test/endecode_test.c

   1 /*
   2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/evp.h>
  12 #include <openssl/pem.h>
  13 #include <openssl/rsa.h>
  14 #include <openssl/x509.h>
  15 #include <openssl/core_names.h>
  16 #include <openssl/params.h>
  17 #include <openssl/param_build.h>
  18 #include <openssl/encoder.h>
  19 #include <openssl/decoder.h>
  20
  21 #include "internal/pem.h"        /* For PVK and "blob" PEM headers */
  22 #include "internal/cryptlib.h"   /* ossl_assert */
  23
  24 #include "testutil.h"
  25
  26 #ifndef OPENSSL_NO_EC
  27 static BN_CTX *bnctx = NULL;
  28 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
  29 static OSSL_PARAM_BLD *bld_prime = NULL;
  30 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
  31 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
  32
  33 # ifndef OPENSSL_NO_EC2M
  34 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
  35 static OSSL_PARAM_BLD *bld_tri = NULL;
  36 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
  37 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
  38 # endif
  39 #endif
  40
  41 /*
  42  * TODO(3.0) Modify PEM_write_bio_PrivateKey_traditional() to handle
  43  * provider side EVP_PKEYs (which don't necessarily have an ameth)
  44  *
  45  * In the mean time, we use separate "downgraded" EVP_PKEYs to test
  46  * encoding/decoding with "traditional" keys.
  47  */
  48
  49 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
  50 {
  51     EVP_PKEY *pkey = NULL;
  52     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
  53
  54     /*
  55      * No real need to check the errors other than for the cascade
  56      * effect.  |pkey| will simply remain NULL if something goes wrong.
  57      */
  58     (void)(ctx != NULL
  59            && EVP_PKEY_paramgen_init(ctx) > 0
  60            && (genparams == NULL
  61                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  62            && EVP_PKEY_gen(ctx, &pkey) > 0);
  63     EVP_PKEY_CTX_free(ctx);
  64
  65     return pkey;
  66 }
  67
  68 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
  69                           OSSL_PARAM *genparams, int make_legacy)
  70 {
  71     EVP_PKEY *pkey = NULL;
  72     EVP_PKEY_CTX *ctx =
  73         template != NULL
  74         ? EVP_PKEY_CTX_new(template, NULL)
  75         : EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
  76
  77     /*
  78      * No real need to check the errors other than for the cascade
  79      * effect.  |pkey| will simply remain NULL if something goes wrong.
  80      */
  81     (void)(ctx != NULL
  82            && EVP_PKEY_keygen_init(ctx) > 0
  83            && (genparams == NULL
  84                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  85            && EVP_PKEY_keygen(ctx, &pkey) > 0);
  86     EVP_PKEY_CTX_free(ctx);
  87     if (make_legacy && EVP_PKEY_get0(pkey) == NULL) {
  88         EVP_PKEY_free(pkey);
  89         pkey = NULL;
  90     }
  91
  92     return pkey;
  93 }
  94
  95 /* Main test driver */
  96
  97 /*
  98  * TODO(3.0) For better error output, changed the callbacks to take __FILE__
  99  * and __LINE__ as first two arguments, and have them use the lower case
 100  * functions, such as test_strn_eq(), rather than the uppercase macros
 101  * (TEST_strn2_eq(), for example).
 102  */
 103
 104 typedef int (encoder)(void **encoded, long *encoded_len,
 105                          void *object, const char *pass, const char *pcipher,
 106                          const char *encoder_propq);
 107 typedef int (decoder)(void **object,
 108                            void *encoded, long encoded_len,
 109                            const char *pass);
 110 typedef int (tester)(const void *data1, size_t data1_len,
 111                      const void *data2, size_t data2_len);
 112 typedef int (checker)(const char *type, const void *data, size_t data_len);
 113 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 114
 115 static int test_encode_decode(const char *type, EVP_PKEY *pkey,
 116                                       const char *pass, const char *pcipher,
 117                                       encoder *encode_cb,
 118                                       decoder *decode_cb,
 119                                       tester *test_cb,
 120                                       checker *check_cb, dumper *dump_cb,
 121                                       const char *encoder_propq, int make_legacy)
 122 {
 123     void *encoded = NULL;
 124     long encoded_len = 0;
 125     EVP_PKEY *pkey2 = NULL;
 126     void *encoded2 = NULL;
 127     long encoded2_len = 0;
 128     int ok = 0;
 129
 130     if (!encode_cb(&encoded, &encoded_len, pkey,
 131                       pass, pcipher, encoder_propq)
 132         || !check_cb(type, encoded, encoded_len)
 133         || !decode_cb((void **)&pkey2, encoded, encoded_len,
 134                            pass)
 135         || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
 136         goto end;
 137
 138     /*
 139      * TODO(3.0) Remove this when PEM_write_bio_PrivateKey_traditional()
 140      * handles provider side keys.
