From 7ea93aa35e8a521d68f7fab44d46590210f637b2 Mon Sep 17 00:00:00 2001 From: Dan Streetman Date: Fri, 4 Aug 2023 18:51:55 -0400 Subject: [PATCH] openssl: add log_openssl_errors() Add a macro to log all errors in the openssl 'thread error queue'. This consolidates all the openssl-generated errors to return -EIO and log at debug level. Also add a 'invalid' test in test-openssl, to allow manual verification that the openssl error(s) are logged. (cherry picked from commit 60696b22d96d0c27680400818672e16f8bb2d53b) Related: RHEL-16182 --- src/shared/openssl-util.c | 175 +++++++++++++++++++++----------------- src/test/test-openssl.c | 8 ++ 2 files changed, 107 insertions(+), 76 deletions(-) diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c index 313c1fc4ea..3d3d8090f8 100644 --- a/src/shared/openssl-util.c +++ b/src/shared/openssl-util.c @@ -6,6 +6,32 @@ #include "hexdecoct.h" #if HAVE_OPENSSL +/* For each error in the the Openssl thread error queue, log the provided message and the Openssl error + * string. If there are no errors in the Openssl thread queue, this logs the message with "No openssl + * errors." This logs at level debug. Returns -EIO (or -ENOMEM). */ +#define log_openssl_errors(fmt, ...) _log_openssl_errors(UNIQ, fmt, ##__VA_ARGS__) +#define _log_openssl_errors(u, fmt, ...) \ + ({ \ + size_t UNIQ_T(MAX, u) = 512 /* arbitrary, but openssl doc states it must be >= 256 */; \ + _cleanup_free_ char *UNIQ_T(BUF, u) = malloc(UNIQ_T(MAX, u)); \ + !UNIQ_T(BUF, u) \ + ? log_oom_debug() \ + : __log_openssl_errors(u, UNIQ_T(BUF, u), UNIQ_T(MAX, u), fmt, ##__VA_ARGS__) \ + ?: log_debug_errno(SYNTHETIC_ERRNO(EIO), fmt ": No openssl errors.", ##__VA_ARGS__); \ + }) +#define __log_openssl_errors(u, buf, max, fmt, ...) \ + ({ \ + int UNIQ_T(R, u) = 0; \ + for (;;) { \ + unsigned long UNIQ_T(E, u) = ERR_get_error(); \ + if (UNIQ_T(E, u) == 0) \ + break; \ + ERR_error_string_n(UNIQ_T(E, u), buf, max); \ + UNIQ_T(R, u) = log_debug_errno(SYNTHETIC_ERRNO(EIO), fmt ": %s", ##__VA_ARGS__, buf); \ + } \ + UNIQ_T(R, u); \ + }) + int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret) { assert(pem); assert(ret); @@ -17,7 +43,7 @@ int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret) { _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL); if (!pkey) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to parse PEM."); + return log_openssl_errors("Failed to parse PEM"); *ret = TAKE_PTR(pkey); @@ -74,23 +100,23 @@ int rsa_encrypt_bytes( ctx = EVP_PKEY_CTX_new(pkey, NULL); if (!ctx) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate public key context"); + return log_openssl_errors("Failed to allocate public key context"); if (EVP_PKEY_encrypt_init(ctx) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize public key context"); + return log_openssl_errors("Failed to initialize public key context"); if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to configure PKCS#1 padding"); + return log_openssl_errors("Failed to configure PKCS#1 padding"); if (EVP_PKEY_encrypt(ctx, NULL, &l, decrypted_key, decrypted_key_size) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size"); + return log_openssl_errors("Failed to determine encrypted key size"); b = malloc(l); if (!b) return -ENOMEM; if (EVP_PKEY_encrypt(ctx, b, &l, decrypted_key, decrypted_key_size) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size"); + return log_openssl_errors("Failed to determine encrypted key size"); *ret_encrypt_key = TAKE_PTR(b); *ret_encrypt_key_size = l; @@ -139,53 +165,53 @@ int rsa_pkey_from_n_e(const void *n, size_t n_size, const void *e, size_t e_size _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY_CTX"); _cleanup_(BN_freep) BIGNUM *bn_n = BN_bin2bn(n, n_size, NULL); if (!bn_n) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to create BIGNUM for RSA n."); + return log_openssl_errors("Failed to create BIGNUM for RSA n"); _cleanup_(BN_freep) BIGNUM *bn_e = BN_bin2bn(e, e_size, NULL); if (!bn_e) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to create BIGNUM for RSA e."); + return log_openssl_errors("Failed to create BIGNUM for RSA e"); #if OPENSSL_VERSION_MAJOR >= 3 if (EVP_PKEY_fromdata_init(ctx) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize EVP_PKEY_CTX."); + return