[openssl] master update

Richard Levitte levitte at openssl.org
Sat Feb 27 15:15:27 UTC 2021


The branch master has been updated
       via  1d73e2adae9c80d359d6d85c9f65d97a86add542 (commit)
       via  c8182743a7764ba8c9e61665722cae06fa8edb62 (commit)
       via  8ab9c4ddc41830a9bd1be36a8e37ee2abc57e886 (commit)
       via  3d364726606424f760211b5015920410ea9c8f0d (commit)
       via  ad7cb0bf5cb9b014d34327cb35ecdd609a3d4dd4 (commit)
       via  c0ff1932e446621f43cd607371b7d265370d4bc6 (commit)
      from  4ef70dbcf495adfa28efa815c5415dfb9903b92d (commit)


- Log -----------------------------------------------------------------
commit 1d73e2adae9c80d359d6d85c9f65d97a86add542
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Feb 23 22:42:18 2021 +0100

    crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length
    
    Fixes #14258
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/14291)

commit c8182743a7764ba8c9e61665722cae06fa8edb62
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Feb 23 22:41:04 2021 +0100

    PROV: Implement an EC key -> blob encoder, to get the public key
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/14291)

commit 8ab9c4ddc41830a9bd1be36a8e37ee2abc57e886
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Feb 23 22:39:39 2021 +0100

    Modify i2d_PublicKey() so it can get an EC public key as a blob
    
    This introduces the encoder output type "blob", to be used for
    anything that outputs an unstructured blob of data.
    
    Fixes #14258
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/14291)

commit 3d364726606424f760211b5015920410ea9c8f0d
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Feb 19 13:20:00 2021 -0800

    test_ecpub: test that we can decode the DER we encoded
    
    We should be able to round-trip through the encoded DER form of the
    EC public key and get back something that compares as equal to the
    original key.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14291)

commit ad7cb0bf5cb9b014d34327cb35ecdd609a3d4dd4
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Feb 19 13:46:49 2021 -0800

    test_ecpub: verify returned length after encoding
    
    Save the length we got from querying how much space was needed, and
    check that the actual encoding call returned the same length.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14291)

commit c0ff1932e446621f43cd607371b7d265370d4bc6
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Jan 25 12:19:16 2021 -0800

    Add test for EC pubkey export/import
    
    There seems to be an issue with i2d_provided() in i2d_evp.c that causes
    us to fail to construct a valid chain of encoders for the "type-specific"
    output when it's an EC pubkey.  This test is designed to exercise that
    codepath for a variety of curves.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14291)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/i2d_evp.c                              |  54 ++++--
 providers/encoders.inc                             |   5 +-
 providers/implementations/encode_decode/build.info |   6 +
 .../encode_decode/encode_key2blob.c                | 202 +++++++++++++++++++++
 .../implementations/include/prov/implementations.h |   2 +
 test/evp_extra_test.c                              |  71 ++++++++
 6 files changed, 324 insertions(+), 16 deletions(-)
 create mode 100644 providers/implementations/encode_decode/encode_key2blob.c

diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index 6e4f7080c7..2a101a6fa3 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -25,29 +25,42 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
+struct type_and_structure_st {
+    const char *output_type;
+    const char *output_structure;
+};
+
 static int i2d_provided(const EVP_PKEY *a, int selection,
-                        const char *output_structures[],
+                        const struct type_and_structure_st *output_info,
                         unsigned char **pp)
 {
     OSSL_ENCODER_CTX *ctx = NULL;
     int ret;
 
     for (ret = -1;
-         ret == -1 && *output_structures != NULL;
-         output_structures++) {
+         ret == -1 && output_info->output_type != NULL;
+         output_info++) {
         /*
          * The i2d_ calls don't take a boundary length for *pp.  However,
-         * OSSL_ENCODER_CTX_get_num_encoders() needs one, so we make one
-         * up.
+         * OSSL_ENCODER_to_data() needs one, so we make one up.  Because
+         * OSSL_ENCODER_to_data() decrements this number by the amount of
+         * bytes written, we need to calculate the length written further
+         * down, when pp != NULL.
          */
         size_t len = INT_MAX;
 
-        ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, "DER",
-                                            *output_structures, NULL);
+        ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection,
+                                            output_info->output_type,
+                                            output_info->output_structure,
+                                            NULL);
         if (ctx == NULL)
             return -1;
-        if (OSSL_ENCODER_to_data(ctx, pp, &len))
-            ret = (int)len;
+        if (OSSL_ENCODER_to_data(ctx, pp, &len)) {
+            if (pp == NULL)
+                ret = (int)len;
+            else
+                ret = INT_MAX - (int)len;
+        }
         OSSL_ENCODER_CTX_free(ctx);
         ctx = NULL;
     }
@@ -60,9 +73,12 @@ static int i2d_provided(const EVP_PKEY *a, int selection,
 int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp)
 {
     if (evp_pkey_is_provided(a)) {
-        const char *output_structures[] = { "type-specific", NULL };
+        static const struct type_and_structure_st output_info[] = {
+            { "DER", "type-specific" },
+            { NULL, }
+        };
 
