openssl/test
David Benjamin 608a026494 Implement RSASSA-PKCS1-v1_5 as specified.
RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:04:54 +01:00
..
certs Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ct
d2i-tests
ocsp-tests
ossl_shim Remove an unused field in ossl_shim 2016-11-04 10:38:54 +00:00
recipes Add a test for the wrong version number in a record 2016-11-07 15:52:33 +00:00
smime-certs spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
ssl-tests Update Configure to know about tls1_3 2016-11-02 13:08:21 +00:00
testlib/OpenSSL OpenSSL::Test - small fixup 2016-10-19 17:14:33 +02:00
aborttest.c
afalgtest.c
asn1_internal_test.c Don't create fixtures for simple tests 2016-11-04 15:05:37 +01:00
asynciotest.c Add a test for BIO_read() returning 0 in SSL_read() (and also for write) 2016-10-28 09:13:49 +01:00
asynctest.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
bad_dtls_test.c Kill PACKET_starts() from bad_dtls_test 2016-08-10 12:50:51 +01:00
bftest.c
bio_enc_test.c Fix bio_enc_test 2016-08-23 09:24:29 +01:00
bioprinttest.c Whitespace cleanup in apps 2016-06-29 09:56:39 -04:00
bntest.c Add a basic test for BN_bn2dec. 2016-09-26 11:03:37 -04:00
build.info Correct internal tests sources 2016-11-04 15:37:13 +01:00
CAss.cnf
CAssdh.cnf
CAssdsa.cnf
CAssrsa.cnf
casttest.c
CAtsa.cnf
cipher_overhead_test.c Add unit test for ssl_cipher_get_overhead() 2016-11-02 14:00:11 +00:00
cipherlist_test.c testutil: always print errors on failure 2016-11-04 15:05:29 +01:00
clienthellotest.c Fix clienthellotest to use PACKET functions 2016-08-10 12:50:51 +01:00
cms-examples.pl
constant_time_test.c constant time test: include our internal/numbers.h rather than limits.h 2016-11-05 11:38:29 +01:00
ct_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
d2i_test.c Don't create fixtures for simple tests 2016-11-04 15:05:37 +01:00
danetest.c Perform DANE-EE(3) name checks by default 2016-07-12 10:16:34 -04:00
danetest.in Perform DANE-EE(3) name checks by default 2016-07-12 10:16:34 -04:00
danetest.pem
destest.c spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
dhtest.c
dsatest.c
dtls_mtu_test.c Add test cases for DTLS_get_data_mtu() 2016-11-02 14:00:11 +00:00
dtlstest.c Choose a ciphersuite for testing that won't be affected by "no-*" options 2016-08-22 13:52:02 +01:00
dtlsv1listentest.c Simplify and rename SSL_set_rbio() and SSL_set_wbio() 2016-07-29 14:09:57 +01:00
ecdhtest_cavs.h Whitespace cleanup in apps 2016-06-29 09:56:39 -04:00
ecdhtest.c
ecdsatest.c spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
ectest.c Fix a memory leak in EC_GROUP_get_ecparameters() 2016-08-22 15:10:03 +01:00
enginetest.c
evp_extra_test.c
evp_test.c Check for bad filename in evp_test 2016-08-12 14:04:53 -04:00
evptests.txt Implement RSASSA-PKCS1-v1_5 as specified. 2016-11-07 21:04:54 +01:00
exdatatest.c
exptest.c Change callers to use the new constants. 2016-08-10 10:07:37 -04:00
generate_buildtest.pl Move the building of test/buildtest_*. to be done unconditionally 2016-08-05 21:17:05 +02:00
generate_ssl_tests.pl Reorganize SSL test structures 2016-08-08 12:06:26 +02:00
gmdifftest.c
handshake_helper.c Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
handshake_helper.h Test that the peers send at most one fatal alert 2016-08-18 12:49:32 +02:00
heartbeat_test.c testutil: always print errors on failure 2016-11-04 15:05:29 +01:00
hmactest.c Fix hmac test case 6 2016-06-30 08:52:37 -04:00
ideatest.c
igetest.c
md2test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
md4test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
md5test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
mdc2_internal_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
mdc2test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
memleaktest.c
methtest.c
modes_internal_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
p5_crpt2_test.c
P1ss.cnf
P2ss.cnf
packettest.c
pbelutest.c
pkcs7-1.pem
pkcs7.pem
pkits-test.pl Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
poly1305_internal_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
r160test.c
randtest.c
rc2test.c
rc4test.c
rc5test.c
README Add a test for 'openssl passwd' 2016-09-14 00:30:50 +02:00
README.external Fix argument order in documentation 2016-11-04 10:38:54 +00:00
README.ssltest.md Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
rmdtest.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
rsa_test.c
run_tests.pl Add a more versatile test chooser 2016-09-01 20:58:40 +02:00
sanitytest.c Platform sanity test 2016-07-08 15:56:55 -04:00
secmemtest.c
serverinfo.pem
sha1test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
sha256t.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
sha512t.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
shibboleth.pfx Add PKCS#12 UTF-8 interoperability test. 2016-08-22 13:52:51 +02:00
shlibloadtest.c Don't assume to know the shared library extension 2016-11-04 00:19:14 +01:00
smcont.txt test/smcont.txt: trigger assertion in bio_enc.c. 2016-07-31 17:03:17 +02:00
srptest.c Add SRP test vectors from RFC5054 2016-10-01 13:46:54 +01:00
ssl_test_ctx_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
ssl_test_ctx_test.conf Port multi-buffer tests 2016-08-18 12:46:00 +02:00
ssl_test_ctx.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
ssl_test_ctx.h Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
ssl_test.c Simplify tests part 2 2016-11-07 16:55:16 +01:00
ssl_test.tmpl test/ssl_test.tmpl: make it work with elderly perl. 2016-08-16 12:43:44 +02:00
sslapitest.c Add a read_ahead test 2016-11-02 16:47:14 +00:00
ssltest_old.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
ssltestlib.c Fix some mem leaks in sslapitest 2016-09-26 17:26:50 +01:00
ssltestlib.h Fix some clang warnings 2016-08-19 13:52:40 +01:00
Sssdsa.cnf
Sssrsa.cnf
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
testp7.pem
testreq2.pem
testrsa.pem
testrsapub.pem
testsid.pem
testutil.c Don't create fixtures for simple tests 2016-11-04 15:05:37 +01:00
testutil.h Simplify tests part 2 2016-11-07 16:55:16 +01:00
testx509.pem
threadstest.c include/openssl: don't include <windows.h> in public headers. 2016-07-08 11:49:44 +02:00
Uss.cnf
v3-cert1.pem
v3-cert2.pem
v3ext.c
v3nametest.c
verify_extra_test.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
wp_test.c crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). 2016-06-22 20:20:37 +02:00
wpackettest.c Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
x509_internal_test.c Don't create fixtures for simple tests 2016-11-04 15:05:37 +01:00
x509aux.c test/x509aux.c: Fix argv loop 2016-09-21 16:19:22 +02:00