 141      */
 142     if (make_legacy
 143         && !TEST_ptr(EVP_PKEY_get0(pkey2)))
 144         goto end;
 145
 146     /*
 147      * Double check the encoding, but only for unprotected keys,
 148      * as protected keys have a random component, which makes the output
 149      * differ.
 150      */
 151     if ((pass == NULL && pcipher == NULL)
 152         && (!encode_cb(&encoded2, &encoded2_len, pkey2,
 153                           pass, pcipher, encoder_propq)
 154             || !test_cb(encoded, encoded_len,
 155                         encoded2, encoded2_len)))
 156         goto end;
 157
 158     ok = 1;
 159  end:
 160     if (!ok) {
 161         if (encoded != NULL && encoded_len != 0)
 162             dump_cb("encoded result", encoded, encoded_len);
 163         if (encoded2 != NULL && encoded2_len != 0)
 164             dump_cb("re-encoded result", encoded2, encoded2_len);
 165     }
 166
 167     OPENSSL_free(encoded);
 168     OPENSSL_free(encoded2);
 169     EVP_PKEY_free(pkey2);
 170     return ok;
 171 }
 172
 173 /* Encoding and desencoding methods */
 174
 175 static int encode_EVP_PKEY_prov(void **encoded, long *encoded_len,
 176                                    void *object,
 177                                    const char *pass, const char *pcipher,
 178                                    const char *encoder_propq)
 179 {
 180     EVP_PKEY *pkey = object;
 181     OSSL_ENCODER_CTX *ectx = NULL;
 182     BIO *mem_ser = NULL;
 183     BUF_MEM *mem_buf = NULL;
 184     const unsigned char *upass = (const unsigned char *)pass;
 185     int ok = 0;
 186
 187     if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, encoder_propq))
 188         || (pass != NULL
 189             && !TEST_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
 190                                                              strlen(pass))))
 191         || (pcipher != NULL
 192             && !TEST_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
 193         || !TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 194         || !TEST_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
 195         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 196         || !TEST_ptr(*encoded = mem_buf->data)
 197         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 198         goto end;
 199
 200     /* Detach the encoded output */
 201     mem_buf->data = NULL;
 202     mem_buf->length = 0;
 203     ok = 1;
 204  end:
 205     BIO_free(mem_ser);
 206     OSSL_ENCODER_CTX_free(ectx);
 207     return ok;
 208 }
 209
 210 static int decode_EVP_PKEY_prov(void **object,
 211                                      void *encoded, long encoded_len,
 212                                      const char *pass)
 213 {
 214     EVP_PKEY *pkey = NULL;
 215     OSSL_DECODER_CTX *dctx = NULL;
 216     BIO *mem_deser = NULL;
 217     const unsigned char *upass = (const unsigned char *)pass;
 218     int ok = 0;
 219
 220     if (!TEST_ptr(dctx = OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, NULL,
 221                                                                NULL, NULL))
 222         || (pass != NULL
 223             && !OSSL_DECODER_CTX_set_passphrase(dctx, upass,
 224                                                      strlen(pass)))
 225         || !TEST_ptr(mem_deser = BIO_new_mem_buf(encoded, encoded_len))
 226         || !TEST_true(OSSL_DECODER_from_bio(dctx, mem_deser)))
 227         goto end;
 228     ok = 1;
 229     *object = pkey;
 230  end:
 231     BIO_free(mem_deser);
 232     OSSL_DECODER_CTX_free(dctx);
 233     return ok;
 234 }
 235
 236 static int encode_EVP_PKEY_legacy_PEM(void **encoded,
 237                                          long *encoded_len,
 238                                          void *object,
 239                                          const char *pass, const char *pcipher,
 240                                          ossl_unused const char *encoder_propq)
 241 {
 242     EVP_PKEY *pkey = object;
 243     EVP_CIPHER *cipher = NULL;
 244     BIO *mem_ser = NULL;
 245     BUF_MEM *mem_buf = NULL;
 246     const unsigned char *upass = (const unsigned char *)pass;
 247     size_t passlen = 0;
 248     int ok = 0;
 249
 250     if (pcipher != NULL && pass != NULL) {
 251         passlen = strlen(pass);
 252         if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL)))
 253             goto end;
 254     }
 255     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 256         || !TEST_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
 257                                                            cipher,
 258                                                            upass, passlen,
 259                                                            NULL, NULL))
 260         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 261         || !TEST_ptr(*encoded = mem_buf->data)
 262         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 263         goto end;
 264
 265     /* Detach the encoded output */
 266     mem_buf->data = NULL;
 267     mem_buf->length = 0;
 268     ok = 1;
 269  end:
 270     BIO_free(mem_ser);
 271     EVP_CIPHER_free(cipher);
 272     return ok;
 273 }
 274
 275 #ifndef OPENSSL_NO_DSA
 276 static int encode_EVP_PKEY_MSBLOB(void **encoded,
 277                                      long *encoded_len,
 278                                      void *object,
 279                                      ossl_unused const char *pass,
 280                                      ossl_unused const char *pcipher,
 281                                      ossl_unused const char *encoder_propq)
 282 {
 283     EVP_PKEY *pkey = object;
 284     BIO *mem_ser = NULL;
