[openssl] master update
Richard Levitte
levitte at openssl.org
Mon Jul 27 10:18:17 UTC 2020
The branch master has been updated
via 846f96f821260ca83cc93bfa35207864b05abec5 (commit)
via a4e55cccc9991b35c3f4b3f4aac32b59aa598584 (commit)
via 456b3b97a489d4be42f4258cb65bf76dfd8bab00 (commit)
from 51d9ac870acda2c818ce19c1174ed85f9a2f6eb7 (commit)
- Log -----------------------------------------------------------------
commit 846f96f821260ca83cc93bfa35207864b05abec5
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jul 20 16:14:40 2020 +0200
TEST: Add RSA-PSS cases in test/serdes_test.c
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12492)
commit a4e55cccc9991b35c3f4b3f4aac32b59aa598584
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jul 20 16:13:18 2020 +0200
PROV: Add a DER to RSA-PSS deserializer implementation
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12492)
commit 456b3b97a489d4be42f4258cb65bf76dfd8bab00
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jul 20 16:09:47 2020 +0200
EVP, PROV: Add misc missing bits for RSA-PSS
- EVP_PKEY_is_a() didn't recognise "RSA-PSS" for legacy keys.
- The RSA-PSS keymgmt didn't have a OSSL_FUNC_keymgmt_match() function.
- ossl_prov_prepare_rsa_params() didn't return 1 for unrestricted
RSA-PSS params.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12492)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 1 +
crypto/evp/p_lib.c | 2 +
providers/common/include/prov/providercommonerr.h | 1 +
providers/common/provider_err.c | 1 +
providers/defltprov.c | 2 +
.../implementations/include/prov/implementations.h | 1 +
providers/implementations/keymgmt/rsa_kmgmt.c | 2 +
.../serializers/deserialize_der2rsa.c | 94 ++++++++++++++--
.../implementations/serializers/serializer_local.h | 2 +
.../implementations/serializers/serializer_rsa.c | 11 ++
test/serdes_test.c | 118 +++++++++++++++++----
11 files changed, 206 insertions(+), 29 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index e5ed28bce1..a99648a1fd 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2878,6 +2878,7 @@ PROV_R_INVALID_MODE:125:invalid mode
PROV_R_INVALID_MODE_INT:126:invalid mode int
PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
+PROV_R_INVALID_RSA_KEY:217:invalid rsa key
PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 65a767b4d0..a7fd687dd0 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -935,6 +935,8 @@ int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name)
if (strcasecmp(name, "RSA") == 0)
type = EVP_PKEY_RSA;
+ else if (strcasecmp(name, "RSA-PSS") == 0)
+ type = EVP_PKEY_RSA_PSS;
#ifndef OPENSSL_NO_EC
else if (strcasecmp(name, "EC") == 0)
type = EVP_PKEY_EC;
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index f5fd37d9cc..bdc39e4121 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -101,6 +101,7 @@ int ERR_load_PROV_strings(void);
# define PROV_R_INVALID_MODE_INT 126
# define PROV_R_INVALID_PADDING_MODE 168
# define PROV_R_INVALID_PSS_SALTLEN 169
+# define PROV_R_INVALID_RSA_KEY 217
# define PROV_R_INVALID_SALT_LENGTH 112
# define PROV_R_INVALID_SEED_LENGTH 154
# define PROV_R_INVALID_SIGNATURE_SIZE 179
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 7a5c41bfda..e65ce96471 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -96,6 +96,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"invalid padding mode"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN),
"invalid pss saltlen"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH),
"invalid salt length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH),
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 7ab006ae83..466b7908a1 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -537,6 +537,8 @@ static const OSSL_ALGORITHM deflt_serializer[] = {
static const OSSL_ALGORITHM deflt_deserializer[] = {
{ "RSA", "provider=default,fips=yes,input=der",
der_to_rsa_deserializer_functions },
+ { "RSA-PSS", "provider=default,fips=yes,input=der",
+ der_to_rsapss_deserializer_functions },
{ "DER", "provider=default,fips=yes,input=pem",
pem_to_der_deserializer_functions },
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 4890f11969..b02f0c6476 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -360,4 +360,5 @@ extern const OSSL_DISPATCH ec_pub_pem_serializer_functions[];
