[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Sep 3 03:03:57 UTC 2015
The branch master has been updated
via 3a3cb629d9ef66639198f6130f58e30f0606adc8 (commit)
from b51bce942023325e727ca4225252d06c49d8f2b7 (commit)
- Log -----------------------------------------------------------------
commit 3a3cb629d9ef66639198f6130f58e30f0606adc8
Author: Rich Salz <rsalz at akamai.com>
Date: Wed Aug 26 16:22:10 2015 -0400
Check OPENSSL_gmtime_diff
It's test code that only runs on 64bit time_t machines.
Move it to a standalone test/gmdifftest
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/o_time.c | 60 ---------------
test/Makefile | 21 +++++-
crypto/pkcs12/p12_crpt.c => test/gmdifftest.c | 105 +++++++++++++++-----------
3 files changed, 76 insertions(+), 110 deletions(-)
copy crypto/pkcs12/p12_crpt.c => test/gmdifftest.c (56%)
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 4e3dff3..3bd2748 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -378,63 +378,3 @@ static void julian_to_date(long jd, int *y, int *m, int *d)
*m = j + 2 - (12 * L);
*y = 100 * (n - 49) + i + L;
}
-
-#ifdef OPENSSL_TIME_TEST
-
-# include <stdio.h>
-
-/*
- * Time checking test code. Check times are identical for a wide range of
- * offsets. This should be run on a machine with 64 bit time_t or it will
- * trigger the very errors the routines fix.
- */
-
-int main(int argc, char **argv)
-{
- long offset;
- for (offset = 0; offset < 1000000; offset++) {
- check_time(offset);
- check_time(-offset);
- check_time(offset * 1000);
- check_time(-offset * 1000);
- }
-}
-
-int check_time(long offset)
-{
- struct tm tm1, tm2, o1;
- int off_day, off_sec;
- long toffset;
- time_t t1, t2;
- time(&t1);
- t2 = t1 + offset;
- OPENSSL_gmtime(&t2, &tm2);
- OPENSSL_gmtime(&t1, &tm1);
- o1 = tm1;
- OPENSSL_gmtime_adj(&tm1, 0, offset);
- if ((tm1.tm_year != tm2.tm_year) ||
- (tm1.tm_mon != tm2.tm_mon) ||
- (tm1.tm_mday != tm2.tm_mday) ||
- (tm1.tm_hour != tm2.tm_hour) ||
- (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) {
- fprintf(stderr, "TIME ERROR!!\n");
- fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
- tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
- tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
- fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
- tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
- tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
- return 0;
- }
- OPENSSL_gmtime_diff(&o1, &tm1, &off_day, &off_sec);
- toffset = (long)off_day *SECS_PER_DAY + off_sec;
- if (offset != toffset) {
- fprintf(stderr, "TIME OFFSET ERROR!!\n");
- fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n",
- offset, toffset, off_day, off_sec);
- return 0;
- }
- return 1;
-}
-
-#endif
diff --git a/test/Makefile b/test/Makefile
index 782a34b..4c41f51 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -34,6 +34,7 @@ ECTEST= ectest
ECDSATEST= ecdsatest
ECDHTEST= ecdhtest
EXPTEST= exptest
+GMDIFFTEST= gmdifftest
IDEATEST= ideatest
SHA1TEST= sha1test
SHA256TEST= sha256t
@@ -78,7 +79,7 @@ SSLSKEWITH0PTEST= sslskewith0ptest.pl
TESTS= alltests
-EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
+EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(GMDIFFTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
$(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
$(DESTEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
@@ -96,7 +97,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
# $(METHTEST)$(EXE_EXT)
-OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
+OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(GMDIFFTEST).o $(IDEATEST).o \
$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o $(WPTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
@@ -109,7 +110,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \
$(PACKETTEST).o testutil.o
-SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
+SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(GMDIFFTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c $(WPTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
@@ -150,7 +151,7 @@ apps:
@(cd ..; $(MAKE) DIRS=apps all)
alltests: \
- test_des test_idea test_sha test_md4 test_md5 test_hmac \
+ test_des test_gmdiff test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 test_wp \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
test_rand test_bn test_ec test_ecdsa test_ecdh \
@@ -179,6 +180,10 @@ test_des: $(DESTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(DESTEST)
