diff options
author | Yi Li <yi1.li@intel.com> | 2023-04-17 16:20:31 +0800 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-14 13:06:22 +1000 |
commit | 4032cd9a1434610e4dc2bbde01f98d04faa615e5 (patch) | |
tree | 6e40e7f29433428db03d9111e496716f2b6dd96a /test | |
parent | cc343d047c147e0a395fb101efbe9dedf458aa17 (diff) |
configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
Diffstat (limited to 'test')
29 files changed, 318 insertions, 122 deletions
diff --git a/test/build.info b/test/build.info index 13f81226ba..b02b8de817 100644 --- a/test/build.info +++ b/test/build.info @@ -738,8 +738,10 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=sm4_internal_test ENDIF IF[{- !$disabled{ec} -}] - PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test \ - evp_pkey_dhkem_test + PROGRAMS{noinst}=ectest ec_internal_test evp_pkey_dhkem_test + ENDIF + IF[{- !$disabled{ecx} -}] + PROGRAMS{noinst}=curve448_internal_test ENDIF IF[{- !$disabled{cmac} -}] PROGRAMS{noinst}=cmactest @@ -885,9 +887,11 @@ IF[{- !$disabled{tests} -}] INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a - SOURCE[curve448_internal_test]=curve448_internal_test.c - INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448 - DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{ecx} -}] + SOURCE[curve448_internal_test]=curve448_internal_test.c + INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448 + DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a + ENDIF SOURCE[rc4test]=rc4test.c INCLUDE[rc4test]=../include ../apps/include diff --git a/test/dhkem_test.inc b/test/dhkem_test.inc index 51eb9dc4cd..b9562c8879 100644 --- a/test/dhkem_test.inc +++ b/test/dhkem_test.inc @@ -47,13 +47,16 @@ static const char *dhkem_supported_curves[] = { "P-256", "P-384", "P-521", +#ifndef OPENSSL_NO_ECX "X25519", - "X448" + "X448", +#endif }; /* TEST vectors extracted from RFC 9180 */ /* Base test values */ +#ifndef OPENSSL_NO_ECX static const unsigned char x25519_ikme[] = { 0x72, 0x68, 0x60, 0x0d, 0x40, 0x3f, 0xce, 0x43, 0x15, 0x61, 0xae, 0xf5, 0x83, 0xee, 0x16, 0x13, @@ -139,6 +142,7 @@ static const unsigned char x25519_auth_expected_secret[] = { 0xe4, 0x4e, 0x2b, 0xeb, 0xc8, 0x1f, 0x84, 0x60, 0x86, 0x77, 0x95, 0x8c, 0x0d, 0x44, 0x48, 0xa7 }; +#endif static const unsigned char p256_ikme[] = { 0x42, 0x70, 0xe5, 0x4f, 0xfd, 0x08, 0xd7, 0x9d, @@ -451,6 +455,7 @@ static const TEST_ENCAPDATA ec_encapdata[] = { p256_expected_enc, sizeof(p256_expected_enc), p256_expected_secret, sizeof(p256_expected_secret), }, +#ifndef OPENSSL_NO_ECX { "X25519", x25519_ikme, sizeof(x25519_ikme), @@ -459,6 +464,7 @@ static const TEST_ENCAPDATA ec_encapdata[] = { x25519_expected_enc, sizeof(x25519_expected_enc), x25519_expected_secret, sizeof(x25519_expected_secret), }, +#endif { "P-521", p521_ikme, sizeof(p521_ikme), @@ -477,6 +483,7 @@ static const TEST_ENCAPDATA ec_encapdata[] = { p521_auth_ikms_pub, sizeof(p521_auth_ikms_pub), p521_auth_ikms_priv, sizeof(p521_auth_ikms_priv) }, +#ifndef OPENSSL_NO_ECX { "X25519", x25519_auth_ikme, sizeof(x25519_auth_ikme), @@ -487,9 +494,11 @@ static const TEST_ENCAPDATA ec_encapdata[] = { x25519_auth_spub, sizeof(x25519_auth_spub), x25519_auth_spriv, sizeof(x25519_auth_spriv) } +#endif }; /* Test vector from https://github.com/cfrg/draft-irtf-cfrg-hpke */ +#ifndef OPENSSL_NO_ECX static const unsigned char x448_ikmr[] = { 0xd4, 0x5d, 0x16, 0x52, 0xdf, 0x74, 0x92, 0x0a, 0xbf, 0x94, 0xa2, 0x88, 0x3c, 0x83, 0x05, 0x0f, @@ -532,6 +541,7 @@ static const TEST_DERIVEKEY_DATA