extern const OSSL_DISPATCH ec_param_pem_serializer_functions[];
extern const OSSL_DISPATCH der_to_rsa_deserializer_functions[];
+extern const OSSL_DISPATCH der_to_rsapss_deserializer_functions[];
extern const OSSL_DISPATCH pem_to_der_deserializer_functions[];
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 3231c020c9..7ed280e861 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -628,10 +628,12 @@ const OSSL_DISPATCH rsapss_keymgmt_functions[] = {
(void (*)(void))rsapss_gen_settable_params },
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen },
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup },
+ { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load },
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata },
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has },
+ { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match },
{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types },
diff --git a/providers/implementations/serializers/deserialize_der2rsa.c b/providers/implementations/serializers/deserialize_der2rsa.c
index 6854c7efcb..75066546ba 100644
--- a/providers/implementations/serializers/deserialize_der2rsa.c
+++ b/providers/implementations/serializers/deserialize_der2rsa.c
@@ -16,10 +16,12 @@
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/crypto.h>
+#include <openssl/err.h>
#include <openssl/params.h>
#include <openssl/x509.h>
#include "prov/bio.h"
#include "prov/implementations.h"
+#include "prov/providercommonerr.h"
#include "serializer_local.h"
static OSSL_FUNC_deserializer_newctx_fn der2rsa_newctx;
@@ -37,10 +39,12 @@ static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object;
struct der2rsa_ctx_st {
PROV_CTX *provctx;
+ int type;
+
struct pkcs8_encrypt_ctx_st sc;
};
-static void *der2rsa_newctx(void *provctx)
+static struct der2rsa_ctx_st *der2rsa_newctx_int(void *provctx)
{
struct der2rsa_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
@@ -52,6 +56,24 @@ static void *der2rsa_newctx(void *provctx)
return ctx;
}
+static void *der2rsa_newctx(void *provctx)
+{
+ struct der2rsa_ctx_st *ctx = der2rsa_newctx_int(provctx);
+
+ if (ctx != NULL)
+ ctx->type = EVP_PKEY_RSA;
+ return ctx;
+}
+
+static void *der2rsapss_newctx(void *provctx)
+{
+ struct der2rsa_ctx_st *ctx = der2rsa_newctx_int(provctx);
+
+ if (ctx != NULL)
+ ctx->type = EVP_PKEY_RSA_PSS;
+ return ctx;
+}
+
static void der2rsa_freectx(void *vctx)
{
struct der2rsa_ctx_st *ctx = vctx;
@@ -166,7 +188,7 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
}
derp = der;
- if ((pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &derp, der_len,
+ if ((pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len,
libctx, NULL)) != NULL) {
/* Tear out the RSA pointer from the pkey */
rsa = EVP_PKEY_get1_RSA(pkey);
@@ -177,10 +199,27 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
if (rsa != NULL) {
OSSL_PARAM params[3];
+ char *object_type = NULL;
+
+ switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
+ case RSA_FLAG_TYPE_RSA:
+ object_type = "RSA";
+ break;
+ case RSA_FLAG_TYPE_RSASSAPSS:
+ object_type = "RSA-PSS";
+ break;
+ default:
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_RSA_KEY,
+ "Expected the RSA type to be %d or %d, but got %d",
+ RSA_FLAG_TYPE_RSA, RSA_FLAG_TYPE_RSASSAPSS,
+ RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK));
+ goto end;
+ }
+
params[0] =
OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_DATA_TYPE,
- "RSA", 0);
+ object_type, 0);
/* The address of the key becomes the octet string */
params[1] =
OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_REFERENCE,
@@ -189,17 +228,18 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
ok = data_cb(params, data_cbarg);
}
+ end:
RSA_free(rsa);
return ok;
}
-static int der2rsa_export_object(void *vctx,
- const void *reference, size_t reference_sz,
- OSSL_CALLBACK *export_cb, void *export_cbarg)
+static int der2rsa_export_object_int(void *vctx,
+ const void *reference, size_t reference_sz,
+ OSSL_FUNC_keymgmt_export_fn *rsa_export,
+ OSSL_CALLBACK *export_cb,
+ void *export_cbarg)
{
- OSSL_FUNC_keymgmt_export_fn *rsa_export =
- ossl_prov_get_keymgmt_rsa_export();
void *keydata;
if (reference_sz == sizeof(keydata) && rsa_export != NULL) {
