static int sign_and_verify(int len) { /* * Per FIPS 186-4, the hash is recommended to be the same length as q. * If the hash is longer than q, the leftmost N bits are used; if the hash * is shorter, then we left-pad (see appendix C.2.1). */ size_t sigLength; int digestlen = BN_num_bytes(DSA_get0_q(dsakey)); int ok = 0; unsigned char *dataToSign = OPENSSL_malloc(len); unsigned char *paddedData = OPENSSL_malloc(digestlen); unsigned char *signature = NULL; EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; if (!TEST_ptr(dataToSign) || !TEST_ptr(paddedData) || !TEST_int_eq(RAND_bytes(dataToSign, len), 1)) goto end; memset(paddedData, 0, digestlen); if (len > digestlen) memcpy(paddedData, dataToSign, digestlen); else memcpy(paddedData + digestlen - len, dataToSign, len); if (!TEST_ptr(pkey = EVP_PKEY_new())) goto end; EVP_PKEY_set1_DSA(pkey, dsakey); if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto end; if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1)) goto end; if (EVP_PKEY_sign(ctx, NULL, &sigLength, dataToSign, len) != 1) { TEST_error("Failed to get signature length, len=%d", len); goto end; } if (!TEST_ptr(signature = OPENSSL_malloc(sigLength))) goto end; if (EVP_PKEY_sign(ctx, signature, &sigLength, dataToSign, len) != 1) { TEST_error("Failed to sign, len=%d", len); goto end; } /* Check that the signature is okay via the EVP interface */ if (!TEST_int_eq(EVP_PKEY_verify_init(ctx), 1)) goto end; /* ... using the same data we just signed */ if (EVP_PKEY_verify(ctx, signature, sigLength, dataToSign, len) != 1) { TEST_error("EVP verify with unpadded length %d failed\n", len); goto end; } /* ... padding/truncating the data to the appropriate digest size */ if (EVP_PKEY_verify(ctx, signature, sigLength, paddedData, digestlen) != 1) { TEST_error("EVP verify with length %d failed\n", len); goto end; } /* Verify again using the raw DSA interface */ if (DSA_verify(0, dataToSign, len, signature, sigLength, dsakey) != 1) { TEST_error("Verification with unpadded data failed, len=%d", len); goto end; } if (DSA_verify(0, paddedData, digestlen, signature, sigLength, dsakey) != 1) { TEST_error("verify with length %d failed\n", len); goto end; } ok = 1; end: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); OPENSSL_free(signature); OPENSSL_free(paddedData); OPENSSL_free(dataToSign); return ok; }
static int test_sec_mem(void) { #if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) int testresult = 0; char *p = NULL, *q = NULL, *r = NULL, *s = NULL; s = OPENSSL_secure_malloc(20); /* s = non-secure 20 */ if (!TEST_ptr(s) || !TEST_false(CRYPTO_secure_allocated(s))) goto end; r = OPENSSL_secure_malloc(20); /* r = non-secure 20, s = non-secure 20 */ if (!TEST_ptr(r) || !TEST_true(CRYPTO_secure_malloc_init(4096, 32)) || !TEST_false(CRYPTO_secure_allocated(r))) goto end; p = OPENSSL_secure_malloc(20); if (!TEST_ptr(p) /* r = non-secure 20, p = secure 20, s = non-secure 20 */ || !TEST_true(CRYPTO_secure_allocated(p)) /* 20 secure -> 32-byte minimum allocation unit */ || !TEST_size_t_eq(CRYPTO_secure_used(), 32)) goto end; q = OPENSSL_malloc(20); if (!TEST_ptr(q)) goto end; /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */ if (!TEST_false(CRYPTO_secure_allocated(q))) goto end; OPENSSL_secure_clear_free(s, 20); s = OPENSSL_secure_malloc(20); if (!TEST_ptr(s) /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ || !TEST_true(CRYPTO_secure_allocated(s)) /* 2 * 20 secure -> 64 bytes allocated */ || !TEST_size_t_eq(CRYPTO_secure_used(), 64)) goto end; OPENSSL_secure_clear_free(p, 20); p = NULL; /* 20 secure -> 32 bytes allocated */ if (!TEST_size_t_eq(CRYPTO_secure_used(), 32)) goto end; OPENSSL_free(q); q = NULL; /* should not complete, as secure memory is still allocated */ if (!TEST_false(CRYPTO_secure_malloc_done()) || !TEST_true(CRYPTO_secure_malloc_initialized())) goto end; OPENSSL_secure_free(s); s = NULL; /* secure memory should now be 0, so done should complete */ if (!TEST_size_t_eq(CRYPTO_secure_used(), 0) || !TEST_true(CRYPTO_secure_malloc_done()) || !TEST_false(CRYPTO_secure_malloc_initialized())) goto end; TEST_info("Possible infinite loop: allocate more than available"); if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16))) goto end; TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); TEST_true(CRYPTO_secure_malloc_done()); /* * If init fails, then initialized should be false, if not, this * could cause an infinite loop secure_malloc, but we don't test it */ if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) && !TEST_false(CRYPTO_secure_malloc_initialized())) { TEST_true(CRYPTO_secure_malloc_done()); goto end; } /*- * There was also a possible infinite loop when the number of * elements was 1<<31, as |int i| was set to that, which is a * negative number. However, it requires minimum input values: * * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); * * Which really only works on 64-bit systems, since it took 16 GB * secure memory arena to trigger the problem. It naturally takes * corresponding amount of available virtual and physical memory * for test to be feasible/representative. Since we can't assume * that every system is equipped with that much memory, the test * remains disabled. If the reader of this comment really wants * to make sure that infinite loop is fixed, they can enable the * code below. */ # if 0 /*- * On Linux and BSD this test has a chance to complete in minimal * time and with minimum side effects, because mlock is likely to * fail because of RLIMIT_MEMLOCK, which is customarily [much] * smaller than 16GB. In other words Linux and BSD users can be * limited by virtual space alone... */ if (sizeof(size_t) > 4) { TEST_info("Possible infinite loop: 1<<31 limit"); if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) TEST_true(CRYPTO_secure_malloc_done()); } # endif /* this can complete - it was not really secure */ testresult = 1; end: OPENSSL_secure_free(p); OPENSSL_free(q); OPENSSL_secure_free(r); OPENSSL_secure_free(s); return testresult; #else /* Should fail. */ return TEST_false(CRYPTO_secure_malloc_init(4096, 32)); #endif }
static int test_builtin(void) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; const BIGNUM *sig_r, *sig_s; BIGNUM *modified_r = NULL, *modified_s = NULL; BIGNUM *unmodified_r = NULL, *unmodified_s = NULL; unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (!TEST_true(RAND_bytes(digest, 20)) || !TEST_true(RAND_bytes(wrong_digest, 20))) goto builtin_err; /* create and verify a ecdsa signature with every available curve */ /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) || !TEST_true(EC_get_builtin_curves(curves, crv_len))) goto builtin_err; /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4 || nid == NID_X25519) continue; /* create new ecdsa key (== EC_KEY) */ if (!TEST_ptr(eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(eckey, group))) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) { /* drop the curve */ EC_KEY_free(eckey); eckey = NULL; continue; } TEST_info("testing %s", OBJ_nid2sn(nid)); /* create key */ if (!TEST_true(EC_KEY_generate_key(eckey))) goto builtin_err; /* create second key */ if (!TEST_ptr(wrong_eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(wrong_eckey, group))) goto builtin_err; EC_GROUP_free(group); if (!TEST_true(EC_KEY_generate_key(wrong_eckey))) goto builtin_err; /* check key */ if (!TEST_true(EC_KEY_check_key(eckey))) goto builtin_err; /* create signature */ sig_len = ECDSA_size(eckey); if (!TEST_ptr(signature = OPENSSL_malloc(sig_len)) || !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))) goto builtin_err; /* verify signature */ if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* verify signature with the wrong key */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey), 1)) goto builtin_err; /* wrong digest */ if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* wrong length */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey), 1)) goto builtin_err; /* * Modify a single byte of the signature: to ensure we don't garble * the ASN1 structure, we read the raw signature and modify a byte in * one of the bignums directly. */ sig_ptr = signature; if (!TEST_ptr(ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len))) goto builtin_err; ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s); /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(sig_r); s_len = BN_num_bytes(sig_s); bn_len = (degree + 7) / 8; if (!TEST_false(r_len > bn_len) || !TEST_false(s_len > bn_len)) goto builtin_err; buf_len = 2 * bn_len; if (!TEST_ptr(raw_buf = OPENSSL_zalloc(buf_len))) goto builtin_err; BN_bn2bin(sig_r, raw_buf + bn_len - r_len); BN_bn2bin(sig_s, raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if (!TEST_ptr(modified_sig = ECDSA_SIG_new())) goto builtin_err; if (!TEST_ptr(modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, modified_r, modified_s))) { BN_free(modified_r); BN_free(modified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s))) { BN_free(unmodified_r); BN_free(unmodified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* cleanup */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; ECDSA_SIG_free(modified_sig); modified_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); ECDSA_SIG_free(ecdsa_sig); ECDSA_SIG_free(modified_sig); OPENSSL_free(signature); OPENSSL_free(raw_buf); OPENSSL_free(curves); return ret; }
