summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/regress/lib/libcrypto/evp/Makefile3
-rw-r--r--src/regress/lib/libcrypto/evp/evp_pkey_check.c397
2 files changed, 1 insertions, 399 deletions
diff --git a/src/regress/lib/libcrypto/evp/Makefile b/src/regress/lib/libcrypto/evp/Makefile
index c5fee02693..bd8bc668be 100644
--- a/src/regress/lib/libcrypto/evp/Makefile
+++ b/src/regress/lib/libcrypto/evp/Makefile
@@ -1,7 +1,6 @@
1# $OpenBSD: Makefile,v 1.12 2023/03/02 20:45:11 tb Exp $ 1# $OpenBSD: Makefile,v 1.13 2024/08/29 16:43:52 tb Exp $
2 2
3PROGS += evp_ecx_test 3PROGS += evp_ecx_test
4PROGS += evp_pkey_check
5PROGS += evp_pkey_cleanup 4PROGS += evp_pkey_cleanup
6PROGS += evp_test 5PROGS += evp_test
7PROGS += evptest 6PROGS += evptest
diff --git a/src/regress/lib/libcrypto/evp/evp_pkey_check.c b/src/regress/lib/libcrypto/evp/evp_pkey_check.c
deleted file mode 100644
index 7b73316b9b..0000000000
--- a/src/regress/lib/libcrypto/evp/evp_pkey_check.c
+++ /dev/null
@@ -1,397 +0,0 @@
1/* $OpenBSD: evp_pkey_check.c,v 1.4 2023/03/02 20:18:40 tb Exp $ */
2/*
3 * Copyright (c) 2021-2022 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19
20#include <openssl/bn.h>
21#include <openssl/ec.h>
22#include <openssl/err.h>
23#include <openssl/evp.h>
24#include <openssl/rsa.h>
25
26#define EVP_TEST_RSA_BITS 2048
27
28static int
29evp_pkey_check_rsa(void)
30{
31 EVP_PKEY_CTX *pkey_ctx = NULL;
32 EVP_PKEY *pkey = NULL;
33 RSA *rsa = NULL;
34 BIGNUM *rsa_d;
35 int ret;
36 int fail_soft = 0;
37 int failed = 1;
38
39 /*
40 * Generate a run-off-the-mill RSA key.
41 */
42
43 if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
44 fprintf(stderr, "%s: EVP_PKEY_CTX_new_id()\n", __func__);
45 goto err;
46 }
47 if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
48 fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
49 goto err;
50 }
51 if (!EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, EVP_TEST_RSA_BITS)) {
52 fprintf(stderr, "%s: EVP_PKEY_CTX_set_rsa_keygen_bits\n",
53 __func__);
54 goto err;
55 }
56 if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
57 fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
58 goto err;
59 }
60
61 /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
62 if (EVP_PKEY_check(pkey_ctx) != 0) {
63 fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
64 __func__);
65 ERR_print_errors_fp(stderr);
66 fail_soft = 1;
67 }
68
69 ERR_clear_error();
70
71 /*
72 * Create a new EVP_PKEY_CTX with pkey set.
73 */
74
75 EVP_PKEY_CTX_free(pkey_ctx);
76 if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
77 fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
78 goto err;
79 }
80
81 /* The freshly generated pkey is set on pkey_ctx. We should succeed. */
82 if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
83 fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
84 __func__, ret);
85 ERR_print_errors_fp(stderr);
86 ERR_clear_error();
87 fail_soft = 1;
88 }
89
90 /* Public key checking for RSA is not supported. */
91 if (EVP_PKEY_public_check(pkey_ctx) != -2) {
92 fprintf(stderr,
93 "%s: EVP_PKEY_public_check() supported for RSA?\n",
94 __func__);
95 goto err;
96 }
97 ERR_clear_error();
98
99 /* Parameter checking for RSA is not supported. */
100 if (EVP_PKEY_param_check(pkey_ctx) != -2) {
101 fprintf(stderr,
102 "%s: EVP_PKEY_param_check() supported for RSA?\n",
103 __func__);
104 goto err;
105 }
106 ERR_clear_error();
107
108 /*
109 * Now modify the RSA key a bit. The check should then fail.
