diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-20 13:49:08 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-11 12:46:42 +0200 |
commit | f925315203f77d0241183ccabfc784d259b0a152 (patch) | |
tree | 2d92c75d7e19d48de1ed8da32b724b3603f5a3c6 /test | |
parent | 6dbb277627de86578577185084378135605d2df1 (diff) |
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
Diffstat (limited to 'test')
-rw-r--r-- | test/acvp_test.c | 34 | ||||
-rw-r--r-- | test/dsatest.c | 6 | ||||
-rw-r--r-- | test/endecode_test.c | 2 | ||||
-rw-r--r-- | test/endecoder_legacy_test.c | 2 | ||||
-rw-r--r-- | test/evp_libctx_test.c | 7 | ||||
-rw-r--r-- | test/threadstest.c | 23 |
6 files changed, 18 insertions, 56 deletions
diff --git a/test/acvp_test.c b/test/acvp_test.c index 0510cc2c05..d400a81174 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -114,7 +114,6 @@ err: static int ecdsa_keygen_test(int id) { int ret = 0; - EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; unsigned char *priv = NULL; unsigned char *pubx = NULL, *puby = NULL; @@ -123,10 +122,7 @@ static int ecdsa_keygen_test(int id) self_test_args.called = 0; self_test_args.enable = 1; - if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) - || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name)) - || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)) || !TEST_int_ge(self_test_args.called, 3) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, &priv_len)) @@ -147,7 +143,6 @@ err: OPENSSL_free(pubx); OPENSSL_free(puby); EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(ctx); return ret; } @@ -251,17 +246,13 @@ err: static int ecdsa_siggen_test(int id) { int ret = 0; - EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL; EVP_PKEY *pkey = NULL; size_t sig_len = 0, rlen = 0, slen = 0; unsigned char *sig = NULL; unsigned char *r = NULL, *s = NULL; const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id]; - if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) - || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name)) - || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))) goto err; if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, @@ -276,8 +267,6 @@ err: OPENSSL_free(s); OPENSSL_free(sig); EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(key_ctx); - EVP_PKEY_CTX_free(ctx); return ret; } @@ -1007,21 +996,6 @@ err: #endif /* OPENSSL_NO_DH */ -static EVP_PKEY *rsa_keygen(int bits) -{ - EVP_PKEY *key = NULL; - EVP_PKEY_CTX *keygen_ctx = NULL; - - if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) - || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits)) - || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) - goto err; -err: - EVP_PKEY_CTX_free(keygen_ctx); - return key; -} - static int rsa_create_pkey(EVP_PKEY **pkey, const unsigned char *n, size_t n_len, const unsigned char *e, size_t e_len, @@ -1199,7 +1173,7 @@ static int rsa_siggen_test(int id) } *p++ = OSSL_PARAM_construct_end(); - if (!TEST_ptr(pkey = rsa_keygen(tst->mod)) + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) || !TEST_true(sig_gen(pkey, params, tst->digest_alg, @@ -1275,7 +1249,7 @@ static int rsa_decryption_primitive_test(int id) BN_CTX *bn_ctx = NULL; const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; - if (!TEST_ptr(pkey = rsa_keygen(2048)) + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) diff --git a/test/dsatest.c b/test/dsatest.c index 56693dd139..533fba1cbc 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -256,10 +256,10 @@ static int dsa_keygen_test(void) sizeof(seed_data))) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256", "")) - || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, ¶m_key), 0) + || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0) || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0) - || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0)) + || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0)) goto end; if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out)) @@ -313,7 +313,7 @@ static int test_dsa_default_paramgen_validate(int i) && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) && (i == 0 || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) - && TEST_int_gt(EVP_PKEY_gen(gen_ctx, ¶ms), 0) + && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); diff --git a/test/endecode_test.c b/test/endecode_test.c index df4f92c12c..9d0ebeb7e7 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -81,7 +81,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) && EVP_PKEY_paramgen_init(ctx) > 0 && (genparams == NULL || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) - && EVP_PKEY_gen(ctx, &pkey) > 0); + && EVP_PKEY_generate(ctx, &pkey) > 0); EVP_PKEY_CTX_free(ctx); return pkey; diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c index 999b791d63..9e54f1f03b 100644 --- a/test/endecoder_legacy_test.c +++ b/test/endecoder_legacy_test.c @@ -249,7 +249,7 @@ static EVP_PKEY *make_key(const char *type, || EVP_PKEY_paramgen_init(ctx) <= 0 || (gen_template_params[0].key != NULL && EVP_PKEY_CTX_set_params(ctx, gen_template_params_noconst) <= 0) - || EVP_PKEY_gen(ctx, &template) <= 0)) + || EVP_PKEY_generate(ctx, &template) <= 0)) goto end; EVP_PKEY_CTX_free(ctx); diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 6dff939467..cb8b3b7fb4 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -488,16 +488,12 @@ static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) { int ret = 0; - EVP_PKEY_CTX *keygen_ctx = NULL; unsigned char *pub_der = NULL; const unsigned char *pp = NULL; size_t len = 0; OSSL_ENCODER_CTX *ectx = NULL; - if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) - || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits)) - || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0) + if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits)) || !TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(*priv, EVP_PKEY_PUBLIC_KEY, @@ -512,7 +508,6 @@ static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) err: OSSL_ENCODER_CTX_free(ectx); OPENSSL_free(pub_der); - EVP_PKEY_CTX_free(keygen_ctx); return ret; } diff --git a/test/threadstest.c b/test/threadstest.c index b82e16f8c6..9d15a23d96 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -16,7 +16,7 @@ #include <string.h> #include <openssl/crypto.h> -#include <openssl/evp.h> +#include <openssl/rsa.h> #include <openssl/aes.h> #include <openssl/rsa.h> #include "testutil.h" @@ -291,7 +291,6 @@ static void thread_general_worker(void) }; unsigned int mdoutl; int ciphoutl; - EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; int testresult = 0; int i, isfips; @@ -320,18 +319,13 @@ static void thread_general_worker(void) goto err; } - pctx = EVP_PKEY_CTX_new_from_name(multi_libctx, "RSA", NULL); - if (!TEST_ptr(pctx) - || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0) - /* - * We want the test to run quickly - not securely. Therefore we - * use an insecure bit length where we can (512). In the FIPS - * module though we must use a longer length. - */ - || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, - isfips ? 2048 : 512), - 0) - || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0)) + /* + * We want the test to run quickly - not securely. + * Therefore we use an insecure bit length where we can (512). + * In the FIPS module though we must use a longer length. + */ + pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512); + if (!TEST_ptr(pkey)) goto err; testresult = 1; @@ -340,7 +334,6 @@ static void thread_general_worker(void) EVP_MD_free(md); EVP_CIPHER_CTX_free(cipherctx); EVP_CIPHER_free(ciph); - EVP_PKEY_CTX_free(pctx); EVP_PKEY_free(pkey); if (!testresult) multi_success = 0; |