Add evp_test fixes. Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable groups. Changed the availablein option so it must be first - this then skips the entire test before any fetching happens. Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg), before the fetch happens. Added missing libctx's found by adding a libctx to test_evp. Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default' Added missing algorithm aliases for cipher/digests to the providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12236)
Add RSA SHA512 truncated digest support Partial Fix for #11648. Some additional work still needs to be done to support RSA-PSS mode. RSA legacy digests will be addressed in another PR. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11681)
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
evp_test: the tests using MDC2 need the legacy provider This was always a potential, we just haven't seen this need before now. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11343)
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10968)
test/recipes/30-test_evp_data/evppkey.txt: Change an expected KeyGen result Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10289)
test/recipes/30-test_evp_data/evppkey.txt Tests that go through provider cannot recognise PKEY_CTRL_INVALID from PKEY_CTRL_ERROR any more, because provided implementations' param setting functions return 0 or 1. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10557)
Add Asymmetric RSA cipher tests in FIPS provider We also add some DSA tests for code that is already in the FIPS provider. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10881)
Add self-generated test vector for x448 non-canonical values x25519 has such a test vector obtained from wycheproof but wycheproof does not have a corresponding x448 test vector. So add a self-generated test vector for that case. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10339)
Remove function name from errors Deprecate all xxx_F_ defines. Removed some places that tested for a specific function. Use empty field for the function names in output. Update documentation. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
Add an Ed448 malleability test Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7748)
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
Add an Ed25519 signature maleability test Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7697)
[test] throw error from wrapper function instead of an EC_METHOD specific one Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
[test] ECC: make sure negative tests pass for the right reasons Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
test/recipes/30-test_evp_data: fix two typos Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7001)
test/.../evppkey.txt: X25519 regression test vectors. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6699)
[crypto/ec] don't assume points are of order group->order Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6535)
Move SM2 algos to SM2 specific PKEY method Use EVP_PKEY_set_alias_type to access Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6443)
[SM2_sign] add minimal EVP_PKEY functionality testing The actual functionality of generating signatures through the `EVP_PKEY` API is completely untested. Current tests under the `EVP_PKEY` API (`test/recipes/30-test_evp_data/evppkey.txt`) only cover `Verify` and `Decrypt`, while encryption and signature generation are tested with ad-hoc clients (`test/sm2crypttest.c`, `test/sm2signtest.c`) that do not call the `EVP_PKEY` interface at all but soon-to-be private functions that bypass it (cf. PR#5895 ). It is my opinion that an ideal solution for the future would consist on enhancing the `test/evp_pkey` facility and syntax to allow tests to take control of the PRNG to inject known nonces and validate the results of `EVP_PKEY` implementations against deterministic known answer tests, but it is probably too late to work on this feature in time for next release. Given that commit b5a85f70d8 highlights some critical bugs in the hook between the `EVP_PKEY` interface and SM2 signature generation and that these defects escaped testing and code review, I think that at least for now it is beneficial to at least add the kind of "bogus" testing provided by this patch: this is a "fake" test as it does only verify that the SM2 `EVP_PKEY` interface is capable of creating a signature without failing, but it does not say anything about the generated signature being valid, nor does it test the functional correctness of the cryptosystem. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6066)