 285     BUF_MEM *mem_buf = NULL;
 286     int ok = 0;
 287
 288     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 289         || !TEST_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)
 290         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 291         || !TEST_ptr(*encoded = mem_buf->data)
 292         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 293         goto end;
 294
 295     /* Detach the encoded output */
 296     mem_buf->data = NULL;
 297     mem_buf->length = 0;
 298     ok = 1;
 299  end:
 300     BIO_free(mem_ser);
 301     return ok;
 302 }
 303
 304 static int encode_public_EVP_PKEY_MSBLOB(void **encoded,
 305                                             long *encoded_len,
 306                                             void *object,
 307                                             ossl_unused const char *pass,
 308                                             ossl_unused const char *pcipher,
 309                                             ossl_unused const char *encoder_propq)
 310 {
 311     EVP_PKEY *pkey = object;
 312     BIO *mem_ser = NULL;
 313     BUF_MEM *mem_buf = NULL;
 314     int ok = 0;
 315
 316     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 317         || !TEST_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)
 318         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 319         || !TEST_ptr(*encoded = mem_buf->data)
 320         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 321         goto end;
 322
 323     /* Detach the encoded output */
 324     mem_buf->data = NULL;
 325     mem_buf->length = 0;
 326     ok = 1;
 327  end:
 328     BIO_free(mem_ser);
 329     return ok;
 330 }
 331
 332 # ifndef OPENSSL_NO_RC4
 333 static pem_password_cb pass_pw;
 334 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
 335 {
 336     OPENSSL_strlcpy(buf, userdata, size);
 337     return strlen(userdata);
 338 }
 339
 340 static int encode_EVP_PKEY_PVK(void **encoded, long *encoded_len,
 341                                   void *object,
 342                                   const char *pass,
 343                                   ossl_unused const char *pcipher,
 344                                   ossl_unused const char *encoder_propq)
 345 {
 346     EVP_PKEY *pkey = object;
 347     BIO *mem_ser = NULL;
 348     BUF_MEM *mem_buf = NULL;
 349     int enc = (pass != NULL);
 350     int ok = 0;
 351
 352     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 353         || !TEST_int_ge(i2b_PVK_bio(mem_ser, pkey, enc,
 354                                     pass_pw, (void *)pass), 0)
 355         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 356         || !TEST_ptr(*encoded = mem_buf->data)
 357         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 358         goto end;
 359
 360     /* Detach the encoded output */
 361     mem_buf->data = NULL;
 362     mem_buf->length = 0;
 363     ok = 1;
 364  end:
 365     BIO_free(mem_ser);
 366     return ok;
 367 }
 368 # endif
 369 #endif
 370
 371 static int test_text(const void *data1, size_t data1_len,
 372                      const void *data2, size_t data2_len)
 373 {
 374     return TEST_strn2_eq(data1, data1_len, data2, data2_len);
 375 }
 376
 377 static int test_mem(const void *data1, size_t data1_len,
 378                     const void *data2, size_t data2_len)
 379 {
 380     return TEST_mem_eq(data1, data1_len, data2, data2_len);
 381 }
 382
 383 /* Test cases and their dumpers / checkers */
 384
 385 static void dump_der(const char *label, const void *data, size_t data_len)
 386 {
 387     test_output_memory(label, data, data_len);
 388 }
 389
 390 static void dump_pem(const char *label, const void *data, size_t data_len)
 391 {
 392     test_output_string(label, data, data_len - 1);
 393 }
 394
 395 static int check_unprotected_PKCS8_DER(const char *type,
 396                                        const void *data, size_t data_len)
 397 {
 398     const unsigned char *datap = data;
 399     PKCS8_PRIV_KEY_INFO *p8inf =
 400         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
 401     int ok = 0;
 402
 403     if (TEST_ptr(p8inf)) {
 404         EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
 405
 406         ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
 407         EVP_PKEY_free(pkey);
 408     }
 409     PKCS8_PRIV_KEY_INFO_free(p8inf);
 410     return ok;
 411 }
 412
 413 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
 414 {
 415     return test_encode_decode(type, key, NULL, NULL,
 416                                       encode_EVP_PKEY_prov,
 417                                       decode_EVP_PKEY_prov,
 418                                       test_mem,
 419                                       check_unprotected_PKCS8_DER, dump_der,
 420                                       OSSL_ENCODER_PrivateKey_TO_DER_PQ,
 421                                       0);
 422 }
 423
 424 static int check_unprotected_PKCS8_PEM(const char *type,
 425                                        const void *data, size_t data_len)
 426 {
 427     static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----";
 428
 429     return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
 430 }
 431
 432 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
 433 {
 434     return test_encode_decode(type, key, NULL, NULL,
 435                                       encode_EVP_PKEY_prov,
 436                                       decode_EVP_PKEY_prov,
 437                                       test_text,
 438                                       check_unprotected_PKCS8_PEM, dump_pem,
 439                                       OSSL_ENCODER_PrivateKey_TO_PEM_PQ,
