test/endecode_test.c

   1 /*
   2  * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/core_dispatch.h>
  12 #include <openssl/evp.h>
  13 #include <openssl/pem.h>
  14 #include <openssl/rsa.h>
  15 #include <openssl/x509.h>
  16 #include <openssl/core_names.h>
  17 #include <openssl/params.h>
  18 #include <openssl/param_build.h>
  19 #include <openssl/encoder.h>
  20 #include <openssl/decoder.h>
  21
  22 #include "internal/cryptlib.h"   /* ossl_assert */
  23 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
  24 #include "crypto/evp.h"          /* For evp_pkey_is_provided() */
  25
  26 #include "helpers/predefined_dhparams.h"
  27 #include "testutil.h"
  28
  29 #ifdef STATIC_LEGACY
  30 OSSL_provider_init_fn ossl_legacy_provider_init;
  31 #endif
  32
  33 /* Extended test macros to allow passing file & line number */
  34 #define TEST_FL_ptr(a)               test_ptr(file, line, #a, a)
  35 #define TEST_FL_mem_eq(a, m, b, n)   test_mem_eq(file, line, #a, #b, a, m, b, n)
  36 #define TEST_FL_strn_eq(a, b, n)     test_strn_eq(file, line, #a, #b, a, n, b, n)
  37 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
  38 #define TEST_FL_int_eq(a, b)         test_int_eq(file, line, #a, #b, a, b)
  39 #define TEST_FL_int_ge(a, b)         test_int_ge(file, line, #a, #b, a, b)
  40 #define TEST_FL_int_gt(a, b)         test_int_gt(file, line, #a, #b, a, b)
  41 #define TEST_FL_long_gt(a, b)        test_long_gt(file, line, #a, #b, a, b)
  42 #define TEST_FL_true(a)              test_true(file, line, #a, (a) != 0)
  43
  44 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
  45 # define OPENSSL_NO_KEYPARAMS
  46 #endif
  47
  48 static int default_libctx = 1;
  49 static int is_fips = 0;
  50
  51 static OSSL_LIB_CTX *testctx = NULL;
  52 static OSSL_LIB_CTX *keyctx = NULL;
  53 static char *testpropq = NULL;
  54
  55 static OSSL_PROVIDER *nullprov = NULL;
  56 static OSSL_PROVIDER *deflprov = NULL;
  57 static OSSL_PROVIDER *keyprov = NULL;
  58
  59 #ifndef OPENSSL_NO_EC
  60 static BN_CTX *bnctx = NULL;
  61 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
  62 static OSSL_PARAM_BLD *bld_prime = NULL;
  63 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
  64 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
  65
  66 # ifndef OPENSSL_NO_EC2M
  67 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
  68 static OSSL_PARAM_BLD *bld_tri = NULL;
  69 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
  70 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
  71 # endif
  72 #endif
  73
  74 #ifndef OPENSSL_NO_KEYPARAMS
  75 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
  76 {
  77     EVP_PKEY *pkey = NULL;
  78     EVP_PKEY_CTX *ctx = NULL;
  79
  80 # ifndef OPENSSL_NO_DH
  81     /*
  82      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
  83      * for testing only. Use a minimum key size of 2048 for security purposes.
  84      */
  85     if (strcmp(type, "DH") == 0)
  86         return get_dh512(keyctx);
  87
  88     if (strcmp(type, "X9.42 DH") == 0)
  89         return get_dhx512(keyctx);
  90 # endif
  91
  92     /*
  93      * No real need to check the errors other than for the cascade
  94      * effect.  |pkey| will simply remain NULL if something goes wrong.
  95      */
  96     (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL
  97            && EVP_PKEY_paramgen_init(ctx) > 0
  98            && (genparams == NULL
  99                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
 100            && EVP_PKEY_generate(ctx, &pkey) > 0);
 101     EVP_PKEY_CTX_free(ctx);
 102
 103     return pkey;
 104 }
 105 #endif
 106
 107 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 108 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
 109                           OSSL_PARAM *genparams)
 110 {
 111     EVP_PKEY *pkey = NULL;
 112     EVP_PKEY_CTX *ctx =
 113         template != NULL
 114         ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
 115         : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);
 116
 117     /*
 118      * No real need to check the errors other than for the cascade
 119      * effect.  |pkey| will simply remain NULL if something goes wrong.
 120      */
 121     (void)(ctx != NULL
 122            && EVP_PKEY_keygen_init(ctx) > 0
 123            && (genparams == NULL
 124                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
 125            && EVP_PKEY_keygen(ctx, &pkey) > 0);
 126     EVP_PKEY_CTX_free(ctx);
 127     return pkey;
 128 }
 129 #endif
 130
 131 /* Main test driver */
 132
 133 typedef int (encoder)(const char *file, const int line,
 134                       void **encoded, long *encoded_len,
 135                       void *object, int selection,
 136                       const char *output_type, const char *output_structure,
 137                       const char *pass, const char *pcipher);
 138 typedef int (decoder)(const char *file, const int line,
 139                       void **object, void *encoded, long encoded_len,
 140                       const char *input_type, const char *structure_type,
 141                       const char *keytype, int selection, const char *pass);
 142 typedef int (tester)(const char *file, const int line,
 143                      const void *data1, size_t data1_len,
 144                      const void *data2, size_t data2_len);
 145 typedef int (checker)(const char *file, const int line,
 146                       const char *type, const void *data, size_t data_len);
 147 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 148
 149 #define FLAG_DECODE_WITH_TYPE   0x0001
 150 #define FLAG_FAIL_IF_FIPS       0x0002
 151
 152 static int test_encode_decode(const char *file, const int line,
 153                               const char *type, EVP_PKEY *pkey,
 154                               int selection, const char *output_type,
 155                               const char *output_structure,
 156                               const char *pass, const char *pcipher,
 157                               encoder *encode_cb, decoder *decode_cb,
 158                               tester *test_cb, checker *check_cb,
 159                               dumper *dump_cb, int flags)
 160 {
 161     void *encoded = NULL;
 162     long encoded_len = 0;
 163     EVP_PKEY *pkey2 = NULL;
 164     void *encoded2 = NULL;
 165     long encoded2_len = 0;
 166     int ok = 0;
 167
 168     /*
 169      * Encode |pkey|, decode the result into |pkey2|, and finish off by
 170      * encoding |pkey2| as well.  That last encoding is for checking and
 171      * dumping purposes.
