Key zeroization fix for EVP_SealInit + added simple test

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7105)
author: Shane Lontis <shane.lontis@oracle.com> 2018-09-06 08:34:45 +1000
committer: Pauli <paul.dale@oracle.com> 2018-09-06 08:34:45 +1000
commit: 2eb2b4f3a12d0b8807447913a3b16f21104c701b (patch)
tree: 41fac347e54c9de1120b89eee0baf14a5bdd2beb /test/evp_extra_test.c
parent: 544648a8e07612449460ebc0e608a226fde38e67 (diff)
download: openssl-2eb2b4f3a12d0b8807447913a3b16f21104c701b.tar.gz
1 files changed, 45 insertions, 0 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index b7b78f5dd2..33a957f791 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -356,6 +356,50 @@ end:
     return ret;
 }
 
+static int test_EVP_Enveloped(void)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_PKEY *keypair = NULL;
+    unsigned char *kek = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
+    int len, kek_len, ciphertext_len, plaintext_len;
+    unsigned char ciphertext[32], plaintext[16];
+    const EVP_CIPHER *type = EVP_aes_256_cbc();
+
+    if (!TEST_ptr(keypair = load_example_rsa_key())
+            || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
+            || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+            || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
+                                       &keypair, 1))
+            || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
+                                         msg, sizeof(msg)))
+            || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
+                                        &len)))
+        goto err;
+
+    ciphertext_len += len;
+
+    if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
+            || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
+                                         ciphertext, ciphertext_len))
+            || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
+        goto err;
+
+    plaintext_len += len;
+    if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
+        goto err;
+
+    ret = 1;
+err:
+    OPENSSL_free(kek);
+    EVP_PKEY_free(keypair);
+    EVP_CIPHER_CTX_free(ctx);
+    return ret;
+}
+
+
 static int test_EVP_DigestSignInit(void)
 {
     int ret = 0;
@@ -781,6 +825,7 @@ int setup_tests(void)
 {
     ADD_TEST(test_EVP_DigestSignInit);
     ADD_TEST(test_EVP_DigestVerifyInit);
+    ADD_TEST(test_EVP_Enveloped);
     ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
 #ifndef OPENSSL_NO_EC
     ADD_TEST(test_EVP_PKCS82PKEY);
author	Shane Lontis <shane.lontis@oracle.com>	2018-09-06 08:34:45 +1000
committer	Pauli <paul.dale@oracle.com>	2018-09-06 08:34:45 +1000
commit	2eb2b4f3a12d0b8807447913a3b16f21104c701b (patch)
tree	41fac347e54c9de1120b89eee0baf14a5bdd2beb /test/evp_extra_test.c
parent	544648a8e07612449460ebc0e608a226fde38e67 (diff)
download	openssl-2eb2b4f3a12d0b8807447913a3b16f21104c701b.tar.gz