 440                                       0);
 441 }
 442
 443 static int check_unprotected_legacy_PEM(const char *type,
 444                                         const void *data, size_t data_len)
 445 {
 446     static char pem_header[80];
 447
 448     return
 449         TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
 450                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 451         && TEST_strn_eq(data, pem_header, strlen(pem_header));
 452 }
 453
 454 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 455 {
 456     return test_encode_decode(type, key, NULL, NULL,
 457                                       encode_EVP_PKEY_legacy_PEM,
 458                                       decode_EVP_PKEY_prov,
 459                                       test_text,
 460                                       check_unprotected_legacy_PEM, dump_pem,
 461                                       NULL, 1);
 462 }
 463
 464 #ifndef OPENSSL_NO_DSA
 465 static int check_MSBLOB(const char *type, const void *data, size_t data_len)
 466 {
 467     const unsigned char *datap = data;
 468     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
 469     int ok = TEST_ptr(pkey);
 470
 471     EVP_PKEY_free(pkey);
 472     return ok;
 473 }
 474
 475 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
 476 {
 477     return test_encode_decode(type, key, NULL, NULL,
 478                                       encode_EVP_PKEY_MSBLOB,
 479                                       decode_EVP_PKEY_prov,
 480                                       test_mem,
 481                                       check_MSBLOB, dump_der,
 482                                       NULL, 0);
 483 }
 484
 485 # ifndef OPENSSL_NO_RC4
 486 static int check_PVK(const char *type, const void *data, size_t data_len)
 487 {
 488     const unsigned char *in = data;
 489     unsigned int saltlen = 0, keylen = 0;
 490     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
 491
 492     return ok;
 493 }
 494
 495 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
 496 {
 497     return test_encode_decode(type, key, NULL, NULL,
 498                                       encode_EVP_PKEY_PVK,
 499                                       decode_EVP_PKEY_prov,
 500                                       test_mem,
 501                                       check_PVK, dump_der,
 502                                       NULL, 0);
 503 }
 504 # endif
 505 #endif
 506
 507 static const char *pass_cipher = "AES-256-CBC";
 508 static const char *pass = "the holy handgrenade of antioch";
 509
 510 static int check_protected_PKCS8_DER(const char *type,
 511                                      const void *data, size_t data_len)
 512 {
 513     const unsigned char *datap = data;
 514     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
 515     int ok = TEST_ptr(p8);
 516
 517     X509_SIG_free(p8);
 518     return ok;
 519 }
 520
 521 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
 522 {
 523     return test_encode_decode(type, key, pass, pass_cipher,
 524                                       encode_EVP_PKEY_prov,
 525                                       decode_EVP_PKEY_prov,
 526                                       test_mem,
 527                                       check_protected_PKCS8_DER, dump_der,
 528                                       OSSL_ENCODER_PrivateKey_TO_DER_PQ,
 529                                       0);
 530 }
 531
 532 static int check_protected_PKCS8_PEM(const char *type,
 533                                      const void *data, size_t data_len)
 534 {
 535     static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----";
 536
 537     return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
 538 }
 539
 540 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
 541 {
 542     return test_encode_decode(type, key, pass, pass_cipher,
 543                                       encode_EVP_PKEY_prov,
 544                                       decode_EVP_PKEY_prov,
 545                                       test_text,
 546                                       check_protected_PKCS8_PEM, dump_pem,
 547                                       OSSL_ENCODER_PrivateKey_TO_PEM_PQ,
 548                                       0);
 549 }
 550
 551 static int check_protected_legacy_PEM(const char *type,
 552                                       const void *data, size_t data_len)
 553 {
 554     static char pem_header[80];
 555
 556     return
 557         TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
 558                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 559         && TEST_strn_eq(data, pem_header, strlen(pem_header))
 560         && TEST_ptr(strstr(data, "\nDEK-Info: "));
 561 }
 562
 563 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 564 {
 565     return test_encode_decode(type, key, pass, pass_cipher,
 566                                       encode_EVP_PKEY_legacy_PEM,
 567                                       decode_EVP_PKEY_prov,
 568                                       test_text,
 569                                       check_protected_legacy_PEM, dump_pem,
 570                                       NULL, 1);
 571 }
 572
 573 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
 574 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
 575 {
 576     return test_encode_decode(type, key, pass, NULL,
 577                                       encode_EVP_PKEY_PVK,
 578                                       decode_EVP_PKEY_prov,
 579                                       test_mem,
 580                                       check_PVK, dump_der,
