB_KEY         1
894 
895 # define X25519_IDX      0
896 # define X448_IDX        1
897 # define ED25519_IDX     2
898 # define ED448_IDX       3
899 
900 /*
901  * tst uses indexes 0 ... (3 * 4 - 1)
902  * For the 4 ECX key types (X25519_IDX..ED448_IDX)
903  * 0..3  = public + private key.
904  * 4..7  = private key (This will generate the public key from the private key)
905  * 8..11 = public key
906  */
907 static int test_fromdata_ecx(int tst)
908 {
909     int ret = 0;
910     EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
911     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
912     const char *alg = NULL;
913     size_t len;
914     unsigned char out_pub[ED448_KEYLEN];
915     unsigned char out_priv[ED448_KEYLEN];
916     OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
917 
918     /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
919     static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
920         /* X25519: Keys from RFC 7748 6.1 */
921         {
922             /* Private Key */
923             {
924                 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
925                 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
926                 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
927                 0x2c, 0x2a
928             },
929             /* Public Key */
930             {
931                 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
932                 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
933                 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
934                 0x4e, 0x6a
935             }
936         },
937         /* X448: Keys from RFC 7748 6.2 */
938         {
939             /* Private Key */
940             {
941                 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
942                 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
943                 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
944                 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
945                 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
946                 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
947             },
948             /* Public Key */
949             {
950                 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
951                 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
952                 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
953                 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
954                 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
955                 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
956             }
957         },
958         /* ED25519: Keys from RFC 8032 */
959         {
960             /* Private Key */
961             {
962                 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
963                 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
964                 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
965                 0x7f, 0x60
966             },
967             /* Public Key */
968             {
969                 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
970                 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
971                 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
972                 0x51, 0x1a
973             }
974         },
975         /* ED448: Keys from RFC 8032 */
976         {
977             /* Private Key */
978             {
979                 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
980                 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
981                 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
982                 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
983                 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
984                 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
985             },
986             /* Public Key */
987             {
988                 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
989                 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
990                 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
991                 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
992                 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
993                 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
994             }
995         }
996     };
997     OSSL_PARAM x25519_fromdata_params[] = {
998         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
999                                 key_numbers[X25519_IDX][PRIV_KEY],
1000                                 X25519_KEYLEN),
1001         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1002                                 key_numbers[X25519_IDX][PUB_KEY],
1003                                 X25519_KEYLEN),
1004         OSSL_PARAM_END
1005     };
1006     OSSL_PARAM x448_fromdata_params[] = {
1007         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1008                                 key_numbers[X448_IDX][PRIV_KEY],
1009                                 X448_KEYLEN),
1010         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1011                                 key_numbers[X448_IDX][PUB_KEY],
1012                                 X448_KEYLEN),
1013         OSSL_PARAM_END
1014     };
1015     OSSL_PARAM ed25519_fromdata_params[] = {
1016         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1017                                 key_numbers[ED25519_IDX][PRIV_KEY],
1018                                 ED25519_KEYLEN),
1019         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1020                                 key_numbers[ED25519_IDX][PUB_KEY],
1021                                 ED25519_KEYLEN),
1022         OSSL_PARAM_END
1023     };
1024     OSSL_PARAM ed448_fromdata_params[] = {
1025         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1026                                 key_numbers[ED448_IDX][PRIV_KEY],
1027                                 ED448_KEYLEN),