 172      */
 173     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
 174                              output_type, output_structure, pass, pcipher)))
 175         goto end;
 176
 177     if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
 178         if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
 179                                   encoded_len, output_type, output_structure,
 180                                   (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
 181                                   selection, pass)))
 182             ok = 1;
 183         goto end;
 184     }
 185
 186     if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
 187         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
 188                                 output_type, output_structure,
 189                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
 190                                 selection, pass))
 191         || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
 192                                 output_type, output_structure, pass, pcipher)))
 193         goto end;
 194
 195     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 196         if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
 197             goto end;
 198     } else {
 199         if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
 200             goto end;
 201     }
 202
 203     /*
 204      * Double check the encoding, but only for unprotected keys,
 205      * as protected keys have a random component, which makes the output
 206      * differ.
 207      */
 208     if ((pass == NULL && pcipher == NULL)
 209         && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
 210         goto end;
 211
 212     ok = 1;
 213  end:
 214     if (!ok) {
 215         if (encoded != NULL && encoded_len != 0)
 216             dump_cb("|pkey| encoded", encoded, encoded_len);
 217         if (encoded2 != NULL && encoded2_len != 0)
 218             dump_cb("|pkey2| encoded", encoded2, encoded2_len);
 219     }
 220
 221     OPENSSL_free(encoded);
 222     OPENSSL_free(encoded2);
 223     EVP_PKEY_free(pkey2);
 224     return ok;
 225 }
 226
 227 /* Encoding and decoding methods */
 228
 229 static int encode_EVP_PKEY_prov(const char *file, const int line,
 230                                 void **encoded, long *encoded_len,
 231                                 void *object, int selection,
 232                                 const char *output_type,
 233                                 const char *output_structure,
 234                                 const char *pass, const char *pcipher)
 235 {
 236     EVP_PKEY *pkey = object;
 237     OSSL_ENCODER_CTX *ectx = NULL;
 238     BIO *mem_ser = NULL;
 239     BUF_MEM *mem_buf = NULL;
 240     const unsigned char *upass = (const unsigned char *)pass;
 241     int ok = 0;
 242
 243     if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
 244                                                        output_type,
 245                                                        output_structure,
 246                                                        testpropq))
 247         || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
 248         || (pass != NULL
 249             && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
 250                                                           strlen(pass))))
 251         || (pcipher != NULL
 252             && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
 253         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 254         || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
 255         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 256         || !TEST_FL_ptr(*encoded = mem_buf->data)
 257         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 258         goto end;
 259
 260     /* Detach the encoded output */
 261     mem_buf->data = NULL;
 262     mem_buf->length = 0;
 263     ok = 1;
 264  end:
 265     BIO_free(mem_ser);
 266     OSSL_ENCODER_CTX_free(ectx);
 267     return ok;
 268 }
 269
 270 static int decode_EVP_PKEY_prov(const char *file, const int line,
 271                                 void **object, void *encoded, long encoded_len,
 272                                 const char *input_type,
 273                                 const char *structure_type,
 274                                 const char *keytype, int selection,
 275                                 const char *pass)
 276 {
 277     EVP_PKEY *pkey = NULL, *testpkey = NULL;
 278     OSSL_DECODER_CTX *dctx = NULL;
 279     BIO *encoded_bio = NULL;
 280     const unsigned char *upass = (const unsigned char *)pass;
 281     int ok = 0;
 282     int i;
 283     const char *badtype;
 284
 285     if (strcmp(input_type, "DER") == 0)
 286         badtype = "PEM";
 287     else
 288         badtype = "DER";
 289
 290     if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
 291         goto end;
 292
 293     /*
 294      * We attempt the decode 3 times. The first time we provide the expected
 295      * starting input type. The second time we provide NULL for the starting
 296      * type. The third time we provide a bad starting input type.
 297      * The bad starting input type should fail. The other two should succeed
 298      * and produce the same result.