static int test_EVP_PKEY_check(int i) { int ret = 0; const unsigned char *p; EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; #endif EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx2 = NULL; const APK_DATA *ak = &keycheckdata[i]; const unsigned char *input = ak->kder; size_t input_len = ak->size; int expected_id = ak->evptype; int expected_check = ak->check; int expected_pub_check = ak->pub_check; int expected_param_check = ak->param_check; int type = ak->type; BIO *pubkey = NULL; p = input; switch (type) { case 0: if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) || !TEST_ptr_eq(p, input + input_len) || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) goto done; break; #ifndef OPENSSL_NO_EC case 1: if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) || !TEST_ptr(pkey = EVP_PKEY_new()) || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) goto done; break; case 2: if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) || !TEST_ptr_eq(p, input + input_len) || !TEST_ptr(pkey = EVP_PKEY_new()) || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) goto done; break; #endif default: return 0; } if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) goto done; if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) goto done; if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) goto done; ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); /* assign the pkey directly, as an internal test */ EVP_PKEY_up_ref(pkey); ctx2->pkey = pkey; if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) goto done; if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) goto done; if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) goto done; ret = 1; done: EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx2); EVP_PKEY_free(pkey); BIO_free(pubkey); return ret; }
static int test_table(struct testdata *tbl, int idx) { int error = 0; ASN1_TIME atime; ASN1_TIME *ptime; struct testdata *td = &tbl[idx]; int day, sec; atime.data = (unsigned char*)td->data; atime.length = strlen((char*)atime.data); atime.type = td->type; atime.flags = 0; if (!TEST_int_eq(ASN1_TIME_check(&atime), td->check_result)) { TEST_info("ASN1_TIME_check(%s) unexpected result", atime.data); error = 1; } if (td->check_result == 0) return 1; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, td->t), 0)) { TEST_info("ASN1_TIME_cmp_time_t(%s vs %ld) compare failed", atime.data, (long)td->t); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, &atime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to self failed", atime.data); error = 1; } if (!TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(%s) to self not equal", atime.data); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, >ime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to baseline failed", atime.data); error = 1; } else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) || (td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) || (td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) { TEST_info("ASN1_TIME_diff(%s) to baseline bad comparison", atime.data); error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) to baseline bad comparison", atime.data); error = 1; } ptime = ASN1_TIME_set(NULL, td->t); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_set(%ld) failed", (long)td->t); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_set(%ld) compare failed (%s->%s)", (long)td->t, td->data, ptime->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set(%ld) unexpected type", (long)td->t); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string_gmt(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_normalize(ptime), td->check_result)) { TEST_info("ASN1_TIME_normalize(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set_string_gmt(%s) unexpected type", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string_gmt() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string_gnt() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string_gmt() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string(%s) failed", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } if (td->type == V_ASN1_UTCTIME) { ptime = ASN1_TIME_to_generalizedtime(&atime, NULL); if (td->convert_result == 1 && !TEST_ptr(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) failed", atime.data); error = 1; } else if (td->convert_result == 0 && !TEST_ptr_null(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) should have failed", atime.data); error = 1; } if (ptime != NULL && !TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_to_generalizedtime(%s->%s) bad result", atime.data, ptime->data); error = 1; } ASN1_TIME_free(ptime); } /* else cannot simply convert GENERALIZEDTIME to UTCTIME */ if (error) TEST_error("atime=%s", atime.data); return !error; }
static int test_param_construct(void) { static const char *int_names[] = { "int", "long", "int32", "int64" }; static const char *uint_names[] = { "uint", "ulong", "uint32", "uint64", "size_t" }; static const unsigned char bn_val[16] = { 0xac, 0x75, 0x22, 0x7d, 0x81, 0x06, 0x7a, 0x23, 0xa6, 0xed, 0x87, 0xc7, 0xab, 0xf4, 0x73, 0x22 }; OSSL_PARAM params[20]; char buf[100], buf2[100], *bufp, *bufp2; unsigned char ubuf[100]; void *vp, *vpn = NULL, *vp2; OSSL_PARAM *p; const OSSL_PARAM *cp; static const OSSL_PARAM pend = OSSL_PARAM_END; int i, n = 0, ret = 0; unsigned int u; long int l; unsigned long int ul; int32_t i32; uint32_t u32; int64_t i64; uint64_t u64; size_t j, k, s, sz; double d, d2; BIGNUM *bn = NULL, *bn2 = NULL; params[n++] = OSSL_PARAM_construct_int("int", &i, &sz); params[n++] = OSSL_PARAM_construct_uint("uint", &u, &sz); params[n++] = OSSL_PARAM_construct_long("long", &l, &sz); params[n++] = OSSL_PARAM_construct_ulong("ulong", &ul, &sz); params[n++] = OSSL_PARAM_construct_int32("int32", &i32, &sz); params[n++] = OSSL_PARAM_construct_int64("int64", &i64, &sz); params[n++] = OSSL_PARAM_construct_uint32("uint32", &u32, &sz); params[n++] = OSSL_PARAM_construct_uint64("uint64", &u64, &sz); params[n++] = OSSL_PARAM_construct_size_t("size_t", &s, &sz); params[n++] = OSSL_PARAM_construct_double("double", &d, &sz); params[n++] = OSSL_PARAM_construct_BN("bignum", ubuf, sizeof(ubuf), &sz); params[n++] = OSSL_PARAM_construct_utf8_string("utf8str", buf, sizeof(buf), &sz); params[n++] = OSSL_PARAM_construct_octet_string("octstr", buf, sizeof(buf), &sz); params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", &bufp, &sz); params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, &sz); params[n] = pend; /* Search failure */ if (!TEST_ptr_null(OSSL_PARAM_locate(params, "fnord"))) goto err; /* All signed integral types */ for (j = 0; j < OSSL_NELEM(int_names); j++) { if (!TEST_ptr(cp = OSSL_PARAM_locate(params, int_names[j])) || !TEST_true(OSSL_PARAM_set_int32(cp, (int32_t)(3 + j))) || !TEST_true(OSSL_PARAM_get_int64(cp, &i64)) || !TEST_size_t_eq(cp->data_size, sz) || !TEST_size_t_eq((size_t)i64, 3 + j)) { TEST_note("iteration %zu var %s", j + 1, int_names[j]); goto err; } } /* All unsigned integral types */ for (j = 0; j < OSSL_NELEM(uint_names); j++) { if (!TEST_ptr(cp = OSSL_PARAM_locate(params, uint_names[j])) || !TEST_true(OSSL_PARAM_set_uint32(cp, (uint32_t)(3 + j))) || !TEST_true(OSSL_PARAM_get_uint64(cp, &u64)) || !TEST_size_t_eq(cp->data_size, sz) || !TEST_size_t_eq((size_t)u64, 3 + j)) { TEST_note("iteration %zu var %s", j + 1, uint_names[j]); goto err; } } /* Real */ if (!TEST_ptr(cp = OSSL_PARAM_locate(params, "double")) || !TEST_true(OSSL_PARAM_set_double(cp, 3.14)) || !TEST_true(OSSL_PARAM_get_double(cp, &d2)) || !TEST_size_t_eq(sz, sizeof(double)) || !TEST_double_eq(d, d2)) goto err; /* UTF8 string */ bufp = NULL; if (!TEST_ptr(cp = OSSL_PARAM_locate(params, "utf8str")) || !TEST_true(OSSL_PARAM_set_utf8_string(cp, "abcdef")) || !TEST_size_t_eq(sz, sizeof("abcdef")) || !TEST_true(OSSL_PARAM_get_utf8_string(cp, &bufp, 0)) || !TEST_str_eq(bufp, "abcdef")) goto err; OPENSSL_free(bufp); bufp = buf2; if (!TEST_true(OSSL_PARAM_get_utf8_string(cp, &bufp, sizeof(buf2))) || !TEST_str_eq(buf2, "abcdef")) goto err; /* UTF8 pointer */ bufp = buf; sz = 0; if (!TEST_ptr(cp = OSSL_PARAM_locate(params, "utf8ptr")) || !TEST_true(OSSL_PARAM_set_utf8_ptr(cp, "tuvwxyz")) || !TEST_size_t_eq(sz, sizeof("tuvwxyz")) || !TEST_str_eq(bufp, "tuvwxyz") || !TEST_true(OSSL_PARAM_get_utf8_ptr(cp, (const