 581                                       NULL, 0);
 582 }
 583 #endif
 584
 585 static int check_public_DER(const char *type, const void *data, size_t data_len)
 586 {
 587     const unsigned char *datap = data;
 588     EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
 589     int ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
 590
 591     EVP_PKEY_free(pkey);
 592     return ok;
 593 }
 594
 595 static int test_public_via_DER(const char *type, EVP_PKEY *key)
 596 {
 597     return test_encode_decode(type, key, NULL, NULL,
 598                                       encode_EVP_PKEY_prov,
 599                                       decode_EVP_PKEY_prov,
 600                                       test_mem,
 601                                       check_public_DER, dump_der,
 602                                       OSSL_ENCODER_PUBKEY_TO_DER_PQ,
 603                                       0);
 604 }
 605
 606 static int check_public_PEM(const char *type, const void *data, size_t data_len)
 607 {
 608     static const char pem_header[] = "-----BEGIN " PEM_STRING_PUBLIC "-----";
 609
 610     return
 611         TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
 612 }
 613
 614 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
 615 {
 616     return test_encode_decode(type, key, NULL, NULL,
 617                                       encode_EVP_PKEY_prov,
 618                                       decode_EVP_PKEY_prov,
 619                                       test_text,
 620                                       check_public_PEM, dump_pem,
 621                                       OSSL_ENCODER_PUBKEY_TO_PEM_PQ,
 622                                       0);
 623 }
 624
 625 #ifndef OPENSSL_NO_DSA
 626 static int check_public_MSBLOB(const char *type,
 627                                const void *data, size_t data_len)
 628 {
 629     const unsigned char *datap = data;
 630     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
 631     int ok = TEST_ptr(pkey);
 632
 633     EVP_PKEY_free(pkey);
 634     return ok;
 635 }
 636
 637 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 638 {
 639     return test_encode_decode(type, key, NULL, NULL,
 640                                       encode_public_EVP_PKEY_MSBLOB,
 641                                       decode_EVP_PKEY_prov,
 642                                       test_mem,
 643                                       check_public_MSBLOB, dump_der,
 644                                       NULL, 0);
 645 }
 646 #endif
 647
 648 #define KEYS(KEYTYPE)                           \
 649     static EVP_PKEY *key_##KEYTYPE = NULL;      \
 650     static EVP_PKEY *legacy_key_##KEYTYPE = NULL
 651 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
 652     ok = ok                                                             \
 653         && TEST_ptr(key_##KEYTYPE =                                     \
 654                     make_key(KEYTYPEstr, NULL, params, 0))              \
 655         && TEST_ptr(legacy_key_##KEYTYPE =                              \
 656                     make_key(KEYTYPEstr, NULL, params, 1))
 657 #define FREE_KEYS(KEYTYPE)                                              \
 658     EVP_PKEY_free(key_##KEYTYPE);                                       \
 659     EVP_PKEY_free(legacy_key_##KEYTYPE)
 660
 661 #define DOMAIN_KEYS(KEYTYPE)                    \
 662     static EVP_PKEY *template_##KEYTYPE = NULL; \
 663     static EVP_PKEY *key_##KEYTYPE = NULL;      \
 664     static EVP_PKEY *legacy_key_##KEYTYPE = NULL
 665 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
 666     ok = ok                                                             \
 667         && TEST_ptr(template_##KEYTYPE =                                \
 668                     make_template(KEYTYPEstr, params))                  \
 669         && TEST_ptr(key_##KEYTYPE =                                     \
 670                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 0))  \
 671         && TEST_ptr(legacy_key_##KEYTYPE =                              \
 672                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 1))
 673 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
 674     EVP_PKEY_free(template_##KEYTYPE);                                  \
 675     EVP_PKEY_free(key_##KEYTYPE);                                       \
 676     EVP_PKEY_free(legacy_key_##KEYTYPE)
 677
 678 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
 679     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
 680     {                                                                   \
 681         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 682     }                                                                   \
 683     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
 684     {                                                                   \
 685         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 686     }                                                                   \
 687     static int test_protected_##KEYTYPE##_via_DER(void)                 \
 688     {                                                                   \
 689         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
 690     }                                                                   \
 691     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
 692     {                                                                   \
 693         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
 694     }                                                                   \
 695     static int test_public_##KEYTYPE##_via_DER(void)                    \