 299      */
 300     for (i = 0; i < 3; i++) {
 301         const char *testtype = (i == 0) ? input_type
 302                                         : ((i == 1) ? NULL : badtype);
 303
 304         if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
 305                                                            testtype,
 306                                                            structure_type,
 307                                                            keytype,
 308                                                            selection,
 309                                                            testctx, testpropq))
 310             || (pass != NULL
 311                 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
 312             || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
 313                /* We expect to fail when using a bad input type */
 314             || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
 315                             (i == 2) ? 0 : 1))
 316             goto end;
 317         OSSL_DECODER_CTX_free(dctx);
 318         dctx = NULL;
 319
 320         if (i == 0) {
 321             pkey = testpkey;
 322             testpkey = NULL;
 323         } else if (i == 1) {
 324             if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 325                 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
 326                     goto end;
 327             } else {
 328                 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
 329                     goto end;
 330             }
 331         }
 332     }
 333     ok = 1;
 334     *object = pkey;
 335     pkey = NULL;
 336
 337  end:
 338     EVP_PKEY_free(pkey);
 339     EVP_PKEY_free(testpkey);
 340     BIO_free(encoded_bio);
 341     OSSL_DECODER_CTX_free(dctx);
 342     return ok;
 343 }
 344
 345 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
 346                                       void **encoded, long *encoded_len,
 347                                       void *object, ossl_unused int selection,
 348                                       ossl_unused const char *output_type,
 349                                       ossl_unused const char *output_structure,
 350                                       const char *pass, const char *pcipher)
 351 {
 352     EVP_PKEY *pkey = object;
 353     EVP_CIPHER *cipher = NULL;
 354     BIO *mem_ser = NULL;
 355     BUF_MEM *mem_buf = NULL;
 356     const unsigned char *upass = (const unsigned char *)pass;
 357     size_t passlen = 0;
 358     int ok = 0;
 359
 360     if (pcipher != NULL && pass != NULL) {
 361         passlen = strlen(pass);
 362         if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq)))
 363             goto end;
 364     }
 365     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 366         || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
 367                                                            cipher,
 368                                                            upass, passlen,
 369                                                            NULL, NULL))
 370         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 371         || !TEST_FL_ptr(*encoded = mem_buf->data)
 372         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 373         goto end;
 374
 375     /* Detach the encoded output */
 376     mem_buf->data = NULL;
 377     mem_buf->length = 0;
 378     ok = 1;
 379  end:
 380     BIO_free(mem_ser);
 381     EVP_CIPHER_free(cipher);
 382     return ok;
 383 }
 384
 385 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
 386                                   void **encoded, long *encoded_len,
 387                                   void *object, int selection,
 388                                   ossl_unused const char *output_type,
 389                                   ossl_unused const char *output_structure,
 390                                   ossl_unused const char *pass,
 391                                   ossl_unused const char *pcipher)
 392 {
 393     EVP_PKEY *pkey = object;
 394     BIO *mem_ser = NULL;
 395     BUF_MEM *mem_buf = NULL;
 396     int ok = 0;
 397
 398     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
 399         goto end;
 400
 401     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
 402         if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
 403             goto end;
 404     } else {
 405         if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
 406             goto end;
 407     }
 408
 409     if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 410         || !TEST_FL_ptr(*encoded = mem_buf->data)
 411         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 412         goto end;
 413
 414     /* Detach the encoded output */
 415     mem_buf->data = NULL;
 416     mem_buf->length = 0;
 417     ok = 1;
 418  end:
 419     BIO_free(mem_ser);
 420     return ok;
 421 }
 422
 423 static pem_password_cb pass_pw;
 424 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
 425 {
 426     OPENSSL_strlcpy(buf, userdata, size);
 427     return strlen(userdata);
 428 }
 429
 430 static int encode_EVP_PKEY_PVK(const char *file, const int line,
 431                                void **encoded, long *encoded_len,
 432                                void *object, int selection,
 433                                ossl_unused const char *output_type,
 434                                ossl_unused const char *output_structure,
 435                                const char *pass,
 436                                ossl_unused const char *pcipher)
 437 {
 438     EVP_PKEY *pkey = object;
 439     BIO *mem_ser = NULL;
 440     BUF_MEM *mem_buf = NULL;
 441     int enc = (pass != NULL);
 442     int ok = 0;
 443
 444     if (!TEST_FL_true(ossl_assert((selection
 445                                 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
 446         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 447         || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc,
 448                                           pass_pw, (void *)pass, testctx, testpropq), 0)
 449         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 450         || !TEST_FL_ptr(*encoded = mem_buf->data)
 451         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 452         goto end;
 453
 454     /* Detach the encoded output */
 455     mem_buf->data = NULL;
 456     mem_buf->length = 0;
 457     ok = 1;
 458  end:
 459     BIO_free(mem_ser);
 460     return ok;
 461 }
 462
 463 static int test_text(const char *file, const int line,
 464                      const void *data1, size_t data1_len,
 465                      const void *data2, size_t data2_len)
 466 {
 467     return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
 468 }
 469
 470 static int test_mem(const char *file, const int line,
 471                     const void *data1, size_t data1_len,
 472                     const void *data2, size_t data2_len)
 473 {
 474     return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
 475 }
 476
 477 /* Test cases and their dumpers / checkers */
 478
 479 static void collect_name(const char *name, void *arg)
 480 {
 481     char **namelist = arg;
 482     char *new_namelist;
 483     size_t space;
 484
 485     space = strlen(name);
 486     if (*namelist != NULL)
 487         space += strlen(*namelist) + 2 /* for comma and space */;
 488     space++; /* for terminating null byte */
 489
 490     new_namelist = OPENSSL_realloc(*namelist, space);
 491     if (new_namelist == NULL)
 492         return;
 493     if (*namelist != NULL) {
 494         strcat(new_namelist, ", ");
 495         strcat(new_namelist, name);
 496     } else {
 497         strcpy(new_namelist, name);
 498     }
 499     *namelist = new_namelist;
 500 }
 501
 502 static void dump_der(const char *label, const void *data, size_t data_len)
 503 {
 504     test_output_memory(label, data, data_len);
 505 }
 506
 507 static void dump_pem(const char *label, const void *data, size_t data_len)
 508 {
 509     test_output_string(label, data, data_len - 1);
 510 }
 511
 512 static int check_unprotected_PKCS8_DER(const char *file, const int line,
