rsa key validation test and additions to rsa fromdata test#339
rsa key validation test and additions to rsa fromdata test#339sebastian-carpenter wants to merge 1 commit into
Conversation
18111bf to
e39224b
Compare
| ok = 0; | ||
| } | ||
|
|
||
| if (ok) { | ||
| for(prime = 0; prime < VALIDATE_PRIMES_SIZE; prime++) { |
There was a problem hiding this comment.
Can you not use mp_prime_is_prime() with 0 trials?
There was a problem hiding this comment.
That would fail before it tests primes because you can't have 0 trials (as far as I know).
OpenSSL does 5 rounds of miller-rabin anyway so I'd like to use mp_prime_is_prime() but I get different results between OpenSSL and wolfProvider.
There was a problem hiding this comment.
Ended up doing mp_prime_is_prime with 5 trials. Looks like I still need the table of primes to check the GCD though otherwise the results diverge from OSSL.
6dd7067 to
982f4fd
Compare
982f4fd to
b518965
Compare
|
@sebastian-carpenter, this looks important to integrate. Can you resolve the conflicts? |
I'm working on some changes. I've got it rebased and just need to work through some issues I found. |
b518965 to
5d1e827
Compare
There was a problem hiding this comment.
Pull request overview
This PR strengthens wolfProvider’s RSA key validation and import behavior to better align with OpenSSL, and adds/extends unit tests to cover key integrity and EVP_PKEY_fromdata edge cases (NULL data, CRT completeness, bit-size bounds, negative values).
Changes:
- Adds a new RSA key integrity unit test and registers it in the unit test harness.
- Expands RSA
fromdatatests with additional selections and parameter permutations (including NULLOSSL_PARAMdata cases on newer OpenSSL). - Updates RSA key validation/import logic: additional modulus/exponent sanity checks, small-prime factor screening, CRT completeness checks, and stricter parameter type/value handling.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| test/unit.h | Declares the new test_rsa_key_integrity unit test. |
| test/unit.c | Registers the new RSA key integrity test in the test case table. |
| test/test_rsa.c | Expands RSA fromdata coverage and adds a new RSA key integrity test helper suite. |
| src/wp_rsa_kmgmt.c | Enhances RSA validation and hardens RSA parameter import/CRT verification. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
5d1e827 to
195751c
Compare
195751c to
2fc4d11
Compare
updated rsa_key_import / validate to survive new tests
2fc4d11 to
9a3ce1c
Compare
Adding tests for rsa key validation as well as adding some more cases to the rsa fromdata test.
This test is kind of slow due to the additions.
Bugs:
Additions:
Problems?
Should negative values be stored as 0? OSSL stores them as a negative and fails later but WP must store these values as unsigned.What a hassle! Fail when a negative value is received even though OpenSSL would succeed for the same input.