 696     {                                                                   \
 697         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
 698     }                                                                   \
 699     static int test_public_##KEYTYPE##_via_PEM(void)                    \
 700     {                                                                   \
 701         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
 702     }
 703
 704 #define ADD_TEST_SUITE(KEYTYPE)                                 \
 705     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
 706     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
 707     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
 708     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
 709     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
 710     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 711
 712 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
 713     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
 714     {                                                                   \
 715         return test_unprotected_via_legacy_PEM(KEYTYPEstr,              \
 716                                                legacy_key_##KEYTYPE);   \
 717     }                                                                   \
 718     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
 719     {                                                                   \
 720         return test_protected_via_legacy_PEM(KEYTYPEstr,                \
 721                                              legacy_key_##KEYTYPE);     \
 722     }
 723
 724 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                 \
 725     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);      \
 726     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
 727
 728 #ifndef OPENSSL_NO_DSA
 729 # define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)               \
 730     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
 731     {                                                                   \
 732         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
 733     }                                                                   \
 734     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
 735     {                                                                   \
 736         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
 737     }
 738
 739 # define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                         \
 740     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);          \
 741     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
 742
 743 # ifndef OPENSSL_NO_RC4
 744 #  define IMPLEMENT_TEST_SUITE_PVK(KEYTYPE, KEYTYPEstr)                 \
 745     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
 746     {                                                                   \
 747         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
 748     }                                                                   \
 749     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
 750     {                                                                   \
 751         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
 752     }
 753
 754 #  define ADD_TEST_SUITE_PVK(KEYTYPE)                           \
 755     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK);             \
 756     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
 757 # endif
 758 #endif
 759
 760 #ifndef OPENSSL_NO_DH
 761 DOMAIN_KEYS(DH);
 762 IMPLEMENT_TEST_SUITE(DH, "DH")
 763 DOMAIN_KEYS(DHX);
 764 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
 765 /*
 766  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
 767  * so no legacy tests.
 768  */
 769 #endif
 770 #ifndef OPENSSL_NO_DSA
 771 DOMAIN_KEYS(DSA);
 772 IMPLEMENT_TEST_SUITE(DSA, "DSA")
 773 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 774 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 775 # ifndef OPENSSL_NO_RC4
 776 IMPLEMENT_TEST_SUITE_PVK(DSA, "DSA")
 777 # endif
 778 #endif
 779 #ifndef OPENSSL_NO_EC
 780 DOMAIN_KEYS(EC);
 781 IMPLEMENT_TEST_SUITE(EC, "EC")
 782 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 783 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
 784 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
 785 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 786 DOMAIN_KEYS(ECExplicitPrime2G);
 787 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
 788 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 789 # ifndef OPENSSL_NO_EC2M
 790 DOMAIN_KEYS(ECExplicitTriNamedCurve);
 791 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
 792 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 793 DOMAIN_KEYS(ECExplicitTri2G);
 794 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
 795 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 796 # endif
 797 KEYS(ED25519);
 798 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
 799 KEYS(ED448);
 800 IMPLEMENT_TEST_SUITE(ED448, "ED448")
 801 KEYS(X25519);
 802 IMPLEMENT_TEST_SUITE(X25519, "X25519")
 803 KEYS(X448);
 804 IMPLEMENT_TEST_SUITE(X448, "X448")
 805 /*
 806  * ED25519, ED448, X25519 and X448 have no support for
 807  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
 808  */
 809 #endif
 810 KEYS(RSA);
 811 IMPLEMENT_TEST_SUITE(RSA, "RSA")
 812 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 813 KEYS(RSA_PSS);
 814 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
 815 /*
 816  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
 817  * so no legacy tests.
