diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-10 15:52:36 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 20:03:27 +0200 |
commit | a38c878c2e5e05016bc9faa8d0828eb96efba1c2 (patch) | |
tree | 18485904f5e8438f97b9a4f0bac4292b527255a7 /test/dhtest.c | |
parent | d4c69c69d171edb17b4d609c15891a9599809ed0 (diff) |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
Diffstat (limited to 'test/dhtest.c')
-rw-r--r-- | test/dhtest.c | 73 |
1 files changed, 72 insertions, 1 deletions
diff --git a/test/dhtest.c b/test/dhtest.c index 7b2edec321..f80d5b3f4d 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -17,6 +17,7 @@ #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/err.h> +#include <openssl/obj_mac.h> #include "testutil.h" #ifndef OPENSSL_NO_DH @@ -62,6 +63,17 @@ static int dh_test(void) || !TEST_true(DH_set0_pqg(dh, p, q, g))) goto err1; + if (!DH_check(dh, &i)) + goto err2; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err2; + /* test the combined getter for p, q, and g */ DH_get0_pqg(dh, &p2, &q2, &g2); if (!TEST_ptr_eq(p2, p) @@ -130,7 +142,8 @@ static int dh_test(void) if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) goto err3; DH_get0_pqg(a, &ap, NULL, &ag); @@ -609,6 +622,63 @@ static int rfc5114_test(void) TEST_error("Test failed RFC5114 set %d\n", i + 1); return 0; } + +static int rfc7919_test(void) +{ + DH *a = NULL, *b = NULL; + const BIGNUM *apub_key = NULL, *bpub_key = NULL; + unsigned char *abuf = NULL; + unsigned char *bbuf = NULL; + int i, alen, blen, aout, bout; + int ret = 0; + + if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err; + + if (!DH_generate_key(a)) + goto err; + DH_get0_key(a, &apub_key, NULL); + + /* now create another copy of the DH group for the peer */ + if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_generate_key(b)) + goto err; + DH_get0_key(b, &bpub_key, NULL); + + alen = DH_size(a); + if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) + || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + goto err; + + blen = DH_size(b); + if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) + || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + goto err; + + if (!TEST_true(aout >= 20) + || !TEST_mem_eq(abuf, aout, bbuf, bout)) + goto err; + + ret = 1; + + err: + OPENSSL_free(abuf); + OPENSSL_free(bbuf); + DH_free(a); + DH_free(b); + return ret; +} #endif @@ -619,6 +689,7 @@ int setup_tests(void) #else ADD_TEST(dh_test); ADD_TEST(rfc5114_test); + ADD_TEST(rfc7919_test); #endif return 1; } |