From 115755a9b7bc1e72c33b1f83387768e199acaab5 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Fri, 12 Apr 2024 20:08:38 +0200
Subject: [PATCH] fixup! fixup! APPS/pkeyutl: improve -rawin usability (implied
 by Ed25519 and Ed448) and doc

---
 apps/pkeyutl.c                 |  4 ++--
 test/recipes/20-test_pkeyutl.t | 32 ++++++++++++++++++++++++++++----
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 4fa9f8543826e5..d170ba9e241bc9 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -46,8 +46,8 @@ static int only_rawin(const EVP_PKEY *pkey)
 {
     if (pkey == NULL)
         return 0;
-    return EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519
-        || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448;
+    return EVP_PKEY_is_a(pkey, "ED25519")
+        || EVP_PKEY_is_a(pkey, "ED448");
 }
 
 typedef enum OPTION_choice {
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index f7cf1a9f9c5bee..a2e3f5baa3001b 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -17,7 +17,7 @@ use File::Compare qw/compare_text/;
 
 setup("test_pkeyutl");
 
-plan tests => 14;
+plan tests => 20;
 
 # For the tests below we use the cert itself as the TBS file
 
@@ -73,13 +73,23 @@ SKIP: {
     ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
                   '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
-                  '-out', 'Ed448.sig']))),
+                  '-out', 'Ed448.sig', '-rawin']))),
                   "Sign a piece of data using Ed448");
     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
                   '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
-                  '-sigfile', 'Ed448.sig']))),
+                  '-sigfile', 'Ed448.sig', '-rawin']))),
                   "Verify an Ed448 signature against a piece of data");
+    ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
+                  srctop_file('test', 'certs', 'server-ed448-cert.pem'),
+                  '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
+                  '-out', 'Ed448.sig']))),
+                  "Sign a piece of data using Ed448 -rawin no more needed");
+    ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
+                  srctop_file('test', 'certs', 'server-ed448-cert.pem'),
+                  '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
+                  '-sigfile', 'Ed448.sig']))),
+                  "Verify an Ed448 signature against a piece of data, no -rawin");
 }
 
 sub tsignverify {
@@ -189,10 +199,24 @@ SKIP: {
     subtest "Ed2559 CLI signature generation and verification" => sub {
         tsignverify("Ed25519",
                     srctop_file("test","tested25519.pem"),
-                    srctop_file("test","tested25519pub.pem"));
+                    srctop_file("test","tested25519pub.pem"),
+                    "-rawin");
     };
 
     subtest "Ed448 CLI signature generation and verification" => sub {
+        tsignverify("Ed448",
+                    srctop_file("test","tested448.pem"),
+                    srctop_file("test","tested448pub.pem"),
+                    "-rawin");
+    };
+
+    subtest "Ed2559 CLI signature generation and verification, no -rawin" => sub {
+        tsignverify("Ed25519",
+                    srctop_file("test","tested25519.pem"),
+                    srctop_file("test","tested25519pub.pem"));
+    };
+
+    subtest "Ed448 CLI signature generation and verification, no -rawin" => sub {
         tsignverify("Ed448",
                     srctop_file("test","tested448.pem"),
                     srctop_file("test","tested448pub.pem"));