-        return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_structures, pp);
+        return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_info, pp);
     }
     if (a->ameth != NULL && a->ameth->param_encode != NULL)
         return a->ameth->param_encode(a, pp);
@@ -78,9 +94,13 @@ int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey)
 int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp)
 {
     if (evp_pkey_is_provided(a)) {
-        const char *output_structures[] = { "type-specific", "pkcs8", NULL };
+        static const struct type_and_structure_st output_info[] = {
+            { "DER", "type-specific" },
+            { "DER", "pkcs8" },
+            { NULL, }
+        };
 
-        return i2d_provided(a, EVP_PKEY_KEYPAIR, output_structures, pp);
+        return i2d_provided(a, EVP_PKEY_KEYPAIR, output_info, pp);
     }
     if (a->ameth != NULL && a->ameth->old_priv_encode != NULL) {
         return a->ameth->old_priv_encode(a, pp);
@@ -102,9 +122,13 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp)
 int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
 {
     if (evp_pkey_is_provided(a)) {
-        const char *output_structures[] = { "type-specific", NULL };
+        static const struct type_and_structure_st output_info[] = {
+            { "DER", "type-specific" },
+            { "blob", NULL },    /* for EC */
+            { NULL, }
+        };
 
-        return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
+        return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp);
     }
     switch (EVP_PKEY_id(a)) {
     case EVP_PKEY_RSA:
diff --git a/providers/encoders.inc b/providers/encoders.inc
index e7d11c731b..71f4f13848 100644
--- a/providers/encoders.inc
+++ b/providers/encoders.inc
@@ -104,12 +104,15 @@ ENCODER_w_structure("DSA", dsa, yes, der, type_specific),
 ENCODER_w_structure("DSA", dsa, yes, pem, type_specific),
 #endif
 #ifndef OPENSSL_NO_EC
-/* EC only supports keypair and parameters output. */
+/* EC only supports keypair and parameters DER and PEM output. */
 ENCODER_w_structure("EC", ec, yes, der, type_specific_no_pub),
 ENCODER_w_structure("EC", ec, yes, pem, type_specific_no_pub),
+/* EC supports blob output for the public key */
+ENCODER("EC", ec, yes, blob),
 # ifndef OPENSSL_NO_SM2
 ENCODER_w_structure("SM2", sm2, yes, der, type_specific_no_pub),
 ENCODER_w_structure("SM2", sm2, yes, pem, type_specific_no_pub),
+ENCODER("SM2", sm2, yes, blob),
 # endif
 #endif
 
diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info
index 55b7d0ad6e..5b8d9f6ef2 100644
--- a/providers/implementations/encode_decode/build.info
+++ b/providers/implementations/encode_decode/build.info
@@ -15,4 +15,10 @@ SOURCE[$ENCODER_GOAL]=endecoder_common.c
 SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c decode_ms2key.c
 