 513                                        const char *type,
 514                                        const void *data, size_t data_len)
 515 {
 516     const unsigned char *datap = data;
 517     PKCS8_PRIV_KEY_INFO *p8inf =
 518         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
 519     int ok = 0;
 520
 521     if (TEST_FL_ptr(p8inf)) {
 522         EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq);
 523         char *namelist = NULL;
 524
 525         if (TEST_FL_ptr(pkey)) {
 526             if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
 527                 EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist);
 528                 if (namelist != NULL)
 529                     TEST_note("%s isn't any of %s", type, namelist);
 530                 OPENSSL_free(namelist);
 531             }
 532             ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
 533             EVP_PKEY_free(pkey);
 534         }
 535     }
 536     PKCS8_PRIV_KEY_INFO_free(p8inf);
 537     return ok;
 538 }
 539
 540 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
 541 {
 542     return test_encode_decode(__FILE__, __LINE__, type, key,
 543                               OSSL_KEYMGMT_SELECT_KEYPAIR
 544                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
 545                               "DER", "PrivateKeyInfo", NULL, NULL,
 546                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 547                               test_mem, check_unprotected_PKCS8_DER,
 548                               dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
 549 }
 550
 551 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
 552                                        const char *type,
 553                                        const void *data, size_t data_len)
 554 {
 555     static const char expected_pem_header[] =
 556         "-----BEGIN " PEM_STRING_PKCS8INF "-----";
 557
 558     return TEST_FL_strn_eq(data, expected_pem_header,
 559                         sizeof(expected_pem_header) - 1);
 560 }
 561
 562 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
 563 {
 564     return test_encode_decode(__FILE__, __LINE__, type, key,
 565                               OSSL_KEYMGMT_SELECT_KEYPAIR
 566                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
 567                               "PEM", "PrivateKeyInfo", NULL, NULL,
 568                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 569                               test_text, check_unprotected_PKCS8_PEM,
 570                               dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
 571 }
 572
 573 #ifndef OPENSSL_NO_KEYPARAMS
 574 static int check_params_DER(const char *file, const int line,
 575                             const char *type, const void *data, size_t data_len)
 576 {
 577     const unsigned char *datap = data;
 578     int ok = 0;
 579     int itype = NID_undef;
 580     EVP_PKEY *pkey = NULL;
 581
 582     if (strcmp(type, "DH") == 0)
 583         itype = EVP_PKEY_DH;
 584     else if (strcmp(type, "X9.42 DH") == 0)
 585         itype = EVP_PKEY_DHX;
 586     else if (strcmp(type, "DSA") ==  0)
 587         itype = EVP_PKEY_DSA;
 588     else if (strcmp(type, "EC") ==  0)
 589         itype = EVP_PKEY_EC;
 590
 591     if (itype != NID_undef) {
 592         pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
 593         ok = (pkey != NULL);
 594         EVP_PKEY_free(pkey);
 595     }
 596
 597     return ok;
 598 }
 599
 600 static int check_params_PEM(const char *file, const int line,
 601                             const char *type,
 602                             const void *data, size_t data_len)
 603 {
 604     static char expected_pem_header[80];
 605
 606     return
 607         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 608                                  sizeof(expected_pem_header),
 609                                  "-----BEGIN %s PARAMETERS-----", type), 0)
 610         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 611 }
 612
 613 static int test_params_via_DER(const char *type, EVP_PKEY *key)
 614 {
 615     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 616                               "DER", "type-specific", NULL, NULL,
 617                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 618                               test_mem, check_params_DER,
 619                               dump_der, FLAG_DECODE_WITH_TYPE);
 620 }
 621
 622 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
 623 {
 624     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 625                               "PEM", "type-specific", NULL, NULL,
 626                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 627                               test_text, check_params_PEM,
 628                               dump_pem, 0);
 629 }
 630 #endif /* !OPENSSL_NO_KEYPARAMS */
 631
 632 static int check_unprotected_legacy_PEM(const char *file, const int line,
 633                                         const char *type,
 634                                         const void *data, size_t data_len)
 635 {
 636     static char expected_pem_header[80];
 637
 638     return
 639         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 640                                  sizeof(expected_pem_header),
 641                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 642         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 643 }
 644
 645 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 646 {
 647     if (!default_libctx || is_fips)
 648         return TEST_skip("Test not available if using a non-default library context or FIPS provider");
 649
 650     return test_encode_decode(__FILE__, __LINE__, type, key,
 651                               OSSL_KEYMGMT_SELECT_KEYPAIR
 652                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 653                               "PEM", "type-specific", NULL, NULL,
 654                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 655                               test_text, check_unprotected_legacy_PEM,
 656                               dump_pem, 0);
 657 }
 658
 659 static int check_MSBLOB(const char *file, const int line,
 660                         const char *type, const void *data, size_t data_len)
 661 {
 662     const unsigned char *datap = data;
 663     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
 664     int ok = TEST_FL_ptr(pkey);
 665
 666     EVP_PKEY_free(pkey);
 667     return ok;
 668 }
 669
 670 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
 671 {
 672     return test_encode_decode(__FILE__, __LINE__, type, key,
 673                               OSSL_KEYMGMT_SELECT_KEYPAIR
 674                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 675                               "MSBLOB", NULL, NULL, NULL,
 676                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 677                               test_mem, check_MSBLOB,
 678                               dump_der, 0);
 679 }
 680
 681 static int check_PVK(const char *file, const int line,
 682                      const char *type, const void *data, size_t data_len)
 683 {
 684     const unsigned char *in = data;
 685     unsigned int saltlen = 0, keylen = 0;
 686     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
 687
 688     return ok;
 689 }
 690
 691 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
 692 {
 693     return test_encode_decode(__FILE__, __LINE__, type, key,
 694                               OSSL_KEYMGMT_SELECT_KEYPAIR
 695                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 696                               "PVK", NULL, NULL, NULL,
 697                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 698                               test_mem, check_PVK,
 699                               dump_der, 0);
 700 }
 701
 702 static const char *pass_cipher = "AES-256-CBC";
 703 static const char *pass = "the holy handgrenade of antioch";
 704
 705 static int check_protected_PKCS8_DER(const char *file, const int line,
 706                                      const char *type,
