Test RSA oaep in fips mode

Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11948)
author: Shane Lontis <shane.lontis@oracle.com> 2020-07-23 09:40:40 +0200
committer: Shane Lontis <shane.lontis@oracle.com> 2020-07-23 09:40:40 +0200
commit: ae89578be2930c726d6ef56451233757a89f224f (patch)
tree: dfe6f7fb5bc4b550b67bea0fe219fd6a132bd944 /apps/pkeyutl.c
parent: Fix: uninstantiation breaks the RAND_DRBG callback mechanism (diff)
download: openssl-ae89578be2930c726d6ef56451233757a89f224f.tar.xz
openssl-ae89578be2930c726d6ef56451233757a89f224f.zip
1 files changed, 25 insertions, 5 deletions
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 231547e291..4de2a56590 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -25,7 +25,8 @@ DEFINE_STACK_OF_STRING()
 static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                               const char *keyfile, int keyform, int key_type,
                               char *passinarg, int pkey_op, ENGINE *e,
-                              const int impl, int rawin, EVP_PKEY **ppkey);
+                              const int impl, int rawin, EVP_PKEY **ppkey,
+                              OPENSSL_CTX *libctx, const char *propq);
 
 static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
                       ENGINE *e);
@@ -47,6 +48,7 @@ typedef enum OPTION_choice {
     OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
     OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
     OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
+    OPT_CONFIG,
     OPT_RAWIN, OPT_DIGEST
 } OPTION_CHOICE;
 
@@ -63,6 +65,7 @@ const OPTIONS pkeyutl_options[] = {
     {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
     {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
     {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+    OPT_CONFIG_OPTION,
 
     OPT_SECTION("Input"),
     {"in", OPT_IN, '<', "Input file - default stdin"},
@@ -100,6 +103,7 @@ const OPTIONS pkeyutl_options[] = {
 
 int pkeyutl_main(int argc, char **argv)
 {
+    CONF *conf = NULL;
     BIO *in = NULL, *out = NULL;
     ENGINE *e = NULL;
     EVP_PKEY_CTX *ctx = NULL;
@@ -122,6 +126,8 @@ int pkeyutl_main(int argc, char **argv)
     int rawin = 0;
     const EVP_MD *md = NULL;
     int filesize = -1;
+    OPENSSL_CTX *libctx = app_get0_libctx();
+    const char *propq = NULL;
 
     prog = opt_init(argc, argv, pkeyutl_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -168,6 +174,11 @@ int pkeyutl_main(int argc, char **argv)
             if (!opt_rand(o))
                 goto end;
             break;
+        case OPT_CONFIG:
+            conf = app_load_config_modules(opt_arg());
+            if (conf == NULL)
+                goto end;
+            break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
                 goto end;
@@ -281,7 +292,8 @@ int pkeyutl_main(int argc, char **argv)
         goto opthelp;
     }
     ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
-                   passinarg, pkey_op, e, engine_impl, rawin, &pkey);
+                   passinarg, pkey_op, e, engine_impl, rawin, &pkey,
+                   libctx, propq);
     if (ctx == NULL) {
         BIO_printf(bio_err, "%s: Error initializing context\n", prog);
         ERR_print_errors(bio_err);
@@ -484,6 +496,7 @@ int pkeyutl_main(int argc, char **argv)
     OPENSSL_free(sig);
     sk_OPENSSL_STRING_free(pkeyopts);
     sk_OPENSSL_STRING_free(pkeyopts_passin);
+    NCONF_free(conf);
     return ret;
 }
 
@@ -491,7 +504,8 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                               const char *keyfile, int keyform, int key_type,
                               char *passinarg, int pkey_op, ENGINE *e,
                               const int engine_impl, int rawin,
-                              EVP_PKEY **ppkey)
+                              EVP_PKEY **ppkey,
+                              OPENSSL_CTX *libctx, const char *propq)
 {
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
@@ -547,13 +561,19 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                 goto end;
             }
         }
-        ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+        if (impl != NULL)
+            ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+        else
+            ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
     } else {
         if (pkey == NULL)
             goto end;
 
         *pkeysize = EVP_PKEY_size(pkey);
-        ctx = EVP_PKEY_CTX_new(pkey, impl);
+        if (impl != NULL)
+            ctx = EVP_PKEY_CTX_new(pkey, impl);
+        else
+            ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
         if (ppkey != NULL)
             *ppkey = pkey;
         EVP_PKEY_free(pkey);
author	Shane Lontis <shane.lontis@oracle.com>	2020-07-23 09:40:40 +0200
committer	Shane Lontis <shane.lontis@oracle.com>	2020-07-23 09:40:40 +0200
commit	ae89578be2930c726d6ef56451233757a89f224f (patch)
tree	dfe6f7fb5bc4b550b67bea0fe219fd6a132bd944 /apps/pkeyutl.c
parent	Fix: uninstantiation breaks the RAND_DRBG callback mechanism (diff)
download	openssl-ae89578be2930c726d6ef56451233757a89f224f.tar.xz openssl-ae89578be2930c726d6ef56451233757a89f224f.zip