projects / platform / core / security / yaca.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62911bc)
Migrate to openssl3 97/295697/6 accepted/tizen_8.0_unified tizen_8.0 accepted/tizen/8.0/unified/20231014.183159 accepted/tizen/unified/20231013.095107 accepted/tizen/unified/20231016.042326 tizen_8.0_m2_release
authorDariusz Michaluk <d.michaluk@samsung.com>
Wed, 12 Jul 2023 10:21:09 +0000 (12:21 +0200)
committerDariusz Michaluk <d.michaluk@samsung.com>
Thu, 5 Oct 2023 07:21:22 +0000 (09:21 +0200)
This commit introduce few incompatibilities with previous API:
- enforce a minimum DH modulus size of 512 bits,
- enforce a minimum DSA key size of 1024 bits,
- YACA_PADDING_PKCS1_SSLV23 is now equal to YACA_PADDING_PKCS1,
- YACA_KDF_X942 has changed CEK wrapping algorithm to AES-256-WRAP,
 in result derived key will change.

Change-Id: Ifc852ec6829d63d66925e3007e37254126be60e5

24 files changed:
CMakeLists.txt patch | blob | history
api/yaca/yaca_key.h patch | blob | history
api/yaca/yaca_types.h patch | blob | history
examples/rsa_public.c patch | blob | history
packaging/yaca.spec patch | blob | history
src/CMakeLists.txt patch | blob | history
src/debug.c patch | blob | history
src/digest.c patch | blob | history
src/encrypt.c patch | blob | history
src/key.c patch | blob | history
src/rsa.c patch | blob | history
src/seal.c patch | blob | history
src/sign.c patch | blob | history
tests/mock_test_key.cpp patch | blob | history
tests/mock_test_sign.cpp patch | blob | history
tests/mock_test_simple.cpp patch | blob | history
tests/openssl_mock_functions.h patch | blob | history
tests/openssl_mock_impl.c patch | blob | history
tests/openssl_mock_impl.h patch | blob | history
tests/openssl_mock_redefine.h patch | blob | history
tests/test_debug.cpp patch | blob | history
tests/test_key.cpp patch | blob | history
tests/test_sign.cpp patch | blob | history
tests/test_simple.cpp patch | blob | history

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 365bd0a..75d0c58 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -63,6 +63,7 @@ ADD_DEFINITIONS("-Wall")   # Generate all warnings
 ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
 ADD_DEFINITIONS("-pedantic") # Be pedantic
 ADD_DEFINITIONS("-pedantic-errors") # Make pedantic warnings into errors
+ADD_DEFINITIONS("-Wno-deprecated-declarations") # Use openssl deprecated API
 ADD_DEFINITIONS(-DPROJECT_SOURCE_DIR="${PROJECT_SOURCE_DIR}")
 
 IF("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index e0bf47a..0a1db9c 100644 (file)
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -188,10 +188,10 @@ int yaca_key_export(const yaca_key_h key, yaca_key_format_e key_fmt, yaca_key_fi
  *          - SYMMETRIC/IV: >= 8bits
  *          - DES: 64, 128 or 192bits
  *          - RSA: length >= 512bits
- *          - DSA: length >= 512bits, multiple of 64
+ *          - DSA: length >= 1024bits, multiple of 64
  *          - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or
  *                (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits),
- *                where prime_length_in_bits has to be >= 256
+ *                where prime_length_in_bits has to be >= 512
  *          - EC: a value taken from #yaca_key_bit_length_ec_e
  * @remarks The @a key should be released using yaca_key_destroy().
  * @param[in] key_type Type of the key to be generated
diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h
index 8973422..ea87975 100644 (file)
--- a/api/yaca/yaca_types.h
+++ b/api/yaca/yaca_types.h
@@ -664,6 +664,9 @@ typedef enum {
        YACA_PADDING_PKCS1_OAEP,
 
        /**
+        * Removed in OpenSSL 3.0 and should not be used anymore.
+        * For compatibility reason YACA_PADDING_PKCS1_SSLV23 is now equal to YACA_PADDING_PKCS1.
+        *
         * PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the party
         * is SSL3 capable. It is used for rollback attack detection in SSLv3. If during decryption it
         * turns out that both parties are using #YACA_PADDING_PKCS1_SSLV23 (both are communicating
diff --git a/examples/rsa_public.c b/examples/rsa_public.c
index e025c97..fded958 100644 (file)
--- a/examples/rsa_public.c
+++ b/examples/rsa_public.c
@@ -72,12 +72,6 @@ int main()
                dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len);
        }
 
-       /*
-        * YACA_PADDING_PKCS1_SSLV23 is compatible with YACA_PADDING_PKCS1. It is used to detect if
-        * both the encrypting and decrypting side used YACA_PADDING_PKCS1_SSLV23, that is, both are
-        * SSL3 capable but use the SSL2 (rollback attack detection).
-        */
-
        /* Decryption */
        {
                ret = yaca_rsa_private_decrypt(YACA_PADDING_PKCS1, rsa_priv, encrypted, encrypted_len,
diff --git a/packaging/yaca.spec b/packaging/yaca.spec
index 08a88c2..457d3cc 100644 (file)
--- a/packaging/yaca.spec
+++ b/packaging/yaca.spec
@@ -10,7 +10,7 @@ Summary:            Yet Another Crypto API
 BuildRequires:      cmake
 BuildRequires:      python3 >= 3.4
 BuildRequires:      pkgconfig(capi-base-common)
-BuildRequires:      pkgconfig(openssl1.1)
+BuildRequires:      pkgconfig(openssl3)
 BuildRequires:      boost-devel
 %if "%build_type" == "COVERAGE"
 BuildRequires:      lcov
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 7cf4872..1c3e22f 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -48,7 +48,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME}-static PROPERTIES
                       OUTPUT_NAME ${PROJECT_NAME})
 
 ## Link libraries ##############################################################
-PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl1.1 capi-base-common)
+PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl3 capi-base-common)
 
 FIND_PACKAGE (Threads)
 
diff --git a/src/debug.c b/src/debug.c
index e7a8056..0e17e67 100644 (file)
--- a/src/debug.c
+++ b/src/debug.c
@@ -28,6 +28,7 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/dsa.h>
+#include <openssl/proverr.h>
 
 #include <yaca_error.h>
 
@@ -38,7 +39,6 @@
 // TODO any better idea than to use __thread?
 static __thread yaca_error_cb error_cb = NULL;
 static bool error_strings_loaded = false;
-static const int GENERIC_REASON_MAX = 99;
 
 API void yaca_debug_set_error_cb(yaca_error_cb fn)
 {
@@ -127,41 +127,46 @@ int error_handle(const char *file, int line, const char *function)
 
