From fda127beb2b3c029741573b0dd931295b3446fd2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 10 Mar 2020 23:10:29 +0100 Subject: [PATCH] TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/11302) --- test/ecdsatest.c | 45 ++++++++++------------------------ test/recipes/20-test_pkeyutl.t | 4 +-- test/recipes/25-test_req.t | 8 +++--- test/recipes/25-test_verify.t | 6 ++--- test/recipes/80-test_ca.t | 4 +-- test/verify_extra_test.c | 32 +++++++++++------------- 6 files changed, 37 insertions(+), 62 deletions(-) diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 9747fb9042..4e343f0834 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -212,20 +212,9 @@ static int set_sm2_id(EVP_MD_CTX *mctx, EVP_PKEY *pkey) static const char sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; EVP_PKEY_CTX *pctx; - if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)) + if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx)) || !TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, sm2_id, sizeof(sm2_id)), 0)) return 0; - EVP_MD_CTX_set_pkey_ctx(mctx, pctx); - return 1; -} - -static int clean_sm2_id(EVP_MD_CTX *mctx) -{ - EVP_PKEY_CTX *pctx; - - if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx))) - return 0; - EVP_PKEY_CTX_free(pctx); return 1; } @@ -283,46 +272,40 @@ static int test_builtin(int n, int as) if (!TEST_int_ge(temp, 0) || !TEST_ptr(sig = OPENSSL_malloc(sig_len = (size_t)temp)) /* create a signature */ - || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_true(EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_true(EVP_DigestSign(mctx, sig, &sig_len, tbs, sizeof(tbs))) || !TEST_int_le(sig_len, ECDSA_size(eckey)) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx)) /* negative test, verify with wrong key, 0 return */ - || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg)) || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey_neg)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx)) /* negative test, verify with wrong signature length, -1 return */ - || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len - 1, tbs, sizeof(tbs)), -1) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx)) /* positive test, verify with correct key, 1 return */ - || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx))) goto err; /* muck with the message, test it fails with 0 return */ tbs[0] ^= 1; - if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) - || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx))) goto err; /* un-muck and test it verifies */ tbs[0] ^= 1; - if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) - || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx))) goto err; @@ -355,18 +338,16 @@ static int test_builtin(int n, int as) offset = tbs[0] % sig_len; dirt = tbs[1] ? tbs[1] : 1; sig[offset] ^= dirt; - if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) - || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_ne(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx))) goto err; /* un-muck and test it verifies */ sig[offset] ^= dirt; - if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) - || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey)) + || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) || !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1) - || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx)) || !TEST_true(EVP_MD_CTX_reset(mctx))) goto err; diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index f923f7cdc8..2d9aae29cd 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -29,13 +29,13 @@ SKIP: { '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.key'), '-out', 'sm2.sig', '-rawin', - '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), + '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), "Sign a piece of data using SM2"); ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.pem'), '-sigfile', 'sm2.sig', '-rawin', - '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), + '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), "Verify an SM2 signature against a piece of data"); } diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 662109c896..0567adf702 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -191,27 +191,27 @@ subtest "generating SM2 certificate requests" => sub { ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), - "-sigopt", "sm2_id:1234567812345678", + "-sigopt", "distid:1234567812345678", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", - "-sm2-id", "1234567812345678", "-sm3"])), + "-vfyopt", "distid:1234567812345678", "-sm3"])), "Verifying signature on SM2 certificate request"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), - "-sigopt", "sm2_hex_id:DEADBEEF", + "-sigopt", "hexdistid:DEADBEEF", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request with hex id"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", - "-sm2-hex-id", "DEADBEEF", "-sm3"])), + "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])), "Verifying signature on SM2 certificate request"); } }; diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 219e7e1149..c0de243708 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -378,10 +378,8 @@ SKIP: { skip "SM2 is not supported by this OpenSSL build", 2 if disabled("sm2"); - # Test '-sm2-id' and '-sm2-hex-id' option - ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"), + ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"), "SM2 ID test"); - ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id", - "31323334353637383132333435363738"), + ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"), "SM2 hex ID test"); } diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index c01bc389fa..5b4f59b69b 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -59,8 +59,8 @@ SKIP: { srctop_file("test", "CAss.cnf"), "-in", srctop_file("test", "certs", "sm2-csr.pem"), "-out", "sm2-test.crt", - "-sigopt", "sm2_id:1234567812345678", - "-sm2-id", "1234567812345678", + "-sigopt", "distid:1234567812345678", + "-vfyopt", "distid:1234567812345678", "-md", "sm3", "-cert", srctop_file("test", "certs", "sm2-root.crt"), "-keyfile", srctop_file("test", "certs", "sm2-root.key")]))), diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 91ed31b374..e8fe79b19a 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -179,15 +179,13 @@ static int test_store_ctx(void) OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n") -#ifndef OPENSSL_NO_SM2 -static int test_sm2_id(void) +static int test_distinguishing_id(void) { - /* we only need an X509 structure, no matter if it's a real SM2 cert */ X509 *x = NULL; BIO *bio = NULL; int ret = 0; ASN1_OCTET_STRING *v = NULL, *v2 = NULL; - char *sm2id = "this is an ID"; + char *distid = "this is an ID"; bio = BIO_new_file(bad_f, "r"); if (bio == NULL) @@ -201,14 +199,15 @@ static int test_sm2_id(void) if (v == NULL) goto err; - if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) { + if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid, + (int)strlen(distid))) { ASN1_OCTET_STRING_free(v); goto err; } - X509_set0_sm2_id(x, v); + X509_set0_distinguishing_id(x, v); - v2 = X509_get0_sm2_id(x); + v2 = X509_get0_distinguishing_id(x); if (!TEST_ptr(v2) || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) goto err; @@ -220,14 +219,13 @@ static int test_sm2_id(void) return ret; } -static int test_req_sm2_id(void) +static int test_req_distinguishing_id(void) { - /* we only need an X509_REQ structure, no matter if it's a real SM2 cert */ X509_REQ *x = NULL; BIO *bio = NULL; int ret = 0; ASN1_OCTET_STRING *v = NULL, *v2 = NULL; - char *sm2id = "this is an ID"; + char *distid = "this is an ID"; bio = BIO_new_file(req_f, "r"); if (bio == NULL) @@ -241,14 +239,15 @@ static int test_req_sm2_id(void) if (v == NULL) goto err; - if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) { + if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid, + (int)strlen(distid))) { ASN1_OCTET_STRING_free(v); goto err; } - X509_REQ_set0_sm2_id(x, v); + X509_REQ_set0_distinguishing_id(x, v); - v2 = X509_REQ_get0_sm2_id(x); + v2 = X509_REQ_get0_distinguishing_id(x); if (!TEST_ptr(v2) || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) goto err; @@ -259,7 +258,6 @@ static int test_req_sm2_id(void) BIO_free(bio); return ret; } -#endif int setup_tests(void) { @@ -276,9 +274,7 @@ int setup_tests(void) ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); -#ifndef OPENSSL_NO_SM2 - ADD_TEST(test_sm2_id); - ADD_TEST(test_req_sm2_id); -#endif + ADD_TEST(test_distinguishing_id); + ADD_TEST(test_req_distinguishing_id); return 1; } -- 2.25.1