1028         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1029                                 key_numbers[ED448_IDX][PUB_KEY],
1030                                 ED448_KEYLEN),
1031         OSSL_PARAM_END
1032     };
1033     OSSL_PARAM *fromdata_params = NULL;
1034     int bits = 0, security_bits = 0, size = 0;
1035     OSSL_PARAM *orig_fromdata_params = NULL;
1036 
1037     switch (tst & 3) {
1038     case X25519_IDX:
1039         fromdata_params = x25519_fromdata_params;
1040         bits = X25519_BITS;
1041         security_bits = X25519_SECURITY_BITS;
1042         size = X25519_KEYLEN;
1043         alg = "X25519";
1044         break;
1045 
1046     case X448_IDX:
1047         fromdata_params = x448_fromdata_params;
1048         bits = X448_BITS;
1049         security_bits = X448_SECURITY_BITS;
1050         size = X448_KEYLEN;
1051         alg = "X448";
1052         break;
1053 
1054     case ED25519_IDX:
1055         fromdata_params = ed25519_fromdata_params;
1056         bits = ED25519_BITS;
1057         security_bits = ED25519_SECURITY_BITS;
1058         size = ED25519_SIGSIZE;
1059         alg = "ED25519";
1060         break;
1061 
1062     case ED448_IDX:
1063         fromdata_params = ed448_fromdata_params;
1064         bits = ED448_BITS;
1065         security_bits = ED448_SECURITY_BITS;
1066         size = ED448_SIGSIZE;
1067         alg = "ED448";
1068         break;
1069     default:
1070         goto err;
1071     }
1072 
1073     ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1074     if (!TEST_ptr(ctx))
1075         goto err;
1076 
1077     orig_fromdata_params = fromdata_params;
1078     if (tst > 7) {
1079         /* public key only */
1080         fromdata_params++;
1081     } else if (tst > 3) {
1082         /* private key only */
1083         params[0] = fromdata_params[0];
1084         params[1] = fromdata_params[2];
1085         fromdata_params = params;
1086     }
1087 
1088     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1089         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1090                                           fromdata_params), 1))
1091         goto err;
1092 
1093     while (dup_pk == NULL) {
1094         ret = 0;
1095         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1096             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1097             || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1098             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1099             goto err;
1100 
1101         if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1102             goto err;
1103         if (tst <= 7) {
1104             if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1105                 goto err;
1106             if (!TEST_true(EVP_PKEY_get_octet_string_param(
1107                                pk, orig_fromdata_params[PRIV_KEY].key,
1108                                out_priv, sizeof(out_priv), &len))
1109                 || !TEST_mem_eq(out_priv, len,
1110                                 orig_fromdata_params[PRIV_KEY].data,
1111                                 orig_fromdata_params[PRIV_KEY].data_size)
1112                 || !TEST_true(EVP_PKEY_get_octet_string_param(
1113                                   pk, orig_fromdata_params[PUB_KEY].key,
1114                                   out_pub, sizeof(out_pub), &len))
1115                 || !TEST_mem_eq(out_pub, len,
1116                                 orig_fromdata_params[PUB_KEY].data,
1117                                 orig_fromdata_params[PUB_KEY].data_size))
1118                 goto err;
1119         } else {
1120             /* The private key check should fail if there is only a public key */
1121             if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1122                 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1123                 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1124                 goto err;
1125         }
1126         EVP_PKEY_CTX_free(ctx2);
1127         ctx2 = NULL;
1128 
1129         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1130                /* This should succeed because there are no parameters to copy */
1131             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1132             goto err;
1133         if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1134                /* This should fail because copy_pk has no pubkey */
1135             || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1136             goto err;
1137         EVP_PKEY_CTX_free(ctx2);
1138         ctx2 = NULL;
1139         EVP_PKEY_free(copy_pk);
1140         copy_pk = NULL;
1141 
1142         if (tst > 7)
1143             ret = test_print_key_using_encoder_public(alg, pk);
1144         else
1145             ret = test_print_key_using_pem(alg, pk)
1146                   && test_print_key_using_encoder(alg, pk);
1147 
1148         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1149             goto err;
1150         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1151         EVP_PKEY_free(pk);
1152         pk = dup_pk;
1153         if (!ret)
1154             goto err;
1155     }
1156 
1157 err:
1158     EVP_PKEY_free(pk);
1159     EVP_PKEY_free(copy_pk);
1160     EVP_PKEY_CTX_free(ctx);
1161     EVP_PKEY_CTX_free(ctx2);
1162 
1163     return ret;
1164 }
1165 
1166 static int test_fromdata_ec(void)
1167 {
1168     int ret = 0;
1169     EVP_PKEY_CTX *ctx = NULL;
1170     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1171     OSSL_PARAM_BLD *bld = NULL;
1172     BIGNUM *ec_priv_bn = NULL;
1173     BIGNUM *bn_priv = NULL;
1174     OSSL_PARAM *fromdata_params = NULL;
1175     const char *alg = "EC";
1176     const char *curve = "prime256v1";
1177     const char bad_curve[] = "nonexistent-curve";
1178     OSSL_PARAM nokey_params[2] = {
1179        OSSL_PARAM_END,
1180        OSSL_PARAM_END
1181     };
1182     /* UNCOMPRESSED FORMAT */
1183     static const unsigned char ec_pub_keydata[] = {
1184        POINT_CONVERSION_UNCOMPRESSED,
