openssl/0084-Add-test-for-EVP_PKEY_eq.patch

From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 11 Nov 2022 12:18:26 -0500
Subject: [PATCH 3/3] Add test for EVP_PKEY_eq

This tests that the comparison work even if a provider can only return
a public key.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
index d556551bb6..5e92e72d4b 100644
--- a/test/fake_rsaprov.c
+++ b/test/fake_rsaprov.c
@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has;
 static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query;
 static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import;
 static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes;
+static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export;
+static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes;
 static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load;
 
 static int has_selection;
 static int imptypes_selection;
+static int exptypes_selection;
 static int query_id;
 
+struct fake_rsa_keydata {
+    int selection;
+    int status;
+};
+
 static void *fake_rsa_keymgmt_new(void *provctx)
 {
-    unsigned char *keydata = OPENSSL_zalloc(1);
+    struct fake_rsa_keydata *key;
 
-    TEST_ptr(keydata);
+    if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata))))
+        return NULL;
 
     /* clear test globals */
     has_selection = 0;
     imptypes_selection = 0;
+    exptypes_selection = 0;
     query_id = 0;
 
-    return keydata;
+    return key;
 }
 
 static void fake_rsa_keymgmt_free(void *keydata)
@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id)
 static int fake_rsa_keymgmt_import(void *keydata, int selection,
                                    const OSSL_PARAM *p)
 {
-    unsigned char *fake_rsa_key = keydata;
+    struct fake_rsa_keydata *fake_rsa_key = keydata;
 
     /* key was imported */
-    *fake_rsa_key = 1;
+    fake_rsa_key->status = 1;
 
     return 1;
 }
 
+static unsigned char fake_rsa_n[] =
+   "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+   "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+   "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+   "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+   "\xF5";
+
+static unsigned char fake_rsa_e[] = "\x11";
+
+static unsigned char fake_rsa_d[] =
+    "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+    "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+    "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+    "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+static unsigned char fake_rsa_p[] =
+    "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+    "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+    "\x0D";
+
+static unsigned char fake_rsa_q[] =
+    "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+    "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+    "\x89";
+
+static unsigned char fake_rsa_dmp1[] =
+    "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+    "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+static unsigned char fake_rsa_dmq1[] =
+    "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+    "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+    "\x51";
+
+static unsigned char fake_rsa_iqmp[] =
+    "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+    "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+OSSL_PARAM *fake_rsa_key_params(int priv)
+{
+    if (priv) {
+        OSSL_PARAM params[] = {
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
+                          sizeof(fake_rsa_n) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
+                          sizeof(fake_rsa_e) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d,
+                          sizeof(fake_rsa_d) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p,
+                          sizeof(fake_rsa_p) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q,
+                          sizeof(fake_rsa_q) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1,
+                          sizeof(fake_rsa_dmp1) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1,
+                          sizeof(fake_rsa_dmq1) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp,
+                          sizeof(fake_rsa_iqmp) -1),
+            OSSL_PARAM_END
+        };
+        return OSSL_PARAM_dup(params);
+    } else {
+        OSSL_PARAM params[] = {
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
+                          sizeof(fake_rsa_n) -1),
+            OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
+                          sizeof(fake_rsa_e) -1),
+            OSSL_PARAM_END
+        };
+        return OSSL_PARAM_dup(params);
+    }
+}
+
+static int fake_rsa_keymgmt_export(void *keydata, int selection,
+                                   OSSL_CALLBACK *param_callback, void *cbarg)
+{
+    OSSL_PARAM *params = NULL;
+    int ret;
+
+    if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
+        return 0;
+
+    if (!TEST_ptr(params = fake_rsa_key_params(0)))
+        return 0;
+
+    ret = param_callback(params, cbarg);
+    OSSL_PARAM_free(params);
+    return ret;
+}
+
 static const OSSL_PARAM fake_rsa_import_key_types[] = {
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection)
     return fake_rsa_import_key_types;
 }
 
+static const OSSL_PARAM fake_rsa_export_key_types[] = {
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
+    OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection)
+{
+    /* record global for checking */
+    exptypes_selection = selection;
+
+    return fake_rsa_export_key_types;
+}
+
 static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz)
 {
-    unsigned char *key = NULL;
+    struct fake_rsa_keydata *key = NULL;
 
-    if (reference_sz != sizeof(key))
+    if (reference_sz != sizeof(*key))
         return NULL;
 
