diff options
| author | tb <> | 2023-12-30 08:58:18 +0000 |
|---|---|---|
| committer | tb <> | 2023-12-30 08:58:18 +0000 |
| commit | 31f11f9ea5f653bf3c3013763e5d2bd4a831cda3 (patch) | |
| tree | 31d22ecbe737d1ed688547f84aa025c45926837f /src | |
| parent | ffe12448f0e1ab90b703cce3485e78e81ca7f19d (diff) | |
| download | openbsd-31f11f9ea5f653bf3c3013763e5d2bd4a831cda3.tar.gz openbsd-31f11f9ea5f653bf3c3013763e5d2bd4a831cda3.tar.bz2 openbsd-31f11f9ea5f653bf3c3013763e5d2bd4a831cda3.zip | |
Add extended regress coverage for ASN.1 methods
Validate that every alias resolves to a non-alias in one step and that
non-aliases have pkey_id == pkey_base_id, an info string and a pem_str.
They can be looked up by their pkey_id or pem_str.
Conversely, all these are false for aliases.
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libcrypto/evp/evp_test.c | 148 |
1 files changed, 147 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c index cf50c15fcc..09036aff94 100644 --- a/src/regress/lib/libcrypto/evp/evp_test.c +++ b/src/regress/lib/libcrypto/evp/evp_test.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_test.c,v 1.11 2023/12/10 19:20:06 tb Exp $ */ | 1 | /* $OpenBSD: evp_test.c,v 1.12 2023/12/30 08:58:18 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> |
| @@ -106,6 +106,151 @@ evp_asn1_method_test(void) | |||
| 106 | return failed; | 106 | return failed; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | /* EVP_PKEY_asn1_find() by hand. Allows cross-checking and finding duplicates. */ | ||
| 110 | static const EVP_PKEY_ASN1_METHOD * | ||
| 111 | evp_pkey_asn1_find(int nid, int skip_id) | ||
| 112 | { | ||
| 113 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 114 | int count, i, pkey_id; | ||
| 115 | |||
| 116 | count = EVP_PKEY_asn1_get_count(); | ||
| 117 | for (i = 0; i < count; i++) { | ||
| 118 | if (i == skip_id) | ||
| 119 | continue; | ||
| 120 | if ((ameth = EVP_PKEY_asn1_get0(i)) == NULL) | ||
| 121 | return NULL; | ||
| 122 | if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, | ||
| 123 | NULL, NULL, ameth)) | ||
| 124 | return NULL; | ||
| 125 | if (pkey_id == nid) | ||
| 126 | return ameth; | ||
| 127 | } | ||
| 128 | |||
| 129 | return NULL; | ||
| 130 | } | ||
| 131 | |||
| 132 | static int | ||
| 133 | evp_asn1_method_aliases_test(void) | ||
| 134 | { | ||
| 135 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 136 | int id, base_id, flags; | ||
| 137 | const char *info, *pem_str; | ||
| 138 | int count, i; | ||
| 139 | int failed = 0; | ||
| 140 | |||
| 141 | if ((count = EVP_PKEY_asn1_get_count()) <= 0) { | ||
| 142 | fprintf(stderr, "FAIL: EVP_PKEY_asn1_get_count(): %d\n", count); | ||
| 143 | failed |= 1; | ||
| 144 | } | ||
| 145 | for (i = 0; i < count; i++) { | ||
| 146 | if ((ameth = EVP_PKEY_asn1_get0(i)) == NULL) { | ||
| 147 | fprintf(stderr, "FAIL: no ameth for index %d < %d\n", | ||
| 148 | i, count); | ||
| 149 | failed |= 1; | ||
| 150 | continue; | ||
| 151 | } | ||
| 152 | if (!EVP_PKEY_asn1_get0_info(&id, &base_id, &flags, | ||
| 153 | &info, &pem_str, ameth)) { | ||
| 154 | fprintf(stderr, "FAIL: no info for ameth %d\n", i); | ||
| 155 | failed |= 1; | ||
| 156 | continue; | ||
| 157 | } | ||
| 158 | |||
| 159 | /* | ||
| 160 | * The following are all true or all false for any ameth: | ||
| 161 | * 1. ASN1_PKEY_ALIAS is set 2. id != base_id | ||
| 162 | * 3. info == NULL 4. pem_str == NULL | ||
| 163 | */ | ||
| 164 | |||
| 165 | if ((flags & ASN1_PKEY_ALIAS) == 0) { | ||
| 166 | size_t pem_str_len; | ||
| 167 | |||
| 168 | if (id != base_id) { | ||
| 169 | fprintf(stderr, "FAIL: non-alias with " | ||
| 170 | "id %d != base_id %d\n", id, base_id); | ||