110 */
111
112 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
113 fprintf(stderr, "%s: EVP_PKEY_get0_RSA\n", __func__);
114 goto err;
115 }
116 /* We're lazy and modify rsa->d directly, hence the ugly cast. */
117 if ((rsa_d = (BIGNUM *)RSA_get0_d(rsa)) == NULL) {
118 fprintf(stderr, "%s: RSA_get0_d()\n", __func__);
119 goto err;
120 }
121 if (!BN_add_word(rsa_d, 2)) {
122 fprintf(stderr, "%s: BN_add_word\n", __func__);
123 goto err;
124 }
125
126 /* Since (d+2) * e != 1 mod (p-1)*(q-1), we should fail */
127 if (EVP_PKEY_check(pkey_ctx) == 1) {
128 fprintf(stderr, "%s: EVP_PKEY_check success with modified d\n",
129 __func__);
130 fail_soft = 1;
131 }
132
133 if (ERR_peek_error() == 0) {
134 fprintf(stderr, "%s: expected some RSA errors\n", __func__);
135 fail_soft = 1;
136 }
137 ERR_clear_error();
138
139 failed = 0;
140
141 err:
142 EVP_PKEY_CTX_free(pkey_ctx);
143 EVP_PKEY_free(pkey);
144
145 return failed | fail_soft;
146}
147
148static int
149evp_pkey_check_ec(void)
150{
151 EVP_PKEY_CTX *pkey_ctx = NULL;
152 EVP_PKEY *pkey = NULL;
153 EC_KEY *eckey = NULL;
154 BIGNUM *private_key = NULL;
155 EC_GROUP *group;
156 const EC_POINT *generator;
157 BIGNUM *cofactor = NULL, *order = NULL;
158 int ret;
159 int fail_soft = 0;
160 int failed = 1;
161
162 /*
163 * Generate an elliptic curve key on secp384r1
164 */
165
166 if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) {
167 fprintf(stderr, "%s: EVP_PKEY_CTX_new_id\n", __func__);
168 goto err;
169 }
170 if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
171 fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
172 goto err;
173 }
174 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx,
175 NID_secp384r1) <= 0) {
176 fprintf(stderr, "%s: EVP_PKEY_CTX_set_ec_paramgen_curve_nid\n",
177 __func__);
178 goto err;
179 }
180 if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
181 fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
182 goto err;
183 }
184
185 /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
186 if (EVP_PKEY_check(pkey_ctx) != 0) {
187 fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
188 __func__);
189 ERR_print_errors_fp(stderr);
190 fail_soft = 1;
191 }
192
193 ERR_clear_error();
194
195 /*
196 * Create a new EVP_PKEY_CTX with pkey set.
197 */
198
199 EVP_PKEY_CTX_free(pkey_ctx);
200 if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
201 fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
202 goto err;
203 }
204
205 /* The freshly generated pkey is set on pkey_ctx. We should succeed. */
206 if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
207 fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
208 __func__, ret);
209 ERR_print_errors_fp(stderr);
210 ERR_clear_error();
211 fail_soft = 1;
212 }
213
214 /* We should also succeed the public check. */
215 if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
216 fprintf(stderr,
217 "%s: EVP_PKEY_public_check(), generated pkey: %d\n",
218 __func__, ret);
219 ERR_print_errors_fp(stderr);
220 ERR_clear_error();
221 fail_soft = 1;
222 }
223
224 /* We should also succeed the parameter check. */
225 if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
226 fprintf(stderr,
227 "%s: EVP_PKEY_param_check(), generated pkey: %d\n",
228 __func__, ret);
229 ERR_print_errors_fp(stderr);
230 ERR_clear_error();
231 fail_soft = 1;
232 }
233
234 /*
235 * Modify the private key slightly.
236 */
237
238 if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
239 fprintf(stderr, "%s: EVP_PKEY_get0_EC_KEY\n", __func__);
240 goto err;
241 }
242
243 /* We're lazy and modify the private key directly. */
244 if ((private_key = (BIGNUM *)EC_KEY_get0_private_key(eckey)) == NULL) {
245 fprintf(stderr, "%s: EC_KEY_get0_private_key\n", __func__);
246 goto err;
247 }
248
249 /*
250 * The private key is a random number in [1, order). Preserve this
251 * property by adding 1 if it is equal to 1 and subtracting 1 otherwise.