-    key = *(unsigned char **)reference;
-    if (*key != 1)
+    key = *(struct fake_rsa_keydata **)reference;
+    if (key->status != 1)
         return NULL;
 
     /* detach the reference */
-    *(unsigned char **)reference = NULL;
+    *(struct fake_rsa_keydata  **)reference = NULL;
 
     return key;
 }
@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
 {
     unsigned char *gctx = genctx;
     static const unsigned char inited[] = { 1 };
-    unsigned char *keydata;
+    struct fake_rsa_keydata *keydata;
 
     if (!TEST_ptr(gctx)
         || !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited)))
@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL)))
         return NULL;
 
-    *keydata = 2;
+    keydata->status = 2;
     return keydata;
 }
 
@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = {
     { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import },
     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
         (void (*)(void))fake_rsa_keymgmt_imptypes },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES,
+        (void (*)(void))fake_rsa_keymgmt_exptypes },
     { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load },
     { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init },
     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen },
@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey,
                                   const OSSL_PARAM params[])
 {
     unsigned char *sigctx = ctx;
-    unsigned char *keydata = provkey;
+    struct fake_rsa_keydata *keydata = provkey;
 
     /* we must have a ctx */
     if (!TEST_ptr(sigctx))
         return 0;
 
     /* we must have some initialized key */
-    if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0))
+    if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0))
         return 0;
 
     /* record that sign init was called */
@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx,
     unsigned char *storectx = loaderctx;
     OSSL_PARAM params[4];
     int object_type = OSSL_OBJECT_PKEY;
-    void *key = NULL;
+    struct fake_rsa_keydata *key = NULL;
     int rv = 0;
 
     switch (*storectx) {
@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx,
         /* The address of the key becomes the octet string */
         params[2] =
             OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
-                                              &key, sizeof(key));
+                                              &key, sizeof(*key));
         params[3] = OSSL_PARAM_construct_end();
         rv = object_cb(params, object_cbarg);
         *storectx = 1;
diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h
index 57de1ecf8d..190c46a285 100644
--- a/test/fake_rsaprov.h
+++ b/test/fake_rsaprov.h
@@ -12,3 +12,4 @@
 /* Fake RSA provider implementation */
 OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
 void fake_rsa_finish(OSSL_PROVIDER *p);
+OSSL_PARAM *fake_rsa_key_params(int priv);
diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c
index 5c398398f4..3b190baa5e 100644
--- a/test/provider_pkey_test.c
+++ b/test/provider_pkey_test.c
@@ -176,6 +176,67 @@ end:
     return ret;
 }
 
+static int test_pkey_eq(void)
+{
+    OSSL_PROVIDER *deflt = NULL;
+    OSSL_PROVIDER *fake_rsa = NULL;
+    EVP_PKEY *pkey_fake = NULL;
+    EVP_PKEY *pkey_dflt = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    OSSL_PARAM *params = NULL;
+    int ret = 0;
+
+    if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
+        return 0;
+
+    if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
+        goto end;
+
+    /* Construct a public key for fake-rsa */
+    if (!TEST_ptr(params = fake_rsa_key_params(0))
+        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+                                                      "provider=fake-rsa"))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
+                                        params))
+        || !TEST_ptr(pkey_fake))
+        goto end;
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+    OSSL_PARAM_free(params);
+    params = NULL;
+
+    /* Construct a public key for default */
+    if (!TEST_ptr(params = fake_rsa_key_params(0))
+        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+                                                      "provider=default"))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY,
+                                        params))
+        || !TEST_ptr(pkey_dflt))
+        goto end;
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+    OSSL_PARAM_free(params);
+    params = NULL;
+
+    /* now test for equality */
+    if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1))
+        goto end;
+
+    ret = 1;
+end:
+    fake_rsa_finish(fake_rsa);
+    OSSL_PROVIDER_unload(deflt);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey_fake);
+    EVP_PKEY_free(pkey_dflt);
+    OSSL_PARAM_free(params);
+    return ret;
+}
+
 static int test_pkey_store(int idx)
 {
     OSSL_PROVIDER *deflt = NULL;
@@ -235,6 +296,7 @@ int setup_tests(void)
 
     ADD_TEST(test_pkey_sig);
     ADD_TEST(test_alternative_keygen_init);
+    ADD_TEST(test_pkey_eq);
     ADD_ALL_TESTS(test_pkey_store, 2);
 
     return 1;
-- 
2.38.1