From eda075fa57353c316b7da109c3a5784f6335c75c Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 14 Nov 2017 10:30:04 +0100 Subject: [PATCH] Provide the bogus signature with OpenSSL 1.1.0 API --- ykcs11/tests/ykcs11_tests.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/ykcs11/tests/ykcs11_tests.c b/ykcs11/tests/ykcs11_tests.c index 34054b4..59ce950 100644 --- a/ykcs11/tests/ykcs11_tests.c +++ b/ykcs11/tests/ykcs11_tests.c @@ -259,6 +259,32 @@ static void test_login() { } +#if OPENSSL_VERSION_NUMBER >= 10100000L +static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { + sigret = malloc(1); + sigret = ""; + *siglen = 1; + return 0; +} + +static void bogus_sign_cert(X509 *cert) { + EVP_PKEY *pkey = EVP_PKEY_new(); + RSA *rsa = RSA_new(); + RSA_METHOD *meth = RSA_meth_dup(RSA_get_default_method()); + BIGNUM *e = BN_new(); + + BN_set_word(e, 65537); + RSA_generate_key_ex(rsa, 1024, e, NULL); + RSA_meth_set_sign(meth, bogus_sign); + RSA_set_method(rsa, meth); + EVP_PKEY_set1_RSA(pkey, rsa); + X509_sign(cert, pkey, EVP_md5()); + EVP_PKEY_free(pkey); +} +#endif + + // Import a newly generated P256 pvt key and a certificate // to every slot and use the key to sign some data static void test_import_and_sign_all_10() { @@ -344,11 +370,15 @@ static void test_import_and_sign_all_10() { X509_set_notBefore(cert, tm); X509_set_notAfter(cert, tm); +#if OPENSSL_VERSION_NUMBER < 10100000L cert->sig_alg->algorithm = OBJ_nid2obj(8); cert->cert_info->signature->algorithm = OBJ_nid2obj(8); ASN1_BIT_STRING_set_bit(cert->signature, 8, 1); ASN1_BIT_STRING_set(cert->signature, "\x00", 1); +#else + bogus_sign_cert(cert); +#endif p = value_c; if ((cert_len = (CK_ULONG) i2d_X509(cert, &p)) == 0 || cert_len > sizeof(value_c)) @@ -538,11 +568,16 @@ static void test_import_and_sign_all_10_RSA() { X509_set_notBefore(cert, tm); X509_set_notAfter(cert, tm); +#if OPENSSL_VERSION_NUMBER < 10100000L + /* putting bogus data to signature to make some checks happy */ cert->sig_alg->algorithm = OBJ_nid2obj(8); cert->cert_info->signature->algorithm = OBJ_nid2obj(8); ASN1_BIT_STRING_set_bit(cert->signature, 8, 1); ASN1_BIT_STRING_set(cert->signature, "\x00", 1); +#else + bogus_sign_cert(cert); +#endif px = value_c; if ((cert_len = (CK_ULONG) i2d_X509(cert, &px)) == 0 || cert_len > sizeof(value_c))