        /* known errors */
        switch (err) {
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, PEM_R_NO_START_LINE):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE):
-       case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE):
-       case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS):
-       case ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE):
-       case ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH):
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED):
+       case ERR_PACK(ERR_LIB_OSSL_DECODER, 0, ERR_R_UNSUPPORTED):
+       case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED):
+       case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISMATCHING_DOMAIN_PARAMETERS):
+       case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST):
+       case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING):
+       case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE):
+       case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL):
+       case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED):
+       case ERR_PACK(ERR_LIB_ASN1,0, ASN1_R_NOT_ENOUGH_DATA):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS):
+       case ERR_PACK(ERR_LIB_EC,  0, EC_R_INVALID_DIGEST_TYPE):
+       case ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED):
+       case ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL):
                ret = YACA_ERROR_INVALID_PARAMETER;
                break;
-       case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG):
-       case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG):
-       case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG):
+       case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG):
+       case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG):
+       case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG):
        {
                bool found_crypto_error = false;
 
                while ((err = ERR_get_error()) != 0)
-                       if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) ||
-                               err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) ||
-                               err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) ||
-                               err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) {
+                       if (err == ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR) ||
+                               err == ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) ||
+                               err == ERR_PACK(ERR_LIB_DSA, 0, ERR_R_DSA_LIB) ||
+                               err == ERR_PACK(ERR_LIB_RSA, 0, ERR_R_RSA_LIB)) {
                                found_crypto_error = true;
                                break;
                        }
@@ -173,43 +178,17 @@ int error_handle(const char *file, int line, const char *function)
 
                break;
        }
-       case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ):
-       case ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ):
+       case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT):
+       case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT):
+       case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ):
+       case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT):
                ret = YACA_ERROR_INVALID_PASSWORD;
                break;
        }
 
-       /* known rsa padding errors */
-       if (ret == YACA_ERROR_NONE && ERR_GET_LIB(err) == ERR_LIB_RSA) {
-               switch (ERR_GET_FUNC(err)) {
-               case RSA_F_CHECK_PADDING_MD:
-               case RSA_F_RSA_PADDING_CHECK_NONE:
-               case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:
-               case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:
-               case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:
-               case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:
-               case RSA_F_RSA_PADDING_CHECK_SSLV23:
-               case RSA_F_RSA_PADDING_CHECK_X931:
-               case RSA_F_RSA_PADDING_ADD_NONE:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_PSS:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:
-               case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:
-               case RSA_F_RSA_PADDING_ADD_SSLV23:
-               case RSA_F_RSA_PADDING_ADD_X931:
-                       ret = YACA_ERROR_INVALID_PARAMETER;
-                       break;
-               }
-       }
-
        /* fatal errors */
        int reason = ERR_GET_REASON(err);
-       if (ret == YACA_ERROR_NONE && reason <= GENERIC_REASON_MAX && (err & ERR_R_FATAL) > 0) {
+       if (ret == YACA_ERROR_NONE && (err & ERR_R_FATAL) > 0) {
                switch (reason) {
                case ERR_R_MALLOC_FAILURE:
                        ret = YACA_ERROR_OUT_OF_MEMORY;
diff --git a/src/digest.c b/src/digest.c
index 07f7de8..76d2e1e 100644 (file)
--- a/src/digest.c
+++ b/src/digest.c
@@ -97,7 +97,7 @@ static int get_digest_output_length(const yaca_context_h ctx,
        if (input_len != 0)
                return YACA_ERROR_INVALID_PARAMETER;
 
-       int md_size = EVP_MD_CTX_size(c->md_ctx);
+       int md_size = EVP_MD_CTX_get_size(c->md_ctx);
        if (md_size <= 0) {
                const int ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
diff --git a/src/encrypt.c b/src/encrypt.c
index 556eb3f..2651694 100644 (file)
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -309,7 +309,7 @@ static int get_encrypt_output_length(const yaca_context_h ctx, size_t input_len,
        assert(c != NULL);
        assert(c->cipher_ctx != NULL);
 
-       block_size = EVP_CIPHER_CTX_block_size(c->cipher_ctx);
+       block_size = EVP_CIPHER_CTX_get_block_size(c->cipher_ctx);
        if (block_size <= 0) {
                const int ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
@@ -452,7 +452,7 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c,
        assert(c != NULL);
        assert(cipher != NULL);
 
-       ret = EVP_CIPHER_iv_length(cipher);
+       ret = EVP_CIPHER_get_iv_length(cipher);
        if (ret < 0) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
@@ -1190,7 +1190,7 @@ API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo,
        if (ret != YACA_ERROR_NONE)
                return ret;
 
-       ret = EVP_CIPHER_iv_length(cipher);
+       ret = EVP_CIPHER_get_iv_length(cipher);
        if (ret < 0) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
diff --git a/src/key.c b/src/key.c
index 1eea8d9..d1dec25 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -33,6 +33,9 @@
 #include <openssl/pem.h>
 #include <openssl/des.h>
 #include <openssl/dh.h>
+#include <openssl/kdf.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
 
 #include <yaca_crypto.h>
 #include <yaca_error.h>
@@ -660,7 +663,7 @@ static int import_evp(yaca_key_h *key,
        }
 
        if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) &&
-               (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
+               (EVP_PKEY_get_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
                ret = YACA_ERROR_INVALID_PARAMETER;
                goto exit;
        }
@@ -852,13 +855,13 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key,
                        break;
 
                case YACA_KEY_TYPE_DSA_PARAMS:
-                       ret = i2d_DSAparams_bio(mem, EVP_PKEY_get0(evp_key->evp));
+                       ret = i2d_DSAparams_bio(mem, EVP_PKEY_get0_DSA(evp_key->evp));
                        break;
                case YACA_KEY_TYPE_DH_PARAMS:
-                       ret = i2d_DHparams_bio(mem, EVP_PKEY_get0(evp_key->evp));
+                       ret = i2d_DHparams_bio(mem, EVP_PKEY_get0_DH(evp_key->evp));
                        break;
                case YACA_KEY_TYPE_EC_PARAMS: {
-                       const EC_KEY *eck = EVP_PKEY_get0(evp_key->evp);
+                       const EC_KEY *eck = EVP_PKEY_get0_EC_KEY(evp_key->evp);
                        const EC_GROUP *ecg = EC_KEY_get0_group(eck);
                        ret = i2d_ECPKParameters_bio(mem, ecg);
                        break;
@@ -1118,7 +1121,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p
        switch (evp_id) {
        case EVP_PKEY_DSA:
                if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS ||
-                       key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0)
+                       key_bit_len > INT_MAX || key_bit_len < 1024 || key_bit_len % 64 != 0)
                        return YACA_ERROR_INVALID_PARAMETER;
 
                bit_len = key_bit_len;
@@ -1212,8 +1215,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p
 
        ret = EVP_PKEY_paramgen(pctx, params);
        if (ret != 1 || params == NULL) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
+               ret = ERROR_HANDLE();
                goto exit;
        }
 