1185        0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1186        0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1187        0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1188        0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1189        0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1190        0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1191        0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1192        0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1193     };
1194     /* SAME BUT COMPRESSED FORMAT */
1195     static const unsigned char ec_pub_keydata_compressed[] = {
1196        POINT_CONVERSION_COMPRESSED+1,
1197        0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1198        0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1199        0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1200        0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1201     };
1202     static const unsigned char ec_priv_keydata[] = {
1203         0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1204         0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1205         0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1206         0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1207     };
1208     unsigned char out_pub[sizeof(ec_pub_keydata)];
1209     char out_curve_name[80];
1210     const OSSL_PARAM *gettable = NULL;
1211     size_t len;
1212     EC_GROUP *group = NULL;
1213     BIGNUM *group_a = NULL;
1214     BIGNUM *group_b = NULL;
1215     BIGNUM *group_p = NULL;
1216     BIGNUM *a = NULL;
1217     BIGNUM *b = NULL;
1218     BIGNUM *p = NULL;
1219 
1220 
1221     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1222         goto err;
1223     if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1224                                          sizeof(ec_priv_keydata), NULL)))
1225         goto err;
1226 
1227     if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1228                                         curve, 0) <= 0)
1229         goto err;
1230     /*
1231      * We intentionally provide the input point in compressed format,
1232      * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1233      *
1234      * Later on we check what format is used when exporting the
1235      * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1236      * format.
1237      */
1238     if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1239                                          ec_pub_keydata_compressed,
1240                                          sizeof(ec_pub_keydata_compressed)) <= 0)
1241         goto err;
1242     if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1243         goto err;
1244     if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1245         goto err;
1246     ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1247     if (!TEST_ptr(ctx))
1248         goto err;
1249 
1250     /* try importing parameters with bad curve first */
1251     nokey_params[0] =
1252         OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1253                                          (char *)bad_curve, sizeof(bad_curve));
1254     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1255         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1256                                           nokey_params), 0)
1257         || !TEST_ptr_null(pk))
1258         goto err;
1259 
1260     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1261         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1262                                           fromdata_params), 1))
1263         goto err;
1264 
1265     while (dup_pk == NULL) {
1266         ret = 0;
1267         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1268             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1269             || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1270             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1271             goto err;
1272 
1273         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1274             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1275             goto err;
1276         EVP_PKEY_free(copy_pk);
1277         copy_pk = NULL;
1278 
1279         if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1280             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1281                                                  OSSL_PKEY_PARAM_GROUP_NAME))
1282             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1283                                                  OSSL_PKEY_PARAM_PUB_KEY))
1284             || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1285                                                  OSSL_PKEY_PARAM_PRIV_KEY)))
1286             goto err;
1287 
1288         if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1289             || !TEST_ptr(group_p = BN_new())
1290             || !TEST_ptr(group_a = BN_new())
1291             || !TEST_ptr(group_b = BN_new())
1292             || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1293             goto err;
1294 
1295         if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1296             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1297             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1298             goto err;
1299 
1300         if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1301             || !TEST_BN_eq(group_b, b))
1302             goto err;
1303 
1304         if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1305                                             out_curve_name,
1306                                             sizeof(out_curve_name),
1307                                             &len)
1308             || !TEST_str_eq(out_curve_name, curve)
1309             || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1310                                             out_pub, sizeof(out_pub), &len)
1311 
1312             /*
1313              * Our providers use uncompressed format by default if
1314              * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1315              * explicitly set, irrespective of the format used for the
1316              * input point given as a param to create this key.