 707                                      const void *data, size_t data_len)
 708 {
 709     const unsigned char *datap = data;
 710     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
 711     int ok = TEST_FL_ptr(p8);
 712
 713     X509_SIG_free(p8);
 714     return ok;
 715 }
 716
 717 static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
 718 {
 719     return test_encode_decode(__FILE__, __LINE__, type, key,
 720                               OSSL_KEYMGMT_SELECT_KEYPAIR
 721                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 722                               "DER", "EncryptedPrivateKeyInfo",
 723                               pass, pass_cipher,
 724                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 725                               test_mem, check_protected_PKCS8_DER,
 726                               dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
 727 }
 728
 729 static int check_protected_PKCS8_PEM(const char *file, const int line,
 730                                      const char *type,
 731                                      const void *data, size_t data_len)
 732 {
 733     static const char expected_pem_header[] =
 734         "-----BEGIN " PEM_STRING_PKCS8 "-----";
 735
 736     return TEST_FL_strn_eq(data, expected_pem_header,
 737                         sizeof(expected_pem_header) - 1);
 738 }
 739
 740 static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
 741 {
 742     return test_encode_decode(__FILE__, __LINE__, type, key,
 743                               OSSL_KEYMGMT_SELECT_KEYPAIR
 744                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 745                               "PEM", "EncryptedPrivateKeyInfo",
 746                               pass, pass_cipher,
 747                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 748                               test_text, check_protected_PKCS8_PEM,
 749                               dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
 750 }
 751
 752 static int check_protected_legacy_PEM(const char *file, const int line,
 753                                       const char *type,
 754                                       const void *data, size_t data_len)
 755 {
 756     static char expected_pem_header[80];
 757
 758     return
 759         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 760                                  sizeof(expected_pem_header),
 761                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 762         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
 763         && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
 764 }
 765
 766 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 767 {
 768     if (!default_libctx || is_fips)
 769         return TEST_skip("Test not available if using a non-default library context or FIPS provider");
 770
 771     return test_encode_decode(__FILE__, __LINE__, type, key,
 772                               OSSL_KEYMGMT_SELECT_KEYPAIR
 773                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 774                               "PEM", "type-specific", pass, pass_cipher,
 775                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 776                               test_text, check_protected_legacy_PEM,
 777                               dump_pem, 0);
 778 }
 779
 780 #ifndef OPENSSL_NO_RC4
 781 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
 782 {
 783     int ret = 0;
 784     OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
 785     if (lgcyprov == NULL)
 786         return TEST_skip("Legacy provider not available");
 787
 788     ret = test_encode_decode(__FILE__, __LINE__, type, key,
 789                               OSSL_KEYMGMT_SELECT_KEYPAIR
 790                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 791                               "PVK", NULL, pass, NULL,
 792                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 793                               test_mem, check_PVK, dump_der, 0);
 794     OSSL_PROVIDER_unload(lgcyprov);
 795     return ret;
 796 }
 797 #endif
 798
 799 static int check_public_DER(const char *file, const int line,
 800                             const char *type, const void *data, size_t data_len)
 801 {
 802     const unsigned char *datap = data;
 803     EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq);
 804     int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
 805
 806     EVP_PKEY_free(pkey);
 807     return ok;
 808 }
 809
 810 static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
 811 {
 812     return test_encode_decode(__FILE__, __LINE__, type, key,
 813                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 814                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
 815                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
 816                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 817                               test_mem, check_public_DER, dump_der,
 818                               fips ? 0 : FLAG_FAIL_IF_FIPS);
 819 }
 820
 821 static int check_public_PEM(const char *file, const int line,
 822                             const char *type, const void *data, size_t data_len)
 823 {
 824     static const char expected_pem_header[] =
 825         "-----BEGIN " PEM_STRING_PUBLIC "-----";
 826
 827     return
 828         TEST_FL_strn_eq(data, expected_pem_header,
 829                      sizeof(expected_pem_header) - 1);
 830 }
 831
 832 static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
 833 {
 834     return test_encode_decode(__FILE__, __LINE__, type, key,
 835                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 836                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
 837                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
 838                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 839                               test_text, check_public_PEM, dump_pem,
 840                               fips ? 0 : FLAG_FAIL_IF_FIPS);
 841 }
 842
 843 static int check_public_MSBLOB(const char *file, const int line,
 844                                const char *type,
 845                                const void *data, size_t data_len)
 846 {
 847     const unsigned char *datap = data;
 848     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
 849     int ok = TEST_FL_ptr(pkey);
 850
 851     EVP_PKEY_free(pkey);
 852     return ok;
 853 }
 854
 855 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 856 {
 857     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 858                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 859                               "MSBLOB", NULL, NULL, NULL,
 860                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 861                               test_mem, check_public_MSBLOB, dump_der, 0);
 862 }
 863
 864 #define KEYS(KEYTYPE)                           \
 865     static EVP_PKEY *key_##KEYTYPE = NULL
 866 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
 867     ok = ok                                                             \
 868         && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
 869 #define FREE_KEYS(KEYTYPE)                                              \
 870     EVP_PKEY_free(key_##KEYTYPE);                                       \
 871
 872 #define DOMAIN_KEYS(KEYTYPE)                    \
 873     static EVP_PKEY *template_##KEYTYPE = NULL; \
 874     static EVP_PKEY *key_##KEYTYPE = NULL
 875 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
 876     ok = ok                                                             \
 877         && TEST_ptr(template_##KEYTYPE =                                \
 878                     make_template(KEYTYPEstr, params))                  \
 879         && TEST_ptr(key_##KEYTYPE =                                     \
 880                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
 881 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
 882     EVP_PKEY_free(template_##KEYTYPE);                                  \
 883     EVP_PKEY_free(key_##KEYTYPE)
 884