@@ -1453,7 +1455,7 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len)
                case YACA_KEY_TYPE_DH_PRIV:
                case YACA_KEY_TYPE_DH_PUB:
                case YACA_KEY_TYPE_DH_PARAMS:
-                       ret = EVP_PKEY_bits(evp_key->evp);
+                       ret = EVP_PKEY_get_bits(evp_key->evp);
                        if (ret <= 0) {
                                ret = YACA_ERROR_INTERNAL;
                                ERROR_DUMP(ret);
@@ -1467,7 +1469,7 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len)
                case YACA_KEY_TYPE_EC_PARAMS: {
                        assert(EVP_PKEY_type(EVP_PKEY_id(evp_key->evp)) == EVP_PKEY_EC);
 
-                       const EC_KEY *eck = EVP_PKEY_get0(evp_key->evp);
+                       const EC_KEY *eck = EVP_PKEY_get0_EC_KEY(evp_key->evp);
                        const EC_GROUP *ecg = EC_KEY_get0_group(eck);
                        int flags = EC_GROUP_get_asn1_flag(ecg);
                        int nid;
@@ -1870,6 +1872,9 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
        int ret;
        char *out = NULL;
        const EVP_MD *md;
+       EVP_KDF *ekdf = NULL;
+       EVP_KDF_CTX *kctx = NULL;
+       OSSL_PARAM params[5];
 
        if (secret == NULL || secret_len == 0 ||
                (info == NULL && info_len > 0) || (info != NULL && info_len == 0) ||
@@ -1886,9 +1891,25 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
 
        switch (kdf) {
        case YACA_KDF_X942:
-               ret = DH_KDF_X9_42((unsigned char*)out, key_material_len,
-                                                  (unsigned char*)secret, secret_len,
-                                                  OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md);
+               ekdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X942KDF_ASN1, NULL);
+               if (ekdf == NULL) {
+                       ret = YACA_ERROR_INTERNAL;
+                       goto exit;
+               }
+
+               kctx = EVP_KDF_CTX_new(ekdf);
+               if (kctx == NULL) {
+                       ret = YACA_ERROR_INTERNAL;
+                       goto exit;
+               }
+
+               params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)EVP_MD_get0_name(md), 0);
+               params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, (unsigned char *)secret, secret_len);
+               params[2] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, (unsigned char *)info, info_len);
+               params[3] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP", 0);
+               params[4] = OSSL_PARAM_construct_end();
+
+               ret = EVP_KDF_derive(kctx, (unsigned char*)out, key_material_len, params);
                if (ret != 1 || out == NULL) {
                        ret = YACA_ERROR_INTERNAL;
                        ERROR_DUMP(ret);
@@ -1915,6 +1936,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
        ret = YACA_ERROR_NONE;
 
 exit:
+       EVP_KDF_CTX_free(kctx);
+       EVP_KDF_free(ekdf);
        yaca_free(out);
        return ret;
 }
diff --git a/src/rsa.c b/src/rsa.c
index 054db73..3a40042 100644 (file)
--- a/src/rsa.c
+++ b/src/rsa.c
@@ -47,13 +47,12 @@ int rsa_padding2openssl(yaca_padding_e padding)
        case YACA_PADDING_X931:
                return RSA_X931_PADDING;
        case YACA_PADDING_PKCS1:
+       case YACA_PADDING_PKCS1_SSLV23:
                return RSA_PKCS1_PADDING;
        case YACA_PADDING_PKCS1_PSS:
                return RSA_PKCS1_PSS_PADDING;
        case YACA_PADDING_PKCS1_OAEP:
                return RSA_PKCS1_OAEP_PADDING;
-       case YACA_PADDING_PKCS1_SSLV23:
-               return RSA_SSLV23_PADDING;
        default:
                assert(false);
                return -1;
@@ -85,7 +84,7 @@ static int encrypt_decrypt(yaca_padding_e padding,
        lasym_key = key_get_evp(key);
        assert(lasym_key != NULL);
 
-       ret = EVP_PKEY_size(lasym_key->evp);
+       ret = EVP_PKEY_get_size(lasym_key->evp);
        if (ret <= 0) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
@@ -104,7 +103,7 @@ static int encrypt_decrypt(yaca_padding_e padding,
        ret = fn(input_len,
                         (const unsigned char*)input,
                         (unsigned char*)loutput,
-                        EVP_PKEY_get0_RSA(lasym_key->evp),
+                        (RSA *)EVP_PKEY_get0_RSA(lasym_key->evp),
                         lpadding);
 
        if (ret < 0) {
@@ -199,6 +198,7 @@ API int yaca_rsa_private_encrypt(yaca_padding_e padding,
        switch (padding) {
        case YACA_PADDING_NONE:
        case YACA_PADDING_PKCS1:
+       case YACA_PADDING_PKCS1_SSLV23:
                break;
        default:
                return YACA_ERROR_INVALID_PARAMETER;
@@ -226,6 +226,7 @@ API int yaca_rsa_public_decrypt(yaca_padding_e padding,
        switch (padding) {
        case YACA_PADDING_NONE:
        case YACA_PADDING_PKCS1:
+       case YACA_PADDING_PKCS1_SSLV23:
                break;
        default:
                return YACA_ERROR_INVALID_PARAMETER;
diff --git a/src/seal.c b/src/seal.c
index 73e7abb..778e686 100644 (file)
--- a/src/seal.c
+++ b/src/seal.c
@@ -61,7 +61,7 @@ static int seal_generate_iv(const EVP_CIPHER *cipher, yaca_key_h *iv)
        assert(iv != NULL);
        assert(cipher != NULL);
 
-       ret = EVP_CIPHER_iv_length(cipher);
+       ret = EVP_CIPHER_get_iv_length(cipher);
        if (ret < 0) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
@@ -98,7 +98,7 @@ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key,
        assert(lasym_key->key.type == YACA_KEY_TYPE_RSA_PRIV ||
                   lasym_key->key.type == YACA_KEY_TYPE_RSA_PUB);
 
-       ret = EVP_PKEY_size(lasym_key->evp);
+       ret = EVP_PKEY_get_size(lasym_key->evp);
        if (ret <= 0) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
diff --git a/src/sign.c b/src/sign.c
index 3b4f6f6..848c042 100644 (file)
--- a/src/sign.c
+++ b/src/sign.c
@@ -26,7 +26,6 @@
 