char **)&bufp2)) || !TEST_ptr_eq(bufp2, bufp)) goto err; /* OCTET string */ if (!TEST_ptr(p = locate(params, "octstr")) || !TEST_true(OSSL_PARAM_set_octet_string(p, "abcdefghi", sizeof("abcdefghi"))) || !TEST_size_t_eq(sz, sizeof("abcdefghi"))) goto err; /* Match the return size to avoid trailing garbage bytes */ p->data_size = *p->return_size; if (!TEST_true(OSSL_PARAM_get_octet_string(p, &vpn, 0, &s)) || !TEST_size_t_eq(s, sizeof("abcdefghi")) || !TEST_mem_eq(vpn, sizeof("abcdefghi"), "abcdefghi", sizeof("abcdefghi"))) goto err; vp = buf2; if (!TEST_true(OSSL_PARAM_get_octet_string(p, &vp, sizeof(buf2), &s)) || !TEST_size_t_eq(s, sizeof("abcdefghi")) || !TEST_mem_eq(vp, sizeof("abcdefghi"), "abcdefghi", sizeof("abcdefghi"))) goto err; /* OCTET pointer */ vp = &l; sz = 0; if (!TEST_ptr(p = locate(params, "octptr")) || !TEST_true(OSSL_PARAM_set_octet_ptr(p, &ul, sizeof(ul))) || !TEST_size_t_eq(sz, sizeof(ul)) || !TEST_ptr_eq(vp, &ul)) goto err; /* Match the return size to avoid trailing garbage bytes */ p->data_size = *p->return_size; if (!TEST_true(OSSL_PARAM_get_octet_ptr(p, (const void **)&vp2, &k)) || !TEST_size_t_eq(k, sizeof(ul)) || !TEST_ptr_eq(vp2, vp)) goto err; /* BIGNUM */ if (!TEST_ptr(p = locate(params, "bignum")) || !TEST_ptr(bn = BN_lebin2bn(bn_val, (int)sizeof(bn_val), NULL)) || !TEST_true(OSSL_PARAM_set_BN(p, bn)) || !TEST_size_t_eq(sz, sizeof(bn_val))) goto err; /* Match the return size to avoid trailing garbage bytes */ p->data_size = *p->return_size; if(!TEST_true(OSSL_PARAM_get_BN(p, &bn2)) || !TEST_BN_eq(bn, bn2)) goto err; ret = 1; err: OPENSSL_free(vpn); BN_free(bn); BN_free(bn2); return ret; }
static int test_EVP_SM2_verify(void) { /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ const char *pubkey = "-----BEGIN PUBLIC KEY-----\n" "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" "-----END PUBLIC KEY-----\n"; const char *msg = "message digest"; const char *id = "*****@*****.**"; const uint8_t signature[] = { 0x30, 0x44, 0x02, 0x20, 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 0x02, 0x20, 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 }; int rc = 0; BIO *bio = NULL; EVP_PKEY *pkey = NULL; EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); if (!TEST_true(bio != NULL)) goto done; pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); if (!TEST_true(pkey != NULL)) goto done; if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) goto done; if (!TEST_ptr(mctx = EVP_MD_CTX_new())) goto done; if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, strlen(id)), 0)) goto done; EVP_MD_CTX_set_pkey_ctx(mctx, pctx); if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) goto done; if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) goto done; if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) goto done; rc = 1; done: BIO_free(bio); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(mctx); return rc; }
static int test_client_hello(int currtest) { SSL_CTX *ctx; SSL *con = NULL; BIO *rbio; BIO *wbio; long len; unsigned char *data; PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}; char *dummytick = "Hello World!"; unsigned int type = 0; int testresult = 0; size_t msglen; BIO *sessbio = NULL; SSL_SESSION *sess = NULL; #ifdef OPENSSL_NO_TLS1_3 if (currtest == TEST_ADD_PADDING_AND_PSK) return 1; #endif /* * For each test set up an SSL_CTX and SSL and see what ClientHello gets * produced when we try to connect */ ctx = SSL_CTX_new(TLS_method()); if (!TEST_ptr(ctx)) goto end; switch(currtest) { case TEST_SET_SESSION_TICK_DATA_VER_NEG: /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))) goto end; break; case TEST_ADD_PADDING_AND_PSK: case TEST_ADD_PADDING: case TEST_PADDING_NOT_NEEDED: SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); /* * Add lots of ciphersuites so that the ClientHello is at least * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be * needed. Also add some dummy ALPN protocols in case we still don't * have enough. */ if (currtest == TEST_ADD_PADDING && (!TEST_true(SSL_CTX_set_cipher_list(ctx, "ALL")) || !TEST_false(SSL_CTX_set_alpn_protos(ctx, (unsigned char *)alpn_prots, sizeof(alpn_prots) - 1)))) goto end; break; default: goto end; } con = SSL_new(ctx); if (!TEST_ptr(con)) goto end; if (currtest == TEST_ADD_PADDING_AND_PSK) { sessbio = BIO_new_file(sessionfile, "r"); if (!TEST_ptr(sessbio)) { TEST_info("Unable to open session.pem"); goto end; } sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL); if (!TEST_ptr(sess)) { TEST_info("Unable to load SSL_SESSION"); goto end; } /* * We reset the creation time so that we don't discard the session as * too old. */ if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL))) || !TEST_true(SSL_set_session(con, sess))) goto end; } rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { BIO_free(rbio); BIO_free(wbio); goto end; } SSL_set_bio(con, rbio, wbio); SSL_set_connect_state(con); if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { if (!TEST_true(SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))) goto end; } if (!TEST_int_le(SSL_connect(con), 0)) { /* This shouldn't succeed because we don't have a server! */ goto end; } len = BIO_get_mem_data(wbio, (char **)&data); if (!TEST_true(PACKET_buf_init(&pkt, data, len)) /* Skip the record header */ || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) goto end; msglen = PACKET_remaining(&pkt); /* Skip the handshake message header */ if (!TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) /* Skip client version and random */ || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) /* Skip session id */ || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) /* Skip ciphers */ || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) /* Skip compression */ || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) /* Extensions len */ || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) goto end; /* Loop through all extensions */ while (PACKET_remaining(&pkt2)) { if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) goto end; if (type == TLSEXT_TYPE_session_ticket) { if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { if (TEST_true(PACKET_equal(&pkt3, dummytick, strlen(dummytick)))) { /* Ticket data is as we expected */ testresult = 1; } goto end; } } if (type == TLSEXT_TYPE_padding) { if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED)) goto end; else if (TEST_true(currtest == TEST_ADD_PADDING || currtest == TEST_ADD_PADDING_AND_PSK)) testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN); } } if (currtest == TEST_PADDING_NOT_NEEDED) testresult = 1; end: SSL_free(con); SSL_CTX_free(ctx); SSL_SESSION_free(sess); BIO_free(sessbio); return testresult; }
int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type) { MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); MEMPACKET *thispkt, *looppkt, *nextpkt; int i; if (ctx == NULL) return -1; /* We only allow injection before we've started writing any data */ if (pktnum >= 0) { if (ctx->noinject) return -1; } else { ctx->noinject = 1; } if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt)))) return -1; if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) { mempacket_free(thispkt); return -1; } memcpy(thispkt->data, in, inl); thispkt->len = inl; thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt; thispkt->type = type; for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { /* Check if we found the right place to insert this packet */ if (looppkt->num > thispkt->num) { if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) { mempacket_free(thispkt); return -1; } /* If we're doing up front injection then we're done */ if (pktnum >= 0) return inl; /* * We need to do some accounting on lastpkt. We increment it first, * but it might now equal the value of injected packets, so we need * to skip over those */ ctx->lastpkt++; do { i++; nextpkt = sk_MEMPACKET_value(ctx->pkts, i); if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) ctx->lastpkt++; else return inl; } while(1); } else if (looppkt->num == thispkt->num) { if (!ctx->noinject) { /* We injected two packets with the same packet number! */ return -1; } ctx->lastpkt++; thispkt->num++; } } /* * We didn't find any packets with a packet number equal to or greater than * this one, so we just add it onto the end */ if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) { mempacket_free(thispkt); return -1; } if (pktnum < 0) ctx->lastpkt++; return inl; }
