From d95466931ddf6f26f840ae3e42594924d25f395e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 3 Sep 2015 15:46:43 +0100 Subject: [PATCH] PBE lookup test Add test to check PBE lookups: these can fail if the PBE table is not correctly orders. Add to "make test". Reviewed-by: Matt Caswell --- crypto/evp/evp_pbe.c | 40 +++++++------------ include/openssl/evp.h | 1 + test/Makefile | 16 ++++++-- test/pbelutest.c | 92 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 120 insertions(+), 29 deletions(-) create mode 100644 test/pbelutest.c diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 13d96587a3..b9330f5cd1 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -122,31 +122,6 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} }; -#ifdef TEST -int main(int argc, char **argv) -{ - int i, nid_md, nid_cipher; - EVP_PBE_CTL *tpbe, *tpbe2; - /* - * OpenSSL_add_all_algorithms(); - */ - - for (i = 0; i < OSSL_NELEM(builtin_pbe); i++) { - tpbe = builtin_pbe + i; - fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, - OBJ_nid2sn(tpbe->pbe_nid)); - if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, - &nid_cipher, &nid_md, 0)) - fprintf(stderr, "Found %s %s\n", - OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md)); - else - fprintf(stderr, "Find ERROR!!\n"); - } - - return 0; -} -#endif - int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { @@ -302,3 +277,18 @@ void EVP_PBE_cleanup(void) sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); pbe_algs = NULL; } + +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num) +{ + const EVP_PBE_CTL *tpbe; + + if (num >= OSSL_NELEM(builtin_pbe)) + return 0; + + tpbe = builtin_pbe + num; + if (ptype) + *ptype = tpbe->pbe_type; + if (ppbe_nid) + *ppbe_nid = tpbe->pbe_nid; + return 1; +} diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ddefbf6436..d5333e29fe 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1105,6 +1105,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen); void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); # define ASN1_PKEY_ALIAS 0x1 # define ASN1_PKEY_DYNAMIC 0x2 diff --git a/test/Makefile b/test/Makefile index 4c41f51b23..2f0913151f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -35,6 +35,7 @@ ECDSATEST= ecdsatest ECDHTEST= ecdhtest EXPTEST= exptest GMDIFFTEST= gmdifftest +PBELUTEST= pbelutest IDEATEST= ideatest SHA1TEST= sha1test SHA256TEST= sha256t @@ -79,7 +80,7 @@ SSLSKEWITH0PTEST= sslskewith0ptest.pl TESTS= alltests -EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(GMDIFFTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ +EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(GMDIFFTEST)$(EXE_EXT) $(PBELUTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \ $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ $(DESTEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ @@ -97,7 +98,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) # $(METHTEST)$(EXE_EXT) -OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(GMDIFFTEST).o $(IDEATEST).o \ +OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(GMDIFFTEST).o $(PBELUTEST).o $(IDEATEST).o \ $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ $(HMACTEST).o $(WPTEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ @@ -110,7 +111,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(GMDIFFTEST).o $(IDE $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \ $(PACKETTEST).o testutil.o -SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(GMDIFFTEST).c $(IDEATEST).c \ +SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(GMDIFFTEST).c $(PBELUTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c $(WPTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ @@ -152,7 +153,7 @@ apps: alltests: \ test_des test_gmdiff test_idea test_sha test_md4 test_md5 test_hmac \ - test_md2 test_mdc2 test_wp \ + test_pbelu test_md2 test_mdc2 test_wp \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ @@ -184,6 +185,10 @@ test_gmdiff: $(GMDIFFTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(GMDIFFTEST) +test_pbelu: $(PBELUTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(PBELUTEST) + test_idea: $(IDEATEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(IDEATEST) @@ -504,6 +509,9 @@ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) $(GMDIFFTEST)$(EXE_EXT): $(GMDIFFTEST).o $(DLIBCRYPTO) @target=$(GMDIFFTEST); $(BUILD_CMD) +$(PBELUTEST)$(EXE_EXT): $(PBELUTEST).o $(DLIBCRYPTO) + @target=$(PBELUTEST); $(BUILD_CMD) + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) @target=$(MD2TEST); $(BUILD_CMD) diff --git a/test/pbelutest.c b/test/pbelutest.c new file mode 100644 index 0000000000..dafae78ff7 --- /dev/null +++ b/test/pbelutest.c @@ -0,0 +1,92 @@ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +/* + * Password based encryption (PBE) table ordering test. + * Attempt to look up all supported algorithms. + */ + +int main(int argc, char **argv) +{ + size_t i; + int rv = 0; + int pbe_type, pbe_nid; + int last_type = -1, last_nid = -1; + for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { + if (EVP_PBE_find(pbe_type, pbe_nid, NULL, NULL, 0) == 0) { + rv = 1; + break; + } + } + if (rv == 0) + return 0; + /* Error: print out whole table */ + for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { + if (pbe_type > last_type) + rv = 0; + else if (pbe_type < last_type || pbe_nid < last_nid) + rv = 1; + else + rv = 0; + fprintf(stderr, "PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid, + OBJ_nid2sn(pbe_nid), rv ? "ERROR" : "OK"); + last_type = pbe_type; + last_nid = pbe_nid; + } + return 1; +} -- 2.40.0