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
-#include <openssl/cmac.h>
 
 #include <yaca_crypto.h>
 #include <yaca_sign.h>
@@ -90,7 +89,6 @@ static int get_sign_output_length(const yaca_context_h ctx,
        assert(output_len != NULL);
 
        int ret;
-       EVP_PKEY_CTX *pctx;
        struct yaca_sign_context_s *c = get_sign_context(ctx);
        assert(c != NULL);
        assert(c->md_ctx != NULL);
@@ -98,28 +96,14 @@ static int get_sign_output_length(const yaca_context_h ctx,
        if (input_len != 0)
                return YACA_ERROR_INVALID_PARAMETER;
 
-       pctx = EVP_MD_CTX_pkey_ctx(c->md_ctx);
-       if (pctx == NULL) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
-               return ret;
-       }
-
-       EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-       if (pkey == NULL) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
-               return ret;
-       }
-
-       int len = EVP_PKEY_size(pkey);
-       if (len <= 0) {
+       ret = EVP_DigestSign(c->md_ctx, NULL, output_len, NULL, input_len);
+       if (ret != 1) {
+               *output_len = 0;
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
                return ret;
        }
 
-       *output_len = len;
        return YACA_ERROR_NONE;
 }
 
@@ -149,7 +133,7 @@ int set_sign_property(yaca_context_h ctx,
        if (value == NULL || c->state == CTX_FINALIZED)
                return YACA_ERROR_INVALID_PARAMETER;
 
-       pctx = EVP_MD_CTX_pkey_ctx(c->md_ctx);
+       pctx = EVP_MD_CTX_get_pkey_ctx(c->md_ctx);
        if (pctx == NULL) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
@@ -211,12 +195,14 @@ API int yaca_sign_initialize(yaca_context_h *ctx,
 
        switch (prv_key->type) {
        case YACA_KEY_TYPE_RSA_PRIV:
-               if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) ||
-                       (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
+               if (EVP_MD_size(md) >= EVP_PKEY_get_size(evp_key->evp) ||
+                       (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_get_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
                        return YACA_ERROR_INVALID_PARAMETER;
                break;
        case YACA_KEY_TYPE_DSA_PRIV:
        case YACA_KEY_TYPE_EC_PRIV:
+               if (algo == YACA_DIGEST_MD5)
+                       return YACA_ERROR_INVALID_PARAMETER;
                break;
        default:
                return YACA_ERROR_INVALID_PARAMETER;
@@ -327,7 +313,6 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
                                                                  const yaca_key_h sym_key)
 {
        struct yaca_sign_context_s *nc = NULL;
-       CMAC_CTX* cmac_ctx = NULL;
        const EVP_CIPHER* cipher = NULL;
        EVP_PKEY *pkey = NULL;
        int ret;
@@ -352,36 +337,14 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
        if (ret != YACA_ERROR_NONE)
                goto exit;
 
-       /* create and initialize low level CMAC context */
-       cmac_ctx = CMAC_CTX_new();
-       if (cmac_ctx == NULL) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
-               goto exit;
-       }
-
-       if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bit_len / 8, cipher, NULL) != 1) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
-               goto exit;
-       }
-
-       /* create key and assign CMAC context to it */
-       pkey = EVP_PKEY_new();
+       /* create CMAC key */
+       pkey = EVP_PKEY_new_CMAC_key(NULL, (unsigned char *) simple_key->d, simple_key->bit_len / 8, cipher);
        if (pkey == NULL) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
                goto exit;
        }
 
-       if (EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmac_ctx) != 1) {
-               ret = YACA_ERROR_INTERNAL;
-               ERROR_DUMP(ret);
-               goto exit;
-       }
-
-       cmac_ctx = NULL;
-
        nc->md_ctx = EVP_MD_CTX_create();
        if (nc->md_ctx == NULL) {
                ret = YACA_ERROR_INTERNAL;
@@ -402,7 +365,6 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
 
 exit:
        EVP_PKEY_free(pkey);
-       CMAC_CTX_free(cmac_ctx);
        yaca_context_destroy((yaca_context_h)nc);
 
        return ret;
@@ -484,12 +446,14 @@ API int yaca_verify_initialize(yaca_context_h *ctx,
 
        switch (pub_key->type) {
        case YACA_KEY_TYPE_RSA_PUB:
-               if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) ||
-                       (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
+               if (EVP_MD_size(md) >= EVP_PKEY_get_size(evp_key->evp) ||
+                       (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_get_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
                        return YACA_ERROR_INVALID_PARAMETER;
                break;
        case YACA_KEY_TYPE_DSA_PUB:
        case YACA_KEY_TYPE_EC_PUB:
+               if (algo == YACA_DIGEST_MD5)
+                       return YACA_ERROR_INVALID_PARAMETER;
                break;
        default:
                return YACA_ERROR_INVALID_PARAMETER;
diff --git a/tests/mock_test_key.cpp b/tests/mock_test_key.cpp
index 73432ac..fd40335 100644 (file)
--- a/tests/mock_test_key.cpp
+++ b/tests/mock_test_key.cpp
@@ -128,7 +128,7 @@ BOOST_FIXTURE_TEST_CASE(T1202__mock__negative__key_asymmetric_generate_all, Init
                {YACA_KEY_TYPE_DSA_PRIV,
                 YACA_KEY_TYPE_DSA_PUB,
                 YACA_KEY_TYPE_DSA_PARAMS,
-                YACA_KEY_LENGTH_512BIT},
+                YACA_KEY_LENGTH_1024BIT},
                {YACA_KEY_TYPE_DH_PRIV,
                 YACA_KEY_TYPE_DH_PUB,
                 YACA_KEY_TYPE_DH_PARAMS,
@@ -196,7 +196,7 @@ BOOST_FIXTURE_TEST_CASE(T1204__mock__negative__key_asymmetric_import_export, Ini
                {YACA_KEY_TYPE_DSA_PRIV,
                 YACA_KEY_TYPE_DSA_PUB,
                 YACA_KEY_TYPE_DSA_PARAMS,
-                YACA_KEY_LENGTH_512BIT},
+                YACA_KEY_LENGTH_1024BIT},
                {YACA_KEY_TYPE_EC_PRIV,
                 YACA_KEY_TYPE_EC_PUB,
                 YACA_KEY_TYPE_EC_PARAMS,
@@ -278,7 +278,7 @@ BOOST_FIXTURE_TEST_CASE(T1205__mock__negative__key_encrypted_import_export, Init
 
        const std::vector<struct default_args> dargs = {
                {YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT},
-               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT}
+               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT}
        };
 