static int rfc5114_test(void) { int i; DH *dhA = NULL; DH *dhB = NULL; unsigned char *Z1 = NULL; unsigned char *Z2 = NULL; const rfc5114_td *td = NULL; BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL; const BIGNUM *pub_key_tmp; for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) { td = rfctd + i; /* Set up DH structures setting key components */ if (!TEST_ptr(dhA = td->get_param()) || !TEST_ptr(dhB = td->get_param())) goto bad_err; if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL)) || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL)) || !TEST_true(DH_set0_key(dhA, pub_key, priv_key))) goto bad_err; if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL)) || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL)) || !TEST_true( DH_set0_key(dhB, pub_key, priv_key))) goto bad_err; priv_key = pub_key = NULL; if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA)) || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB))) goto err; if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))) || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB)))) goto bad_err; /* * Work out shared secrets using both sides and compare with expected * values. */ DH_get0_key(dhB, &pub_key_tmp, NULL); if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1)) goto bad_err; DH_get0_key(dhA, &pub_key_tmp, NULL); if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1)) goto bad_err; if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len) || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len)) goto err; DH_free(dhA); dhA = NULL; DH_free(dhB); dhB = NULL; OPENSSL_free(Z1); Z1 = NULL; OPENSSL_free(Z2); Z2 = NULL; } /* Now i == OSSL_NELEM(rfctd) */ /* RFC5114 uses unsafe primes, so now test an invalid y value */ if (!TEST_ptr(dhA = DH_get_2048_224()) || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))) goto bad_err; if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y, sizeof(dhtest_rfc5114_2048_224_bad_y), NULL))) goto bad_err; if (!DH_generate_key(dhA)) goto bad_err; if (DH_compute_key(Z1, bady, dhA) != -1) { /* * DH_compute_key should fail with -1. If we get here we unexpectedly * allowed an invalid y value */ goto err; } /* We'll have a stale error on the queue from the above test so clear it */ ERR_clear_error(); BN_free(bady); DH_free(dhA); OPENSSL_free(Z1); return 1; bad_err: BN_free(bady); DH_free(dhA); DH_free(dhB); BN_free(pub_key); BN_free(priv_key); OPENSSL_free(Z1); OPENSSL_free(Z2); TEST_error("Initialisation error RFC5114 set %d\n", i + 1); return 0; err: BN_free(bady); DH_free(dhA); DH_free(dhB); OPENSSL_free(Z1); OPENSSL_free(Z2); TEST_error("Test failed RFC5114 set %d\n", i + 1); return 0; }
static int test_handshake_secrets(void) { SSL_CTX *ctx = NULL; SSL *s = NULL; int ret = 0; size_t hashsize; unsigned char out_master_secret[EVP_MAX_MD_SIZE]; size_t master_secret_length; ctx = SSL_CTX_new(TLS_method()); if (!TEST_ptr(ctx)) goto err; s = SSL_new(ctx); if (!TEST_ptr(s )) goto err; s->session = SSL_SESSION_new(); if (!TEST_ptr(s->session)) goto err; if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0, (unsigned char *)&s->early_secret))) { TEST_info("Early secret generation failed"); goto err; } if (!TEST_mem_eq(s->early_secret, sizeof(early_secret), early_secret, sizeof(early_secret))) { TEST_info("Early secret does not match"); goto err; } if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret, sizeof(ecdhe_secret)))) { TEST_info("Handshake secret generation failed"); goto err; } if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret), handshake_secret, sizeof(handshake_secret))) goto err; hashsize = EVP_MD_size(ssl_handshake_md(s)); if (!TEST_size_t_eq(sizeof(client_hts), hashsize)) goto err; if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN)) goto err; if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN)) goto err; if (!TEST_true(test_secret(s, s->handshake_secret, (unsigned char *)client_hts_label, strlen(client_hts_label), client_hts, client_hts_key, client_hts_iv))) { TEST_info("Client handshake secret test failed"); goto err; } if (!TEST_size_t_eq(sizeof(server_hts), hashsize)) goto err; if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN)) goto err; if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN)) goto err; if (!TEST_true(test_secret(s, s->handshake_secret, (unsigned char *)server_hts_label, strlen(server_hts_label), server_hts, server_hts_key, server_hts_iv))) { TEST_info("Server handshake secret test failed"); goto err; } /* * Ensure the mocked out ssl_handshake_hash() returns the full handshake * hash. */ full_hash = 1; if (!TEST_true(tls13_generate_master_secret(s, out_master_secret, s->handshake_secret, hashsize, &master_secret_length))) { TEST_info("Master secret generation failed"); goto err; } if (!TEST_mem_eq(out_master_secret, master_secret_length, master_secret, sizeof(master_secret))) { TEST_info("Master secret does not match"); goto err; } if (!TEST_size_t_eq(sizeof(client_ats), hashsize)) goto err; if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN)) goto err; if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN)) goto err; if (!TEST_true(test_secret(s, out_master_secret, (unsigned char *)client_ats_label, strlen(client_ats_label), client_ats, client_ats_key, client_ats_iv))) { TEST_info("Client application data secret test failed"); goto err; } if (!TEST_size_t_eq(sizeof(server_ats), hashsize)) goto err; if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN)) goto err; if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN)) goto err; if (!TEST_true(test_secret(s, out_master_secret, (unsigned char *)server_ats_label, strlen(server_ats_label), server_ats, server_ats_key, server_ats_iv))) { TEST_info("Server application data secret test failed"); goto err; } ret = 1; err: SSL_free(s); SSL_CTX_free(ctx); return ret; }
static int dh_test(void) { BN_GENCB *_cb = NULL; DH *a = NULL; DH *b = NULL; const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL; const BIGNUM *bpub_key = NULL; BIGNUM *bp = NULL, *bg = NULL; unsigned char *abuf = NULL; unsigned char *bbuf = NULL; int i, alen, blen, aout, bout; int ret = 0; RAND_seed(rnd_seed, sizeof rnd_seed); if (!TEST_ptr(_cb = BN_GENCB_new())) goto err; BN_GENCB_set(_cb, &cb, NULL); if (!TEST_ptr(a = DH_new()) || !TEST_true(DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))) goto err; if (!DH_check(a, &i)) goto err; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) goto err; DH_get0_pqg(a, &ap, NULL, &ag); if (!TEST_ptr(b = DH_new())) goto err; if (!TEST_ptr(bp = BN_dup(ap)) || !TEST_ptr(bg = BN_dup(ag)) || !TEST_true(DH_set0_pqg(b, bp, NULL, bg))) goto err; bp = bg = NULL; if (!DH_generate_key(a)) goto err; DH_get0_key(a, &apub_key, NULL); if (!DH_generate_key(b)) goto err; DH_get0_key(b, &bpub_key, NULL); alen = DH_size(a); if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) goto err; blen = DH_size(b); if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) goto err; if (!TEST_true(aout >= 4) || !TEST_mem_eq(abuf, aout, bbuf, bout)) goto err; ret = 1; err: OPENSSL_free(abuf); OPENSSL_free(bbuf); DH_free(b); DH_free(a); BN_free(bp); BN_free(bg); BN_GENCB_free(_cb); return ret; }
static int run_srp(const char *username, const char *client_pass, const char *server_pass) { int ret = 0; BIGNUM *s = NULL; BIGNUM *v = NULL; BIGNUM *a = NULL; BIGNUM *b = NULL; BIGNUM *u = NULL; BIGNUM *x = NULL; BIGNUM *Apub = NULL; BIGNUM *Bpub = NULL; BIGNUM *Kclient = NULL; BIGNUM *Kserver = NULL; unsigned char rand_tmp[RANDOM_SIZE]; /* use builtin 1024-bit params */ const SRP_gN *GN; if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) return 0; /* Set up server's password entry */ if (!TEST_true(SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g))) goto end; showbn("N", GN->N); showbn("g", GN->g); showbn("Salt", s); showbn("Verifier", v); /* Server random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); if (!TEST_BN_ne_zero(b)) goto end; showbn("b", b); /* Server's first message */ Bpub = SRP_Calc_B(b, GN->N, GN->g, v); showbn("B", Bpub); if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) goto end; /* Client random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); if (!TEST_BN_ne_zero(a)) goto end; showbn("a", a); /* Client's response */ Apub = SRP_Calc_A(a, GN->N, GN->g); showbn("A", Apub); if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) goto end; /* Both sides calculate u */ u = SRP_Calc_u(Apub, Bpub, GN->N); /* Client's key */ x = SRP_Calc_x(s, username, client_pass); Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); showbn("Client's key", Kclient); /* Server's key */ Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); showbn("Server's key", Kserver); if (!TEST_BN_eq(Kclient, Kserver)) goto end; ret = 1; end: BN_clear_free(Kclient); BN_clear_free(Kserver); BN_clear_free(x); BN_free(u); BN_free(Apub); BN_clear_free(a); BN_free(Bpub); BN_clear_free(b); BN_free(s); BN_clear_free(v); return ret; }