log_openssl_errors("Failed to initialize EVP_PKEY_CTX"); _cleanup_(OSSL_PARAM_BLD_freep) OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); if (!bld) - return log_oom_debug(); + return log_openssl_errors("Failed to create new OSSL_PARAM_BLD"); if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, bn_n)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set RSA OSSL_PKEY_PARAM_RSA_N."); + return log_openssl_errors("Failed to set RSA OSSL_PKEY_PARAM_RSA_N"); if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, bn_e)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set RSA OSSL_PKEY_PARAM_RSA_E."); + return log_openssl_errors("Failed to set RSA OSSL_PKEY_PARAM_RSA_E"); _cleanup_(OSSL_PARAM_freep) OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); if (!params) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to build RSA OSSL_PARAM."); + return log_openssl_errors("Failed to build RSA OSSL_PARAM"); if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to create RSA EVP_PKEY."); + return log_openssl_errors("Failed to create RSA EVP_PKEY"); #else _cleanup_(RSA_freep) RSA *rsa_key = RSA_new(); if (!rsa_key) - return log_oom_debug(); + return log_openssl_errors("Failed to create new RSA"); if (!RSA_set0_key(rsa_key, bn_n, bn_e, NULL)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set RSA n/e."); + return log_openssl_errors("Failed to set RSA n/e"); /* rsa_key owns these now, don't free */ TAKE_PTR(bn_n); TAKE_PTR(bn_e); pkey = EVP_PKEY_new(); if (!pkey) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY"); if (!EVP_PKEY_assign_RSA(pkey, rsa_key)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to assign RSA key."); + return log_openssl_errors("Failed to assign RSA key"); /* pkey owns this now, don't free */ TAKE_PTR(rsa_key); #endif @@ -212,24 +238,23 @@ int rsa_pkey_to_n_e( #if OPENSSL_VERSION_MAJOR >= 3 _cleanup_(BN_freep) BIGNUM *bn_n = NULL; if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &bn_n)) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get RSA n."); + return log_openssl_errors("Failed to get RSA n"); _cleanup_(BN_freep) BIGNUM *bn_e = NULL; if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &bn_e)) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get RSA e."); + return log_openssl_errors("Failed to get RSA e"); #else const RSA *rsa = EVP_PKEY_get0_RSA((EVP_PKEY*) pkey); if (!rsa) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), - "Failed to get RSA key from public key."); + return log_openssl_errors("Failed to get RSA key from public key"); const BIGNUM *bn_n = RSA_get0_n(rsa); if (!bn_n) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get RSA n."); + return log_openssl_errors("Failed to get RSA n"); const BIGNUM *bn_e = RSA_get0_e(rsa); if (!bn_e) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get RSA e."); + return log_openssl_errors("Failed to get RSA e"); #endif size_t n_size = BN_num_bytes(bn_n), e_size = BN_num_bytes(bn_e); @@ -254,17 +279,17 @@ int rsa_pkey_new(size_t bits, EVP_PKEY **ret) { _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY_CTX"); if (EVP_PKEY_keygen_init(ctx) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize EVP_PKEY_CTX."); + return log_openssl_errors("Failed to initialize EVP_PKEY_CTX"); if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, (int) bits) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set RSA bits to %zu.", bits); + return log_openssl_errors("Failed to set RSA bits to %zu", bits); _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate ECC key."); + return log_openssl_errors("Failed to generate ECC key"); *ret = TAKE_PTR(pkey); @@ -286,70 +311,71 @@ int ecc_pkey_from_curve_x_y( _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (!ctx) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY_CTX"); - _cleanup_(BN_freep) BIGNUM *bn_x = BN_bin2bn(x, x_size, NULL), *bn_y = BN_bin2bn(y, y_size, NULL); - if (!bn_x || !bn_y) - return log_oom_debug(); + _cleanup_(BN_freep) BIGNUM *bn_x = BN_bin2bn(x, x_size, NULL); + if (!bn_x) + return log_openssl_errors("Failed to create BIGNUM x"); + + _cleanup_(BN_freep) BIGNUM *bn_y = BN_bin2bn(y, y_size, NULL); + if (!bn_y) + return log_openssl_errors("Failed to create BIGNUM y"); _cleanup_(EC_GROUP_freep) EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_id); if (!group) - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "ECC curve id %d not supported.", curve_id); + return log_openssl_errors("ECC curve id %d not supported", curve_id); _cleanup_(EC_POINT_freep) EC_POINT *point = EC_POINT_new(group); if (!point) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EC_POINT"); if (!EC_POINT_set_affine_coordinates(group, point, bn_x, bn_y, NULL)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ECC coordinates."); + return log_openssl_errors("Failed to set ECC coordinates"); #if OPENSSL_VERSION_MAJOR >= 3 if (EVP_PKEY_fromdata_init(ctx) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to initialize EVP_PKEY_CTX."); + return log_openssl_errors("Failed to initialize EVP_PKEY_CTX"); _cleanup_(OSSL_PARAM_BLD_freep) OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); if (!bld) - return log_oom_debug(); + return log_openssl_errors("Failed to create new OSSL_PARAM_BLD"); if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, (char*) OSSL_EC_curve_nid2name(curve_id), 0)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to add ECC OSSL_PKEY_PARAM_GROUP_NAME."); + return log_openssl_errors("Failed to add ECC OSSL_PKEY_PARAM_GROUP_NAME"); _cleanup_(OPENSSL_freep) void *pbuf = NULL; size_t pbuf_len = 0; pbuf_len = EC_POINT_point2buf(group, point, POINT_CONVERSION_UNCOMPRESSED, (unsigned char**) &pbuf, NULL); if (pbuf_len == 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert ECC point to buffer."); + return log_openssl_errors("Failed to convert ECC point to buffer"); if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pbuf, pbuf_len)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to add ECC OSSL_PKEY_PARAM_PUB_KEY."); + return log_openssl_errors("Failed to add ECC OSSL_PKEY_PARAM_PUB_KEY"); _cleanup_(OSSL_PARAM_freep) OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); if (!params) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to build ECC OSSL_PARAM."); + return log_openssl_errors("Failed to build ECC OSSL_PARAM"); _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "Failed to create ECC EVP_PKEY."); + return log_openssl_errors("Failed to create ECC EVP_PKEY"); #else _cleanup_(EC_KEY_freep) EC_KEY *eckey = EC_KEY_new(); if (!eckey) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EC_KEY"); if (!EC_KEY_set_group(eckey, group)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ECC group."); + return log_openssl_errors("Failed to set ECC group"); if (!EC_KEY_set_public_key(eckey, point)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ECC point."); + return log_openssl_errors("Failed to set ECC point"); _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = EVP_PKEY_new(); if (!pkey) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY"); if (!EVP_PKEY_assign_EC_KEY(pkey, eckey)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to assign ECC key."); + return log_openssl_errors("Failed to assign ECC key"); /* pkey owns this now, don't free */ TAKE_PTR(eckey); #endif @@ -375,48 +401,48 @@ int ecc_pkey_to_curve_x_y( #if OPENSSL_VERSION_MAJOR >= 3 size_t name_size; if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0, &name_size)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC group name size."); + return log_openssl_errors("Failed to get ECC group name size"); _cleanup_free_ char *name = new(char, name_size + 1); if (!name) return log_oom_debug(); if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, name, name_size + 1, NULL)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC group name."); + return log_openssl_errors("Failed to get ECC group name"); curve_id = OBJ_sn2nid(name); if (curve_id == NID_undef) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC curve id."); + return log_openssl_errors("Failed to get ECC curve id"); if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &bn_x)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC point x."); + return log_openssl_errors("Failed to get ECC point x"); if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &bn_y)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC point y."); + return log_openssl_errors("Failed to get ECC point y"); #else const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY*) pkey); if (!eckey) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get EC_KEY."); + return log_openssl_errors("Failed to get EC_KEY"); const EC_GROUP *group = EC_KEY_get0_group(eckey); if (!group) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get EC_GROUP."); + return log_openssl_errors("Failed to get EC_GROUP"); curve_id = EC_GROUP_get_curve_name(group); if (curve_id == NID_undef) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC curve id."); + return log_openssl_errors("Failed to get ECC curve id"); const EC_POINT *point = EC_KEY_get0_public_key(eckey); if (!point) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get EC_POINT."); + return log_openssl_errors("Failed to get EC_POINT"); bn_x = BN_new(); bn_y = BN_new(); if (!bn_x || !bn_y) - return log_oom_debug(); + return log_openssl_errors("Failed to create new BIGNUM"); if (!EC_POINT_get_affine_coordinates(group, point, bn_x, bn_y, NULL)) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to get ECC x/y."); + return log_openssl_errors("Failed to get ECC x/y."); #endif size_t x_size = BN_num_bytes(bn_x), y_size = BN_num_bytes(bn_y); @@ -447,17 +473,17 @@ int ecc_pkey_new(int curve_id, EVP_PKEY **ret) { _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (!ctx) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_PKEY_CTX"); if (EVP_PKEY_keygen_init(ctx) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize EVP_PKEY_CTX."); + return log_openssl_errors("Failed to initialize EVP_PKEY_CTX"); if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, curve_id) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ECC curve %d.", curve_id); + return log_openssl_errors("Failed to set ECC curve %d", curve_id); _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate ECC key."); + return log_openssl_errors("Failed to generate ECC key"); *ret = TAKE_PTR(pkey); @@ -480,8 +506,7 @@ int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_s sz = i2d_PublicKey(pk, NULL); if (sz < 0) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert public key to DER format: %s", - ERR_error_string(ERR_get_error(), NULL)); + return log_openssl_errors("Unable to convert public key to DER format"); dd = d = malloc(sz); if (!d) @@ -489,18 +514,17 @@ int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_s lsz = i2d_PublicKey(pk, &dd); if (lsz < 0) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert public key to DER format: %s", - ERR_error_string(ERR_get_error(), NULL)); + return log_openssl_errors("Unable to convert public key to DER format"); m = EVP_MD_CTX_new(); if (!m) - return log_oom_debug(); + return log_openssl_errors("Failed to create new EVP_MD_CTX"); if (EVP_DigestInit_ex(m, md, NULL) != 1) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize %s context.", EVP_MD_name(md)); + return log_openssl_errors("Failed to initialize %s context", EVP_MD_name(md)); if (EVP_DigestUpdate(m, d, lsz) != 1) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run %s context.", EVP_MD_name(md)); + return log_openssl_errors("Failed to run %s context", EVP_MD_name(md)); msz = EVP_MD_size(md); assert(msz > 0); @@ -511,7 +535,7 @@ int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_s umsz = msz; if (EVP_DigestFinal_ex(m, h, &umsz) != 1) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize hash context."); + return log_openssl_errors("Failed to finalize hash context"); assert(umsz == (unsigned) msz); @@ -560,8 +584,7 @@ int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) { dersz = i2d_X509(cert, &der); if (dersz < 0) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s", - ERR_error_string(ERR_get_error(), NULL)); + return log_openssl_errors("Unable to convert PEM certificate to DER format"); sha256_direct(der, dersz, buffer); return 0; diff --git a/src/test/test-openssl.c b/src/test/test-openssl.c index 7672c8959d..c46ecdcda8 100644 --- a/src/test/test-openssl.c +++ b/src/test/test-openssl.c @@ -94,4 +94,12 @@ TEST(ecc_pkey_curve_x_y) { assert_se(memcmp_nn(y, y_len, y2, y2_size) == 0); } +TEST(invalid) { + _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; + + DEFINE_HEX_PTR(key, "2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7b"); + assert_se(openssl_pkey_from_pem(key, key_len, &pkey) == -EIO); + assert_se(pkey == NULL); +} + DEFINE_TEST_MAIN(LOG_DEBUG);