From fb2a6954fbfde3890deb572014f6d135808bf43b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 18 Sep 2020 10:41:58 +0100
Subject: [PATCH] Clean up some SM2 related TODOs in the tests

Now that we have full SM2 support, we can remove some TODOs from the tests.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12913)
---
 test/evp_extra_test.c          |  7 -------
 test/recipes/20-test_pkeyutl.t | 10 ++--------
 test/recipes/25-test_req.t     | 18 +++++-------------
 3 files changed, 7 insertions(+), 28 deletions(-)

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index afb9966bfa..b9fc84ea4a 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1070,13 +1070,6 @@ static int test_EVP_SM2(void)
         goto done;
 
     /* now check encryption/decryption */
-    /*
-     * SM2 public key encrytion is not moved into default provider yet,
-     * so we make sure the key gets downgraded for the moment being.
-     * TODO Remove this call when provided SM2 encryption is implemented
-     */
-    if (!TEST_ptr(EVP_PKEY_get0(pkey)))
-       goto done;
 
     if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
         goto done;
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 3c135630f7..19bc327758 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -24,20 +24,14 @@ SKIP: {
     skip "Skipping tests that require EC, SM2 or SM3", 2
         if disabled("ec") || disabled("sm2") || disabled("sm3");
 
-    # TODO(3.0) Remove this when we have a SM2 keymgmt and decoder
-    my @tmp_sm2_hack = qw(-engine loader_attic)
-        unless disabled('dynamic-engine') || disabled('deprecated-3.0');
-    skip "Skipping tests that require dynamic enginess (temporary meaasure)", 2
-        unless @tmp_sm2_hack;
-
     # SM2
-    ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, '-sign',
+    ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
                       '-inkey', srctop_file('test', 'certs', 'sm2.key'),
                       '-out', 'sm2.sig', '-rawin',
                       '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
                       "Sign a piece of data using SM2");
-    ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack,
+    ok_nofips(run(app(([ 'openssl', 'pkeyutl',
                       '-verify', '-certin',
                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
                       '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index b00b8c3404..8d26be2bf0 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -29,14 +29,6 @@ if (disabled("rsa")) {
     note("There should not be more that at most 80 per line");
 }
 
-# TODO(3.0) This should be removed as soon as missing support is added
-# Identified problems:
-# - SM2 lacks provider-native keymgmt and decoder
-# - ED25519, ED448, X25519 and X448 signature implementations do not
-#   respond to the "algorithm-id" parameter request.
-my @tmp_loader_hack = qw(-engine loader_attic)
-    unless disabled('dynamic-engine') || disabled('deprecated-3.0');
-
 # Check for duplicate -addext parameters, and one "working" case.
 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
     "-config", srctop_file("test", "test.cnf"), @req_new );
@@ -195,28 +187,28 @@ subtest "generating SM2 certificate requests" => sub {
 
     SKIP: {
         skip "SM2 is not supported by this OpenSSL build", 4
-        if disabled("sm2") || !@tmp_loader_hack;
-        ok(run(app(["openssl", "req", @tmp_loader_hack,
+        if disabled("sm2");
+        ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "distid:1234567812345678",
                     "-out", "testreq-sm2.pem", "-sm3"])),
            "Generating SM2 certificate request");
 
-        ok(run(app(["openssl", "req", @tmp_loader_hack,
+        ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq-sm2.pem", "-noout",
                     "-vfyopt", "distid:1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
 
-        ok(run(app(["openssl", "req", @tmp_loader_hack,
+        ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "hexdistid:DEADBEEF",
                     "-out", "testreq-sm2.pem", "-sm3"])),
            "Generating SM2 certificate request with hex id");
 
-        ok(run(app(["openssl", "req", @tmp_loader_hack,
+        ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq-sm2.pem", "-noout",
                     "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),