+test_gmdiff: $(GMDIFFTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(GMDIFFTEST)
+
test_idea: $(IDEATEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(IDEATEST)
@@ -496,6 +501,9 @@ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
@target=$(IDEATEST); $(BUILD_CMD)
+$(GMDIFFTEST)$(EXE_EXT): $(GMDIFFTEST).o $(DLIBCRYPTO)
+ @target=$(GMDIFFTEST); $(BUILD_CMD)
+
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
@target=$(MD2TEST); $(BUILD_CMD)
@@ -794,6 +802,11 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
exptest.o: ../include/openssl/symhacks.h exptest.c
+gmdifftest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+gmdifftest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gmdifftest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+gmdifftest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gmdifftest.o: gmdifftest.c
gost2814789test.o: ../e_os.h ../engines/ccgost/gost89.h
gost2814789test.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gost2814789test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
diff --git a/crypto/pkcs12/p12_crpt.c b/test/gmdifftest.c
similarity index 56%
copy from crypto/pkcs12/p12_crpt.c
copy to test/gmdifftest.c
index e7d5ac9..57c6a3d 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/test/gmdifftest.c
@@ -1,10 +1,5 @@
-/* p12_crpt.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -57,57 +52,75 @@
*
*/
+#include <openssl/crypto.h>
#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/pkcs12.h>
-/* PKCS#12 PBE algorithms now in static table */
+#define SECS_PER_DAY (24 * 60 * 60)
-void PKCS12_PBE_add(void)
-{
-}
+/*
+ * Time checking test code. Check times are identical for a wide range of
+ * offsets. This should be run on a machine with 64 bit time_t or it will
+ * trigger the very errors the routines fix.
+ */
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher,
- const EVP_MD *md, int en_de)
+static int check_time(long offset)
{
- PBEPARAM *pbe;
- int saltlen, iter, ret;
- unsigned char *salt;
- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+ struct tm tm1, tm2, o1;
+ int off_day, off_sec;
+ long toffset;
+ time_t t1, t2;
+ time(&t1);
- if (cipher == NULL)
+ t2 = t1 + offset;
+ OPENSSL_gmtime(&t2, &tm2);
+ OPENSSL_gmtime(&t1, &tm1);
+ o1 = tm1;
+ OPENSSL_gmtime_adj(&tm1, 0, offset);
+ if ((tm1.tm_year != tm2.tm_year) ||
+ (tm1.tm_mon != tm2.tm_mon) ||
+ (tm1.tm_mday != tm2.tm_mday) ||
+ (tm1.tm_hour != tm2.tm_hour) ||
+ (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) {
+ fprintf(stderr, "TIME ERROR!!\n");
+ fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
+ tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
+ tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
+ fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
+ tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
+ tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
return 0;
-
- /* Extract useful info from parameter */
-
- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
- if (pbe == NULL) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+ }
+ if (!OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1))
+ return 0;
+ toffset = (long)off_day *SECS_PER_DAY + off_sec;
+ if (offset != toffset) {
+ fprintf(stderr, "TIME OFFSET ERROR!!\n");
+ fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n",
+ offset, toffset, off_day, off_sec);
return 0;
}
+ return 1;
+}
- if (!pbe->iter)
- iter = 1;
- else
- iter = ASN1_INTEGER_get(pbe->iter);
- salt = pbe->salt->data;
- saltlen = pbe->salt->length;
- if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
- iter, EVP_CIPHER_key_length(cipher), key, md)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
- PBEPARAM_free(pbe);
+int main(int argc, char **argv)
+{
+ long offset;
+ int fails;
+
+ if (sizeof(time_t) < 8) {
+ fprintf(stderr, "Skipping; time_t is less than 64-bits\n");
return 0;
}
- if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
- iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
- PBEPARAM_free(pbe);
- return 0;
+ for (fails = 0, offset = 0; offset < 1000000; offset++) {
+ if (!check_time(offset))
+ fails++;
+ if (!check_time(-offset))
+ fails++;
+ if (!check_time(offset * 1000))
+ fails++;
+ if (!check_time(-offset * 1000))
+ fails++;
}
- PBEPARAM_free(pbe);
- ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
- return ret;
+
+ return fails ? 1 : 0;
}
More information about the openssl-commits
mailing list