Skip to content

Add tests for DH get params and match OSSL behavior #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SparkiDev merged 1 commit into from
Jun 11, 2025
Merged

Add tests for DH get params and match OSSL behavior #152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions scripts/test-wp-cs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
NUMCPU=${NUMCPU:-8}
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
source ${SCRIPT_DIR}/utils-wolfprovider.sh
source ${SCRIPT_DIR}/utils-openssl.sh

CERT_DIR=$SCRIPT_DIR/../certs
LOG_FILE=$SCRIPT_DIR/test-wp-cs.log
Expand Down Expand Up @@ -225,6 +226,20 @@ CURVES=prime256v1
OPENSSL_ALL_CIPHERS="-cipher ALL -ciphersuites $TLS13_ALL_CIPHERS"
OPENSSL_PORT=$(generate_port)

# ensure we are doing a clean build
printf "Cleaning up previous builds"
rm -rf ${SCRIPT_DIR}/../*-install
if [ -d ${OPENSSL_SOURCE_DIR} ]; then
pushd ${OPENSSL_SOURCE_DIR} > /dev/null
git clean -xdf > /dev/null 2>&1
popd > /dev/null
fi
if [ -d ${WOLFSSL_SOURCE_DIR} ]; then
pushd ${WOLFSSL_SOURCE_DIR} > /dev/null
git clean -xdf > /dev/null 2>&1
popd > /dev/null
fi

init_wolfprov

if [ "${AM_BWRAPPED-}" != "yes" ]; then
Expand Down
30 changes: 22 additions & 8 deletions scripts/utils-openssl.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,13 @@
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
source ${SCRIPT_DIR}/utils-general.sh

OPENSSL_GIT="https://github.com/openssl/openssl.git"
OPENSSL_GIT_URL="https://github.com/openssl/openssl.git"
OPENSSL_TAG=${OPENSSL_TAG:-"openssl-3.5.0"}
OPENSSL_SOURCE_DIR=${SCRIPT_DIR}/../openssl-source
OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install
OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl
OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test
OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64"

NUMCPU=${NUMCPU:-8}
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
Expand All @@ -45,15 +48,17 @@ clone_openssl() {
fi

if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then
printf "\tOpenSSL source directory not found: ${OPENSSL_SOURCE_DIR}\n"
printf "\tParent directory:\n"
tree -L 2 $(dirname ${OPENSSL_SOURCE_DIR}/..) || true
CLONE_TAG=${USE_CUR_TAG:+${OPENSSL_TAG_CUR}}
CLONE_TAG=${CLONE_TAG:-${OPENSSL_TAG}}

printf "\tClone OpenSSL ${CLONE_TAG} ... "

DEPTH_ARG=${WOLFPROV_DEBUG:+""}
DEPTH_ARG=${DEPTH_ARG:---depth=1}

git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT} ${OPENSSL_SOURCE_DIR} >>$LOG_FILE 2>&1
printf "\tClone OpenSSL ${CLONE_TAG} from ${OPENSSL_GIT_URL} ... "
git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT_URL} ${OPENSSL_SOURCE_DIR}
RET=$?

if [ $RET != 0 ]; then
Expand All @@ -62,10 +67,23 @@ clone_openssl() {
exit 1
fi
printf "Done.\n"

printf "\tOpenSSL source cloned to: ${OPENSSL_SOURCE_DIR}\n"
if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then
printf "ERROR: OpenSSL source directory not found after clone: ${OPENSSL_SOURCE_DIR}\n"
fi
else
printf "\tOpenSSL source directory exists: ${OPENSSL_SOURCE_DIR}\n"
if [ ! -d ${OPENSSL_SOURCE_DIR}/.git ]; then
printf "ERROR: OpenSSL source directory is not a git repository: ${OPENSSL_SOURCE_DIR}\n"
do_cleanup
exit 1
fi
fi
}

install_openssl() {
printf "\nInstalling OpenSSL ${OPENSSL_TAG} ..."
clone_openssl
cd ${OPENSSL_SOURCE_DIR}

Expand Down Expand Up @@ -114,10 +132,6 @@ init_openssl() {
install_openssl
printf "\tOpenSSL ${OPENSSL_TAG} installed in: ${OPENSSL_INSTALL_DIR}\n"

OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl
OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test
OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64"

