From 3a14f5ffb6c83df33b62b2ec4abfe1b5299580e2 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 12 Apr 2024 20:08:38 +0200 Subject: [PATCH] fixup! fixup! APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and doc --- apps/pkeyutl.c | 4 ++-- test/recipes/20-test_pkeyutl.t | 32 ++++++++++++++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 4fa9f8543826e5..d170ba9e241bc9 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -46,8 +46,8 @@ static int only_rawin(const EVP_PKEY *pkey) { if (pkey == NULL) return 0; - return EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519 - || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448; + return EVP_PKEY_is_a(pkey, "ED25519") + || EVP_PKEY_is_a(pkey, "ED448"); } typedef enum OPTION_choice { diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index f7cf1a9f9c5bee..0ba4af55862cc6 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -17,7 +17,7 @@ use File::Compare qw/compare_text/; setup("test_pkeyutl"); -plan tests => 14; +plan tests => 18; # For the tests below we use the cert itself as the TBS file @@ -73,13 +73,23 @@ SKIP: { ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', srctop_file('test', 'certs', 'server-ed448-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), - '-out', 'Ed448.sig']))), + '-out', 'Ed448.sig', '-rawin']))), "Sign a piece of data using Ed448"); ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', srctop_file('test', 'certs', 'server-ed448-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), - '-sigfile', 'Ed448.sig']))), + '-sigfile', 'Ed448.sig', '-rawin']))), "Verify an Ed448 signature against a piece of data"); + ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), + '-out', 'Ed448.sig']))), + "Sign a piece of data using Ed448 -rawin no more needed"); + ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-sigfile', 'Ed448.sig']))), + "Verify an Ed448 signature against a piece of data, no -rawin"); } sub tsignverify { @@ -189,10 +199,24 @@ SKIP: { subtest "Ed2559 CLI signature generation and verification" => sub { tsignverify("Ed25519", srctop_file("test","tested25519.pem"), - srctop_file("test","tested25519pub.pem")); + srctop_file("test","tested25519pub.pem"), + "-rawin"); }; subtest "Ed448 CLI signature generation and verification" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem"), + "-rawin"); + }; + + subtest "Ed2559 CLI signature generation and verification, no -rawin" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 CLI signature generation and verification, no -rawin" => sub { tsignverify("Ed448", srctop_file("test","tested448.pem"), srctop_file("test","tested448pub.pem"));