diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-10-15 13:41:59 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-01-26 15:22:14 +0100 |
commit | 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (patch) | |
tree | 4a3261cb27a582770270a07b40ecf05ecb71c89a /test | |
parent | 98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (diff) |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Diffstat (limited to 'test')
-rw-r--r-- | test/build.info | 6 | ||||
-rw-r--r-- | test/ectest.c | 9 | ||||
-rw-r--r-- | test/evp_extra_test.c | 74 | ||||
-rw-r--r-- | test/helpers/handshake.c | 16 | ||||
-rw-r--r-- | test/ssl_old_test.c | 2 |
5 files changed, 39 insertions, 68 deletions
diff --git a/test/build.info b/test/build.info index a8f60c385b..b9e6d4f3b1 100644 --- a/test/build.info +++ b/test/build.info @@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}] versions \ aborttest test_test pkcs12_format_test \ sanitytest rsa_complex exdatatest bntest \ - ectest ecstresstest gmdifftest pbelutest \ + ecstresstest gmdifftest pbelutest \ destest mdc2test \ exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ @@ -96,7 +96,7 @@ IF[{- !$disabled{tests} -}] SOURCE[ectest]=ectest.c INCLUDE[ectest]=../include ../apps/include - DEPEND[ectest]=../libcrypto libtestutil.a + DEPEND[ectest]=../libcrypto.a libtestutil.a SOURCE[ecstresstest]=ecstresstest.c INCLUDE[ecstresstest]=../include ../apps/include @@ -548,7 +548,7 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=sm4_internal_test ENDIF IF[{- !$disabled{ec} -}] - PROGRAMS{noinst}=ec_internal_test curve448_internal_test + PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test ENDIF IF[{- !$disabled{cmac} -}] PROGRAMS{noinst}=cmactest diff --git a/test/ectest.c b/test/ectest.c index 9088fd166a..b047d88c3e 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -9,13 +9,10 @@ */ /* - * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult, - * and EC_GROUP_have_precompute_mult for testing purposes - * when the deprecated calls are not hidden + * EC_KEY low level APIs are deprecated for public use, but still ok for + * internal use. */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED -#endif +#include "internal/deprecated.h" #include <string.h> #include "internal/nelem.h" diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 4358fbe5c5..440b4759dd 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -384,6 +384,7 @@ static const unsigned char pExampleECParamDER[] = { typedef struct APK_DATA_st { const unsigned char *kder; size_t size; + const char *keytype; int evptype; int check; int pub_check; @@ -392,22 +393,22 @@ typedef struct APK_DATA_st { } APK_DATA; static APK_DATA keydata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, - {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, + {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} + {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} #endif }; static APK_DATA keycheckdata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0}, - {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0}, + {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 0, 1, 1, 0}, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, + {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, /* group is also associated in our pub key */ - {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, - {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} + {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1}, + {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2} #endif }; @@ -911,18 +912,14 @@ static struct ec_der_pub_keys_st { static int test_invalide_ec_char2_pub_range_decode(int id) { int ret = 0; - BIO *bio = NULL; - EC_KEY *eckey = NULL; + EVP_PKEY *pkey; - if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der, - ec_der_pub_keys[id].len))) - goto err; - eckey = d2i_EC_PUBKEY_bio(bio, NULL); - ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey)) - || TEST_ptr_null(eckey); -err: - EC_KEY_free(eckey); - BIO_free(bio); + pkey = load_example_key("EC", ec_der_pub_keys[id].der, + ec_der_pub_keys[id].len); + + ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) + || TEST_ptr_null(pkey); + EVP_PKEY_free(pkey); return ret; } @@ -1417,11 +1414,7 @@ static EVP_PKEY_METHOD *custom_pmeth; static int test_EVP_PKEY_check(int i) { int ret = 0; - const unsigned char *p; EVP_PKEY *pkey = NULL; -#ifndef OPENSSL_NO_EC - EC_KEY *eckey = NULL; -#endif EVP_PKEY_CTX *ctx = NULL; #ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX *ctx2 = NULL; @@ -1434,36 +1427,12 @@ static int test_EVP_PKEY_check(int i) int expected_pub_check = ak->pub_check; int expected_param_check = ak->param_check; int type = ak->type; - BIO *pubkey = NULL; - - p = input; - switch (type) { - case 0: - if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) - goto done; - break; -#ifndef OPENSSL_NO_EC - case 1: - if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) - || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) - goto done; - break; - case 2: - if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) - goto done; - break; -#endif - default: - return 0; - } + if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) + goto done; + if (type == 0 + && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + goto done; if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; @@ -1501,7 +1470,6 @@ static int test_EVP_PKEY_check(int i) EVP_PKEY_CTX_free(ctx2); #endif EVP_PKEY_free(pkey); - BIO_free(pubkey); return ret; } diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 08fcd39bea..0711639fd1 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -12,6 +12,7 @@ #include <openssl/bio.h> #include <openssl/x509_vfy.h> #include <openssl/ssl.h> +#include <openssl/core_names.h> #ifndef OPENSSL_NO_SRP #include <openssl/srp.h> #endif @@ -1270,15 +1271,18 @@ static char *dup_str(const unsigned char *in, size_t len) static int pkey_type(EVP_PKEY *pkey) { - int nid = EVP_PKEY_id(pkey); - #ifndef OPENSSL_NO_EC - if (nid == EVP_PKEY_EC) { - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + if (EVP_PKEY_is_a(pkey, "EC")) { + char name[80]; + size_t name_len; + + if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, + name, sizeof(name), &name_len)) + return NID_undef; + return OBJ_txt2nid(name); } #endif - return nid; + return EVP_PKEY_id(pkey); } static int peer_pkey_type(SSL *s) diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 4114d94917..f63ec67854 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -718,6 +718,7 @@ static void sv_usage(void) static void print_key_details(BIO *out, EVP_PKEY *key) { int keyid = EVP_PKEY_id(key); +#if 0 #ifndef OPENSSL_NO_EC if (keyid == EVP_PKEY_EC) { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); @@ -731,6 +732,7 @@ static void print_key_details(BIO *out, EVP_PKEY *key) BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname); } else #endif +#endif { const char *algname; switch (keyid) { |