@@ -212,6 +252,26 @@ static int der2rsa_export_object(void *vctx,
return 0;
}
+static int der2rsa_export_object(void *vctx,
+ const void *reference, size_t reference_sz,
+ OSSL_CALLBACK *export_cb,
+ void *export_cbarg)
+{
+ return der2rsa_export_object_int(vctx, reference, reference_sz,
+ ossl_prov_get_keymgmt_rsa_export(),
+ export_cb, export_cbarg);
+}
+
+static int der2rsapss_export_object(void *vctx,
+ const void *reference, size_t reference_sz,
+ OSSL_CALLBACK *export_cb,
+ void *export_cbarg)
+{
+ return der2rsa_export_object_int(vctx, reference, reference_sz,
+ ossl_prov_get_keymgmt_rsapss_export(),
+ export_cb, export_cbarg);
+}
+
const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = {
{ OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))der2rsa_newctx },
{ OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))der2rsa_freectx },
@@ -229,3 +289,21 @@ const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = {
(void (*)(void))der2rsa_export_object },
{ 0, NULL }
};
+
+const OSSL_DISPATCH der_to_rsapss_deserializer_functions[] = {
+ { OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))der2rsapss_newctx },
+ { OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))der2rsa_freectx },
+ { OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS,
+ (void (*)(void))der2rsa_gettable_params },
+ { OSSL_FUNC_DESERIALIZER_GET_PARAMS,
+ (void (*)(void))der2rsa_get_params },
+ { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS,
+ (void (*)(void))der2rsa_settable_ctx_params },
+ { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS,
+ (void (*)(void))der2rsa_set_ctx_params },
+ { OSSL_FUNC_DESERIALIZER_DESERIALIZE,
+ (void (*)(void))der2rsa_deserialize },
+ { OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT,
+ (void (*)(void))der2rsapss_export_object },
+ { 0, NULL }
+};
diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h
index a94418bb2a..f1d2fe743c 100644
--- a/providers/implementations/serializers/serializer_local.h
+++ b/providers/implementations/serializers/serializer_local.h
@@ -38,9 +38,11 @@ OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *f
OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns);
OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void);
+OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void);
OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void);
OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void);
OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void);
+OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void);
OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void);
OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dh_free(void);
OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dh_import(void);
diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c
index d0cea458d1..9250d49735 100644
--- a/providers/implementations/serializers/serializer_rsa.c
+++ b/providers/implementations/serializers/serializer_rsa.c
@@ -27,6 +27,11 @@ OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void)
return ossl_prov_get_keymgmt_new(rsa_keymgmt_functions);
}
+OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void)
+{
+ return ossl_prov_get_keymgmt_new(rsapss_keymgmt_functions);
+}
+
OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void)
{
return ossl_prov_get_keymgmt_free(rsa_keymgmt_functions);
@@ -42,6 +47,11 @@ OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void)
return ossl_prov_get_keymgmt_export(rsa_keymgmt_functions);
}
+OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void)
+{
+ return ossl_prov_get_keymgmt_export(rsapss_keymgmt_functions);
+}
+
int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv)
{
const char *modulus_label;
@@ -199,6 +209,7 @@ int ossl_prov_prepare_rsa_params(const void *rsa, int nid,
case RSA_FLAG_TYPE_RSASSAPSS:
if (rsa_pss_params_30_is_unrestricted(pss)) {
*pstrtype = V_ASN1_UNDEF;
+ return 1;
} else {
ASN1_STRING *astr = NULL;
WPACKET pkt;
diff --git a/test/serdes_test.c b/test/serdes_test.c
index b4f3d0b5c8..0fc5cb7b4d 100644
--- a/test/serdes_test.c
+++ b/test/serdes_test.c
@@ -29,6 +29,8 @@
static EVP_PKEY *key_RSA = NULL;
static EVP_PKEY *legacy_key_RSA = NULL;
+static EVP_PKEY *key_RSA_PSS = NULL;