 818  */
 819 #ifndef OPENSSL_NO_DSA
 820 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
 821 # ifndef OPENSSL_NO_RC4
 822 IMPLEMENT_TEST_SUITE_PVK(RSA, "RSA")
 823 # endif
 824 #endif
 825
 826 #ifndef OPENSSL_NO_EC
 827 /* Explicit parameters that match a named curve */
 828 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
 829                                               const unsigned char *gen,
 830                                               size_t gen_len)
 831 {
 832     BIGNUM *a, *b, *prime, *order;
 833
 834     /* Curve prime256v1 */
 835     static const unsigned char prime_data[] = {
 836         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
 837         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 838         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
 839         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 840         0xff
 841     };
 842     static const unsigned char a_data[] = {
 843         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
 844         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 845         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
 846         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 847         0xfc
 848     };
 849     static const unsigned char b_data[] = {
 850         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
 851         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
 852         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
 853         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
 854     };
 855     static const unsigned char seed[] = {
 856         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
 857         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
 858         0x81, 0x9f, 0x7e, 0x90
 859     };
 860     static const unsigned char order_data[] = {
 861         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
 862         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 863         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
 864         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
 865     };
 866     return TEST_ptr(a = BN_CTX_get(bnctx))
 867            && TEST_ptr(b = BN_CTX_get(bnctx))
 868            && TEST_ptr(prime = BN_CTX_get(bnctx))
 869            && TEST_ptr(order = BN_CTX_get(bnctx))
 870            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
 871            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
 872            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
 873            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
 874            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
 875                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
 876                             0))
 877            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
 878            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
 879            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
 880            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
 881                             OSSL_PKEY_PARAM_EC_ORDER, order))
 882            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
 883                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
 884            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
 885                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
 886            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
 887                                                BN_value_one()));
 888 }
 889
 890 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
 891 {
 892     static const unsigned char prime256v1_gen[] = {
 893         0x04,
 894         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
 895         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
 896         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
 897         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
 898         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
 899         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
 900         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
 901         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
 902     };
 903     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
 904                                               sizeof(prime256v1_gen));
 905 }
 906
 907 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
 908 {
 909     /* 2G */
 910     static const unsigned char prime256v1_gen2[] = {
 911         0x04,
 912         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
 913         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
 914         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
 915         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
 916         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
 917         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
 918         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
 919         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
 920     };
 921     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
 922                                               sizeof(prime256v1_gen2));
 923 }
 924
 925 # ifndef OPENSSL_NO_EC2M
 926 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
 927                                                   const unsigned char *gen,
 928                                                   size_t gen_len)
 929 {
 930     BIGNUM *a, *b, *poly, *order, *cofactor;
 931     /* sect233k1 characteristic-two-field tpBasis */
 932     static const unsigned char poly_data[] = {
 933         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 934         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
 935         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
 936     };
 937     static const unsigned char a_data[] = {
 938         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 939         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 940         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 941     };
 942     static const unsigned char b_data[] = {
 943         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 944         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 945         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
 946     };
 947     static const unsigned char order_data[] = {
 948         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 949         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
 950         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
 951     };
 952     static const unsigned char cofactor_data[]= {
 953         0x4
 954     };
 955     return TEST_ptr(a = BN_CTX_get(bnctx))
 956            && TEST_ptr(b = BN_CTX_get(bnctx))
 957            && TEST_ptr(poly = BN_CTX_get(bnctx))
 958            && TEST_ptr(order = BN_CTX_get(bnctx))
 959            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
 960            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
 961            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
 962            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
 963            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
 964            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
 965            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
 966                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
 967                             SN_X9_62_characteristic_two_field, 0))
 968            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
 969            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
 970            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
