mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 21:13:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

endecode_test: Handle expected failures for non-fips ec keys

Browse Source 
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17998)
This commit is contained in:
Tomas Mraz 2022-03-30 17:00:01 +02:00
parent 638c3a28af
commit e8a4145968
1 changed files with 49 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
test/endecode_test.c
View File

@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
typedef void (dumper)(const char *label, const void *data, size_t data_len);
#define FLAG_DECODE_WITH_TYPE 0x0001
#define FLAG_FAIL_IF_FIPS 0x0002
static int test_encode_decode(const char *file, const int line,
const char *type, EVP_PKEY *pkey,
@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
* dumping purposes.
*/
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
output_type, output_structure, pass, pcipher))
|| !TEST_true(check_cb(file, line, type, encoded, encoded_len))
output_type, output_structure, pass, pcipher)))
goto end;
if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
encoded_len, output_type, output_structure,
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
selection, pass)))
ok = 1;
goto end;
}
if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
output_type, output_structure,
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
return ok;
}
static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
"DER", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_unprotected_PKCS8_DER,
dump_der, 0);
dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_unprotected_PKCS8_PEM(const char *file, const int line,
@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
"PEM", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_unprotected_PKCS8_PEM,
dump_pem, 0);
dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
#ifndef OPENSSL_NO_KEYPARAMS
@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
return ok;
}
static int test_protected_via_DER(const char *type, EVP_PKEY *key)
static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_protected_PKCS8_DER,
dump_der, 0);
dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_protected_PKCS8_PEM(const char *file, const int line,
@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_protected_PKCS8_PEM,
dump_pem, 0);
dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_protected_legacy_PEM(const char *file, const int line,
@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
return ok;
}
static int test_public_via_DER(const char *type, EVP_PKEY *key)
static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"DER", "SubjectPublicKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_public_DER, dump_der, 0);
test_mem, check_public_DER, dump_der,
fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_public_PEM(const char *file, const int line,
@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
static int test_public_via_PEM(const char *type, EVP_PKEY *key)
static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"PEM", "SubjectPublicKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_public_PEM, dump_pem, 0);
test_text, check_public_PEM, dump_pem,
fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_public_MSBLOB(const char *file, const int line,
@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
EVP_PKEY_free(template_##KEYTYPE); \
EVP_PKEY_free(key_##KEYTYPE)
#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
static int test_unprotected_##KEYTYPE##_via_DER(void) \
{ \
return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_unprotected_##KEYTYPE##_via_PEM(void) \
{ \
return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_protected_##KEYTYPE##_via_DER(void) \
{ \
return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_protected_##KEYTYPE##_via_PEM(void) \
{ \
return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_public_##KEYTYPE##_via_DER(void) \
{ \
return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_public_##KEYTYPE##_via_PEM(void) \
{ \
return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
}
#define ADD_TEST_SUITE(KEYTYPE) \
@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
#ifndef OPENSSL_NO_DH
DOMAIN_KEYS(DH);
IMPLEMENT_TEST_SUITE(DH, "DH")
IMPLEMENT_TEST_SUITE(DH, "DH", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
DOMAIN_KEYS(DHX);
IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
/*
* DH has no support for PEM_write_bio_PrivateKey_traditional(),
@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
#endif
#ifndef OPENSSL_NO_DSA
DOMAIN_KEYS(DSA);
IMPLEMENT_TEST_SUITE(DSA, "DSA")
IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
#endif
#ifndef OPENSSL_NO_EC
DOMAIN_KEYS(EC);
IMPLEMENT_TEST_SUITE(EC, "EC")
IMPLEMENT_TEST_SUITE(EC, "EC", 1)
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
DOMAIN_KEYS(ECExplicitPrime2G);
IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
DOMAIN_KEYS(ECExplicitTri2G);
IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
# endif
KEYS(ED25519);
IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
KEYS(ED448);
IMPLEMENT_TEST_SUITE(ED448, "ED448")
IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
KEYS(X25519);
IMPLEMENT_TEST_SUITE(X25519, "X25519")
IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
KEYS(X448);
IMPLEMENT_TEST_SUITE(X448, "X448")
IMPLEMENT_TEST_SUITE(X448, "X448", 1)
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
*/
#endif
KEYS(RSA);
IMPLEMENT_TEST_SUITE(RSA, "RSA")
IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
KEYS(RSA_PSS);
IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
/*
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
* so no legacy tests.