X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=test_params.c;h=f7d4b90f8fbb3989ea9b94ce4713f9e38bfb0207;hb=7e6ed644cf97385a95544fcc889e2eb16bcc93ed;hp=972af24196338e853093b655a21c78ac95154df5;hpb=9bcbcfa0193491800b3d0afa140828488b6b84de;p=openssl-gost%2Fengine.git diff --git a/test_params.c b/test_params.c index 972af24..f7d4b90 100644 --- a/test_params.c +++ b/test_params.c @@ -882,7 +882,7 @@ static void print_test_result(int err) static int test_cert(struct test_cert *tc) { - int err = 0; + int ret = 0, err; X509 *x; const unsigned char *p; @@ -917,15 +917,41 @@ static int test_cert(struct test_cert *tc) /* * Verify */ - printf(" X509_verify API\t"); + printf(" X509_verify API\t\t"); fflush(stdout); EVP_PKEY *pk; TE(pk = X509_get0_pubkey(x)); /* Similar to: openssl verify -partial_chain -check_ss_sig ... */ + /* X509_verify uses EVP_DigestVerify internally */ err = X509_verify(x, pk); print_test_result(err); + ret |= err != 1; - return err != 1; + /* Verify manually. */ + const ASN1_BIT_STRING *signature; + X509_get0_signature(&signature, NULL, x); + unsigned char *tbs = NULL; /* signed part */ + int tbs_len; + T((tbs_len = i2d_re_X509_tbs(x, &tbs)) > 0); + int algnid, hash_nid, pknid; + T(algnid = X509_get_signature_nid(x)); + T(OBJ_find_sigid_algs(algnid, &hash_nid, &pknid)); + + printf(" EVP_Verify API\t\t"); + EVP_MD_CTX *md_ctx; + T(md_ctx = EVP_MD_CTX_new()); + const EVP_MD *mdtype; + T(mdtype = EVP_get_digestbynid(hash_nid)); + T(EVP_VerifyInit(md_ctx, mdtype)); + T(EVP_VerifyUpdate(md_ctx, tbs, tbs_len)); + err = EVP_VerifyFinal(md_ctx, signature->data, signature->length, pk); + print_test_result(err); + EVP_MD_CTX_free(md_ctx); + ret |= err != 1; + + X509_free(x); + OPENSSL_free(tbs); + return ret; } /* Generate EC_KEY with proper parameters using temporary PKEYs. @@ -1013,32 +1039,53 @@ static int test_param(struct test_param *t) T(ctx = EVP_PKEY_CTX_new(pkey, NULL)); unsigned char *sig; T(sig = OPENSSL_malloc(siglen)); - /* Need to reverse provided signature for unknown reason */ + /* Need to reverse provided signature for unknown reason, + * contrary to how it goes into signature. */ BUF_reverse(sig, t->signature, siglen); /* Verify using EVP_PKEY_verify API */ - printf(" EVP_PKEY_verify API\t"); + printf(" EVP_PKEY_verify API\t\t"); T(EVP_PKEY_verify_init(ctx)); err = EVP_PKEY_verify(ctx, sig, siglen, t->hash, t->len); + EVP_PKEY_CTX_free(ctx); print_test_result(err); ret |= err != 1; /* Verify using EVP_Verify API */ if (t->data) { - printf(" EVP_Verify API\t"); + printf(" EVP_Verify API\t\t"); EVP_MD_CTX *md_ctx; T(md_ctx = EVP_MD_CTX_new()); const EVP_MD *mdtype; T(mdtype = EVP_get_digestbynid(hash_nid)); T(EVP_VerifyInit(md_ctx, mdtype)); - T(EVP_VerifyUpdate(md_ctx, t->data, t->data_len)); + /* Feed byte-by-byte. */ + int i; + for (i = 0; i < t->data_len; i++) + T(EVP_VerifyUpdate(md_ctx, &t->data[i], 1)); err = EVP_VerifyFinal(md_ctx, sig, siglen, pkey); print_test_result(err); EVP_MD_CTX_free(md_ctx); ret |= err != 1; } + /* Verify using EVP_DigestVerifyInit API */ + if (t->data) { + printf(" EVP_DigestVerifyInit API\t"); + EVP_MD_CTX *md_ctx; + T(md_ctx = EVP_MD_CTX_new()); + const EVP_MD *mdtype; + T(mdtype = EVP_get_digestbynid(hash_nid)); + T(EVP_DigestVerifyInit(md_ctx, NULL, mdtype, NULL, pkey)); + /* Verify in one step. */ + err = EVP_DigestVerify(md_ctx, sig, siglen, t->data, t->data_len); + print_test_result(err); + EVP_MD_CTX_free(md_ctx); + ret |= err != 1; + } + OPENSSL_free(sig); + EVP_PKEY_free(pkey); return ret; } @@ -1046,9 +1093,13 @@ int main(int argc, char **argv) { int ret = 0; - setenv("OPENSSL_CONF", "../example.conf", 0); + setenv("OPENSSL_ENGINES", ENGINE_DIR, 0); OPENSSL_add_all_algorithms_conf(); ERR_load_crypto_strings(); + ENGINE *eng; + T(eng = ENGINE_by_id("gost")); + T(ENGINE_init(eng)); + T(ENGINE_set_default(eng, ENGINE_METHOD_ALL)); struct test_param **tpp; for (tpp = test_params; *tpp; tpp++) @@ -1058,5 +1109,8 @@ int main(int argc, char **argv) for (tc = test_certs; tc->cert; tc++) ret |= test_cert(tc); + ENGINE_finish(eng); + ENGINE_free(eng); + return ret; }