 971            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
 972                             OSSL_PKEY_PARAM_EC_ORDER, order))
 973            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
 974                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
 975            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
 976                                                cofactor));
 977 }
 978
 979 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
 980 {
 981     static const unsigned char gen[] = {
 982         0x04,
 983         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
 984         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
 985         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
 986         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
 987         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
 988         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
 989     };
 990     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
 991 }
 992
 993 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
 994 {
 995     static const unsigned char gen2[] = {
 996         0x04,
 997         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
 998         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
 999         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1000         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1001         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1002         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1003     };
1004     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1005 }
1006 # endif /* OPENSSL_NO_EC2M */
1007 #endif /* OPENSSL_NO_EC */
1008
1009 int setup_tests(void)
1010 {
1011     int ok = 1;
1012
1013 #ifndef OPENSSL_NO_DSA
1014     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1015     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1016     OSSL_PARAM DSA_params[] = {
1017         OSSL_PARAM_size_t("pbits", &pbits),
1018         OSSL_PARAM_size_t("qbits", &qbits),
1019         OSSL_PARAM_END
1020     };
1021 #endif
1022
1023 #ifndef OPENSSL_NO_EC
1024     static char groupname[] = "prime256v1";
1025     OSSL_PARAM EC_params[] = {
1026         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1027         OSSL_PARAM_END
1028     };
1029 #endif
1030
1031     /* 7 is the default magic number */
1032     static unsigned int rsapss_min_saltlen = 7;
1033     OSSL_PARAM RSA_PSS_params[] = {
1034         OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
1035         OSSL_PARAM_END
1036     };
1037
1038 #ifndef OPENSSL_NO_EC
1039     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
1040         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1041         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1042         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1043         || !create_ec_explicit_prime_params(bld_prime)
1044         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1045         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1046 # ifndef OPENSSL_NO_EC2M
1047         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1048         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1049         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1050         || !create_ec_explicit_trinomial_params(bld_tri)
1051         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1052         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1053 # endif
1054         )
1055         return 0;
1056 #endif
1057
1058     TEST_info("Generating keys...");
1059
1060 #ifndef OPENSSL_NO_DH
1061     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1062     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1063 #endif
1064 #ifndef OPENSSL_NO_DSA
1065     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1066 #endif
1067 #ifndef OPENSSL_NO_EC
1068     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1069     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1070     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1071 # ifndef OPENSSL_NO_EC2M
1072     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1073     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1074 # endif
1075     MAKE_KEYS(ED25519, "ED25519", NULL);
1076     MAKE_KEYS(ED448, "ED448", NULL);
1077     MAKE_KEYS(X25519, "X25519", NULL);
1078     MAKE_KEYS(X448, "X448", NULL);
1079 #endif
1080     MAKE_KEYS(RSA, "RSA", NULL);
1081     MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
1082     TEST_info("Generating key... done");
1083
1084     if (ok) {
1085 #ifndef OPENSSL_NO_DH
1086         ADD_TEST_SUITE(DH);
1087         ADD_TEST_SUITE(DHX);
1088         /*
1089          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1090          * so no legacy tests.
1091          */
1092 #endif
1093 #ifndef OPENSSL_NO_DSA
1094         ADD_TEST_SUITE(DSA);
1095         ADD_TEST_SUITE_LEGACY(DSA);
1096         ADD_TEST_SUITE_MSBLOB(DSA);
1097 # ifndef OPENSSL_NO_RC4
1098         ADD_TEST_SUITE_PVK(DSA);
1099 # endif
1100 #endif
1101 #ifndef OPENSSL_NO_EC
1102         ADD_TEST_SUITE(EC);
1103         ADD_TEST_SUITE_LEGACY(EC);
1104         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1105         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1106         ADD_TEST_SUITE(ECExplicitPrime2G);
1107         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1108 # ifndef OPENSSL_NO_EC2M
1109         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1110         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1111         ADD_TEST_SUITE(ECExplicitTri2G);
1112         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1113 # endif
1114         ADD_TEST_SUITE(ED25519);
1115         ADD_TEST_SUITE(ED448);
1116         ADD_TEST_SUITE(X25519);
1117         ADD_TEST_SUITE(X448);
1118         /*
1119          * ED25519, ED448, X25519 and X448 have no support for
1120          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1121          */
1122 #endif
1123         ADD_TEST_SUITE(RSA);
1124         ADD_TEST_SUITE_LEGACY(RSA);
1125         ADD_TEST_SUITE(RSA_PSS);
1126         /*
1127          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1128          * so no legacy tests.
1129          */
1130 #ifndef OPENSSL_NO_DSA
1131         ADD_TEST_SUITE_MSBLOB(RSA);
1132 # ifndef OPENSSL_NO_RC4
1133         ADD_TEST_SUITE_PVK(RSA);
1134 # endif
1135 #endif
1136     }
1137
1138     return 1;
1139 }
1140
1141 void cleanup_tests(void)
1142 {
1143 #ifndef OPENSSL_NO_EC
1144     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc);
1145     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit);
1146     OSSL_PARAM_BLD_free(bld_prime_nc);
1147     OSSL_PARAM_BLD_free(bld_prime);
1148 # ifndef OPENSSL_NO_EC2M
1149     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc);
1150     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit);
1151     OSSL_PARAM_BLD_free(bld_tri_nc);
1152     OSSL_PARAM_BLD_free(bld_tri);
1153 # endif
1154     BN_CTX_free(bnctx);
1155 #endif /* OPENSSL_NO_EC */
1156
1157 #ifndef OPENSSL_NO_DH
1158     FREE_DOMAIN_KEYS(DH);
1159     FREE_DOMAIN_KEYS(DHX);
1160 #endif
1161 #ifndef OPENSSL_NO_DSA
1162     FREE_DOMAIN_KEYS(DSA);
1163 #endif
1164 #ifndef OPENSSL_NO_EC
1165     FREE_DOMAIN_KEYS(EC);
1166     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1167     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1168 # ifndef OPENSSL_NO_EC2M
1169     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1170     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1171 # endif
1172     FREE_KEYS(ED25519);
1173     FREE_KEYS(ED448);
1174     FREE_KEYS(X25519);
1175     FREE_KEYS(X448);
1176 #endif
1177     FREE_KEYS(RSA);
1178     FREE_KEYS(RSA_PSS);
1179 }