diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2018-09-06 08:34:45 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-09-06 08:34:45 +1000 |
commit | 2eb2b4f3a12d0b8807447913a3b16f21104c701b (patch) | |
tree | 41fac347e54c9de1120b89eee0baf14a5bdd2beb /test/evp_extra_test.c | |
parent | 544648a8e07612449460ebc0e608a226fde38e67 (diff) |
Key zeroization fix for EVP_SealInit + added simple test
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7105)
Diffstat (limited to 'test/evp_extra_test.c')
-rw-r--r-- | test/evp_extra_test.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index b7b78f5dd2..33a957f791 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -356,6 +356,50 @@ end: return ret; } +static int test_EVP_Enveloped(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + EVP_PKEY *keypair = NULL; + unsigned char *kek = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH]; + static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + int len, kek_len, ciphertext_len, plaintext_len; + unsigned char ciphertext[32], plaintext[16]; + const EVP_CIPHER *type = EVP_aes_256_cbc(); + + if (!TEST_ptr(keypair = load_example_rsa_key()) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, + &keypair, 1)) + || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, + msg, sizeof(msg))) + || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, + &len))) + goto err; + + ciphertext_len += len; + + if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) + || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, + ciphertext, ciphertext_len)) + || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) + goto err; + + plaintext_len += len; + if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) + goto err; + + ret = 1; +err: + OPENSSL_free(kek); + EVP_PKEY_free(keypair); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + + static int test_EVP_DigestSignInit(void) { int ret = 0; @@ -781,6 +825,7 @@ int setup_tests(void) { ADD_TEST(test_EVP_DigestSignInit); ADD_TEST(test_EVP_DigestVerifyInit); + ADD_TEST(test_EVP_Enveloped); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); |