diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-05 08:58:37 +0200 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-10 05:23:50 +0200 |
| commit | d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021 (patch) | |
| tree | 0ccdd13e9d8c5d229523a6317e2ead4568e9a21a /test | |
| parent | checksum fix (diff) | |
| download | openssl-d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021.tar.xz openssl-d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021.zip | |
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key unencrypted
In earlier alpha releases OSSL_num_encoders() returned 0 for this test
case, which then meant that the legacy path was run, and the key was
then correctly encrypted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15152)
Diffstat (limited to 'test')
| -rw-r--r-- | test/evp_extra_test2.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index 6d5303ab9d..2e5861c77f 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -290,6 +290,40 @@ done: return ret; } +#ifndef OPENSSL_NO_DES +static int test_pkcs8key_nid_bio(void) +{ + int ret; + const int nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + static const char pwd[] = "PASSWORD"; + EVP_PKEY *pkey = NULL, *pkey_dec = NULL; + BIO *in = NULL, *enc_bio = NULL; + char *enc_data = NULL; + long enc_datalen = 0; + OSSL_PROVIDER *provider = NULL; + + ret = TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default")) + && TEST_ptr(enc_bio = BIO_new(BIO_s_mem())) + && TEST_ptr(in = BIO_new_mem_buf(kExampleRSAKeyPKCS8, + sizeof(kExampleRSAKeyPKCS8))) + && TEST_ptr(pkey = d2i_PrivateKey_ex_bio(in, NULL, NULL, NULL)) + && TEST_int_eq(i2d_PKCS8PrivateKey_nid_bio(enc_bio, pkey, nid, + pwd, sizeof(pwd) - 1, + NULL, NULL), 1) + && TEST_int_gt(enc_datalen = BIO_get_mem_data(enc_bio, &enc_data), 0) + && TEST_ptr(pkey_dec = d2i_PKCS8PrivateKey_bio(enc_bio, NULL, NULL, + (void *)pwd)) + && TEST_true(EVP_PKEY_eq(pkey, pkey_dec)); + + EVP_PKEY_free(pkey_dec); + EVP_PKEY_free(pkey); + BIO_free(in); + BIO_free(enc_bio); + OSSL_PROVIDER_unload(provider); + return ret; +} +#endif /* OPENSSL_NO_DES */ + static int test_alternative_default(void) { OSSL_LIB_CTX *oldctx; @@ -727,6 +761,9 @@ int setup_tests(void) ADD_TEST(test_pkey_todata_null); ADD_TEST(test_pkey_export_null); ADD_TEST(test_pkey_export); +#ifndef OPENSSL_NO_DES + ADD_TEST(test_pkcs8key_nid_bio); +#endif return 1; } |