How to add recipes
==================

For any test that you want to perform, you write a script located in
test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
{name} is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/Makefile.  More on this later.


Naming conventions
=================

A test executable is named test/{name}test.c

A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
digit number and {name} is a unique name of your choice.

The number {nn} is (somewhat loosely) grouped as follows:

05  individual symmetric cipher algorithms
10  math (bignum)
15  individual asymmetric cipher algorithms
20  openssl commands (some otherwise not tested)
25  certificate forms, generation and verification
30  engine and evp
70  PACKET layer
80  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
90  misc


A recipe that just runs a test executable
=========================================

A script that just runs a program looks like this:

    #! /usr/bin/perl
    
    use OpenSSL::Test::Simple;
    
    simple_test("test_{name}", "{name}test", "{name}");

{name} is the unique name you have chosen for your test.

The second argument to `simple_test' is the test executable, and `simple_test'
expects it to be located in test/

For documentation on OpenSSL::Test::Simple, do
`perldoc test/testlib/OpenSSL/Test/Simple.pm'.


A recipe that runs a more complex test
======================================

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
documentation.  For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'.

A script to start from could be this:

    #! /usr/bin/perl
    
    use strict;
    use warnings;
    use OpenSSL::Test;
    
    setup("test_{name}");
    
    plan tests => 2;                # The number of tests being performed
    
    ok(test1, "test1");
    ok(test2, "test1");
    
    sub test1
    {
        # test feature 1
    }
    
    sub test2
    {
        # test feature 2
    }
    

Changes to test/Makefile
========================

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

* among the variables for test executables at the beginning, add a line like
  this:

    {NAME}TEST= {name}test

* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE:

* add `$({NAME}TEST).o' to the assignment of OBJ:

* add `$({NAME}TEST).c' to the assignment of SRC:

* add the following lines for building the executable:

    $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO)
           @target=$({NAME}TEST); $(BUILD_CMD)