| 171 | failed |= 1; | ||
| 172 | } | ||
| 173 | if (info == NULL || strlen(info) == 0) { | ||
| 174 | fprintf(stderr, "FAIL: missing or empty info %d\n", id); | ||
| 175 | failed |= 1; | ||
| 176 | } | ||
| 177 | if (pem_str == NULL) { | ||
| 178 | fprintf(stderr, "FAIL: missing pem_str %d\n", id); | ||
| 179 | failed |= 1; | ||
| 180 | } | ||
| 181 | if ((pem_str_len = strlen(pem_str)) == 0) { | ||
| 182 | fprintf(stderr, "FAIL: empty pem_str %d\n", id); | ||
| 183 | failed |= 1; | ||
| 184 | } | ||
| 185 | |||
| 186 | if (evp_pkey_asn1_find(id, i) != NULL) { | ||
| 187 | fprintf(stderr, "FAIL: duplicate ameth %d\n", id); | ||
| 188 | failed |= 1; | ||
| 189 | } | ||
| 190 | |||
| 191 | if (ameth != EVP_PKEY_asn1_find(NULL, id)) { | ||
| 192 | fprintf(stderr, "FAIL: EVP_PKEY_asn1_find(%d) " | ||
| 193 | "returned different ameth\n", id); | ||
| 194 | failed |= 1; | ||
| 195 | } | ||
| 196 | if (ameth != EVP_PKEY_asn1_find_str(NULL, pem_str, -1)) { | ||
| 197 | fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s) " | ||
| 198 | "returned different ameth\n", pem_str); | ||
| 199 | failed |= 1; | ||
| 200 | } | ||
| 201 | if (ameth != EVP_PKEY_asn1_find_str(NULL, | ||
| 202 | pem_str, pem_str_len)) { | ||
| 203 | fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s, %zu) " | ||
| 204 | "returned different ameth\n", pem_str, pem_str_len); | ||
| 205 | failed |= 1; | ||
| 206 | } | ||
| 207 | if (EVP_PKEY_asn1_find_str(NULL, pem_str, | ||
| 208 | pem_str_len - 1) != NULL) { | ||
| 209 | fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s, %zu) " | ||
| 210 | "returned an ameth\n", pem_str, pem_str_len - 1); | ||
| 211 | failed |= 1; | ||
| 212 | } | ||
| 213 | continue; | ||
| 214 | } | ||
| 215 | |||
| 216 | if (id == base_id) { | ||
| 217 | fprintf(stderr, "FAIL: alias with id %d == base_id %d\n", | ||
| 218 | id, base_id); | ||
| 219 | failed |= 1; | ||
| 220 | } | ||
| 221 | if (info != NULL) { | ||
| 222 | fprintf(stderr, "FAIL: alias %d with info %s\n", id, info); | ||
| 223 | failed |= 1; | ||
| 224 | } | ||
| 225 | if (pem_str != NULL) { | ||
| 226 | fprintf(stderr, "FAIL: alias %d with pem_str %s\n", | ||
| 227 | id, pem_str); | ||
| 228 | failed |= 1; | ||
| 229 | } | ||
| 230 | |||
| 231 | /* Check that ameth resolves to a non-alias. */ | ||
| 232 | if ((ameth = evp_pkey_asn1_find(base_id, -1)) == NULL) { | ||
| 233 | fprintf(stderr, "FAIL: no ameth with pkey_id %d\n", | ||
| 234 | base_id); | ||
| 235 | failed |= 1; | ||
| 236 | continue; | ||
| 237 | } | ||
| 238 | if (!EVP_PKEY_asn1_get0_info(NULL, NULL, &flags, NULL, NULL, ameth)) { | ||
| 239 | fprintf(stderr, "FAIL: no info for ameth with pkey_id %d\n", | ||
| 240 | base_id); | ||
| 241 | failed |= 1; | ||
| 242 | continue; | ||
| 243 | } | ||
| 244 | if ((flags & ASN1_PKEY_ALIAS) != 0) { | ||
| 245 | fprintf(stderr, "FAIL: ameth with pkey_id %d " | ||
| 246 | "resolves to another alias\n", base_id); | ||
| 247 | failed |= 1; | ||
| 248 | } | ||
| 249 | } | ||
| 250 | |||
| 251 | return failed; | ||
| 252 | } | ||
| 253 | |||
| 109 | static int | 254 | static int |
| 110 | evp_pkey_method_test(void) | 255 | evp_pkey_method_test(void) |
| 111 | { | 256 | { |
| @@ -634,6 +779,7 @@ main(int argc, char **argv) | |||
| 634 | int failed = 0; | 779 | int failed = 0; |
| 635 | 780 | ||
| 636 | failed |= evp_asn1_method_test(); | 781 | failed |= evp_asn1_method_test(); |
| 782 | failed |= evp_asn1_method_aliases_test(); | ||
| 637 | failed |= evp_pkey_method_test(); | 783 | failed |= evp_pkey_method_test(); |
| 638 | failed |= evp_pkey_iv_len_test(); | 784 | failed |= evp_pkey_iv_len_test(); |
| 639 | failed |= evp_do_all_test(); | 785 | failed |= evp_do_all_test(); |