Test that OSSL_STORE can load various types of params

There have been instances where OSSL_STORE got confused between DSA and DH params (e.g. see issue #13046) due the DER encoding of DH and DSA params looking identical. Therefore we test that we get the types that we expect. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13329)
author: Matt Caswell <matt@openssl.org> 2020-11-18 12:07:43 +0000
committer: Matt Caswell <matt@openssl.org> 2020-11-25 10:02:59 +0000
commit: 1950e0e3e796a066a0de95330f67d2da9d2c93e5 (patch)
tree: f112953b0b5b6f99cb45371859ee25bf465a3567 /test
parent: cdbd27bab4d981cb48327199ef89308e6ef36733 (diff)
5 files changed, 123 insertions, 2 deletions
diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
index c00e5fd1fb..e1ee820085 100644
--- a/test/ossl_store_test.c
+++ b/test/ossl_store_test.c
@@ -15,10 +15,12 @@ typedef enum OPTION_choice {
     OPT_ERR = -1,
     OPT_EOF = 0,
     OPT_INFILE,
+    OPT_DATADIR,
     OPT_TEST_ENUM
 } OPTION_CHOICE;
 
 static const char *infile = NULL;
+static const char *datadir = NULL;
 
 static int test_store_open(void)
 {
@@ -50,11 +52,84 @@ static int test_store_search_by_key_fingerprint_fail(void)
     return ret;
 }
 
+static int get_params(const char *uri, const char *type)
+{
+    EVP_PKEY *pkey = NULL;
+    OSSL_STORE_CTX *ctx = NULL;
+    OSSL_STORE_INFO *info;
+    int ret = 0;
+
+    ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL);
+    if (!TEST_ptr(ctx))
+        goto err;
+
+    while (!OSSL_STORE_eof(ctx)
+            && (info = OSSL_STORE_load(ctx)) != NULL
+            && pkey == NULL) {
+        if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) {
+            pkey = OSSL_STORE_INFO_get1_PARAMS(info);
+        }
+        OSSL_STORE_INFO_free(info);
+        info = NULL;
+    }
+
+    if (pkey != NULL)
+        ret = EVP_PKEY_is_a(pkey, type);
+    EVP_PKEY_free(pkey);
+
+ err:
+    OSSL_STORE_close(ctx);
+    return ret;
+}
+
+static int test_store_get_params(int idx)
+{
+    const char *type;
+    char uri[80];
+
+    switch(idx) {
+#ifndef OPENSSL_NO_DH
+    case 0:
+        type = "DH";
+        break;
+    case 1:
+        type = "DHX";
+        break;
+#else
+    case 0:
+    case 1:
+        return 1;
+#endif
+    case 2:
+#ifndef OPENSSL_NO_DSA
+        type = "DSA";
+        break;
+#else
+        return 1;
+#endif
+    default:
+        TEST_error("Invalid test index");
+        return 0;
+    }
+
+    if (!TEST_true(BIO_snprintf(uri, sizeof(uri), "%s/%s-params.pem",
+                                datadir, type)))
+        return 0;
+
+    TEST_info("Testing uri: %s", uri);
+    if (!TEST_true(get_params(uri, type)))
+        return 0;
+
+    return 1;
+}
+
+
 const OPTIONS *test_get_options(void)
 {
     static const OPTIONS test_options[] = {
         OPT_TEST_OPTIONS_DEFAULT_USAGE,
         { "in", OPT_INFILE, '<', },
+        { "data", OPT_DATADIR, 's' },
         { NULL }
     };
     return test_options;
@@ -69,6 +144,9 @@ int setup_tests(void)
         case OPT_INFILE:
             infile = opt_arg();
             break;
+        case OPT_DATADIR:
+            datadir = opt_arg();
+            break;
         case OPT_TEST_CASES:
            break;
         default:
@@ -77,7 +155,13 @@ int setup_tests(void)
         }
     }
 
+    if (datadir == NULL) {
+        TEST_error("No datadir specified");
+        return 0;
+    }
+
     ADD_TEST(test_store_open);
     ADD_TEST(test_store_search_by_key_fingerprint_fail);
+    ADD_ALL_TESTS(test_store_get_params, 3);
     return 1;
 }
diff --git a/test/recipes/66-test_ossl_store.t b/test/recipes/66-test_ossl_store.t
index 634b0e76a8..08d66977a5 100644
--- a/test/recipes/66-test_ossl_store.t
+++ b/test/recipes/66-test_ossl_store.t
@@ -10,10 +10,11 @@ use strict;
 use warnings;
 
 use OpenSSL::Test::Simple;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file data_dir/;
 
 setup("test_ossl_store");
 
 plan tests => 1;
 