+static EVP_PKEY *legacy_key_RSA_PSS = NULL;
static EVP_PKEY *make_RSA(const char *rsa_type, int make_legacy)
{
@@ -60,10 +62,10 @@ typedef int (serializer)(void **serialized, long *serialized_len,
typedef int (deserializer)(void **object,
void *serialized, long serialized_len,
const char *pass, const char *pcipher);
-typedef int (checker)(int type, const void *data, size_t data_len);
+typedef int (checker)(const char *type, const void *data, size_t data_len);
typedef void (dumper)(const char *label, const void *data, size_t data_len);
-static int test_serialize_deserialize(EVP_PKEY *pkey,
+static int test_serialize_deserialize(const char *type, EVP_PKEY *pkey,
const char *pass, const char *pcipher,
serializer *serialize_cb,
deserializer *deserialize_cb,
@@ -79,7 +81,7 @@ static int test_serialize_deserialize(EVP_PKEY *pkey,
if (!serialize_cb(&serialized, &serialized_len, pkey,
pass, pcipher, ser_propq)
- || !check_cb(EVP_PKEY_base_id(pkey), serialized, serialized_len)
+ || !check_cb(type, serialized, serialized_len)
|| !deserialize_cb((void **)&pkey2, serialized, serialized_len,
pass, pcipher)
|| !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
@@ -232,7 +234,7 @@ static void dump_pem(const char *label, const void *data, size_t data_len)
test_output_string(label, data, data_len - 1);
}
-static int check_unprotected_PKCS8_DER(int type,
+static int check_unprotected_PKCS8_DER(const char *type,
const void *data, size_t data_len)
{
const unsigned char *datap = data;
@@ -243,7 +245,7 @@ static int check_unprotected_PKCS8_DER(int type,
if (TEST_ptr(p8inf)) {
EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
- ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, "RSA")));
+ ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
EVP_PKEY_free(pkey);
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -252,7 +254,7 @@ static int check_unprotected_PKCS8_DER(int type,
static int test_unprotected_RSA_via_DER(void)
{
- return test_serialize_deserialize(key_RSA, NULL, NULL,
+ return test_serialize_deserialize("RSA", key_RSA, NULL, NULL,
serialize_EVP_PKEY_prov,
deserialize_EVP_PKEY_prov,
check_unprotected_PKCS8_DER, dump_der,
@@ -260,7 +262,17 @@ static int test_unprotected_RSA_via_DER(void)
0);
}
-static int check_unprotected_PKCS8_PEM(int type,
+static int test_unprotected_RSA_PSS_via_DER(void)
+{
+ return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, NULL, NULL,
+ serialize_EVP_PKEY_prov,
+ deserialize_EVP_PKEY_prov,
+ check_unprotected_PKCS8_DER, dump_der,
+ OSSL_SERIALIZER_PrivateKey_TO_DER_PQ,
+ 0);
+}
+
+static int check_unprotected_PKCS8_PEM(const char *type,
const void *data, size_t data_len)
{
static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----";
@@ -270,7 +282,17 @@ static int check_unprotected_PKCS8_PEM(int type,
static int test_unprotected_RSA_via_PEM(void)
{
- return test_serialize_deserialize(key_RSA, NULL, NULL,
+ return test_serialize_deserialize("RSA", key_RSA, NULL, NULL,
+ serialize_EVP_PKEY_prov,
+ deserialize_EVP_PKEY_prov,
+ check_unprotected_PKCS8_PEM, dump_pem,
+ OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ,
+ 0);
+}
+
+static int test_unprotected_RSA_PSS_via_PEM(void)
+{
+ return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, NULL, NULL,
serialize_EVP_PKEY_prov,
deserialize_EVP_PKEY_prov,
check_unprotected_PKCS8_PEM, dump_pem,
@@ -278,17 +300,29 @@ static int test_unprotected_RSA_via_PEM(void)
0);
}
-static int check_unprotected_legacy_PEM(int type,
+static int check_unprotected_legacy_PEM(const char *type,
const void *data, size_t data_len)
{
- static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----";
+ static char pem_header[80];
- return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
+ return
+ TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
+ "-----BEGIN %s PRIVATE KEY-----", type), 0)
+ && TEST_strn_eq(data, pem_header, strlen(pem_header));
}
static int test_unprotected_RSA_via_legacy_PEM(void)
{
- return test_serialize_deserialize(legacy_key_RSA, NULL, NULL,
+ return test_serialize_deserialize("RSA", legacy_key_RSA, NULL, NULL,
+ serialize_EVP_PKEY_legacy_PEM,
+ deserialize_EVP_PKEY_prov,
+ check_unprotected_legacy_PEM, dump_pem,
+ NULL, 1);
+}
+
+static int test_unprotected_RSA_PSS_via_legacy_PEM(void)