 885 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips)                 \
 886     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
 887     {                                                                   \
 888         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
 889     }                                                                   \
 890     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
 891     {                                                                   \
 892         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
 893     }                                                                   \
 894     static int test_protected_##KEYTYPE##_via_DER(void)                 \
 895     {                                                                   \
 896         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
 897     }                                                                   \
 898     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
 899     {                                                                   \
 900         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
 901     }                                                                   \
 902     static int test_public_##KEYTYPE##_via_DER(void)                    \
 903     {                                                                   \
 904         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips);    \
 905     }                                                                   \
 906     static int test_public_##KEYTYPE##_via_PEM(void)                    \
 907     {                                                                   \
 908         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips);    \
 909     }
 910
 911 #define ADD_TEST_SUITE(KEYTYPE)                                 \
 912     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
 913     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
 914     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
 915     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
 916     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
 917     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 918
 919 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr)           \
 920     static int test_params_##KEYTYPE##_via_DER(void)               \
 921     {                                                              \
 922         return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 923     }                                                              \
 924     static int test_params_##KEYTYPE##_via_PEM(void)               \
 925     {                                                              \
 926         return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 927     }
 928
 929 #define ADD_TEST_SUITE_PARAMS(KEYTYPE)                          \
 930     ADD_TEST(test_params_##KEYTYPE##_via_DER);                  \
 931     ADD_TEST(test_params_##KEYTYPE##_via_PEM)
 932
 933 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
 934     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
 935     {                                                                   \
 936         return                                                          \
 937             test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
 938     }                                                                   \
 939     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
 940     {                                                                   \
 941         return                                                          \
 942             test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE);   \
 943     }
 944
 945 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                  \
 946     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);              \
 947     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
 948
 949 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)                \
 950     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
 951     {                                                                   \
 952         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
 953     }                                                                   \
 954     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
 955     {                                                                   \
 956         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
 957     }
 958
 959 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                                  \
 960     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);                  \
 961     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
 962
 963 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr)       \
 964     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
 965     {                                                                   \
 966         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
 967     }
 968 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE)                        \
 969     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
 970 #ifndef OPENSSL_NO_RC4
 971 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr)        \
 972     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
 973     {                                                                   \
 974         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
 975     }
 976 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE)                          \
 977     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
 978 #endif
 979
 980 #ifndef OPENSSL_NO_DH
 981 DOMAIN_KEYS(DH);
 982 IMPLEMENT_TEST_SUITE(DH, "DH", 1)
 983 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
 984 DOMAIN_KEYS(DHX);
 985 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
 986 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 987 /*
 988  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
 989  * so no legacy tests.
 990  */
 991 #endif
 992 #ifndef OPENSSL_NO_DSA
 993 DOMAIN_KEYS(DSA);
 994 IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
 995 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
 996 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 997 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 998 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
 999 # ifndef OPENSSL_NO_RC4
1000 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
1001 # endif
1002 #endif
1003 #ifndef OPENSSL_NO_EC
1004 DOMAIN_KEYS(EC);
1005 IMPLEMENT_TEST_SUITE(EC, "EC", 1)
1006 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
1007 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
1008 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1009 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
1010 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
1011 DOMAIN_KEYS(ECExplicitPrime2G);
1012 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
1013 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
1014 # ifndef OPENSSL_NO_EC2M
1015 DOMAIN_KEYS(ECExplicitTriNamedCurve);
1016 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
1017 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
1018 DOMAIN_KEYS(ECExplicitTri2G);
1019 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
1020 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1021 # endif
1022 KEYS(ED25519);
1023 IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
1024 KEYS(ED448);
1025 IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
1026 KEYS(X25519);
1027 IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
1028 KEYS(X448);
1029 IMPLEMENT_TEST_SUITE(X448, "X448", 1)
1030 /*
1031  * ED25519, ED448, X25519 and X448 have no support for
1032  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1033  */
1034 #endif
1035 KEYS(RSA);
1036 IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
1037 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1038 KEYS(RSA_PSS);
1039 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
1040 /*
1041  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1042  * so no legacy tests.