        for (const auto &da: dargs) {
@@ -312,7 +312,7 @@ BOOST_FIXTURE_TEST_CASE(T1205__mock__negative__key_encrypted_import_export, Init
                {YACA_KEY_TYPE_RSA_PRIV,
                 YACA_KEY_LENGTH_512BIT},
                {YACA_KEY_TYPE_DSA_PRIV,
-                YACA_KEY_LENGTH_512BIT},
+                YACA_KEY_LENGTH_1024BIT},
                {YACA_KEY_TYPE_EC_PRIV,
                 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME256V1},
                {YACA_KEY_TYPE_DH_PRIV,
diff --git a/tests/mock_test_sign.cpp b/tests/mock_test_sign.cpp
index 59aad1e..edfa290 100644 (file)
--- a/tests/mock_test_sign.cpp
+++ b/tests/mock_test_sign.cpp
@@ -49,7 +49,7 @@ BOOST_FIXTURE_TEST_CASE(T1801__mock__negative__sign_verify, InitFixture)
        const std::vector<sign_args> sargs = {
                {YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_TYPE_RSA_PUB, YACA_KEY_LENGTH_512BIT,
                 YACA_DIGEST_SHA1, YACA_PADDING_X931},
-               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_TYPE_DSA_PUB, YACA_KEY_LENGTH_512BIT,
+               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_TYPE_DSA_PUB, YACA_KEY_LENGTH_1024BIT,
                 YACA_DIGEST_SHA224, YACA_INVALID_PADDING},
                {YACA_KEY_TYPE_EC_PRIV, YACA_KEY_TYPE_EC_PUB,
                 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME192V1,
diff --git a/tests/mock_test_simple.cpp b/tests/mock_test_simple.cpp
index 8dc2bc3..b2caa1a 100644 (file)
--- a/tests/mock_test_simple.cpp
+++ b/tests/mock_test_simple.cpp
@@ -128,7 +128,7 @@ BOOST_FIXTURE_TEST_CASE(T1303__mock__negative__simple_calculate_verify_signature
 
        const std::vector<struct signature_args> sargs = {
                {YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, YACA_DIGEST_MD5},
-               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, YACA_DIGEST_SHA256},
+               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, YACA_DIGEST_SHA256},
                {YACA_KEY_TYPE_EC_PRIV, (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME192V1,
                 YACA_DIGEST_SHA224}
        };
diff --git a/tests/openssl_mock_functions.h b/tests/openssl_mock_functions.h
index d11b692..2f733f2 100644 (file)
--- a/tests/openssl_mock_functions.h
+++ b/tests/openssl_mock_functions.h
@@ -58,13 +58,13 @@ int MOCK_EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 int MOCK_EC_GROUP_get_curve_name(const EC_GROUP *group);
 EC_KEY *MOCK_EC_KEY_new(void);
 int MOCK_EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
-int MOCK_EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int MOCK_EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
 int MOCK_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c);
 int MOCK_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 EVP_CIPHER_CTX *MOCK_EVP_CIPHER_CTX_new(void);
 int MOCK_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
 int MOCK_EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int MOCK_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+int MOCK_EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher);
 int MOCK_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 int MOCK_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
 int MOCK_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
@@ -78,8 +78,8 @@ int MOCK_EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t
 int MOCK_EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 int MOCK_EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
 EVP_MD_CTX *MOCK_EVP_MD_CTX_create(void);
-EVP_PKEY_CTX *MOCK_EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
-int MOCK_EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+EVP_PKEY_CTX *MOCK_EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
+int MOCK_EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx);
 int MOCK_EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2);
 EVP_PKEY *MOCK_EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
 EVP_PKEY_CTX *MOCK_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
@@ -95,7 +95,7 @@ int MOCK_EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 int MOCK_EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
 int MOCK_EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
 int MOCK_EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
-int MOCK_EVP_PKEY_bits(const EVP_PKEY *pkey);
+int MOCK_EVP_PKEY_get_bits(const EVP_PKEY *pkey);
 int MOCK_EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, int enc_key_len, EVP_PKEY *private_key);
 int MOCK_EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 int MOCK_EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
@@ -107,7 +107,7 @@ EVP_PKEY *MOCK_EVP_PKEY_new(void);
 EVP_PKEY *MOCK_EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen);
 int MOCK_EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int MOCK_EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
-int MOCK_EVP_PKEY_size(EVP_PKEY *pkey);
+int MOCK_EVP_PKEY_get_size(EVP_PKEY *pkey);
 int MOCK_EVP_PKEY_up_ref(EVP_PKEY *pkey);
 const EVP_CIPHER *MOCK_EVP_aes_128_cbc(void);
 const EVP_CIPHER *MOCK_EVP_aes_128_ccm(void);
diff --git a/tests/openssl_mock_impl.c b/tests/openssl_mock_impl.c
index 3af1917..b18081e 100644 (file)
--- a/tests/openssl_mock_impl.c
+++ b/tests/openssl_mock_impl.c
@@ -187,11 +187,11 @@ int MOCK_EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
        return EC_KEY_set_group(key, group);
 }
 
-int GET_BOOL_NAME(EVP_CIPHER_CTX_block_size) = 0;
-int MOCK_EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+int GET_BOOL_NAME(EVP_CIPHER_CTX_get_block_size) = 0;
+int MOCK_EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
 {
-       HANDLE_FUNCTION(EVP_CIPHER_CTX_block_size, 0, 0);
-       return EVP_CIPHER_CTX_block_size(ctx);
+       HANDLE_FUNCTION(EVP_CIPHER_CTX_get_block_size, 0, 0);
+       return EVP_CIPHER_CTX_get_block_size(ctx);
 }
 
 int GET_BOOL_NAME(EVP_CIPHER_CTX_cleanup) = 0;
@@ -229,11 +229,11 @@ int MOCK_EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
        return EVP_CIPHER_CTX_set_padding(c, pad);
 }
 
-int GET_BOOL_NAME(EVP_CIPHER_iv_length) = 0;
-int MOCK_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+int GET_BOOL_NAME(EVP_CIPHER_get_iv_length) = 0;
+int MOCK_EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher)
 {
-       HANDLE_FUNCTION(EVP_CIPHER_iv_length, -1, 0);
-       return EVP_CIPHER_iv_length(cipher);
+       HANDLE_FUNCTION(EVP_CIPHER_get_iv_length, -1, 0);
+       return EVP_CIPHER_get_iv_length(cipher);
 }
 
 int GET_BOOL_NAME(EVP_CipherFinal) = 0;
@@ -327,18 +327,18 @@ EVP_MD_CTX *MOCK_EVP_MD_CTX_create()
        return EVP_MD_CTX_create();
 }
 
-int GET_BOOL_NAME(EVP_MD_CTX_pkey_ctx) = 0;
-EVP_PKEY_CTX *MOCK_EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+int GET_BOOL_NAME(EVP_MD_CTX_get_pkey_ctx) = 0;
+EVP_PKEY_CTX *MOCK_EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx)
 {
-       HANDLE_FUNCTION(EVP_MD_CTX_pkey_ctx, NULL, 0);
-       return EVP_MD_CTX_pkey_ctx(ctx);
+       HANDLE_FUNCTION(EVP_MD_CTX_get_pkey_ctx, NULL, 0);
+       return EVP_MD_CTX_get_pkey_ctx(ctx);
 }
 