/* SRP test vectors from RFC5054 */ static int run_srp_kat(void) { int ret = 0; BIGNUM *s = NULL; BIGNUM *v = NULL; BIGNUM *a = NULL; BIGNUM *b = NULL; BIGNUM *u = NULL; BIGNUM *x = NULL; BIGNUM *Apub = NULL; BIGNUM *Bpub = NULL; BIGNUM *Kclient = NULL; BIGNUM *Kserver = NULL; /* use builtin 1024-bit params */ const SRP_gN *GN; if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) goto err; BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); /* Set up server's password entry */ if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, GN->g))) goto err; if (!TEST_true(check_bn("v", v, "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" "E955A5E29E7AB245DB2BE315E2099AFB"))) goto err; /* Server random */ BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" "05284D20"); /* Server's first message */ Bpub = SRP_Calc_B(b, GN->N, GN->g, v); if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) goto err; if (!TEST_true(check_bn("B", Bpub, "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" "EB4012B7D7665238A8E3FB004B117B58"))) goto err; /* Client random */ BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" "DA2D4393"); /* Client's response */ Apub = SRP_Calc_A(a, GN->N, GN->g); if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) goto err; if (!TEST_true(check_bn("A", Apub, "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" "B349EF5D76988A3672FAC47B0769447B"))) goto err; /* Both sides calculate u */ u = SRP_Calc_u(Apub, Bpub, GN->N); if (!TEST_true(check_bn("u", u, "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) goto err; /* Client's key */ x = SRP_Calc_x(s, "alice", "password123"); Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); if (!TEST_true(check_bn("Client's key", Kclient, "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; /* Server's key */ Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); if (!TEST_true(check_bn("Server's key", Kserver, "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; ret = 1; err: BN_clear_free(Kclient); BN_clear_free(Kserver); BN_clear_free(x); BN_free(u); BN_free(Apub); BN_clear_free(a); BN_free(Bpub); BN_clear_free(b); BN_free(s); BN_clear_free(v); return ret; }
static int test_invalid_keypair(void) { int ret = 0; RSA *key = NULL; BN_CTX *ctx = NULL; BIGNUM *p = NULL, *q = NULL, *n = NULL, *e = NULL, *d = NULL; ret = TEST_ptr(key = RSA_new()) && TEST_ptr(ctx = BN_CTX_new()) /* NULL parameters */ && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) /* load key */ && TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p))) && TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q))) && TEST_true(RSA_set0_factors(key, p, q)); if (!ret) { BN_free(p); BN_free(q); goto end; } ret = TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) && TEST_true(RSA_set0_key(key, n, e, d)); if (!ret) { BN_free(e); BN_free(n); BN_free(d); goto end; } /* bad strength/key size */ ret = TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 100, 2048)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 112, 1024)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 128, 2048)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 140, 3072)) /* mismatching exponent */ && TEST_false(rsa_sp800_56b_check_keypair(key, BN_value_one(), -1, 2048)) /* bad exponent */ && TEST_true(BN_add_word(e, 1)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_true(BN_sub_word(e, 1)) /* mismatch between bits and modulus */ && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 3072)) && TEST_true(rsa_sp800_56b_check_keypair(key, e, 112, 2048)) /* check n == pq failure */ && TEST_true(BN_add_word(n, 1)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_true(BN_sub_word(n, 1)) /* check p */ && TEST_true(BN_sub_word(p, 2)) && TEST_true(BN_mul(n, p, q, ctx)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_true(BN_add_word(p, 2)) && TEST_true(BN_mul(n, p, q, ctx)) /* check q */ && TEST_true(BN_sub_word(q, 2)) && TEST_true(BN_mul(n, p, q, ctx)) && TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_true(BN_add_word(q, 2)) && TEST_true(BN_mul(n, p, q, ctx)); end: RSA_free(key); BN_CTX_free(ctx); return ret; }
static int test_dtls_drop_records(int idx) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; BIO *c_to_s_fbio, *mempackbio; int testresult = 0; int epoch = 0; SSL_SESSION *sess = NULL; int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0; if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx, cert, privkey))) return 0; if (idx >= TOTAL_FULL_HAND_RECORDS) { /* We're going to do a resumption handshake. Get a session first. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) || !TEST_ptr(sess = SSL_get1_session(clientssl))) goto end; SSL_shutdown(clientssl); SSL_shutdown(serverssl); SSL_free(serverssl); SSL_free(clientssl); serverssl = clientssl = NULL; cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS; cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS; srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS; idx -= TOTAL_FULL_HAND_RECORDS; } else { cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS; cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS; srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS; } c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); if (!TEST_ptr(c_to_s_fbio)) goto end; /* BIO is freed by create_ssl_connection on error */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, c_to_s_fbio))) goto end; if (sess != NULL) { if (!TEST_true(SSL_set_session(clientssl, sess))) goto end; } DTLS_set_timer_cb(clientssl, timer_cb); DTLS_set_timer_cb(serverssl, timer_cb); /* Work out which record to drop based on the test number */ if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) { mempackbio = SSL_get_wbio(serverssl); idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1; if (idx >= srv_to_cli_epoch0) { epoch = 1; idx -= srv_to_cli_epoch0; } } else { mempackbio = SSL_get_wbio(clientssl); if (idx >= cli_to_srv_epoch0) { epoch = 1; idx -= cli_to_srv_epoch0; } mempackbio = BIO_next(mempackbio); } BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL); BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL); if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; if (sess != NULL && !TEST_true(SSL_session_reused(clientssl))) goto end; /* If the test did what we planned then it should have dropped a record */ if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0, NULL), -1)) goto end; testresult = 1; end: SSL_SESSION_free(sess); SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; }
static int test_x509_check_cert_pkey(void) { BIO *bio = NULL; X509 *x509 = NULL; X509_REQ *x509_req = NULL; EVP_PKEY *pkey = NULL; int ret = 0, type = 0, expected = 0, result = 0; /* * we check them first thus if fails we don't need to do * those PEM parsing operations. */ if (strcmp(t, "cert") == 0) { type = 1; } else if (strcmp(t, "req") == 0) { type = 2; } else { TEST_error("invalid 'type'"); goto failed; } if (strcmp(e, "ok") == 0) { expected = 1; } else if (strcmp(e, "failed") == 0) { expected = 0; } else { TEST_error("invalid 'expected'"); goto failed; } /* process private key */ if (!TEST_ptr(bio = BIO_new_file(k, "r"))) goto failed; if (!TEST_ptr(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))) goto failed; BIO_free(bio); /* process cert or cert request, use the same local var */ if (!TEST_ptr(bio = BIO_new_file(c, "r"))) goto failed; switch (type) { case 1: x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (x509 == NULL) { TEST_error("read PEM x509 failed"); goto failed; } result = X509_check_private_key(x509, pkey); break; case 2: x509_req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL); if (x509_req == NULL) { TEST_error("read PEM x509 req failed"); goto failed; } result = X509_REQ_check_private_key(x509_req, pkey); break; default: /* should never be here */ break; } if (!TEST_int_eq(result, expected)) { TEST_error("check private key: expected: %d, got: %d", expected, result); goto failed; } ret = 1; failed: BIO_free(bio); X509_free(x509); X509_REQ_free(x509_req); EVP_PKEY_free(pkey); return ret; }
static int test_mod_exp(int round) { BN_CTX *ctx; unsigned char c; int ret = 0; BIGNUM *r_mont = NULL; BIGNUM *r_mont_const = NULL; BIGNUM *r_recp = NULL; BIGNUM *r_simple = NULL; BIGNUM *a = NULL; BIGNUM *b = NULL; BIGNUM *m = NULL; if (!TEST_ptr(ctx = BN_CTX_new())) goto err; if (!TEST_ptr(r_mont = BN_new()) || !TEST_ptr(r_mont_const = BN_new()) || !TEST_ptr(r_recp = BN_new()) || !TEST_ptr(r_simple = BN_new()) || !TEST_ptr(a = BN_new()) || !TEST_ptr(b = BN_new()) || !TEST_ptr(m = BN_new())) goto err; RAND_bytes(&c, 1); c = (c % BN_BITS) - BN_BITS2; BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); RAND_bytes(&c, 1); c = (c % BN_BITS) - BN_BITS2; BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); RAND_bytes(&c, 1); c = (c % BN_BITS) - BN_BITS2; BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD); if (!TEST_true(BN_mod(a, a, m, ctx)) || !TEST_true(BN_mod(b, b, m, ctx)) || !TEST_true(BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL)) || !TEST_true(BN_mod_exp_recp(r_recp, a, b, m, ctx)) || !TEST_true(BN_mod_exp_simple(r_simple, a, b, m, ctx)) || !TEST_true(BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL))) goto err; if (!TEST_BN_eq(r_simple, r_mont) || !TEST_BN_eq(r_simple, r_recp) || !TEST_BN_eq(r_simple, r_mont_const)) { if (BN_cmp(r_simple, r_mont) != 0) TEST_info("simple and mont results differ"); if (BN_cmp(r_simple, r_mont_const) != 0) TEST_info("simple and mont const time results differ"); if (BN_cmp(r_simple, r_recp) != 0) TEST_info("simple and recp results differ"); BN_print_var(a); BN_print_var(b); BN_print_var(m); BN_print_var(r_simple); BN_print_var(r_recp); BN_print_var(r_mont); BN_print_var(r_mont_const); goto err; } ret = 1; err: BN_free(r_mont); BN_free(r_mont_const); BN_free(r_recp); BN_free(r_simple); BN_free(a); BN_free(b); BN_free(m); BN_CTX_free(ctx); return ret; }
