From: slontis Date: Fri, 26 Jul 2024 03:31:42 +0000 (+1000) Subject: Update evp_test KeyGen X-Git-Tag: openssl-3.4.0-alpha1~129 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a53830958b1e90231742e1d8ae0523d463560e3;p=thirdparty%2Fopenssl.git Update evp_test KeyGen The EVP_PKEY_CTX is now created in keygen_test_run(). keygen_test_parse() inserts all values into KEYGEN_TEST_DATA. The 'Ctrl' parameters have been changed to just be settables, rather than using legacy controls. Added EC keygen tests Reviewed-by: Neil Horman Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/25008) --- diff --git a/test/evp_test.c b/test/evp_test.c index 3b223db2d3d..b947eb8f9c6 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3826,7 +3826,7 @@ static int keypair_test_init(EVP_TEST *t, const char *pair) rv = 1; t->err = NULL; -end: + end: OPENSSL_free(priv); return rv; } @@ -3906,13 +3906,6 @@ typedef struct keygen_test_data_st { static int keygen_test_init(EVP_TEST *t, const char *alg) { KEYGEN_TEST_DATA *data; - int nid = OBJ_sn2nid(alg); - - if (nid == NID_undef) { - nid = OBJ_ln2nid(alg); - if (nid == NID_undef) - return 0; - } if (is_pkey_disabled(alg)) { t->skip = 1; @@ -3920,16 +3913,14 @@ static int keygen_test_init(EVP_TEST *t, const char *alg) } if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) - goto err; + return 0; data->keyname = NULL; - data->alg = OPENSSL_strdup(alg); data->paramname = NULL; data->controls = sk_OPENSSL_STRING_new_null(); + data->alg = OPENSSL_strdup(alg); t->data = data; t->err = NULL; return 1; -err: - return 0; } static void keygen_test_cleanup(EVP_TEST *t) @@ -3938,8 +3929,9 @@ static void keygen_test_cleanup(EVP_TEST *t) ctrlfree(keygen->controls); OPENSSL_free(keygen->alg); - OPENSSL_free(keygen->paramname); OPENSSL_free(keygen->keyname); + OPENSSL_free(keygen->paramname); + OPENSSL_free(keygen->alg); OPENSSL_free(t->data); t->data = NULL; } @@ -3964,6 +3956,8 @@ static int keygen_test_run(EVP_TEST *t) EVP_PKEY *pkey = NULL, *keyparams = NULL; EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */ int rv = 1, i; + OSSL_PARAM params[4]; + size_t params_n = 0; if (keygen->paramname != NULL) { rv = find_key(&keyparams, keygen->paramname, public_keys); @@ -3987,11 +3981,17 @@ static int keygen_test_run(EVP_TEST *t) goto err; } - for (i = 0; i < sk_OPENSSL_STRING_num(keygen->controls); ++i) { - if (!pkey_test_ctrl(t, genctx, - sk_OPENSSL_STRING_value(keygen->controls, i)) - || t->err != NULL) + if (sk_OPENSSL_STRING_num(keygen->controls) > 0) { + if (!ctrl2params(t, keygen->controls, + EVP_PKEY_CTX_settable_params(genctx), + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + if (!EVP_PKEY_CTX_set_params(genctx, params)) { + t->err = "PKEY_CTRL_ERROR"; goto err; + } + } else { + params[0] = OSSL_PARAM_construct_end(); } if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { @@ -4029,7 +4029,8 @@ static int keygen_test_run(EVP_TEST *t) } t->err = NULL; -err: + err: + ctrl2params_free(params, params_n, 0); EVP_PKEY_CTX_free(genctx); return rv; } @@ -5053,6 +5054,10 @@ static int is_pkey_disabled(const char *name) #ifdef OPENSSL_NO_DSA if (HAS_CASE_PREFIX(name, "DSA")) return 1; +#endif +#ifdef OPENSSL_NO_SM2 + if (HAS_CASE_PREFIX(name, "SM2")) + return 1; #endif return 0; } diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index dfe6de11edb..b450a974e5b 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -4538,3 +4538,24 @@ PeerKey=MALICE_cf_sect571r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity + +Title = Test EC keygen + +KeyGen = ec +KeyName = ec1 +Ctrl = group:P-256 + +# Test KeyGen with a curve with < 112 bits of security fails. +FIPSversion = >=3.4.0 +KeyGen = ec +KeyName = ec2 +Ctrl = group:P-192 +Result = KEYGEN_GENERATE_ERROR + +# Test KeyGen with a curve with < 112 bits of security is not approved +FIPSversion = >=3.4.0 +KeyGen = ec +KeyName = ec3 +Ctrl = group:P-192 +Unapproved = 1 +Ctrl = key-check:0