+{
+ return test_serialize_deserialize("RSA-PSS", legacy_key_RSA_PSS, NULL, NULL,
serialize_EVP_PKEY_legacy_PEM,
deserialize_EVP_PKEY_prov,
check_unprotected_legacy_PEM, dump_pem,
@@ -298,7 +332,7 @@ static int test_unprotected_RSA_via_legacy_PEM(void)
static const char *pass_cipher = "AES-256-CBC";
static const char *pass = "the holy handgrenade of antioch";
-static int check_protected_PKCS8_DER(int type,
+static int check_protected_PKCS8_DER(const char *type,
const void *data, size_t data_len)
{
const unsigned char *datap = data;
@@ -311,7 +345,17 @@ static int check_protected_PKCS8_DER(int type,
static int test_protected_RSA_via_DER(void)
{
- return test_serialize_deserialize(key_RSA, pass, pass_cipher,
+ return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher,
+ serialize_EVP_PKEY_prov,
+ deserialize_EVP_PKEY_prov,
+ check_protected_PKCS8_DER, dump_der,
+ OSSL_SERIALIZER_PrivateKey_TO_DER_PQ,
+ 0);
+}
+
+static int test_protected_RSA_PSS_via_DER(void)
+{
+ return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher,
serialize_EVP_PKEY_prov,
deserialize_EVP_PKEY_prov,
check_protected_PKCS8_DER, dump_der,
@@ -319,7 +363,7 @@ static int test_protected_RSA_via_DER(void)
0);
}
-static int check_protected_PKCS8_PEM(int type,
+static int check_protected_PKCS8_PEM(const char *type,
const void *data, size_t data_len)
{
static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----";
@@ -329,7 +373,17 @@ static int check_protected_PKCS8_PEM(int type,
static int test_protected_RSA_via_PEM(void)
{
- return test_serialize_deserialize(key_RSA, pass, pass_cipher,
+ return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher,
+ serialize_EVP_PKEY_prov,
+ deserialize_EVP_PKEY_prov,
+ check_protected_PKCS8_PEM, dump_pem,
+ OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ,
+ 0);
+}
+
+static int test_protected_RSA_PSS_via_PEM(void)
+{
+ return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, pass, pass_cipher,
serialize_EVP_PKEY_prov,
deserialize_EVP_PKEY_prov,
check_protected_PKCS8_PEM, dump_pem,
@@ -337,19 +391,31 @@ static int test_protected_RSA_via_PEM(void)
0);
}
-static int check_protected_legacy_PEM(int type,
+static int check_protected_legacy_PEM(const char *type,
const void *data, size_t data_len)
{
- static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----";
+ static char pem_header[80];
return
- TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1)
+ TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
+ "-----BEGIN %s PRIVATE KEY-----", type), 0)
+ && TEST_strn_eq(data, pem_header, strlen(pem_header))
&& TEST_ptr(strstr(data, "\nDEK-Info: "));
}
static int test_protected_RSA_via_legacy_PEM(void)
{
- return test_serialize_deserialize(legacy_key_RSA, pass, pass_cipher,
+ return test_serialize_deserialize("RSA", legacy_key_RSA, pass, pass_cipher,
+ serialize_EVP_PKEY_legacy_PEM,
+ deserialize_EVP_PKEY_prov,
+ check_protected_legacy_PEM, dump_pem,
+ NULL, 1);
+}
+
+static int test_protected_RSA_PSS_via_legacy_PEM(void)
+{
+ return test_serialize_deserialize("RSA-PSS", legacy_key_RSA_PSS,
+ pass, pass_cipher,
serialize_EVP_PKEY_legacy_PEM,
deserialize_EVP_PKEY_prov,
check_protected_legacy_PEM, dump_pem,
@@ -360,9 +426,13 @@ int setup_tests(void)
{
TEST_info("Generating keys...");
if (!TEST_ptr(key_RSA = make_RSA("RSA", 0))
- || !TEST_ptr(legacy_key_RSA = make_RSA("RSA", 1))) {
+ || !TEST_ptr(legacy_key_RSA = make_RSA("RSA", 1))
+ || !TEST_ptr(key_RSA_PSS = make_RSA("RSA-PSS", 0))
+ || !TEST_ptr(legacy_key_RSA_PSS = make_RSA("RSA-PSS", 1))) {
EVP_PKEY_free(key_RSA);
EVP_PKEY_free(legacy_key_RSA);
+ EVP_PKEY_free(key_RSA_PSS);
+ EVP_PKEY_free(legacy_key_RSA_PSS);
return 0;
}
TEST_info("Generating key... done");
@@ -373,6 +443,12 @@ int setup_tests(void)
ADD_TEST(test_protected_RSA_via_DER);
ADD_TEST(test_protected_RSA_via_PEM);
ADD_TEST(test_protected_RSA_via_legacy_PEM);
+ ADD_TEST(test_unprotected_RSA_PSS_via_DER);
+ ADD_TEST(test_unprotected_RSA_PSS_via_PEM);
+ ADD_TEST(test_unprotected_RSA_PSS_via_legacy_PEM);
+ ADD_TEST(test_protected_RSA_PSS_via_DER);
+ ADD_TEST(test_protected_RSA_PSS_via_PEM);
+ ADD_TEST(test_protected_RSA_PSS_via_legacy_PEM);
return 1;
}
More information about the openssl-commits
mailing list