1043  */
1044 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
1045 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
1046 #ifndef OPENSSL_NO_RC4
1047 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1048 #endif
1049
1050 #ifndef OPENSSL_NO_EC
1051 /* Explicit parameters that match a named curve */
1052 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1053                                               const unsigned char *gen,
1054                                               size_t gen_len)
1055 {
1056     BIGNUM *a, *b, *prime, *order;
1057
1058     /* Curve prime256v1 */
1059     static const unsigned char prime_data[] = {
1060         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1061         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1062         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1063         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1064         0xff
1065     };
1066     static const unsigned char a_data[] = {
1067         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1068         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1069         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1070         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1071         0xfc
1072     };
1073     static const unsigned char b_data[] = {
1074         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1075         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1076         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1077         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1078     };
1079     static const unsigned char seed[] = {
1080         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1081         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1082         0x81, 0x9f, 0x7e, 0x90
1083     };
1084     static const unsigned char order_data[] = {
1085         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1086         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1087         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1088         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1089     };
1090     return TEST_ptr(a = BN_CTX_get(bnctx))
1091            && TEST_ptr(b = BN_CTX_get(bnctx))
1092            && TEST_ptr(prime = BN_CTX_get(bnctx))
1093            && TEST_ptr(order = BN_CTX_get(bnctx))
1094            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1095            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1096            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1097            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1098            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1099                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1100                             0))
1101            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1102            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1103            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1104            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1105                             OSSL_PKEY_PARAM_EC_ORDER, order))
1106            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1107                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1108            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1109                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1110            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1111                                                BN_value_one()));
1112 }
1113
1114 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1115 {
1116     static const unsigned char prime256v1_gen[] = {
1117         0x04,
1118         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1119         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1120         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1121         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1122         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1123         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1124         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1125         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1126     };
1127     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1128                                               sizeof(prime256v1_gen));
1129 }
1130
1131 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1132 {
1133     /* 2G */
1134     static const unsigned char prime256v1_gen2[] = {
1135         0x04,
1136         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1137         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1138         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1139         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1140         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1141         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1142         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1143         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1144     };
1145     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1146                                               sizeof(prime256v1_gen2));
1147 }
1148
1149 # ifndef OPENSSL_NO_EC2M
1150 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1151                                                   const unsigned char *gen,
1152                                                   size_t gen_len)
1153 {
1154     BIGNUM *a, *b, *poly, *order, *cofactor;
1155     /* sect233k1 characteristic-two-field tpBasis */
1156     static const unsigned char poly_data[] = {
1157         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1158         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1159         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1160     };
1161     static const unsigned char a_data[] = {
1162         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1163         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1164         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1165     };
1166     static const unsigned char b_data[] = {
1167         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1168         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1169         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1170     };
1171     static const unsigned char order_data[] = {
1172         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1173         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1174         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1175     };
1176     static const unsigned char cofactor_data[]= {
1177         0x4
1178     };
1179     return TEST_ptr(a = BN_CTX_get(bnctx))
1180            && TEST_ptr(b = BN_CTX_get(bnctx))
1181            && TEST_ptr(poly = BN_CTX_get(bnctx))
1182            && TEST_ptr(order = BN_CTX_get(bnctx))
1183            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1184            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1185            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1186            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1187            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1188            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1189            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1190                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1191                             SN_X9_62_characteristic_two_field, 0))
1192            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1193            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1194            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1195            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1196                             OSSL_PKEY_PARAM_EC_ORDER, order))
1197            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1198                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1199            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1200                                                cofactor));
1201 }
1202
1203 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1204 {
1205     static const unsigned char gen[] = {
1206         0x04,
1207         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1208         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1209         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1210         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1211         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1212         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1213     };
1214     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1215 }
1216
1217 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1218 {
1219     static const unsigned char gen2[] = {
1220         0x04,
1221         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1222         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1223         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1224         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1225         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1226         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1227     };
1228     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1229 }
1230 # endif /* OPENSSL_NO_EC2M */
1231 #endif /* OPENSSL_NO_EC */
1232
1233 typedef enum OPTION_choice {
1234     OPT_ERR = -1,
1235     OPT_EOF = 0,
1236     OPT_CONTEXT,
1237     OPT_RSA_FILE,
1238     OPT_RSA_PSS_FILE,
1239     OPT_CONFIG_FILE,
1240     OPT_PROVIDER_NAME,
1241     OPT_TEST_ENUM
1242 } OPTION_CHOICE;
1243
1244 const OPTIONS *test_get_options(void)
1245 {
1246     static const OPTIONS options[] = {
1247         OPT_TEST_OPTIONS_DEFAULT_USAGE,
1248         { "context", OPT_CONTEXT, '-',
1249           "Explicitly use a non-default library context" },
1250         { "rsa", OPT_RSA_FILE, '<',
1251           "PEM format RSA key file to encode/decode" },
1252         { "pss", OPT_RSA_PSS_FILE, '<',
1253           "PEM format RSA-PSS key file to encode/decode" },
1254         { "config", OPT_CONFIG_FILE, '<',
1255           "The configuration file to use for the library context" },
1256         { "provider", OPT_PROVIDER_NAME, 's',
1257           "The provider to load (The default value is 'default')" },
1258         { NULL }
1259     };
1260     return options;
1261 }
1262
1263 int setup_tests(void)
1264 {
1265     const char *rsa_file = NULL;
1266     const char *rsa_pss_file = NULL;
1267     const char *prov_name = "default";
1268     char *config_file = NULL;
1269     int ok = 1;
1270
1271 #ifndef OPENSSL_NO_DSA
1272     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1273     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1274     OSSL_PARAM DSA_params[] = {
1275         OSSL_PARAM_size_t("pbits", &pbits),
1276         OSSL_PARAM_size_t("qbits", &qbits),
1277         OSSL_PARAM_END
1278     };
1279 #endif
1280
1281 #ifndef OPENSSL_NO_EC
1282     static char groupname[] = "prime256v1";
1283     OSSL_PARAM EC_params[] = {
1284         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1285         OSSL_PARAM_END
1286     };
1287 #endif
1288
1289     OPTION_CHOICE o;
1290
1291     while ((o = opt_next()) != OPT_EOF) {
1292         switch (o) {
1293         case OPT_CONTEXT:
1294             default_libctx = 0;
1295             break;
1296         case OPT_PROVIDER_NAME:
1297             prov_name = opt_arg();
1298             break;
1299         case OPT_CONFIG_FILE:
1300             config_file = opt_arg();
1301             break;
1302         case OPT_RSA_FILE:
1303             rsa_file = opt_arg();
1304             break;
1305         case OPT_RSA_PSS_FILE:
1306             rsa_pss_file = opt_arg();
1307             break;
1308         case OPT_TEST_CASES:
1309             break;
1310         default:
1311             return 0;
1312         }
1313     }
1314
1315     if (strcmp(prov_name, "fips") == 0)
1316         is_fips = 1;
1317
1318     if (default_libctx) {
1319         if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name))
1320             return 0;
1321     } else {
1322         if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name))
1323             return 0;
1324     }
1325
1326 #ifdef STATIC_LEGACY
1327     /*
1328      * This test is always statically linked against libcrypto. We must not
1329      * attempt to load legacy.so that might be dynamically linked against
1330      * libcrypto. Instead we use a built-in version of the legacy provider.