ecx_derivekey_data[] = { x448_ikmr_priv, sizeof(x448_ikmr_priv) }, }; +#endif /* * Helper function to create a EC or ECX private key from bytes. diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 72a6305d89..0b61d5c9e8 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -398,6 +398,7 @@ static const unsigned char pExampleECParamDER[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; +# ifndef OPENSSL_NO_ECX static const unsigned char kExampleED25519KeyDER[] = { 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, @@ -419,6 +420,7 @@ static const unsigned char kExampleX25519KeyDER[] = { 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e }; +# endif # endif #endif @@ -577,10 +579,12 @@ static APK_DATA keycheckdata[] = { 1, 1}, {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}, +# ifndef OPENSSL_NO_ECX {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", EVP_PKEY_ED25519, 1, 1, 1, 0}, {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", EVP_PKEY_ED25519, 0, 1, 1, 1}, +# endif #endif }; @@ -630,7 +634,7 @@ static EVP_PKEY *load_example_dh_key(void) } # endif -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX static EVP_PKEY *load_example_ed25519_key(void) { return load_example_key("ED25519", kExampleED25519KeyDER, @@ -2261,7 +2265,7 @@ static struct keys_st { EVP_PKEY_SIPHASH, "0123456789012345", NULL #endif }, -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX { EVP_PKEY_X25519, "01234567890123456789012345678901", "abcdefghijklmnopqrstuvwxyzabcdef" @@ -4304,7 +4308,7 @@ static int test_custom_pmeth(int idx) # endif case 3: case 9: -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX id = EVP_PKEY_ED25519; md = NULL; pkey = load_example_ed25519_key(); @@ -4324,7 +4328,7 @@ static int test_custom_pmeth(int idx) # endif case 5: case 11: -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX id = EVP_PKEY_X25519; doderive = 1; pkey = load_example_x25519_key(); @@ -4648,6 +4652,11 @@ static int test_signatures_with_engine(int tst) if (tst <= 1) return 1; # endif +# ifdef OPENSSL_NO_ECX + /* Skip ECX tests in a no-ecx build */ + if (tst == 2) + return 1; +# endif if (!TEST_ptr(e = ENGINE_by_id(engine_id))) return 0; @@ -4761,6 +4770,7 @@ static int test_cipher_with_engine(void) # endif /* OPENSSL_NO_DYNAMIC_ENGINE */ #endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_ECX static int ecxnids[] = { NID_X25519, NID_X448, @@ -4784,6 +4794,7 @@ static int test_ecx_short_keys(int tst) return 1; } +#endif typedef enum OPTION_choice { OPT_ERR = -1, @@ -4802,7 +4813,7 @@ const OPTIONS *test_get_options(void) return options; } -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX /* Test that trying to sign with a public key errors out gracefully */ static int test_ecx_not_private_key(int tst) { @@ -4867,7 +4878,7 @@ static int test_ecx_not_private_key(int tst) return testresult; } -#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_ECX */ static int test_sign_continuation(void) { @@ -5065,9 +5076,8 @@ int setup_tests(void) # endif #endif +#ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); - -#ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); #endif diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index b37ed8e105..db33ead3ee 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -231,12 +231,14 @@ static const unsigned char kExampleECKey2DER[] = { 0x96, 0x69, 0xE0, 0x04, 0xCB, 0x89, 0x0B, 0x42 }; +# ifndef OPENSSL_NO_ECX static const unsigned char kExampleECXKey2DER[] = { 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20, 0xc8, 0xa9, 0xd5, 0xa9, 0x10, 0x91, 0xad, 