1317              */
1318             || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1319             || !TEST_mem_eq(out_pub + 1, len - 1,
1320                             ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1321 
1322             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1323                                                 &bn_priv))
1324             || !TEST_BN_eq(ec_priv_bn, bn_priv))
1325             goto err;
1326         BN_free(bn_priv);
1327         bn_priv = NULL;
1328 
1329         ret = test_print_key_using_pem(alg, pk)
1330               && test_print_key_using_encoder(alg, pk);
1331 
1332         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1333             goto err;
1334         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1335         EVP_PKEY_free(pk);
1336         pk = dup_pk;
1337         if (!ret)
1338             goto err;
1339     }
1340 
1341 err:
1342     EC_GROUP_free(group);
1343     BN_free(group_a);
1344     BN_free(group_b);
1345     BN_free(group_p);
1346     BN_free(a);
1347     BN_free(b);
1348     BN_free(p);
1349     BN_free(bn_priv);
1350     BN_free(ec_priv_bn);
1351     OSSL_PARAM_free(fromdata_params);
1352     OSSL_PARAM_BLD_free(bld);
1353     EVP_PKEY_free(pk);
1354     EVP_PKEY_free(copy_pk);
1355     EVP_PKEY_CTX_free(ctx);
1356     return ret;
1357 }
1358 
1359 static int test_ec_dup_no_operation(void)
1360 {
1361     int ret = 0;
1362     EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1363     EVP_PKEY *param = NULL, *pkey = NULL;
1364 
1365     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1366         || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1367         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1368                         NID_X9_62_prime256v1), 0)
1369         || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1370         || !TEST_ptr(param))
1371         goto err;
1372 
1373     EVP_PKEY_CTX_free(pctx);
1374     pctx = NULL;
1375 
1376     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1377         || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1378         || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1379         || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1380         goto err;
1381     ret = 1;
1382 err:
1383     EVP_PKEY_free(pkey);
1384     EVP_PKEY_free(param);
1385     EVP_PKEY_CTX_free(ctx);
1386     EVP_PKEY_CTX_free(kctx);
1387     EVP_PKEY_CTX_free(pctx);
1388     return ret;
1389 }
1390 
1391 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1392 static int test_ec_dup_keygen_operation(void)
1393 {
1394     int ret = 0;
1395     EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1396     EVP_PKEY *param = NULL, *pkey = NULL;
1397 
1398     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1399         || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1400         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1401                         NID_X9_62_prime256v1), 0)
1402         || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1403         || !TEST_ptr(param))
1404         goto err;
1405 
1406     EVP_PKEY_CTX_free(pctx);
1407     pctx = NULL;
1408 
1409     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1410         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1411         || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1412         goto err;
1413     ret = 1;
1414 err:
1415     EVP_PKEY_free(pkey);
1416     EVP_PKEY_free(param);
1417     EVP_PKEY_CTX_free(ctx);
1418     EVP_PKEY_CTX_free(kctx);
1419     EVP_PKEY_CTX_free(pctx);
1420     return ret;
1421 }
1422 
1423 #endif /* OPENSSL_NO_EC */
1424 
1425 #ifndef OPENSSL_NO_DSA
1426 static int test_fromdata_dsa_fips186_4(void)
1427 {
1428     int ret = 0;
1429     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1430     EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1431     BIGNUM *pub = NULL, *priv = NULL;
1432     BIGNUM *p = NULL, *q = NULL, *g = NULL;
1433     BIGNUM *pub_out = NULL, *priv_out = NULL;
1434     BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1435     int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1436     char name_out[80];
1437     unsigned char seed_out[32];
1438     size_t len;
1439     OSSL_PARAM_BLD *bld = NULL;
1440     OSSL_PARAM *fromdata_params = NULL;
1441 
1442     /*
1443      * DSA parameter data was generated using the following:
1444      * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1445      *                 -pkeyopt qbits:256 -pkeyopt type:0 \
1446      *                 -pkeyopt gindex:1 -out dsa_params.pem -text
1447      */
1448     static const unsigned char p_data[] = {
1449         0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1450         0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1451         0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1452         0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1453         0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1454         0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1455         0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1456         0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1457         0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1458         0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1459         0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1460         0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1461         0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1462         0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1463         0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1464         0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1465         0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1466         0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1467         0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1468         0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1469         0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1470         0x7c, 0xfe, 0xaf, 0x6a, 0x05
1471     };
1472     static const unsigned char q_data[] = {
1473         0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1474         0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1475         0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1476     };
1477     static const unsigned char g_data[] = {
