Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 fda127be 编写于 作者: R Richard Levitte
浏览文件
操作

TEST: Adapt all applicable tests to the new distinguishing ID 

Fixes #11293
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11302)
上级 2292c8e1
隐藏空白更改
内联 并排
Showing with 37 addition and 62 deletion
test/ecdsatest.c
浏览文件 @ fda127be
......@@ -212,20 +212,9 @@ static int set_sm2_id(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
static const char sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
EVP_PKEY_CTX *pctx;
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))
if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx))
|| !TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, sm2_id, sizeof(sm2_id)), 0))
return 0;
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
return 1;
}
static int clean_sm2_id(EVP_MD_CTX *mctx)
{
EVP_PKEY_CTX *pctx;
if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx)))
return 0;
EVP_PKEY_CTX_free(pctx);
return 1;
}
......@@ -283,46 +272,40 @@ static int test_builtin(int n, int as)
if (!TEST_int_ge(temp, 0)
|| !TEST_ptr(sig = OPENSSL_malloc(sig_len = (size_t)temp))
/* create a signature */
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestSign(mctx, sig, &sig_len, tbs, sizeof(tbs)))
|| !TEST_int_le(sig_len, ECDSA_size(eckey))
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* negative test, verify with wrong key, 0 return */
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey_neg))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* negative test, verify with wrong signature length, -1 return */
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len - 1, tbs, sizeof(tbs)), -1)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* positive test, verify with correct key, 1 return */
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* muck with the message, test it fails with 0 return */
tbs[0] ^= 1;
if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* un-muck and test it verifies */
tbs[0] ^= 1;
if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
......@@ -355,18 +338,16 @@ static int test_builtin(int n, int as)
offset = tbs[0] % sig_len;
dirt = tbs[1] ? tbs[1] : 1;
sig[offset] ^= dirt;
if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_ne(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* un-muck and test it verifies */
sig[offset] ^= dirt;
if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
|| (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
......
test/recipes/20-test_pkeyutl.t
浏览文件 @ fda127be
......@@ -29,13 +29,13 @@ SKIP: {
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.key'),
'-out', 'sm2.sig', '-rawin',
'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
'-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
"Sign a piece of data using SM2");
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.pem'),
'-sigfile', 'sm2.sig', '-rawin',
'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
'-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
"Verify an SM2 signature against a piece of data");
}
......
test/recipes/25-test_req.t
浏览文件 @ fda127be
......@@ -191,27 +191,27 @@ subtest "generating SM2 certificate requests" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "sm2_id:1234567812345678",
"-sigopt", "distid:1234567812345678",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
"-sm2-id", "1234567812345678", "-sm3"])),
"-vfyopt", "distid:1234567812345678", "-sm3"])),
"Verifying signature on SM2 certificate request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "sm2_hex_id:DEADBEEF",
"-sigopt", "hexdistid:DEADBEEF",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request with hex id");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
"-sm2-hex-id", "DEADBEEF", "-sm3"])),
"-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
"Verifying signature on SM2 certificate request");
}
};
......
test/recipes/25-test_verify.t
浏览文件 @ fda127be
......@@ -378,10 +378,8 @@ SKIP: {
skip "SM2 is not supported by this OpenSSL build", 2
if disabled("sm2");
# Test '-sm2-id' and '-sm2-hex-id' option
ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"),
ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"),
"SM2 ID test");
ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id",
"31323334353637383132333435363738"),
ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
"SM2 hex ID test");
}
test/recipes/80-test_ca.t
浏览文件 @ fda127be
......@@ -59,8 +59,8 @@ SKIP: {
srctop_file("test", "CAss.cnf"),
"-in", srctop_file("test", "certs", "sm2-csr.pem"),
"-out", "sm2-test.crt",
"-sigopt", "sm2_id:1234567812345678",
"-sm2-id", "1234567812345678",
"-sigopt", "distid:1234567812345678",
"-vfyopt", "distid:1234567812345678",
"-md", "sm3",
"-cert", srctop_file("test", "certs", "sm2-root.crt"),
"-keyfile", srctop_file("test", "certs", "sm2-root.key")]))),
......
test/verify_extra_test.c
浏览文件 @ fda127be
......@@ -179,15 +179,13 @@ static int test_store_ctx(void)
OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
#ifndef OPENSSL_NO_SM2
static int test_sm2_id(void)
static int test_distinguishing_id(void)
{
/* we only need an X509 structure, no matter if it's a real SM2 cert */
X509 *x = NULL;
BIO *bio = NULL;
int ret = 0;
ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
char *sm2id = "this is an ID";
char *distid = "this is an ID";
bio = BIO_new_file(bad_f, "r");
if (bio == NULL)
......@@ -201,14 +199,15 @@ static int test_sm2_id(void)
if (v == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
(int)strlen(distid))) {
ASN1_OCTET_STRING_free(v);
goto err;
}
X509_set0_sm2_id(x, v);
X509_set0_distinguishing_id(x, v);
v2 = X509_get0_sm2_id(x);
v2 = X509_get0_distinguishing_id(x);
if (!TEST_ptr(v2)
|| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
goto err;
......@@ -220,14 +219,13 @@ static int test_sm2_id(void)
return ret;
}
static int test_req_sm2_id(void)
static int test_req_distinguishing_id(void)
{
/* we only need an X509_REQ structure, no matter if it's a real SM2 cert */
X509_REQ *x = NULL;
BIO *bio = NULL;
int ret = 0;
ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
char *sm2id = "this is an ID";
char *distid = "this is an ID";
bio = BIO_new_file(req_f, "r");
if (bio == NULL)
......@@ -241,14 +239,15 @@ static int test_req_sm2_id(void)
if (v == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
(int)strlen(distid))) {
ASN1_OCTET_STRING_free(v);
goto err;
}
X509_REQ_set0_sm2_id(x, v);
X509_REQ_set0_distinguishing_id(x, v);
v2 = X509_REQ_get0_sm2_id(x);
v2 = X509_REQ_get0_distinguishing_id(x);
if (!TEST_ptr(v2)
|| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
goto err;
......@@ -259,7 +258,6 @@ static int test_req_sm2_id(void)
BIO_free(bio);
return ret;
}
#endif
int setup_tests(void)
{
......@@ -276,9 +274,7 @@ int setup_tests(void)
ADD_TEST(test_alt_chains_cert_forgery);
ADD_TEST(test_store_ctx);
#ifndef OPENSSL_NO_SM2
ADD_TEST(test_sm2_id);
ADD_TEST(test_req_sm2_id);
#endif
ADD_TEST(test_distinguishing_id);
ADD_TEST(test_req_distinguishing_id);
return 1;
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册