0x85, 0x1c, 0x66, 0x8b, 0x07, 0x36, 0xc1, 0xc9, 0xa0, 0x29, 0x36, 0xc0, 0xd3, 0xad, 0x62, 0x67, 0x08, 0x58, 0x08, 0x80, 0x47, 0xba, 0x05, 0x74, 0x75 }; +# endif #endif typedef struct APK_DATA_st { @@ -249,7 +251,9 @@ static APK_DATA keydata[] = { {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX {kExampleECXKey2DER, sizeof(kExampleECXKey2DER), EVP_PKEY_X25519}, +# endif {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}, {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC}, #endif @@ -487,6 +491,7 @@ static int test_ec_tofrom_data_select(void) return ret; } +# ifndef OPENSSL_NO_ECX static int test_ecx_tofrom_data_select(void) { int ret; @@ -497,6 +502,7 @@ static int test_ecx_tofrom_data_select(void) EVP_PKEY_free(key); return ret; } +# endif #endif #ifndef OPENSSL_NO_SM2 @@ -1333,7 +1339,9 @@ int setup_tests(void) #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 2); ADD_TEST(test_ec_tofrom_data_select); +# ifndef OPENSSL_NO_ECX ADD_TEST(test_ecx_tofrom_data_select); +# endif ADD_TEST(test_ec_d2i_i2d_pubkey); #else ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 1); diff --git a/test/evp_pkey_dhkem_test.c b/test/evp_pkey_dhkem_test.c index 95fcf8fa5f..a99b6b913b 100644 --- a/test/evp_pkey_dhkem_test.c +++ b/test/evp_pkey_dhkem_test.c @@ -699,6 +699,7 @@ static int test_ec_invalid_decap_enc_buffer(void) enc, t->expected_enclen), 0); } +#ifndef OPENSSL_NO_ECX /* ECX specific tests */ /* Perform ECX DHKEM KATs */ @@ -780,6 +781,7 @@ static int test_ed_curve_unsupported(void) EVP_PKEY_CTX_free(ctx); return ret; } +#endif int setup_tests(void) { @@ -797,20 +799,25 @@ int setup_tests(void) if (!TEST_ptr(rkey[TEST_KEYTYPE_P256] = EVP_PKEY_Q_keygen(libctx, NULL, "EC", "P-256"))) goto err; +#ifndef OPENSSL_NO_ECX if (!TEST_ptr(rkey[TEST_KEYTYPE_X25519] = EVP_PKEY_Q_keygen(libctx, NULL, "X25519"))) goto err; +#endif if (!TEST_ptr(rctx[TEST_KEYTYPE_P256] = EVP_PKEY_CTX_new_from_pkey(libctx, rkey[TEST_KEYTYPE_P256], NULL))) goto err; +#ifndef OPENSSL_NO_ECX if (!TEST_ptr(rctx[TEST_KEYTYPE_X25519] = EVP_PKEY_CTX_new_from_pkey(libctx, rkey[TEST_KEYTYPE_X25519], NULL))) goto err; +#endif ADD_ALL_TESTS(test_dhkem_encapsulate, OSSL_NELEM(ec_encapdata)); ADD_ALL_TESTS(test_dhkem_decapsulate, OSSL_NELEM(ec_encapdata)); +#ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_settables, TEST_KEYTYPES_P256_X25519); ADD_ALL_TESTS(test_init_multiple, TEST_KEYTYPES_P256_X25519); @@ -824,7 +831,21 @@ int setup_tests(void) TEST_KEM_ENCAP_DECAP * TEST_KEYTYPES_P256_X25519); ADD_ALL_TESTS(test_noauthpublic, TEST_KEM_ENCAP_DECAP * TEST_KEYTYPES_P256_X25519); - +#else + ADD_ALL_TESTS(test_settables, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_init_multiple, TEST_KEYTYPE_P256); + + ADD_ALL_TESTS(test_auth_key_type_mismatch, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_no_operation_set, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_ikm_small, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_input_size_small, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_null_params, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_set_params, TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_nopublic, + TEST_KEM_ENCAP_DECAP * TEST_KEYTYPE_P256); + ADD_ALL_TESTS(test_noauthpublic, + TEST_KEM_ENCAP_DECAP * TEST_KEYTYPE_P256); +#endif /* EC Specific tests */ ADD_ALL_TESTS(test_ec_dhkem_derivekey, OSSL_NELEM(ec_derivekey_data)); ADD_ALL_TESTS(test_ec_noikme, @@ -840,9 +861,11 @@ int setup_tests(void) ADD_ALL_TESTS(test_ec_badauth, TEST_KEM_ENCAP_DECAP); /* ECX specific tests */ +#ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_ecx_dhkem_derivekey, OSSL_NELEM(ecx_derivekey_data)); ADD_TEST(test_ecx_auth_key_curve_mismatch); ADD_TEST(test_ed_curve_unsupported); +#endif return 1; err: return 0; diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 3f490954ab..47363e0bfd 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -322,7 +322,7 @@ static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk) return ret; } -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX static int test_print_key_using_encoder_public(const char *alg, const EVP_PKEY *pk) { @@ -888,6 +888,7 @@ err: #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX /* Array indexes used in test_fromdata_ecx */ # define PRIV_KEY 0 # define PUB_KEY 1 @@ -1156,6 +1157,7 @@ err: return ret; } +# endif /* OPENSSL_NO_ECX */ static int test_fromdata_ec(void) { @@ -1772,7 +1774,9 @@ int setup_tests(void) ADD_TEST(test_fromdata_dsa_fips186_4); #endif #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3); +# endif ADD_TEST(test_fromdata_ec); ADD_TEST(test_ec_dup_no_operation); ADD_TEST(test_ec_dup_keygen_operation); diff --git a/test/hpke_test.c b/test/hpke_test.c index 1b0bc23082..891560d2dc 100644 --- a/test/hpke_test.c +++ b/test/hpke_test.c @@ -259,6 +259,7 @@ static const unsigned char ksinfo[] = { 0x20, 0x47, 0x72, 0x65, 0x63, 0x69, 0x61, 0x6e, 0x20, 0x55, 0x72, 0x6e }; +#ifndef OPENSSL_NO_ECX /* * static const char *pskid = "Ennyn Durin aran Moria"; */ @@ -544,6 +545,7 @@ static int x25519kdfsha256_hkdfsha256_aes128gcm_base_test(void) return do_testhpke(&basedata, aeaddata, OSSL_NELEM(aeaddata), exportdata, OSSL_NELEM(exportdata)); } +#endif static const unsigned char third_ikme[] = { 0x42, 0x70, 0xe5, 0x4f, 0xfd, 0x08, 0xd7, 0x9d, @@ -681,6 +683,7 @@ static int P256kdfsha256_hkdfsha256_aes128gcm_base_test(void) exportdata, OSSL_NELEM(exportdata)); } +#ifndef OPENSSL_NO_ECX static const unsigned char fourth_ikme[] = { 0x55, 0xbc, 0x24, 0x5e, 0xe4, 0xef, 0xda, 0x25, 0xd3, 0x8f, 0x2d, 0x54, 0xd5, 0xbb, 0x66, 0x65, @@ -771,6 +774,7 @@ static int export_only_test(void) return do_testhpke(&basedata, NULL, 0, exportdata, OSSL_NELEM(exportdata)); } +#endif /* * Randomly toss a coin @@ -788,8 +792,10 @@ static uint16_t hpke_kem_list[] = { OSSL_HPKE_KEM_ID_P256, OSSL_HPKE_KEM_ID_P384, OSSL_HPKE_KEM_ID_P521, +#ifndef OPENSSL_NO_ECX OSSL_HPKE_KEM_ID_X25519, OSSL_HPKE_KEM_ID_X448 +#endif }; static uint16_t hpke_kdf_list[] = { OSSL_HPKE_KDF_ID_HKDF_SHA256, @@ -817,9 +823,15 @@ static const char *mode_str_list[] = { "base", "psk", "auth", "pskauth" }; static const char *kem_str_list[] = { +#ifndef OPENSSL_NO_ECX "P-256", "P-384", "P-521", "x25519", "x448", "0x10", "0x11", "0x12", "0x20", "0x21", "16", "17", "18", "32", "33" +#else + "P-256", "P-384", "P-521", + "0x10", "0x11", "0x12", + "16", "17", "18" +#endif }; static const char *kdf_str_list[] = { "hkdf-sha256", "hkdf-sha384", "hkdf-sha512", @@ -1532,6 +1544,7 @@ end: return erv; } +#ifndef OPENSSL_NO_ECX /* from RFC 9180 Appendix A.1.1 */ static const unsigned char ikm25519[] = { 0x72, 0x68, 0x60, 0x0d, 0x40, 0x3f, 0xce, 0x43, @@ -1545,6 +1558,7 @@ static const unsigned char pub25519[] = { 0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44, 0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31 }; +#endif /* from RFC9180 Appendix A.3.1 */ static const unsigned char ikmp256[] = { @@ -1736,11 +1750,13 @@ static int test_hpke_ikms(void) { int res = 1; +#ifndef OPENSSL_NO_ECX res = test_hpke_one_ikm_gen(OSSL_HPKE_KEM_ID_X25519, ikm25519, sizeof(ikm25519), pub25519, sizeof(pub25519)); if (res != 1) return res; +#endif res = test_hpke_one_ikm_gen(OSSL_HPKE_KEM_ID_P521, ikmp521, sizeof(ikmp521), @@ -1957,10 +1973,12 @@ int setup_tests(void) if (!test_get_libctx(&testctx, &nullprov, NULL, &deflprov, "default")) return 0; +#ifndef OPENSSL_NO_ECX + ADD_TEST(export_only_test); ADD_TEST(x25519kdfsha256_hkdfsha256_aes128gcm_base_test); ADD_TEST(x25519kdfsha256_hkdfsha256_aes128gcm_psk_test); +#endif ADD_TEST(P256kdfsha256_hkdfsha256_aes128gcm_base_test); - ADD_TEST(export_only_test); ADD_TEST(test_hpke_export); ADD_TEST(test_hpke_modes_suites); ADD_TEST(test_hpke_suite_strs); diff --git a/test/recipes/03-test_internal_curve448.t b/test/recipes/03-test_internal_curve448.t index 01ca5ad38c..a67a419a2c 100644 --- a/test/recipes/03-test_internal_curve448.t +++ b/test/recipes/03-test_internal_curve448.t @@ -13,7 +13,7 @@ use OpenSSL::Test::Utils; setup("test_internal_curve448"); -plan skip_all => "This test is unsupported in a no-ec build" - if disabled("ec"); +plan skip_all => "This test is unsupported in a no-ecx build" + if disabled("ecx"); simple_test("test_internal_curve448", "curve448_internal_test"); diff --git a/test/recipes/06-test_algorithmid.t b/test/recipes/06-test_algorithmid.t index 8b98efe909..0a8fe44ed6 100644 --- a/test/recipes/06-test_algorithmid.t +++ b/test/recipes/06-test_algorithmid.t @@ -41,7 +41,8 @@ my @pubkeys = ( 'testrsapub', disabled('dsa') ? () : 'testdsapub', - disabled('ec') ? () : qw(testecpub-p256 tested25519pub tested448pub) + disabled('ec') ? () : qw(testecpub-p256), + disabled('ecx') ? () : qw(tested25519pub tested448pub) ); my @certs = sort keys %certs_info; diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t index 354c360362..a7a7caadd3 100644 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t @@ -59,34 +59,38 @@ subtest 'PKEY conversions -- public key' => sub { -args => [ "pkey", "-pubin", "-pubout" ] ); }; -subtest 'Ed25519 conversions -- private key' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", - -in => srctop_file("test", "tested25519.pem") ); -}; -subtest 'Ed25519 conversions -- private key PKCS#8' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", - -in => srctop_file("test", "tested25519.pem"), - -args => ["pkey"] ); -}; -subtest 'Ed25519 conversions -- public key' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", - -in => srctop_file("test", "tested25519pub.pem"), - -args => ["pkey", "-pubin", "-pubout"] ); -}; -subtest 'Ed448 conversions -- private key' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", - -in => srctop_file("test", "tested448.pem") ); -}; -subtest 'Ed448 conversions -- private key PKCS#8' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", - -in => srctop_file("test", "tested448.pem"), - -args => ["pkey"] ); -}; -subtest 'Ed448 conversions -- public key' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", - -in => srctop_file("test", "tested448pub.pem"), - -args => ["pkey", "-pubin", "-pubout"] ); -}; +SKIP: { + skip "ECX is not supported by this OpenSSL build", 6 + if disabled("ecx"); + subtest 'Ed25519 conversions -- private key' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", + -in => srctop_file("test", "tested25519.pem") ); + }; + subtest 'Ed25519 conversions -- private key PKCS#8' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", + -in => srctop_file("test", "tested25519.pem"), + -args => ["pkey"] ); + }; + subtest 'Ed25519 conversions -- public key' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", + -in => srctop_file("test", "tested25519pub.pem"), + -args => ["pkey", "-pubin", "-pubout"] ); + }; + subtest 'Ed448 conversions -- private key' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", + -in => srctop_file("test", "tested448.pem") ); + }; + subtest 'Ed448 conversions -- private key PKCS#8' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", + -in => srctop_file("test", "tested448.pem"), + -args => ["pkey"] ); + }; + subtest 'Ed448 conversions -- public key' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", + -in => srctop_file("test", "tested448pub.pem"), + -args => ["pkey", "-pubin", "-pubout"] ); + }; +} subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" diff --git a/test/recipes/15-test_genpkey.t b/test/recipes/15-test_genpkey.t index 6df2df5855..866d6e977e 100644 --- a/test/recipes/15-test_genpkey.t +++ b/test/recipes/15-test_genpkey.t @@ -18,7 +18,8 @@ my @algs = (); push @algs, qw(RSA) unless disabled("rsa"); push @algs, qw(DSA) unless disabled("dsa"); push @algs, qw(DH DHX) unless disabled("dh"); -push @algs, qw(EC X25519 X448) unless disabled("ec"); +push @algs, qw(EC) unless disabled("ec"); +push @algs, qw(X25519 X448) unless disabled("ecx"); push @algs, qw(SM2) unless disabled("sm2"); plan tests => scalar(@algs); diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 96744b3741..cf5e20d223 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -129,7 +129,7 @@ SKIP: { SKIP: { skip "EdDSA is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); skip "EdDSA is not supported with `dgst` CLI", 2; diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 5492baa551..6dacdd295a 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -41,8 +41,8 @@ SKIP: { } SKIP: { - skip "Skipping tests that require EC", 4 - if disabled("ec"); + skip "Skipping tests that require ECX", 4 + if disabled("ecx"); # Ed25519 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', @@ -171,7 +171,7 @@ SKIP: { SKIP: { skip "EdDSA is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); subtest "Ed2559 CLI signature generation and verification" => sub { tsignverify("Ed25519", diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 1487fa70be..c65c21d317 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -264,7 +264,7 @@ subtest "generating certificate requests with Ed25519" => sub { SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), @@ -284,7 +284,7 @@ subtest "generating certificate requests with Ed448" => sub { SKIP: { skip "Ed448 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 58f9de410f..7d3d758ac7 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -495,7 +495,7 @@ ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []), SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 6 - if disabled("ec"); + if disabled("ecx"); # ED25519 certificate from draft-ietf-curdle-pkix-04 ok(verify("ee-ed25519", "", ["root-ed25519"], []), diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index d262dbfd05..a745e729ea 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -26,6 +26,7 @@ my $no_des = disabled("des"); my $no_dh = disabled("dh"); my $no_dsa = disabled("dsa"); my $no_ec = disabled("ec"); +my $no_ecx = disabled("ecx"); my $no_ec2m = disabled("ec2m"); my $no_sm2 = disabled("sm2"); my $no_siv = disabled("siv"); @@ -73,7 +74,10 @@ push @files, qw( evpmac_cmac_des.txt ) unless $no_des; push @files, qw(evppkey_dsa.txt) unless $no_dsa; -push @files, qw(evppkey_ecx.txt) unless $no_ec; +push @files, qw( + evppkey_ecx.txt + evppkey_mismatch_ecx.txt + ) unless $no_ecx; push @files, qw( evppke |