static int test_fatalerr(void) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *sssl = NULL, *cssl = NULL; const char *msg = "Dummy"; BIO *wbio = NULL; int ret = 0, len; char buf[80]; unsigned char dummyrec[] = { 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' }; if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto err; /* * Deliberately set the cipher lists for client and server to be different * to force a handshake failure. */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA")) || !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) || !TEST_true(SSL_CTX_set_ciphersuites(sctx, "TLS_AES_128_GCM_SHA256")) || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384")) || !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL))) goto err; wbio = SSL_get_wbio(cssl); if (!TEST_ptr(wbio)) { printf("Unexpected NULL bio received\n"); goto err; } /* Connection should fail */ if (!TEST_false(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE))) goto err; ERR_clear_error(); /* Inject a plaintext record from client to server */ if (!TEST_int_gt(BIO_write(wbio, dummyrec, sizeof(dummyrec)), 0)) goto err; /* SSL_read()/SSL_write should fail because of a previous fatal error */ if (!TEST_int_le(len = SSL_read(sssl, buf, sizeof(buf) - 1), 0)) { buf[len] = '\0'; TEST_error("Unexpected success reading data: %s\n", buf); goto err; } if (!TEST_int_le(SSL_write(sssl, msg, strlen(msg)), 0)) goto err; ret = 1; err: SSL_free(sssl); SSL_free(cssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return ret; }
/* * test_mod_exp_zero tests that x**0 mod 1 == 0. It returns zero on success. */ static int test_mod_exp_zero(void) { BIGNUM *a = NULL, *p = NULL, *m = NULL; BIGNUM *r = NULL; BN_ULONG one_word = 1; BN_CTX *ctx = BN_CTX_new(); int ret = 1, failed = 0; if (!TEST_ptr(m = BN_new()) || !TEST_ptr(a = BN_new()) || !TEST_ptr(p = BN_new()) || !TEST_ptr(r = BN_new())) goto err; BN_one(m); BN_one(a); BN_zero(p); if (!TEST_true(BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))) goto err; if (!TEST_true(BN_mod_exp(r, a, p, m, ctx))) goto err; if (!TEST_true(a_is_zero_mod_one("BN_mod_exp", r, a))) failed = 1; if (!TEST_true(BN_mod_exp_recp(r, a, p, m, ctx))) goto err; if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_recp", r, a))) failed = 1; if (!TEST_true(BN_mod_exp_simple(r, a, p, m, ctx))) goto err; if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_simple", r, a))) failed = 1; if (!TEST_true(BN_mod_exp_mont(r, a, p, m, ctx, NULL))) goto err; if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a))) failed = 1; if (!TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL))) goto err; if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) failed = 1; /* * A different codepath exists for single word multiplication * in non-constant-time only. */ if (!TEST_true(BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL))) goto err; if (!TEST_BN_eq_zero(r)) { TEST_error("BN_mod_exp_mont_word failed: " "1 ** 0 mod 1 = r (should be 0)"); BN_print_var(r); goto err; } ret = !failed; err: BN_free(r); BN_free(a); BN_free(p); BN_free(m); BN_CTX_free(ctx); return ret; }
static int test_EVP_SM2(void) { int ret = 0; EVP_PKEY *pkey = NULL; EVP_PKEY *params = NULL; EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *kctx = NULL; EVP_PKEY_CTX *sctx = NULL; size_t sig_len = 0; unsigned char *sig = NULL; EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX *md_ctx_verify = NULL; EVP_PKEY_CTX *cctx = NULL; uint8_t ciphertext[128]; size_t ctext_len = sizeof(ciphertext); uint8_t plaintext[8]; size_t ptext_len = sizeof(plaintext); uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (!TEST_ptr(pctx)) goto done; if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) goto done; if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) goto done; if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) goto done; kctx = EVP_PKEY_CTX_new(params, NULL); if (!TEST_ptr(kctx)) goto done; if (!TEST_true(EVP_PKEY_keygen_init(kctx))) goto done; if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) goto done; if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) goto done; if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) goto done; if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) goto done; if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) goto done; if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) goto done; if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) goto done; /* Determine the size of the signature. */ if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) goto done; if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) goto done; if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) goto done; if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) goto done; /* Ensure that the signature round-trips. */ if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) goto done; if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) goto done; if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) goto done; /* now check encryption/decryption */ if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) goto done; if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) goto done; if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) goto done; if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) goto done; if (!TEST_true(ptext_len == sizeof(kMsg))) goto done; if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) goto done; ret = 1; done: EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(kctx); EVP_PKEY_CTX_free(sctx); EVP_PKEY_CTX_free(cctx); EVP_PKEY_free(pkey); EVP_PKEY_free(params); EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx_verify); OPENSSL_free(sig); return ret; }
static int test_property(void) { static const struct { int nid; const char *prop; char *impl; } impls[] = { { 1, "fast=no, colour=green", "a" }, { 1, "fast, colour=blue", "b" }, { 1, "", "-" }, { 9, "sky=blue, furry", "c" }, { 3, NULL, "d" }, { 6, "sky.colour=blue, sky=green, old.data", "e" }, }; static struct { int nid; const char *prop; char *expected; } queries[] = { { 1, "fast", "b" }, { 1, "fast=yes", "b" }, { 1, "fast=no, colour=green", "a" }, { 1, "colour=blue, fast", "b" }, { 1, "colour=blue", "b" }, { 9, "furry", "c" }, { 6, "sky.colour=blue", "e" }, { 6, "old.data", "e" }, { 9, "furry=yes, sky=blue", "c" }, { 1, "", "a" }, { 3, "", "d" }, }; OSSL_METHOD_STORE *store; size_t i; int ret = 0; void *result; if (!TEST_ptr(store = ossl_method_store_new(NULL)) || !add_property_names("fast", "colour", "sky", "furry", NULL)) goto err; for (i = 0; i < OSSL_NELEM(impls); i++) if (!TEST_true(ossl_method_store_add(store, impls[i].nid, impls[i].prop, impls[i].impl, NULL))) { TEST_note("iteration %zd", i + 1); goto err; } for (i = 0; i < OSSL_NELEM(queries); i++) { OSSL_PROPERTY_LIST *pq = NULL; if (!TEST_true(ossl_method_store_fetch(store, queries[i].nid, queries[i].prop, &result)) || !TEST_str_eq((char *)result, queries[i].expected)) { TEST_note("iteration %zd", i + 1); ossl_property_free(pq); goto err; } ossl_property_free(pq); } ret = 1; err: ossl_method_store_free(store); return ret; }
