diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 4fa9f8543826e5..d170ba9e241bc9 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -46,8 +46,8 @@ static int only_rawin(const EVP_PKEY *pkey) { if (pkey == NULL) return 0; - return EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519 - || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448; + return EVP_PKEY_is_a(pkey, "ED25519") + || EVP_PKEY_is_a(pkey, "ED448"); } typedef enum OPTION_choice { diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index f7cf1a9f9c5bee..df10439d604bcd 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -17,7 +17,7 @@ use File::Compare qw/compare_text/; setup("test_pkeyutl"); -plan tests => 14; +plan tests => 18; # For the tests below we use the cert itself as the TBS file @@ -54,7 +54,7 @@ SKIP: { } SKIP: { - skip "Skipping tests that require ECX", 4 + skip "Skipping tests that require ECX", 6 if disabled("ecx"); # Ed25519 @@ -73,13 +73,23 @@ SKIP: { ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', srctop_file('test', 'certs', 'server-ed448-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), - '-out', 'Ed448.sig']))), + '-out', 'Ed448.sig', '-rawin']))), "Sign a piece of data using Ed448"); ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', srctop_file('test', 'certs', 'server-ed448-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), - '-sigfile', 'Ed448.sig']))), + '-sigfile', 'Ed448.sig', '-rawin']))), "Verify an Ed448 signature against a piece of data"); + ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), + '-out', 'Ed448.sig']))), + "Sign a piece of data using Ed448 -rawin no more needed"); + ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-sigfile', 'Ed448.sig']))), + "Verify an Ed448 signature against a piece of data, no -rawin"); } sub tsignverify { @@ -183,16 +193,30 @@ SKIP: { } SKIP: { - skip "EdDSA is not supported by this OpenSSL build", 2 + skip "EdDSA is not supported by this OpenSSL build", 4 if disabled("ecx"); subtest "Ed2559 CLI signature generation and verification" => sub { tsignverify("Ed25519", srctop_file("test","tested25519.pem"), - srctop_file("test","tested25519pub.pem")); + srctop_file("test","tested25519pub.pem"), + "-rawin"); }; subtest "Ed448 CLI signature generation and verification" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem"), + "-rawin"); + }; + + subtest "Ed2559 CLI signature generation and verification, no -rawin" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 CLI signature generation and verification, no -rawin" => sub { tsignverify("Ed448", srctop_file("test","tested448.pem"), srctop_file("test","tested448pub.pem"));