-int GET_BOOL_NAME(EVP_MD_CTX_size) = 0;
-int MOCK_EVP_MD_CTX_size(const EVP_MD_CTX *ctx)
+int GET_BOOL_NAME(EVP_MD_CTX_get_size) = 0;
+int MOCK_EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx)
 {
-       HANDLE_FUNCTION(EVP_MD_CTX_size, 0, 0);
-       return EVP_MD_CTX_size(ctx);
+       HANDLE_FUNCTION(EVP_MD_CTX_get_size, 0, 0);
+       return EVP_MD_CTX_get_size(ctx);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_CTX_ctrl) = 0;
@@ -446,11 +446,11 @@ int MOCK_EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
        return EVP_PKEY_assign_EC_KEY(pkey, key);
 }
 
-int GET_BOOL_NAME(EVP_PKEY_bits) = 0;
-int MOCK_EVP_PKEY_bits(const EVP_PKEY *pkey)
+int GET_BOOL_NAME(EVP_PKEY_get_bits) = 0;
+int MOCK_EVP_PKEY_get_bits(const EVP_PKEY *pkey)
 {
-       HANDLE_FUNCTION(EVP_PKEY_bits, 0, 0);
-       return EVP_PKEY_bits(pkey);
+       HANDLE_FUNCTION(EVP_PKEY_get_bits, 0, 0);
+       return EVP_PKEY_get_bits(pkey);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_decrypt_old) = 0;
@@ -530,12 +530,12 @@ int MOCK_EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
        return EVP_PKEY_paramgen_init(ctx);
 }
 
-int GET_BOOL_NAME(EVP_PKEY_size) = 0;
-int MOCK_EVP_PKEY_size(EVP_PKEY *pkey)
+int GET_BOOL_NAME(EVP_PKEY_get_size) = 0;
+int MOCK_EVP_PKEY_get_size(EVP_PKEY *pkey)
 {
        /* Cannot fail? */
-       HANDLE_FUNCTION(EVP_PKEY_size, 0, 0);
-       return EVP_PKEY_size(pkey);
+       HANDLE_FUNCTION(EVP_PKEY_get_size, 0, 0);
+       return EVP_PKEY_get_size(pkey);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_up_ref) = 0;
diff --git a/tests/openssl_mock_impl.h b/tests/openssl_mock_impl.h
index c0c089c..526640a 100644 (file)
--- a/tests/openssl_mock_impl.h
+++ b/tests/openssl_mock_impl.h
@@ -53,13 +53,13 @@ extern int GET_BOOL_NAME(EC_GROUP_get_asn1_flag);
 extern int GET_BOOL_NAME(EC_GROUP_get_curve_name);
 extern int GET_BOOL_NAME(EC_KEY_new);
 extern int GET_BOOL_NAME(EC_KEY_set_group);
-extern int GET_BOOL_NAME(EVP_CIPHER_CTX_block_size);
+extern int GET_BOOL_NAME(EVP_CIPHER_CTX_get_block_size);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_cleanup);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_ctrl);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_new);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_set_key_length);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_set_padding);
-extern int GET_BOOL_NAME(EVP_CIPHER_iv_length);
+extern int GET_BOOL_NAME(EVP_CIPHER_get_iv_length);
 extern int GET_BOOL_NAME(EVP_CipherFinal);
 extern int GET_BOOL_NAME(EVP_CipherUpdate);
 extern int GET_BOOL_NAME(EVP_DigestFinal_ex);
@@ -72,8 +72,8 @@ extern int GET_BOOL_NAME(EVP_DigestVerifyFinal);
 extern int GET_BOOL_NAME(EVP_DigestVerifyInit);
 extern int GET_BOOL_NAME(EVP_DigestVerifyUpdate);
 extern int GET_BOOL_NAME(EVP_MD_CTX_create);
-extern int GET_BOOL_NAME(EVP_MD_CTX_pkey_ctx);
-extern int GET_BOOL_NAME(EVP_MD_CTX_size);
+extern int GET_BOOL_NAME(EVP_MD_CTX_get_pkey_ctx);
+extern int GET_BOOL_NAME(EVP_MD_CTX_get_size);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_ctrl);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_get0_pkey);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_new);
@@ -89,7 +89,7 @@ extern int GET_BOOL_NAME(EVP_PKEY_assign);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_DH);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_DSA);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_EC_KEY);
-extern int GET_BOOL_NAME(EVP_PKEY_bits);
+extern int GET_BOOL_NAME(EVP_PKEY_get_bits);
 extern int GET_BOOL_NAME(EVP_PKEY_decrypt_old);
 extern int GET_BOOL_NAME(EVP_PKEY_derive);
 extern int GET_BOOL_NAME(EVP_PKEY_derive_init);
@@ -101,7 +101,7 @@ extern int GET_BOOL_NAME(EVP_PKEY_new);
 extern int GET_BOOL_NAME(EVP_PKEY_new_mac_key);
 extern int GET_BOOL_NAME(EVP_PKEY_paramgen);
 extern int GET_BOOL_NAME(EVP_PKEY_paramgen_init);
-extern int GET_BOOL_NAME(EVP_PKEY_size);
+extern int GET_BOOL_NAME(EVP_PKEY_get_size);
 extern int GET_BOOL_NAME(EVP_PKEY_up_ref);
 extern int GET_BOOL_NAME(EVP_aes_128_cbc);
 extern int GET_BOOL_NAME(EVP_aes_128_ccm);
diff --git a/tests/openssl_mock_redefine.h b/tests/openssl_mock_redefine.h
index 2b7750b..8906de6 100644 (file)
--- a/tests/openssl_mock_redefine.h
+++ b/tests/openssl_mock_redefine.h
@@ -56,14 +56,14 @@
 #define EC_GROUP_get_curve_name(a) MOCK_EC_GROUP_get_curve_name(a)
 #define EC_KEY_new() MOCK_EC_KEY_new()
 #define EC_KEY_set_group(a, b) MOCK_EC_KEY_set_group(a, b)
-#define EVP_CIPHER_CTX_block_size(a) MOCK_EVP_CIPHER_CTX_block_size(a)
+#define EVP_CIPHER_CTX_get_block_size(a) MOCK_EVP_CIPHER_CTX_get_block_size(a)
 #undef EVP_CIPHER_CTX_cleanup
 #define EVP_CIPHER_CTX_cleanup(a) MOCK_EVP_CIPHER_CTX_cleanup(a)
 #define EVP_CIPHER_CTX_ctrl(a, b, c, d) MOCK_EVP_CIPHER_CTX_ctrl(a, b, c, d)
 #define EVP_CIPHER_CTX_new() MOCK_EVP_CIPHER_CTX_new()
 #define EVP_CIPHER_CTX_set_key_length(a, b) MOCK_EVP_CIPHER_CTX_set_key_length(a, b)
 #define EVP_CIPHER_CTX_set_padding(a, b) MOCK_EVP_CIPHER_CTX_set_padding(a, b)
-#define EVP_CIPHER_iv_length(a) MOCK_EVP_CIPHER_iv_length(a)
+#define EVP_CIPHER_get_iv_length(a) MOCK_EVP_CIPHER_get_iv_length(a)
 #define EVP_CipherFinal(a, b, c) MOCK_EVP_CipherFinal(a, b, c)
 #define EVP_CipherInit_ex(a, b, c, d, e, f) MOCK_EVP_CipherInit_ex(a, b, c, d, e, f)
 #define EVP_CipherUpdate(a, b, c, d, e) MOCK_EVP_CipherUpdate(a, b, c, d, e)
@@ -81,9 +81,9 @@
 #define EVP_DigestVerifyUpdate(a, b, c) MOCK_EVP_DigestVerifyUpdate(a, b, c)
 #undef EVP_MD_CTX_create
 #define EVP_MD_CTX_create() MOCK_EVP_MD_CTX_create()
-#define EVP_MD_CTX_pkey_ctx(a) MOCK_EVP_MD_CTX_pkey_ctx(a)
-#undef EVP_MD_CTX_size
-#define EVP_MD_CTX_size(a) MOCK_EVP_MD_CTX_size(a)
+#define EVP_MD_CTX_get_pkey_ctx(a) MOCK_EVP_MD_CTX_get_pkey_ctx(a)
+#undef EVP_MD_CTX_get_size
+#define EVP_MD_CTX_get_size(a) MOCK_EVP_MD_CTX_get_size(a)
 #define EVP_PKEY_CTX_ctrl(a, b, c, d, e, f) MOCK_EVP_PKEY_CTX_ctrl(a, b, c, d, e, f)
 #define EVP_PKEY_CTX_get0_pkey(a) MOCK_EVP_PKEY_CTX_get0_pkey(a)
 #define EVP_PKEY_CTX_new(a, b) MOCK_EVP_PKEY_CTX_new(a, b)
@@ -109,7 +109,7 @@
 #define EVP_PKEY_assign_DSA(a, b) MOCK_EVP_PKEY_assign_DSA(a, b)
 #undef EVP_PKEY_assign_EC_KEY
 #define EVP_PKEY_assign_EC_KEY(a, b) MOCK_EVP_PKEY_assign_EC_KEY(a, b)
-#define EVP_PKEY_bits(a) MOCK_EVP_PKEY_bits(a)
+#define EVP_PKEY_get_bits(a) MOCK_EVP_PKEY_get_bits(a)
 #define EVP_PKEY_decrypt_old(a, b, c, d) MOCK_EVP_PKEY_decrypt_old(a, b, c, d)
 #define EVP_PKEY_derive(a, b, c) MOCK_EVP_PKEY_derive(a, b, c)
 #define EVP_PKEY_derive_init(a) MOCK_EVP_PKEY_derive_init(a)
@@ -121,7 +121,7 @@
 #define EVP_PKEY_new_mac_key(a, b, c, d) MOCK_EVP_PKEY_new_mac_key(a, b, c, d)
 #define EVP_PKEY_paramgen(a, b) MOCK_EVP_PKEY_paramgen(a, b)
 #define EVP_PKEY_paramgen_init(a) MOCK_EVP_PKEY_paramgen_init(a)
-#define EVP_PKEY_size(a) MOCK_EVP_PKEY_size(a)
+#define EVP_PKEY_get_size(a) MOCK_EVP_PKEY_get_size(a)
 #define EVP_PKEY_up_ref(a) MOCK_EVP_PKEY_up_ref(a)
 /* Special cases for algorithms, used as function pointers in YACA */
 #define EVP_aes_128_cbc MOCK_EVP_aes_128_cbc
diff --git a/tests/test_debug.cpp b/tests/test_debug.cpp
index 8d366ab..1322ccf 100644 (file)
--- a/tests/test_debug.cpp
+++ b/tests/test_debug.cpp
@@ -120,24 +120,24 @@ BOOST_FIXTURE_TEST_CASE(T003__positive__error_dump, CallbackCleanup)
 