static int test_tls13_encryption(void) { SSL_CTX *ctx = NULL; SSL *s = NULL; SSL3_RECORD rec; unsigned char *key = NULL, *iv = NULL, *seq = NULL; const EVP_CIPHER *ciph = EVP_aes_128_gcm(); int ret = 0; size_t ivlen, ctr; /* * Encrypted TLSv1.3 records always have an outer content type of * application data, and a record version of TLSv1.2. */ rec.data = NULL; rec.type = SSL3_RT_APPLICATION_DATA; rec.rec_version = TLS1_2_VERSION; ctx = SSL_CTX_new(TLS_method()); if (!TEST_ptr(ctx)) { TEST_info("Failed creating SSL_CTX"); goto err; } s = SSL_new(ctx); if (!TEST_ptr(s)) { TEST_info("Failed creating SSL"); goto err; } s->enc_read_ctx = EVP_CIPHER_CTX_new(); if (!TEST_ptr(s->enc_read_ctx)) goto err; s->enc_write_ctx = EVP_CIPHER_CTX_new(); if (!TEST_ptr(s->enc_write_ctx)) goto err; s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); if (!TEST_ptr(s->s3->tmp.new_cipher)) { TEST_info("Failed to find cipher"); goto err; } for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ ivlen = EVP_CIPHER_iv_length(ciph); if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen, RECORD_LAYER_get_read_sequence(&s->rlayer))) { TEST_error("Failed loading key into EVP_CIPHER_CTX"); goto err; } /* Set up the read/write sequences */ memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE); memcpy(s->write_iv, s->read_iv, ivlen); /* Load the key into the EVP_CIPHER_CTXs */ if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0 || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) <= 0) { TEST_error("Failed loading key into EVP_CIPHER_CTX\n"); goto err; } /* Encrypt it */ if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) { TEST_info("Failed to encrypt record %zu", ctr); goto err; } if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) { TEST_info("Record %zu encryption test failed", ctr); goto err; } /* Decrypt it */ if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) { TEST_info("Failed to decrypt record %zu", ctr); goto err; } if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) { TEST_info("Record %zu decryption test failed", ctr); goto err; } OPENSSL_free(rec.data); OPENSSL_free(key); OPENSSL_free(iv); OPENSSL_free(seq); rec.data = NULL; key = NULL; iv = NULL; seq = NULL; } TEST_note("PASS: %zu records tested", ctr); ret = 1; err: OPENSSL_free(rec.data); OPENSSL_free(key); OPENSSL_free(iv); OPENSSL_free(seq); SSL_free(s); SSL_CTX_free(ctx); return ret; }
/* * Do a single KAT test. Return 0 on failure. */ static int single_kat(DRBG_SELFTEST_DATA *td) { RAND_DRBG *drbg = NULL; TEST_CTX t; int failures = 0; unsigned char buff[1024]; /* * Test without PR: Instantiate DRBG with test entropy, nonce and * personalisation string. */ if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) return 0; if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, kat_nonce, NULL)) || !TEST_true(disable_crngt(drbg))) { failures++; goto err; } memset(&t, 0, sizeof(t)); t.entropy = td->entropy; t.entropylen = td->entropylen; t.nonce = td->nonce; t.noncelen = td->noncelen; RAND_DRBG_set_ex_data(drbg, app_data_index, &t); if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_mem_eq(td->expected, td->exlen, buff, td->exlen)) failures++; /* Reseed DRBG with test entropy and additional input */ t.entropy = td->entropyreseed; t.entropylen = td->entropyreseedlen; if (!TEST_true(RAND_DRBG_reseed(drbg, td->adinreseed, td->adinreseedlen, 0) || !TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len, 0, td->adin2, td->adin2len)) || !TEST_mem_eq(td->kat2, td->kat2len, buff, td->kat2len))) failures++; uninstantiate(drbg); /* * Now test with PR: Instantiate DRBG with test entropy, nonce and * personalisation string. */ if (!TEST_true(RAND_DRBG_set(drbg, td->nid, td->flags)) || !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, kat_nonce, NULL))) failures++; RAND_DRBG_set_ex_data(drbg, app_data_index, &t); t.entropy = td->entropy_pr; t.entropylen = td->entropylen_pr; t.nonce = td->nonce_pr; t.noncelen = td->noncelen_pr; t.entropycnt = 0; t.noncecnt = 0; if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers_pr, td->perslen_pr))) failures++; /* * Now generate with PR: we need to supply entropy as this will * perform a reseed operation. */ t.entropy = td->entropypr_pr; t.entropylen = td->entropyprlen_pr; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->katlen_pr, 1, td->adin_pr, td->adinlen_pr)) || !TEST_mem_eq(td->kat_pr, td->katlen_pr, buff, td->katlen_pr)) failures++; /* * Now generate again with PR: supply new entropy again. */ t.entropy = td->entropyg_pr; t.entropylen = td->entropyglen_pr; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len_pr, 1, td->ading_pr, td->adinglen_pr)) || !TEST_mem_eq(td->kat2_pr, td->kat2len_pr, buff, td->kat2len_pr)) failures++; err: uninstantiate(drbg); RAND_DRBG_free(drbg); return failures == 0; }
static int test_dtls_unprocessed(int testidx) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; BIO *c_to_s_fbio, *c_to_s_mempacket; int testresult = 0; timer_cb_count = 0; if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx, cert, privkey))) return 0; if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) goto end; c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); if (!TEST_ptr(c_to_s_fbio)) goto end; /* BIO is freed by create_ssl_connection on error */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, c_to_s_fbio))) goto end; DTLS_set_timer_cb(clientssl1, timer_cb); if (testidx == 1) certstatus[RECORD_SEQUENCE] = 0xff; /* * Inject a dummy record from the next epoch. In test 0, this should never * get used because the message sequence number is too big. In test 1 we set * the record sequence number to be way off in the future. This should not * have an impact on the record replay protection because the record should * be dropped before it is marked as arrived */ c_to_s_mempacket = SSL_get_wbio(clientssl1); c_to_s_mempacket = BIO_next(c_to_s_mempacket); mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); if (!TEST_true(create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE))) goto end; if (timer_cb_count == 0) { printf("timer_callback was not called.\n"); goto end; } testresult = 1; end: SSL_free(serverssl1); SSL_free(clientssl1); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; }
/* * Perform extensive error checking as required by SP800-90. * Induce several failure modes and check an error condition is set. */ static int error_check(DRBG_SELFTEST_DATA *td) { static char zero[sizeof(RAND_DRBG)]; RAND_DRBG *drbg = NULL; TEST_CTX t; unsigned char buff[1024]; unsigned int reseed_counter_tmp; int ret = 0; if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)) || !TEST_true(disable_crngt(drbg))) goto err; /* * Personalisation string tests */ /* Test detection of too large personlisation string */ if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) goto err; /* * Entropy source tests */ /* Test entropy source failure detection: i.e. returns no data */ t.entropylen = 0; if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0)) goto err; /* Try to generate output from uninstantiated DRBG */ if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; /* Test insufficient entropy */ t.entropylen = drbg->min_entropylen - 1; if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 || !uninstantiate(drbg)) goto err; /* Test too much entropy */ t.entropylen = drbg->max_entropylen + 1; if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 || !uninstantiate(drbg)) goto err; /* * Nonce tests */ /* Test too small nonce */ if (drbg->min_noncelen) { t.noncelen = drbg->min_noncelen - 1; if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 || !uninstantiate(drbg)) goto err; } /* Test too large nonce */ if (drbg->max_noncelen) { t.noncelen = drbg->max_noncelen + 1; if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 || !uninstantiate(drbg)) goto err; } /* Instantiate with valid data, Check generation is now OK */ if (!instantiate(drbg, td, &t) || !TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen))) goto err; /* Request too much data for one request */ if (!TEST_false(RAND_DRBG_generate(drbg, buff, drbg->max_request + 1, 0, td->adin, td->adinlen))) goto err; /* Try too large additional input */ if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, drbg->max_adinlen + 1))) goto err; /* * Check prediction resistance request fails if entropy source * failure. */ t.entropylen = 0; if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; /* Instantiate again with valid data */ if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = drbg->reseed_gen_counter; drbg->reseed_gen_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; /* * Check prediction resistance request fails if entropy source * failure. */ t.entropylen = 0; if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; /* Test reseed counter works */ if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = drbg->reseed_gen_counter; drbg->reseed_gen_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; /* * Explicit reseed tests */ /* Test explicit reseed with too large additional input */ if (!instantiate(drbg, td, &t) || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0) goto err; /* Test explicit reseed with entropy source failure */ t.entropylen = 0; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) || !uninstantiate(drbg)) goto err; /* Test explicit reseed with too much entropy */ if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->max_entropylen + 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) || !uninstantiate(drbg)) goto err; /* Test explicit reseed with too little entropy */ if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->min_entropylen - 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) || !uninstantiate(drbg)) goto err; /* Standard says we have to check uninstantiate really zeroes */ if (!TEST_mem_eq(zero, sizeof(drbg->data), &drbg->data, sizeof(drbg->data))) goto err; ret = 1; err: uninstantiate(drbg); RAND_DRBG_free(drbg); return ret; }