1478         0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1479         0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1480         0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1481         0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1482         0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1483         0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1484         0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1485         0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1486         0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1487         0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1488         0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1489         0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1490         0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1491         0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1492         0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1493         0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1494         0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1495         0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1496         0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1497         0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1498         0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1499         0x02, 0x6f, 0x96, 0x36
1500     };
1501     static const unsigned char seed_data[] = {
1502         0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1503         0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1504         0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1505     };
1506     const int gindex = 1;
1507     const int pcounter = 53;
1508     /*
1509      * The keypair was generated using
1510      * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1511      *                 -pkeyopt gindex:1 \
1512      *                 -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1513      */
1514     static const unsigned char priv_data[] = {
1515         0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1516         0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1517         0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1518     };
1519     static const unsigned char pub_data[] = {
1520         0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1521         0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1522         0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1523         0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1524         0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1525         0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1526         0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1527         0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1528         0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1529         0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1530         0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1531         0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1532         0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1533         0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1534         0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1535         0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1536         0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1537         0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1538         0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1539         0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1540         0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1541         0x48, 0xd1, 0x8a, 0xbd
1542     };
1543 
1544     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1545         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1546         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1547         || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1548         || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1549         || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1550 
1551         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1552         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1553         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1554         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1555                                                        OSSL_PKEY_PARAM_FFC_SEED,
1556                                                        seed_data,
1557                                                        sizeof(seed_data)))
1558         || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1559                                               gindex))
1560         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1561                                               OSSL_PKEY_PARAM_FFC_PCOUNTER,
1562                                               pcounter))
1563         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1564                                              pub))
1565         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1566                                              priv))
1567         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1568         goto err;
1569 
1570     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1571         goto err;
1572 
1573     if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1574         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1575                                           fromdata_params), 1))
1576         goto err;
1577 
1578     while (dup_pk == NULL) {
1579         ret = 0;
1580         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1581             || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1582             || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
1583             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1584             goto err;
1585 
1586         if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1587                                                        OSSL_PKEY_PARAM_GROUP_NAME,
1588                                                        name_out,
1589                                                        sizeof(name_out),
1590                                                        &len))
1591             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1592                                                 &pub_out))
1593             || !TEST_BN_eq(pub, pub_out)
1594             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1595                                                 &priv_out))
1596             || !TEST_BN_eq(priv, priv_out)
1597             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
1598                                                 &p_out))
1599             || !TEST_BN_eq(p, p_out)
1600             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
1601                                                 &q_out))
1602             || !TEST_BN_eq(q, q_out)
1603             || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