 SOURCE[$ENCODER_GOAL]=encode_key2any.c encode_key2text.c encode_key2ms.c
+# encode_key2blob.c is only being included when EC is enabled, because we
+# currently only define a "blob" output type for EC public keys.  This may
+# change in the future.
+IF[{- !$disabled{ec} -}]
+  SOURCE[$ENCODER_GOAL]=encode_key2blob.c
+ENDIF
 DEPEND[encode_key2any.o]=../../common/include/prov/der_rsa.h
diff --git a/providers/implementations/encode_decode/encode_key2blob.c b/providers/implementations/encode_decode/encode_key2blob.c
new file mode 100644
index 0000000000..2e5e581391
--- /dev/null
+++ b/providers/implementations/encode_decode/encode_key2blob.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Low level APIs are deprecated for public use, but still ok for internal use.
+ */
+#include "internal/deprecated.h"
+
+#include <openssl/core.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include "internal/passphrase.h"
+#include "internal/nelem.h"
+#include "prov/implementations.h"
+#include "prov/bio.h"
+#include "prov/provider_ctx.h"
+#include "endecoder_local.h"
+
+static int write_blob(void *provctx, OSSL_CORE_BIO *cout,
+                      void *data, int len)
+{
+    BIO *out = bio_new_from_core_bio(provctx, cout);
+    int ret = BIO_write(out, data, len);
+
+    BIO_free(out);
+    return ret;
+}
+
+static OSSL_FUNC_encoder_newctx_fn key2blob_newctx;
+static OSSL_FUNC_encoder_freectx_fn key2blob_freectx;
+static OSSL_FUNC_encoder_gettable_params_fn key2blob_gettable_params;
+static OSSL_FUNC_encoder_get_params_fn key2blob_get_params;
+
+static void *key2blob_newctx(void *provctx)
+{
+    return provctx;
+}
+
+static void key2blob_freectx(void *vctx)
+{
+}
+
+static const OSSL_PARAM *key2blob_gettable_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM gettables[] = {
+        { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
+        OSSL_PARAM_END,
+    };
+
+    return gettables;
+}
+
+static int key2blob_get_params(OSSL_PARAM params[])
+{
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE);
+    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "blob"))
+        return 0;
+
+    return 1;
+}
+
+static int key2blob_check_selection(int selection, int selection_mask)
+{
+    /*
+     * The selections are kinda sorta "levels", i.e. each selection given
+     * here is assumed to include those following.
+     */
+    int checks[] = {
+        OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
+        OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
+        OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
+    };
+    size_t i;
+
+    /* The decoder implementations made here support guessing */
+    if (selection == 0)
+        return 1;
+
+    for (i = 0; i < OSSL_NELEM(checks); i++) {
+        int check1 = (selection & checks[i]) != 0;
+        int check2 = (selection_mask & checks[i]) != 0;
+
+        /*
+         * If the caller asked for the currently checked bit(s), return
+         * whether the decoder description says it's supported.
+         */
+        if (check1)
+            return check2;
+    }
+
+    /* This should be dead code, but just to be safe... */
+    return 0;
+}
+
+static int key2blob_encode(void *vctx, const void *key, int selection,
+                           OSSL_CORE_BIO *cout)
+{
+    int pubkey_len = 0, ok = 0;
+    unsigned char *pubkey = NULL;
+
+    pubkey_len = i2o_ECPublicKey(key, &pubkey);
+    if (pubkey_len > 0 && pubkey != NULL)
+        ok = write_blob(vctx, cout, pubkey, pubkey_len);
+    OPENSSL_free(pubkey);
+    return ok;
+}
+
+/*
+ * MAKE_BLOB_ENCODER() Makes an OSSL_DISPATCH table for a particular key->blob
+ * encoder
+ *
+ * impl:                The keytype to encode
+ * type:                The C structure type holding the key data
+ * selection_name:      The acceptable selections.  This translates into
+ *                      the macro EVP_PKEY_##selection_name.
+ *
+ * The selection is understood as a "level" rather than an exact set of
+ * requests from the caller.  The encoder has to decide what contents fit
+ * the encoded format.  For example, the EC public key blob will only contain
+ * the encoded public key itself, no matter if the selection bits include
+ * OSSL_KEYMGMT_SELECT_PARAMETERS or not.  However, if the selection includes
+ * OSSL_KEYMGMT_SELECT_PRIVATE_KEY, the same encoder will simply refuse to
+ * cooperate, because it cannot output the private key.
+ *
+ * EVP_PKEY_##selection_name are convenience macros that combine "typical"
+ * OSSL_KEYMGMT_SELECT_ macros for a certain type of EVP_PKEY content.
+ */
+#define MAKE_BLOB_ENCODER(impl, type, selection_name)                   \
+    static OSSL_FUNC_encoder_import_object_fn                           \
+    impl##2blob_import_object;                                          \
+    static OSSL_FUNC_encoder_free_object_fn impl##2blob_free_object;    \
+    static OSSL_FUNC_encoder_does_selection_fn                          \
+    impl##2blob_does_selection;                                         \
+    static OSSL_FUNC_encoder_encode_fn impl##2blob_encode;              \
+                                                                        \
+    static void *impl##2blob_import_object(void *ctx, int selection,    \
+                                           const OSSL_PARAM params[])   \
+    {                                                                   \
+        return ossl_prov_import_key(ossl_##impl##_keymgmt_functions,    \
+                                    ctx, selection, params);            \
+    }                                                                   \
+    static void impl##2blob_free_object(void *key)                      \
+    {                                                                   \
+        ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key);       \
+    }                                                                   \
+    static int impl##2blob_does_selection(void *ctx, int selection)     \
+    {                                                                   \
+        return key2blob_check_selection(selection,                      \
+                                        EVP_PKEY_##selection_name);     \
+    }                                                                   \
+    static int impl##2blob_encode(void *vctx, OSSL_CORE_BIO *cout,      \
+                                  const void *key,                      \
+                                  const OSSL_PARAM key_abstract[],      \
+                                  int selection,                        \
+                                  OSSL_PASSPHRASE_CALLBACK *cb,         \
+                                  void *cbarg)                          \
+    {                                                                   \
+        /* We don't deal with abstract objects */                       \
+        if (key_abstract != NULL) {                                     \
+            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);     \
+            return 0;                                                   \
+        }                                                               \
+        return key2blob_encode(vctx, key, selection, cout);             \
+    }                                                                   \
+    const OSSL_DISPATCH ossl_##impl##_to_blob_encoder_functions[] = {   \
+        { OSSL_FUNC_ENCODER_NEWCTX,                                     \
+          (void (*)(void))key2blob_newctx },                            \
+        { OSSL_FUNC_ENCODER_FREECTX,                                    \
+          (void (*)(void))key2blob_freectx },                           \
+        { OSSL_FUNC_ENCODER_GETTABLE_PARAMS,                            \
+          (void (*)(void))key2blob_gettable_params },                   \
+        { OSSL_FUNC_ENCODER_GET_PARAMS,                                 \
+          (void (*)(void))key2blob_get_params },                        \
+        { OSSL_FUNC_ENCODER_DOES_SELECTION,                             \
+          (void (*)(void))impl##2blob_does_selection },                 \
+        { OSSL_FUNC_ENCODER_IMPORT_OBJECT,                              \
+          (void (*)(void))impl##2blob_import_object },                  \
+        { OSSL_FUNC_ENCODER_FREE_OBJECT,                                \
+          (void (*)(void))impl##2blob_free_object },                    \
+        { OSSL_FUNC_ENCODER_ENCODE,                                     \
+          (void (*)(void))impl##2blob_encode },                         \
+        { 0, NULL }                                                     \
+    }
+
+#ifndef OPENSSL_NO_EC
+MAKE_BLOB_ENCODER(ec, ec, PUBLIC_KEY);
+# ifndef OPENSSL_NO_SM2
+MAKE_BLOB_ENCODER(sm2, ec, PUBLIC_KEY);
+# endif
+#endif
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 8321dd92b4..20d6b84021 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -380,6 +380,7 @@ extern const OSSL_DISPATCH ossl_dsa_to_text_encoder_functions[];
 
 extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[];
 extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[];
+extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[];
 extern const OSSL_DISPATCH ossl_ec_to_PKCS8_der_encoder_functions[];
 extern const OSSL_DISPATCH ossl_ec_to_PKCS8_pem_encoder_functions[];
 extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[];
@@ -393,6 +394,7 @@ extern const OSSL_DISPATCH ossl_ec_to_text_encoder_functions[];
 #ifndef OPENSSL_NO_SM2
 extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[];
 extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[];
+extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[];
 extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_der_encoder_functions[];
 extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_pem_encoder_functions[];
 extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[];
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 845752fae4..2195f21a9d 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -2415,6 +2415,74 @@ err:
     return ret;
 }
 
+#ifndef OPENSSL_NO_EC
+static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
+    NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
+    NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
+    NID_brainpoolP384r1, NID_brainpoolP512r1};
+
+static int test_ecpub(int idx)
+{
+    int ret = 0, len, savelen;
+    int nid;
+    unsigned char buf[1024];
+    unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+    const unsigned char *q;
+    EVP_PKEY *pkey2 = NULL;
+    EC_KEY *ec = NULL;
+# endif
+
+    nid = ecpub_nids[idx];
+
+    ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (!TEST_ptr(ctx)
+        || !TEST_true(EVP_PKEY_keygen_init(ctx))
+        || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
+        || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
+        goto done;
+    len = i2d_PublicKey(pkey, NULL);
+    savelen = len;
+    if (!TEST_int_ge(len, 1)
+        || !TEST_int_lt(len, 1024))
+        goto done;
+    p = buf;
+    len = i2d_PublicKey(pkey, &p);
+    if (!TEST_int_ge(len, 1)
+            || !TEST_int_eq(len, savelen))
+        goto done;
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+    /* Now try to decode the just-created DER. */
+    q = buf;
+    if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
+            || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
+            || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
+        goto done;
+    /* EC_KEY ownership transferred */
+    ec = NULL;
+    if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
+        goto done;
+    /* The keys should match. */
+    if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
+        goto done;
+# endif
+
+    ret = 1;
+
+ done:
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+    EVP_PKEY_free(pkey2);
+    EC_KEY_free(ec);
+# endif
+    return ret;
+}
+#endif
+
 static int test_EVP_rsa_pss_with_keygen_bits(void)
 {
     int ret;
@@ -2556,6 +2624,9 @@ int setup_tests(void)
     ADD_TEST(test_rand_agglomeration);
     ADD_ALL_TESTS(test_evp_iv, 10);
     ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
+#ifndef OPENSSL_NO_EC
+    ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
+#endif
 
     ADD_TEST(test_names_do_all);
 


More information about the openssl-commits mailing list