-ok(run(test(["ossl_store_test", "-in", srctop_file("test", "testrsa.pem")])));
+ok(run(test(["ossl_store_test", "-in", srctop_file("test", "testrsa.pem"),
+             "-data", data_dir()])));
diff --git a/test/recipes/66-test_ossl_store_data/DH-params.pem b/test/recipes/66-test_ossl_store_data/DH-params.pem
new file mode 100644
index 0000000000..21d1f61b59
--- /dev/null
+++ b/test/recipes/66-test_ossl_store_data/DH-params.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA/uDak+qLI40JfWdgM/eWp9Wg1yjCH1psOeyxSImj09DOdvOPKXhI
+vBjvwyw76vn+HDBg0R90FbA1VmJBXwFqm2qAytpySgPniFWRoIN38SWrZ7FwlXuO
+SPWgXxtRQCIuN7SfIvFoncQ41aa9rJTJ1VXNT22keTe8DbF8tZaALwiaTWmslNa/
++qI/1/a+R4/SqLmQQBFJ10NfNQ7w66tmzsL3mcoz1vOrl+mmOgKHiKaTnI7oiL8y
+qWbnCIdRUPVImNGur/oKRk7Ye/66cgras9WXjXRr5ExVh4+wBYTvJ2H7THRoBgts
+0g1y1Zu5uGJQttPbgC18guqH6NH6xPin+wIBAg==
+-----END DH PARAMETERS-----
diff --git a/test/recipes/66-test_ossl_store_data/DHX-params.pem b/test/recipes/66-test_ossl_store_data/DHX-params.pem
new file mode 100644
index 0000000000..f4575d5605
--- /dev/null
+++ b/test/recipes/66-test_ossl_store_data/DHX-params.pem
@@ -0,0 +1,14 @@
+-----BEGIN X9.42 DH PARAMETERS-----
+MIICLAKCAQEAyT1xEPjk7PmoJKqVWgn//oVibfMGT9eYVcVOBpdvHK5bUPDO2c3Q
+IoClYdbKfiiyAGCTIsykTI+SaY4x3PsK2G5H2kk/+WjY1Qt3D60I0ltGhJZ9HH0Z
+XTZ+XE58MDUPplkVeOiwgZSzUi4Cr6MhkD10ixJfH3TfrZaKsDUV76JeBiXTuYxR
+TUQoeb196h0VvjsbLkAgmNR0y/z/jlxhYrJGulYHAEB1qZzFwR7puja5HkBlrcbP
+Sm79jIrWTP535zHpkPp7HggjBVUTlXm2fEPEy3IxjeS2IZls4jAlU7gBajWTn5x1
+xB8puPwR3bEM3KwOtrOB7LxyeSAi7ZsuDwKCAQBeX1BH6sLltd2PfF/LLl5c87pA
+NIoluZqpx7YTyTwjuKyzbCcl/12AMsXJPsRcOJToZlyfjiWqO0VHEE2BMLEEDV3J
+xnKCGyxqWGDohtJvGnMQtLFG8fIDroY6pGxZvCMcX9lsFhcx6V613Livv9krGpJk
+E6uJeybPYlKxznnsd0C38fF6csGQ6XA5Jk2ZMY4NUDRWKPpYn5R/aUf9QCmXEaQg
+U2tb6a/GldEoB6oKad/2QwoCkzOhSOrVkzNq370hC9kdkY2jS6H+D6Vb1Kht2HvE
+SqoGzlAULgju9EwRHhKQYHjl9Hvf0b6xiy0COstxXi7TlSAXNQ+wvxRdOOVyAiEA
+2Y0jIv7Bg/ezKBIDgHS6DNMiVjpK3IQyKoKMdKiWdLc=
+-----END X9.42 DH PARAMETERS-----
diff --git a/test/recipes/66-test_ossl_store_data/DSA-params.pem b/test/recipes/66-test_ossl_store_data/DSA-params.pem
new file mode 100644
index 0000000000..7c4623269f
--- /dev/null
+++ b/test/recipes/66-test_ossl_store_data/DSA-params.pem
@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIICKAKCAQEAkCVbIEa67wJYbxPJRmA+NYY67GfktNggaxbhMaL+jyR7U1uPpOEa
+/tTBgql40zj3W+QORevWOjo4ECxCpWmttG81r1+jhlG/a3Bk+CJB+CZw+ZC8NBXV
+46v03q+MR3AjLOr/k/sgBabVc6I4K6IFC5ZmlwS0+8F4VudOq4lLqHZXFp89AJWi
+HhtPbcD+jYYtrL+3MT7rwQJ+5MoXUgzfTnJFR5hpBuqgYubTGHc8nEG9KkXnE97B
+as0hTWaYuLe/RwHEhabZi7pcFqD26fCJC63gzT6zK73R2GD0qRwPD0pxh/adu2uu
+h314G2y03Fstnc8q5i/NYofP3Lg++0yJNQIdAMi9Wu0rxBvq5Je+TXliYygyKa5E
+/KKOwvshJ2kCggEAWLdQjAIb/Jtn1YZNGZhrif6NCHyO+qxq2B4Ajrw3TUMrmEbt
+avfWoHNkoJCTE10ZzWTZqrVWqzfytK8VnG7XRfMftjMdiXTKg4amG8wvNCC3at36
+WouWYsZx50PWXHOyRiFENcmXDiyzvz2/NcZmKIDdlII/JF3sTjn2HtzpwAIEduEV
+1YnyY9E6MiP0jeMaHvo5zSHAdSYTu0eBZ3ThxCyyW+sIKRA96+yBUtCrGOb+UUu6
+udVKAj8sauSBsIbLGf/qrw86u/qSZbqr+keY6ozSsCCHeFMUIhGxv4a9E0XcAX0r
+VLgYFtiO5DyuXSRACmCgmHYAlvyiP+E5xDs4Nw==
+-----END DSA PARAMETERS-----
author	Matt Caswell <matt@openssl.org>	2020-11-18 12:07:43 +0000
committer	Matt Caswell <matt@openssl.org>	2020-11-25 10:02:59 +0000
commit	1950e0e3e796a066a0de95330f67d2da9d2c93e5 (patch)
tree	f112953b0b5b6f99cb45371859ee25bf465a3567 /test
parent	cdbd27bab4d981cb48327199ef89308e6ef36733 (diff)