252 */
253 if (BN_cmp(private_key, BN_value_one()) == 0) {
254 if (!BN_add_word(private_key, 1)) {
255 fprintf(stderr, "%s: BN_add_word\n", __func__);
256 goto err;
257 }
258 } else {
259 if (!BN_sub_word(private_key, 1)) {
260 fprintf(stderr, "%s: BN_sub_word\n", __func__);
261 goto err;
262 }
263 }
264
265 /* Generator times private key will no longer be equal to public key. */
266 if (EVP_PKEY_check(pkey_ctx) == 1) {
267 fprintf(stderr, "%s: EVP_PKEY_check succeeded unexpectedly\n",
268 __func__);
269 fail_soft = 1;
270 }
271
272 if (ERR_peek_error() == 0) {
273 fprintf(stderr, "%s: expected a private key error\n", __func__);
274 fail_soft = 1;
275 }
276 ERR_clear_error();
277
278 /* EVP_PKEY_public_check checks the private key (sigh), so we fail. */
279 if (EVP_PKEY_public_check(pkey_ctx) == 1) {
280 fprintf(stderr,
281 "%s: EVP_PKEY_public_check succeeded unexpectedly\n",
282 __func__);
283 fail_soft = 1;
284 }
285
286 /* We should still succeed the parameter check. */
287 if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
288 fprintf(stderr,
289 "%s: EVP_PKEY_param_check(), modified privkey pkey: %d\n",
290 __func__, ret);
291 ERR_print_errors_fp(stderr);
292 ERR_clear_error();
293 fail_soft = 1;
294 }
295
296 /* Now set the private key to NULL. The API will think malloc failed. */
297 if (EC_KEY_set_private_key(eckey, NULL) != 0) {
298 fprintf(stderr, "%s: EC_KEY_set_private_key succeeded?!",
299 __func__);
300 goto err;
301 }
302
303 /*
304 * EVP_PKEY_public_check now only checks that the public key is on the
305 * curve. We should succeed again.
306 */
307
308 if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
309 fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
310 __func__, ret);
311 fail_soft = 1;
312 }
313
314 ERR_clear_error();
315
316 /*
317 * Now let's modify the group to trip the parameter check.
318 */
319
320 if ((group = (EC_GROUP *)EC_KEY_get0_group(eckey)) == NULL) {
321 fprintf(stderr, "%s: EC_KEY_get0_group() failed\n", __func__);
322 goto err;
323 }
324
325 if ((generator = EC_GROUP_get0_generator(group)) == NULL) {
326 fprintf(stderr, "%s: EC_GROUP_get0_generator() failed\n",
327 __func__);
328 goto err;
329 }
330
331 if ((order = BN_new()) == NULL) {
332 fprintf(stderr, "%s: order = BN_new() failed\n", __func__);
333 goto err;
334 }
335 if ((cofactor = BN_new()) == NULL) {
336 fprintf(stderr, "%s: cofactor = BN_new() failed\n", __func__);
337 goto err;
338 }
339
340 if (!EC_GROUP_get_order(group, order, NULL)) {
341 fprintf(stderr, "%s: EC_GROUP_get_order() failed\n", __func__);
342 goto err;
343 }
344 if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
345 fprintf(stderr, "%s: EC_GROUP_get_cofactor() failed\n",
346 __func__);
347 goto err;
348 }
349
350 /* Decrement order so order * generator != (point at infinity). */
351 if (!BN_sub_word(order, 1)) {
352 fprintf(stderr, "%s: BN_sub_word() failed\n", __func__);
353 goto err;
354 }
355
356 /* Now set this nonsense on the group. */
357 if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
358 fprintf(stderr, "%s: EC_GROUP_set_generator() failed\n",
359 __func__);
360 goto err;
361 }
362
363 /* We should now fail the parameter check. */
364 if (EVP_PKEY_param_check(pkey_ctx) == 1) {
365 fprintf(stderr,
366 "%s: EVP_PKEY_param_check(), succeeded unexpectedly\n",
367 __func__);
368 fail_soft = 1;
369 }
370
371 if (ERR_peek_error() == 0) {
372 fprintf(stderr, "%s: expected a group order error\n", __func__);
373 fail_soft = 1;
374 }
375 ERR_clear_error();
376
377 failed = 0;
378
379 err:
380 EVP_PKEY_CTX_free(pkey_ctx);
381 EVP_PKEY_free(pkey);
382 BN_free(order);
383 BN_free(cofactor);
384
385 return failed | fail_soft;
386}
387
388int
389main(void)
390{
391 int failed = 0;
392
393 failed |= evp_pkey_check_rsa();
394 failed |= evp_pkey_check_ec();
395
396 return failed;
397}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:59:02 +0000