1331      */
1332     if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
1333         return 0;
1334 #endif
1335
1336     /* Separate provider/ctx for generating the test data */
1337     if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
1338         return 0;
1339     if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default")))
1340         return 0;
1341
1342 #ifndef OPENSSL_NO_EC
1343     if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx))
1344         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1345         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1346         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1347         || !create_ec_explicit_prime_params(bld_prime)
1348         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1349         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1350 # ifndef OPENSSL_NO_EC2M
1351         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1352         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1353         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1354         || !create_ec_explicit_trinomial_params(bld_tri)
1355         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1356         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1357 # endif
1358         )
1359         return 0;
1360 #endif
1361
1362     TEST_info("Generating keys...");
1363
1364 #ifndef OPENSSL_NO_DH
1365     TEST_info("Generating DH keys...");
1366     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1367     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1368 #endif
1369 #ifndef OPENSSL_NO_DSA
1370     TEST_info("Generating DSA keys...");
1371     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1372 #endif
1373 #ifndef OPENSSL_NO_EC
1374     TEST_info("Generating EC keys...");
1375     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1376     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1377     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1378 # ifndef OPENSSL_NO_EC2M
1379     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1380     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1381 # endif
1382     MAKE_KEYS(ED25519, "ED25519", NULL);
1383     MAKE_KEYS(ED448, "ED448", NULL);
1384     MAKE_KEYS(X25519, "X25519", NULL);
1385     MAKE_KEYS(X448, "X448", NULL);
1386 #endif
1387     TEST_info("Loading RSA key...");
1388     ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
1389     TEST_info("Loading RSA_PSS key...");
1390     ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx));
1391     TEST_info("Generating keys done");
1392
1393     if (ok) {
1394 #ifndef OPENSSL_NO_DH
1395         ADD_TEST_SUITE(DH);
1396         ADD_TEST_SUITE_PARAMS(DH);
1397         ADD_TEST_SUITE(DHX);
1398         ADD_TEST_SUITE_PARAMS(DHX);
1399         /*
1400          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1401          * so no legacy tests.
1402          */
1403 #endif
1404 #ifndef OPENSSL_NO_DSA
1405         ADD_TEST_SUITE(DSA);
1406         ADD_TEST_SUITE_PARAMS(DSA);
1407         ADD_TEST_SUITE_LEGACY(DSA);
1408         ADD_TEST_SUITE_MSBLOB(DSA);
1409         ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1410 # ifndef OPENSSL_NO_RC4
1411         ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1412 # endif
1413 #endif
1414 #ifndef OPENSSL_NO_EC
1415         ADD_TEST_SUITE(EC);
1416         ADD_TEST_SUITE_PARAMS(EC);
1417         ADD_TEST_SUITE_LEGACY(EC);
1418         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1419         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1420         ADD_TEST_SUITE(ECExplicitPrime2G);
1421         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1422 # ifndef OPENSSL_NO_EC2M
1423         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1424         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1425         ADD_TEST_SUITE(ECExplicitTri2G);
1426         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1427 # endif
1428         ADD_TEST_SUITE(ED25519);
1429         ADD_TEST_SUITE(ED448);
1430         ADD_TEST_SUITE(X25519);
1431         ADD_TEST_SUITE(X448);
1432         /*
1433          * ED25519, ED448, X25519 and X448 have no support for
1434          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1435          */
1436 #endif
1437         ADD_TEST_SUITE(RSA);
1438         ADD_TEST_SUITE_LEGACY(RSA);
1439         ADD_TEST_SUITE(RSA_PSS);
1440         /*
1441          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1442          * so no legacy tests.
1443          */
1444         ADD_TEST_SUITE_MSBLOB(RSA);
1445         ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1446 # ifndef OPENSSL_NO_RC4
1447         ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1448 # endif
1449     }
1450
1451     return 1;
1452 }
1453
1454 void cleanup_tests(void)
1455 {
1456 #ifndef OPENSSL_NO_EC
1457     OSSL_PARAM_free(ec_explicit_prime_params_nc);
1458     OSSL_PARAM_free(ec_explicit_prime_params_explicit);
1459     OSSL_PARAM_BLD_free(bld_prime_nc);
1460     OSSL_PARAM_BLD_free(bld_prime);
1461 # ifndef OPENSSL_NO_EC2M
1462     OSSL_PARAM_free(ec_explicit_tri_params_nc);
1463     OSSL_PARAM_free(ec_explicit_tri_params_explicit);
1464     OSSL_PARAM_BLD_free(bld_tri_nc);
1465     OSSL_PARAM_BLD_free(bld_tri);
1466 # endif
1467     BN_CTX_free(bnctx);
1468 #endif /* OPENSSL_NO_EC */
1469
1470 #ifndef OPENSSL_NO_DH
1471     FREE_DOMAIN_KEYS(DH);
1472     FREE_DOMAIN_KEYS(DHX);
1473 #endif
1474 #ifndef OPENSSL_NO_DSA
1475     FREE_DOMAIN_KEYS(DSA);
1476 #endif
1477 #ifndef OPENSSL_NO_EC
1478     FREE_DOMAIN_KEYS(EC);
1479     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1480     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1481 # ifndef OPENSSL_NO_EC2M
1482     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1483     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1484 # endif
1485     FREE_KEYS(ED25519);
1486     FREE_KEYS(ED448);
1487     FREE_KEYS(X25519);
1488     FREE_KEYS(X448);
1489 #endif
1490     FREE_KEYS(RSA);
1491     FREE_KEYS(RSA_PSS);
1492
1493     OSSL_PROVIDER_unload(nullprov);
1494     OSSL_PROVIDER_unload(deflprov);
1495     OSSL_PROVIDER_unload(keyprov);
1496     OSSL_LIB_CTX_free(testctx);
1497     OSSL_LIB_CTX_free(keyctx);
1498 }