1604                                                 &g_out))
1605             || !TEST_BN_eq(g, g_out)
1606             || !TEST_false(EVP_PKEY_get_bn_param(pk,
1607                                                  OSSL_PKEY_PARAM_FFC_COFACTOR,
1608                                                  &j_out))
1609             || !TEST_ptr_null(j_out)
1610             || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
1611                                                           OSSL_PKEY_PARAM_FFC_SEED,
1612                                                           seed_out,
1613                                                           sizeof(seed_out),
1614                                                           &len))
1615             || !TEST_true(EVP_PKEY_get_int_param(pk,
1616                                                  OSSL_PKEY_PARAM_FFC_GINDEX,
1617                                                  &gindex_out))
1618             || !TEST_int_eq(gindex, gindex_out)
1619             || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1620                                                  &hindex_out))
1621             || !TEST_int_eq(hindex_out, 0)
1622             || !TEST_true(EVP_PKEY_get_int_param(pk,
1623                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
1624                                                  &pcounter_out))
1625             || !TEST_int_eq(pcounter, pcounter_out))
1626             goto err;
1627         BN_free(p);
1628         p = NULL;
1629         BN_free(q);
1630         q = NULL;
1631         BN_free(g);
1632         g = NULL;
1633         BN_free(j_out);
1634         j_out = NULL;
1635         BN_free(pub_out);
1636         pub_out = NULL;
1637         BN_free(priv_out);
1638         priv_out = NULL;
1639 
1640         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1641             goto err;
1642 
1643         if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1644             || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1645             || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1646             || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1647             goto err;
1648         EVP_PKEY_CTX_free(key_ctx);
1649         key_ctx = NULL;
1650 
1651         if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1652             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1653             goto err;
1654         EVP_PKEY_free(copy_pk);
1655         copy_pk = NULL;
1656 
1657         ret = test_print_key_using_pem("DSA", pk)
1658               && test_print_key_using_encoder("DSA", pk);
1659 
1660         if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1661             goto err;
1662         ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1663         EVP_PKEY_free(pk);
1664         pk = dup_pk;
1665         if (!ret)
1666             goto err;
1667     }
1668 
1669  err:
1670     OSSL_PARAM_free(fromdata_params);
1671     OSSL_PARAM_BLD_free(bld);
1672     BN_free(p);
1673     BN_free(q);
1674     BN_free(g);
1675     BN_free(pub);
1676     BN_free(priv);
1677     BN_free(p_out);
1678     BN_free(q_out);
1679     BN_free(g_out);
1680     BN_free(pub_out);
1681     BN_free(priv_out);
1682     BN_free(j_out);
1683     EVP_PKEY_free(pk);
1684     EVP_PKEY_free(copy_pk);
1685     EVP_PKEY_CTX_free(ctx);
1686     EVP_PKEY_CTX_free(key_ctx);
1687 
1688     return ret;
1689 }
1690 
1691 static int test_check_dsa(void)
1692 {
1693     int ret = 0;
1694     EVP_PKEY_CTX *ctx = NULL;
1695 
1696     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
1697         || !TEST_int_le(EVP_PKEY_check(ctx), 0)
1698         || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
1699         || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
1700         || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
1701        goto err;
1702 
1703     ret = 1;
1704  err:
1705     EVP_PKEY_CTX_free(ctx);
1706 
1707     return ret;
1708 }
1709 #endif /* OPENSSL_NO_DSA */
1710 
1711 
1712 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
1713                                             size_t keylen, char *salt)
1714 {
1715     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
1716     OSSL_PARAM *p = params;
1717 
1718     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
1719     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
1720                                              salt, strlen(salt));
1721     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
1722                                              (unsigned char *)key, keylen);
1723     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
1724                                             "EXTRACT_ONLY", 0);
1725     *p = OSSL_PARAM_construct_end();
1726 
1727     return params;
1728 }
1729 
1730 /* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */
1731 static int test_evp_pkey_ctx_dup_kdf_fail(void)
1732 {
1733     int ret = 0;
1734     size_t len = 0;
1735     EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
1736     OSSL_PARAM *params = NULL;
1737 
1738     if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
1739                                                     "salt")))
1740         goto err;
1741     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
1742         goto err;
1743     if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
1744         goto err;
1745     if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
1746         || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH))
1747         goto err;
1748     if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx)))
1749         goto err;
1750     ret = 1;
1751 err:
1752     OPENSSL_free(params);
1753     EVP_PKEY_CTX_free(dctx);
1754     EVP_PKEY_CTX_free(pctx);
1755     return ret;
1756 }
1757 
1758 int setup_tests(void)
1759 {
1760     if (!test_skip_common_options()) {
1761         TEST_error("Error parsing test options\n");
1762         return 0;
1763     }
1764 
1765     if (!TEST_ptr(datadir = test_get_argument(0)))
1766         return 0;
1767 
1768     ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail);
1769     ADD_TEST(test_evp_pkey_get_bn_param_large);
1770     ADD_TEST(test_fromdata_rsa);
1771 #ifndef OPENSSL_NO_DH
1772     ADD_TEST(test_fromdata_dh_fips186_4);
1773     ADD_TEST(test_fromdata_dh_named_group);
1774 #endif
1775 #ifndef OPENSSL_NO_DSA
1776     ADD_TEST(test_check_dsa);
1777     ADD_TEST(test_fromdata_dsa_fips186_4);
1778 #endif
1779 #ifndef OPENSSL_NO_EC
1780     ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
1781     ADD_TEST(test_fromdata_ec);
1782     ADD_TEST(test_ec_dup_no_operation);
1783     ADD_TEST(test_ec_dup_keygen_operation);
1784 #endif
1785     return 1;
1786 }
1787