/* some tests from the X9.62 draft */ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in) { int ret = 0; const char message[] = "abc"; unsigned char digest[20]; unsigned int dgst_len = 0; EVP_MD_CTX *md_ctx; EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; const BIGNUM *sig_r, *sig_s; if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) goto x962_int_err; /* get the message digest */ if (!TEST_true(EVP_DigestInit(md_ctx, EVP_sha1())) || !TEST_true(EVP_DigestUpdate(md_ctx, (const void *)message, 3)) || !TEST_true(EVP_DigestFinal(md_ctx, digest, &dgst_len))) goto x962_int_err; TEST_info("testing %s", OBJ_nid2sn(nid)); /* create the key */ if (!TEST_ptr(key = EC_KEY_new_by_curve_name(nid))) goto x962_int_err; use_fake = 1; if (!TEST_true(EC_KEY_generate_key(key))) goto x962_int_err; /* create the signature */ use_fake = 1; /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp))) goto x962_int_err; if (!TEST_ptr(signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key))) goto x962_int_err; /* compare the created signature with the expected signature */ if (!TEST_ptr(r = BN_new()) || !TEST_ptr(s = BN_new())) goto x962_int_err; if (!TEST_true(BN_dec2bn(&r, r_in)) || !TEST_true(BN_dec2bn(&s, s_in))) goto x962_int_err; ECDSA_SIG_get0(signature, &sig_r, &sig_s); if (!TEST_BN_eq(sig_r, r) || !TEST_BN_eq(sig_s, s)) goto x962_int_err; /* verify the signature */ if (!TEST_int_eq(ECDSA_do_verify(digest, 20, signature, key), 1)) goto x962_int_err; ret = 1; x962_int_err: EC_KEY_free(key); ECDSA_SIG_free(signature); BN_free(r); BN_free(s); EVP_MD_CTX_free(md_ctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; }
static int test_check_crt_components(void) { const int P = 15; const int Q = 17; const int E = 5; const int N = P*Q; const int DP = 3; const int DQ = 13; const int QINV = 8; int ret = 0; RSA *key = NULL; BN_CTX *ctx = NULL; BIGNUM *p = NULL, *q = NULL, *e = NULL; ret = TEST_ptr(key = RSA_new()) && TEST_ptr(ctx = BN_CTX_new()) && TEST_ptr(p = BN_new()) && TEST_ptr(q = BN_new()) && TEST_ptr(e = BN_new()) && TEST_true(BN_set_word(p, P)) && TEST_true(BN_set_word(q, Q)) && TEST_true(BN_set_word(e, E)) && TEST_true(RSA_set0_factors(key, p, q)); if (!ret) { BN_free(p); BN_free(q); goto end; } ret = TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx)) && TEST_BN_eq_word(key->n, N) && TEST_BN_eq_word(key->dmp1, DP) && TEST_BN_eq_word(key->dmq1, DQ) && TEST_BN_eq_word(key->iqmp, QINV) && TEST_true(rsa_check_crt_components(key, ctx)) /* (a) 1 < dP < (p – 1). */ && TEST_true(BN_set_word(key->dmp1, 1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmp1, P-1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmp1, DP)) /* (b) 1 < dQ < (q - 1). */ && TEST_true(BN_set_word(key->dmq1, 1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmq1, Q-1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmq1, DQ)) /* (c) 1 < qInv < p */ && TEST_true(BN_set_word(key->iqmp, 1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->iqmp, P)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->iqmp, QINV)) /* (d) 1 = (dP . e) mod (p - 1)*/ && TEST_true(BN_set_word(key->dmp1, DP+1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmp1, DP)) /* (e) 1 = (dQ . e) mod (q - 1) */ && TEST_true(BN_set_word(key->dmq1, DQ-1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->dmq1, DQ)) /* (f) 1 = (qInv . q) mod p */ && TEST_true(BN_set_word(key->iqmp, QINV+1)) && TEST_false(rsa_check_crt_components(key, ctx)) && TEST_true(BN_set_word(key->iqmp, QINV)) /* check defaults are still valid */ && TEST_true(rsa_check_crt_components(key, ctx)); end: BN_free(e); RSA_free(key); BN_CTX_free(ctx); return ret; }
static int test_cipher_name(void) { SSL_CTX *ctx = NULL; SSL *ssl = NULL; const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; const char *ciphers = "ALL:eNULL", *p, *q, *r; int i, id = 0, ret = 0; /* tests for invalid input */ p = SSL_CIPHER_standard_name(NULL); if (!TEST_str_eq(p, "(NONE)")) { TEST_info("test_cipher_name(std) failed: NULL input doesn't return \"(NONE)\"\n"); goto err; } p = OPENSSL_cipher_name(NULL); if (!TEST_str_eq(p, "(NONE)")) { TEST_info("test_cipher_name(ossl) failed: NULL input doesn't return \"(NONE)\"\n"); goto err; } p = OPENSSL_cipher_name("This is not a valid cipher"); if (!TEST_str_eq(p, "(NONE)")) { TEST_info("test_cipher_name(ossl) failed: invalid input doesn't return \"(NONE)\"\n"); goto err; } /* tests for valid input */ ctx = SSL_CTX_new(TLS_server_method()); if (ctx == NULL) { TEST_info("test_cipher_name failed: internal error\n"); goto err; } if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { TEST_info("test_cipher_name failed: internal error\n"); goto err; } ssl = SSL_new(ctx); if (ssl == NULL) { TEST_info("test_cipher_name failed: internal error\n"); goto err; } sk = SSL_get_ciphers(ssl); if (sk == NULL) { TEST_info("test_cipher_name failed: internal error\n"); goto err; } for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { c = sk_SSL_CIPHER_value(sk, i); id = SSL_CIPHER_get_id(c) & 0xFFFF; if ((id == 0xFF85) || (id == 0xFF87)) /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */ continue; p = SSL_CIPHER_standard_name(c); q = get_std_name_by_id(id); if (!TEST_ptr(p)) { TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n", q, id); goto err; } /* check if p is a valid standard name */ if (!TEST_str_eq(p, q)) { TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n", q, p, id); goto err; } /* test OPENSSL_cipher_name */ q = SSL_CIPHER_get_name(c); r = OPENSSL_cipher_name(p); if (!TEST_str_eq(r, q)) { TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n", q, r, id); goto err; } } ret = 1; err: SSL_CTX_free(ctx); SSL_free(ssl); return ret; }
/*- * This function hijacks the RNG to feed it the chosen ECDSA key and nonce. * The ECDSA KATs are from: * - the X9.62 draft (4) * - NIST CAVP (720) * * It uses the low-level ECDSA_sign_setup instead of EVP to control the RNG. * NB: This is not how applications should use ECDSA; this is only for testing. * * Tests the library can successfully: * - generate public keys that matches those KATs * - create ECDSA signatures that match those KATs * - accept those signatures as valid */ static int x9_62_tests(int n) { int nid, md_nid, ret = 0; const char *r_in = NULL, *s_in = NULL, *tbs = NULL; unsigned char *pbuf = NULL, *qbuf = NULL, *message = NULL; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dgst_len = 0; long q_len, msg_len = 0; size_t p_len; EVP_MD_CTX *mctx = NULL; EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; const BIGNUM *sig_r = NULL, *sig_s = NULL; nid = ecdsa_cavs_kats[n].nid; md_nid = ecdsa_cavs_kats[n].md_nid; r_in = ecdsa_cavs_kats[n].r; s_in = ecdsa_cavs_kats[n].s; tbs = ecdsa_cavs_kats[n].msg; numbers[0] = ecdsa_cavs_kats[n].d; numbers[1] = ecdsa_cavs_kats[n].k; TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid)); if (!TEST_ptr(mctx = EVP_MD_CTX_new()) /* get the message digest */ || !TEST_ptr(message = OPENSSL_hexstr2buf(tbs, &msg_len)) || !TEST_true(EVP_DigestInit_ex(mctx, EVP_get_digestbynid(md_nid), NULL)) || !TEST_true(EVP_DigestUpdate(mctx, message, msg_len)) || !TEST_true(EVP_DigestFinal_ex(mctx, digest, &dgst_len)) /* create the key */ || !TEST_ptr(key = EC_KEY_new_by_curve_name(nid)) /* load KAT variables */ || !TEST_ptr(r = BN_new()) || !TEST_ptr(s = BN_new()) || !TEST_true(BN_hex2bn(&r, r_in)) || !TEST_true(BN_hex2bn(&s, s_in)) /* swap the RNG source */ || !TEST_true(change_rand())) goto err; /* public key must match KAT */ use_fake = 1; if (!TEST_true(EC_KEY_generate_key(key)) || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED, &pbuf, NULL)) || !TEST_ptr(qbuf = OPENSSL_hexstr2buf(ecdsa_cavs_kats[n].Q, &q_len)) || !TEST_int_eq(q_len, p_len) || !TEST_mem_eq(qbuf, q_len, pbuf, p_len)) goto err; /* create the signature via ECDSA_sign_setup to avoid use of ECDSA nonces */ use_fake = 1; if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)) || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len, kinv, rp, key)) /* verify the signature */ || !TEST_int_eq(ECDSA_do_verify(digest, dgst_len, signature, key), 1)) goto err; /* compare the created signature with the expected signature */ ECDSA_SIG_get0(signature, &sig_r, &sig_s); if (!TEST_BN_eq(sig_r, r) || !TEST_BN_eq(sig_s, s)) goto err; ret = 1; err: /* restore the RNG source */ if (!TEST_true(restore_rand())) ret = 0; OPENSSL_free(message); OPENSSL_free(pbuf); OPENSSL_free(qbuf); EC_KEY_free(key); ECDSA_SIG_free(signature); BN_free(r); BN_free(s); EVP_MD_CTX_free(mctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; }