Merge branch 'master' of https://github.com/Jakuje/yubico-piv-tool into Jakuje-master
This commit is contained in:
@@ -273,6 +273,32 @@ static void test_login() {
|
||||
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
|
||||
unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
|
||||
sigret = malloc(1);
|
||||
sigret = "";
|
||||
*siglen = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void bogus_sign_cert(X509 *cert) {
|
||||
EVP_PKEY *pkey = EVP_PKEY_new();
|
||||
RSA *rsa = RSA_new();
|
||||
RSA_METHOD *meth = RSA_meth_dup(RSA_get_default_method());
|
||||
BIGNUM *e = BN_new();
|
||||
|
||||
BN_set_word(e, 65537);
|
||||
RSA_generate_key_ex(rsa, 1024, e, NULL);
|
||||
RSA_meth_set_sign(meth, bogus_sign);
|
||||
RSA_set_method(rsa, meth);
|
||||
EVP_PKEY_set1_RSA(pkey, rsa);
|
||||
X509_sign(cert, pkey, EVP_md5());
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
// Import a newly generated P256 pvt key and a certificate
|
||||
// to every slot and use the key to sign some data
|
||||
static void test_import_and_sign_all_10() {
|
||||
@@ -358,11 +384,15 @@ static void test_import_and_sign_all_10() {
|
||||
X509_set_notBefore(cert, tm);
|
||||
X509_set_notAfter(cert, tm);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
||||
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
||||
|
||||
ASN1_BIT_STRING_set_bit(cert->signature, 8, 1);
|
||||
ASN1_BIT_STRING_set(cert->signature, "\x00", 1);
|
||||
#else
|
||||
bogus_sign_cert(cert);
|
||||
#endif
|
||||
|
||||
p = value_c;
|
||||
if ((cert_len = (CK_ULONG) i2d_X509(cert, &p)) == 0 || cert_len > sizeof(value_c))
|
||||
@@ -385,7 +415,7 @@ static void test_import_and_sign_all_10() {
|
||||
for (i = 0; i < 24; i++) {
|
||||
for (j = 0; j < 10; j++) {
|
||||
|
||||
if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1)
|
||||
if(RAND_bytes(some_data, sizeof(some_data)) == -1)
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER");
|
||||
@@ -480,6 +510,7 @@ static void test_import_and_sign_all_10_RSA() {
|
||||
CK_BYTE_PTR s_ptr;
|
||||
CK_ULONG r_len;
|
||||
CK_ULONG s_len;
|
||||
const BIGNUM *bp, *bq, *biqmp, *bdmp1, *bdmq1;
|
||||
|
||||
unsigned char *px;
|
||||
|
||||
@@ -522,11 +553,13 @@ static void test_import_and_sign_all_10_RSA() {
|
||||
|
||||
asrt(RSA_generate_key_ex(rsak, 1024, e_bn, NULL), 1, "GENERATE RSAK");
|
||||
|
||||
asrt(BN_bn2bin(rsak->p, p), 64, "GET P");
|
||||
asrt(BN_bn2bin(rsak->q, q), 64, "GET Q");
|
||||
asrt(BN_bn2bin(rsak->dmp1, dp), 64, "GET DP");
|
||||
asrt(BN_bn2bin(rsak->dmq1, dp), 64, "GET DQ");
|
||||
asrt(BN_bn2bin(rsak->iqmp, qinv), 64, "GET QINV");
|
||||
RSA_get0_factors(rsak, &bp, &bq);
|
||||
RSA_get0_crt_params(rsak, &bdmp1, &bdmq1, &biqmp);
|
||||
asrt(BN_bn2bin(bp, p), 64, "GET P");
|
||||
asrt(BN_bn2bin(bq, q), 64, "GET Q");
|
||||
asrt(BN_bn2bin(bdmp1, dp), 64, "GET DP");
|
||||
asrt(BN_bn2bin(bdmq1, dp), 64, "GET DQ");
|
||||
asrt(BN_bn2bin(biqmp, qinv), 64, "GET QINV");
|
||||
|
||||
|
||||
|
||||
@@ -549,11 +582,16 @@ static void test_import_and_sign_all_10_RSA() {
|
||||
X509_set_notBefore(cert, tm);
|
||||
X509_set_notAfter(cert, tm);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
/* putting bogus data to signature to make some checks happy */
|
||||
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
||||
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
||||
|
||||
ASN1_BIT_STRING_set_bit(cert->signature, 8, 1);
|
||||
ASN1_BIT_STRING_set(cert->signature, "\x00", 1);
|
||||
#else
|
||||
bogus_sign_cert(cert);
|
||||
#endif
|
||||
|
||||
px = value_c;
|
||||
if ((cert_len = (CK_ULONG) i2d_X509(cert, &px)) == 0 || cert_len > sizeof(value_c))
|
||||
@@ -576,7 +614,7 @@ static void test_import_and_sign_all_10_RSA() {
|
||||
for (i = 0; i < 24; i++) {
|
||||
for (j = 0; j < 10; j++) {
|
||||
|
||||
if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1)
|
||||
if(RAND_bytes(some_data, sizeof(some_data)) == -1)
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER");
|
||||
|
||||
Reference in New Issue
Block a user