OSSL_VER=`LD_LIBRARY_PATH=${OPENSSL_LIB_DIRS} $OPENSSL_BIN version | tail -n1`
case $OSSL_VER in
OpenSSL\ 3.*) ;;
Expand Down
137 changes: 107 additions & 30 deletions src/wp_dh_kmgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -685,21 +685,26 @@ static int wp_dh_get_params_encoded_public_key(wp_Dh* dh, OSSL_PARAM params[])

p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
size_t outLen = mp_unsigned_bin_size(&dh->key.p);
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
ok = 0;
}
if (ok) {
size_t outLen = mp_unsigned_bin_size(&dh->key.p);

if (p->data != NULL) {
if (p->data_size < outLen) {
ok = 0;
}
if (ok) {
unsigned char* data = p->data;
size_t padSz = outLen - dh->pubSz;
/* Front pad with zeros. */
XMEMSET(data, 0, padSz);
XMEMCPY(data + padSz, dh->pub, dh->pubSz);
if (p->data != NULL) {
if (p->data_size < outLen) {
ok = 0;
}
if (ok) {
unsigned char* data = p->data;
size_t padSz = outLen - dh->pubSz;
/* Front pad with zeros. */
XMEMSET(data, 0, padSz);
XMEMCPY(data + padSz, dh->pub, dh->pubSz);
}
}
p->return_size = outLen;
}
p->return_size = outLen;
}

WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
Expand All @@ -719,35 +724,107 @@ static int wp_dh_get_params(wp_Dh* dh, OSSL_PARAM params[])
int ok = 1;
OSSL_PARAM* p;

p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE);
if ((p != NULL) && !OSSL_PARAM_set_int(p,
mp_unsigned_bin_size(&dh->key.p))) {
ok = 0;
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE);
if (p != NULL) {
if (!OSSL_PARAM_set_uint(p, mp_unsigned_bin_size(&dh->key.p))) {
ok = 0;
}
}
}
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS);
if ((p != NULL) && !OSSL_PARAM_set_int(p, dh->bits)) {
ok = 0;
if (p != NULL) {
if (!OSSL_PARAM_set_int(p, dh->bits)) {
ok = 0;
}
}
}
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS);
if ((p != NULL) && (!OSSL_PARAM_set_int(p,
wp_dh_get_security_bits(dh)))) {
ok = 0;
if (p != NULL) {
if (!OSSL_PARAM_set_int(p, wp_dh_get_security_bits(dh))) {
ok = 0;
}
}
}
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P,
&dh->key.p, 1))) {
ok = 0;
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_P);
if (p != NULL) {
/* When buffer is NULL, return the size irrespective of type */
if (p->data == NULL) {
ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.g, 1);
}
/* When buffer is non-NULL, type must be int or uint */
else
if (p->data_type == OSSL_PARAM_INTEGER ||
p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.p, 1);
}
else {
ok = 0;
}
}
}
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G,
&dh->key.g, 1))) {
ok = 0;
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_G);
if (p != NULL) {
/* When buffer is NULL, return the size irrespective of type */
if (p->data == NULL) {
ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g, 1);
}
/* When buffer is non-NULL, type must be int or uint */
else if (p->data_type == OSSL_PARAM_INTEGER ||
p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g, 1);
}
else {
ok = 0;
}
}
}
if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY,
dh->pub, dh->pubSz))) {
ok = 0;
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_Q);
if (p != NULL) {
/* OSSL does not check the type */
ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_Q, &dh->key.q, 1);
}
}
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
if (p != NULL) {
if (p->data == NULL) {
p->return_size = dh->pubSz;
}
else {
/* return_size is set within this function */
ok = wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY,
dh->pub, dh->pubSz);
}
}
}
if (ok) {
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
if (p != NULL) {
if (p->data == NULL) {
p->return_size = dh->pubSz;
}
else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
if (p->data_size < dh->privSz) {
ok = 0;
}
else {
/* OSSL returns a BIGNUM, but we copy raw bytes*/
XMEMCPY(p->data, dh->priv, dh->privSz);
p->return_size = dh->privSz;
}
}
else {
/* return_size is set within this function */
ok = wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PRIV_KEY,
dh->priv, dh->privSz);
}
}
}
if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PRIV_KEY,
dh->priv, dh->privSz))) {
Expand Down
6 changes: 4 additions & 2 deletions src/wp_params.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -639,8 +639,10 @@ int wp_params_set_octet_string_be(OSSL_PARAM params[], const char* key,
OSSL_PARAM* p;

p = OSSL_PARAM_locate(params, key);
if ((p != NULL) && (p->data_size < len)) {
ok = 0;
if (p != NULL) {
if ((p->data == NULL) || (p->data_size < len)) {
ok = 0;
}
}
if ((p != NULL) && ok) {
#ifdef LITTLE_ENDIAN_ORDER
Expand Down