        /* I won't check the string that's been generated. It's too
         * volatile. Some regexp can be implemented at most. */
-       PEMerr(PEM_F_LOAD_IV, PEM_R_READ_KEY);
+       ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
        ERROR_DUMP(YACA_ERROR_INTERNAL);
        BOOST_REQUIRE(error_cb_called == 1);
-       RSAerr(RSA_F_RSA_VERIFY, RSA_R_DATA_TOO_LARGE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE);
        ERROR_DUMP(-1 * YACA_ERROR_INTERNAL);
        BOOST_REQUIRE(error_cb_called == 2);
 
        /* The check that makes sense though is ellipsis. Also it'll
         * trigger the ellipsis code so it's at least a crash check.
         * No, those errors don't have to make any sense. */
-       RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
-       RSAerr(RSA_F_RSA_SIGN, RSA_R_MODULUS_TOO_LARGE);
-       DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_PARAMETER_ENCODING_ERROR);
-       DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MODULUS_TOO_LARGE);
-       PEMerr(PEM_F_PEM_ASN1_WRITE, PEM_R_BAD_PASSWORD_READ);
-       PEMerr(PEM_F_PEM_READ_DHPARAMS, PEM_R_UNSUPPORTED_CIPHER);
-       PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-       RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_VALUE_MISSING);
+       ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
+       ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH);
+       ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+       ERR_raise(ERR_LIB_RSA, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
        ERROR_DUMP(YACA_ERROR_INTERNAL);
        BOOST_REQUIRE(error_cb_called == 3);
 
@@ -157,39 +157,37 @@ BOOST_FIXTURE_TEST_CASE(T004__positive__error_handle, CallbackCleanup)
 
        const std::vector<struct error_args> eargs = {
                {-1, -1, YACA_ERROR_INTERNAL, 0},
-               {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+               {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
                 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL),
+               {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL),
                 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG),
-                ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB),
+               {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG),
+                ERR_PACK(ERR_LIB_RSA, 0, ERR_R_RSA_LIB),
                 YACA_ERROR_INVALID_PASSWORD, 0},
-               {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG),
-                ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, RSA_R_DIGEST_NOT_ALLOWED),
+               {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG),
+                ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED),
                 YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ),
+               {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ),
                 -1, YACA_ERROR_INVALID_PASSWORD, 0},
-               {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT),
+               {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT),
                 -1, YACA_ERROR_INVALID_PASSWORD, 0},
-               {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, PEM_R_BAD_DECRYPT),
+               {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
                 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, PEM_R_BAD_DECRYPT),
-                -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_MALLOC_FAILURE),
+               {ERR_PACK(ERR_LIB_EC, 0, ERR_R_MALLOC_FAILURE),
                 -1, YACA_ERROR_OUT_OF_MEMORY, 0},
-               {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED),
+               {ERR_PACK(ERR_LIB_EC, 0, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED),
                 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_PASSED_NULL_PARAMETER),
+               {ERR_PACK(ERR_LIB_EC, 0, ERR_R_PASSED_NULL_PARAMETER),
                 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-               {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_INTERNAL_ERROR),
+               {ERR_PACK(ERR_LIB_SSL, 0, ERR_R_INTERNAL_ERROR),
                 -1, YACA_ERROR_INTERNAL, 0},
-               {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_DISABLED),
+               {ERR_PACK(ERR_LIB_EC, 0, ERR_R_DISABLED),
                 -1, YACA_ERROR_INTERNAL, 0},
-               {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, RSA_R_BAD_SIGNATURE),
+               {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE),
                 -1, YACA_ERROR_INTERNAL, 1},
-               {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, DSA_R_BN_ERROR),
+               {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR),
                 -1, YACA_ERROR_INTERNAL, 1},
-               {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, EC_R_SLOT_FULL),
+               {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL),
                 -1, YACA_ERROR_INTERNAL, 1},
        };
 
@@ -199,12 +197,10 @@ BOOST_FIXTURE_TEST_CASE(T004__positive__error_handle, CallbackCleanup)
                error_cb_called = 0;
 
                if (ea.err1 != -1) {
-                       ERR_PUT_error(ERR_GET_LIB(ea.err1), ERR_GET_FUNC(ea.err1),
-                                                 ERR_GET_REASON(ea.err1), OPENSSL_FILE, OPENSSL_LINE);
+                       ERR_raise(ERR_GET_LIB(ea.err1), ERR_GET_REASON(ea.err1));
                }
                if (ea.err2 != -1) {
-                       ERR_PUT_error(ERR_GET_LIB(ea.err2), ERR_GET_FUNC(ea.err2),
-                                                 ERR_GET_REASON(ea.err2), OPENSSL_FILE, OPENSSL_LINE);
+                       ERR_raise(ERR_GET_LIB(ea.err2), ERR_GET_REASON(ea.err2));
                }
 
                int ret = ERROR_HANDLE();
diff --git a/tests/test_key.cpp b/tests/test_key.cpp
index d2ba692..4746aad 100644 (file)
--- a/tests/test_key.cpp
+++ b/tests/test_key.cpp
@@ -172,21 +172,18 @@ BOOST_FIXTURE_TEST_CASE(T201__positive__key_generate, InitDebugFixture)
                {YACA_KEY_TYPE_DSA_PRIV,
                 YACA_KEY_LENGTH_2048BIT,
                 YACA_KEY_LENGTH_2048BIT},
-               {YACA_KEY_TYPE_DSA_PRIV,
-                576,
-                576},
-               {YACA_KEY_TYPE_DSA_PRIV,
-                896,
-                896},
+               {YACA_KEY_TYPE_DSA_PRIV,
+                YACA_KEY_LENGTH_1024BIT,
+                YACA_KEY_LENGTH_1024BIT},
                {YACA_KEY_TYPE_DH_PRIV,
                 (yaca_key_bit_length_e)YACA_KEY_LENGTH_DH_RFC_2048_224,
                 YACA_KEY_LENGTH_2048BIT},
                {YACA_KEY_TYPE_DH_PRIV,
-                (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_2 | 264),
-                264},
+                (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_2 | 512),
+                512},
                {YACA_KEY_TYPE_DH_PRIV,
-                (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_5 | 376),
-                376},
+                (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_5 | 512),
+                512},
                {YACA_KEY_TYPE_EC_PRIV,
                 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_SECP384R1,
                 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_SECP384R1}
@@ -335,7 +332,7 @@ BOOST_FIXTURE_TEST_CASE(T204__negative__key_generate_from_parameters, InitDebugF
        yaca_key_h key_sym = YACA_KEY_NULL, key_params = YACA_KEY_NULL;
        yaca_key_h key = YACA_KEY_NULL;
 
-       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT,
+       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
                                                          &key_prv, &key_pub, &key_params);
 
        ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_UNSAFE_128BIT, &key_sym);
@@ -458,7 +455,7 @@ BOOST_FIXTURE_TEST_CASE(T206__negative__key_extract_public_parameters, InitDebug
        yaca_key_h key_sym = YACA_KEY_NULL, key_params = YACA_KEY_NULL;
        yaca_key_h key = YACA_KEY_NULL;
 
-       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_prv, &key_pub, &key_params);
+       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_prv, &key_pub, &key_params);
 
        ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_UNSAFE_128BIT, &key_sym);
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
diff --git a/tests/test_sign.cpp b/tests/test_sign.cpp
index 9aed73d..2b682fd 100644 (file)
--- a/tests/test_sign.cpp
+++ b/tests/test_sign.cpp
@@ -91,7 +91,7 @@ BOOST_FIXTURE_TEST_CASE(T801__positive__sign_verify, InitDebugFixture)
                {YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT,
                 YACA_DIGEST_SHA512, YACA_PADDING_PKCS1_PSS, 12},
 
-               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT,
+               {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
                 YACA_DIGEST_SHA256, YACA_INVALID_PADDING, 5},
                {YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
                 YACA_DIGEST_SHA224, YACA_INVALID_PADDING, 31},
@@ -637,7 +637,7 @@ BOOST_FIXTURE_TEST_CASE(T804__negative__sign_cmac, InitDebugFixture)
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 
        generate_asymmetric_keys(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_rsa);
-       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
 
        /* SIGN */
        {
@@ -848,7 +848,7 @@ BOOST_FIXTURE_TEST_CASE(T806__negative__sign_hmac, InitDebugFixture)
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 
        generate_asymmetric_keys(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_rsa);
-       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+       generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
 
        /* SIGN */
        {
diff --git a/tests/test_simple.cpp b/tests/test_simple.cpp
index e218cbf..6c10468 100644 (file)
--- a/tests/test_simple.cpp
+++ b/tests/test_simple.cpp
@@ -414,7 +414,7 @@ BOOST_FIXTURE_TEST_CASE(T307__negative__simple_calculate_verify_signature, InitD
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
        ret = yaca_key_extract_public(key_priv, &key_pub);
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
-       ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+       ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
        ret = yaca_key_generate(YACA_KEY_TYPE_EC_PRIV, YACA_KEY_LENGTH_EC_PRIME256V1, &key_ec);
        BOOST_REQUIRE(ret == YACA_ERROR_NONE);
Domain: Security / Utilities;