fix test failures and seg faults when Botan is configured with --module-policy bsi

12 files changed, 85 insertions, 29 deletions

diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index c7d44c73a..c2d4b3454 100644
--- a/src/lib/pubkey/dsa/dsa.cpp
+++ b/src/lib/pubkey/dsa/dsa.cpp
@@ -69,7 +69,7 @@ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
    if(!strong)
       return true;
 
-   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
+   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)");
    }
 
 namespace {
diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt
index 94802ed59..855363789 100644
--- a/src/lib/pubkey/dsa/info.txt
+++ b/src/lib/pubkey/dsa/info.txt
@@ -5,4 +5,6 @@ dl_algo
 dl_group
 keypair
 numbertheory
+emsa1
+sha2_32
 </requires>
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 53b5982e0..35a119420 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -26,7 +26,7 @@ bool ECDSA_PrivateKey::check_key(RandomNumberGenerator& rng,
    if(!strong)
       return true;
 
-   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
+   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)");
    }
 
 namespace {
diff --git a/src/lib/pubkey/ecdsa/info.txt b/src/lib/pubkey/ecdsa/info.txt
index e98913897..3b12bff0d 100644
--- a/src/lib/pubkey/ecdsa/info.txt
+++ b/src/lib/pubkey/ecdsa/info.txt
@@ -7,4 +7,6 @@ ecc_key
 keypair
 numbertheory
 rng
+emsa1
+sha2_32
 </requires>
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index b28e3fe96..3e14aa8f4 100644
--- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -20,7 +20,7 @@ bool ECGDSA_PrivateKey::check_key(RandomNumberGenerator& rng,
    if(!strong)
       return true;
 
-   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
+   return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)");
    }
 
 namespace {
diff --git a/src/lib/pubkey/ecgdsa/info.txt b/src/lib/pubkey/ecgdsa/info.txt
index 6c18a1440..79dec3199 100644
--- a/src/lib/pubkey/ecgdsa/info.txt
+++ b/src/lib/pubkey/ecgdsa/info.txt
@@ -8,4 +8,6 @@ ecc_key
 keypair
 numbertheory
 rng
+emsa1
+sha2_32
 </requires>
diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt
index 264ff7c62..91eec565a 100644
--- a/src/lib/pubkey/rsa/info.txt
+++ b/src/lib/pubkey/rsa/info.txt
@@ -4,4 +4,6 @@ define RSA 20131128
 if_algo
 keypair
 numbertheory
+emsa_pssr
+sha2_32
 </requires>
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index e12586014..6a645ec88 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -58,7 +58,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
    if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1)
       return false;
 
-   return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)");
+   return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");
    }
 
 namespace {
diff --git a/src/tests/test_rfc6979.cpp b/src/tests/test_rfc6979.cpp
index 30846c9e3..1b8e91377 100644
--- a/src/tests/test_rfc6979.cpp
+++ b/src/tests/test_rfc6979.cpp
@@ -11,6 +11,8 @@
   #include <botan/hex.h>
 #endif
 
+#include <botan/hash.h>
+
 namespace Botan_Tests {
 
 namespace {
@@ -31,6 +33,15 @@ class RFC6979_KAT_Tests : public Text_Based_Test
          const BigInt K = get_req_bn(vars, "K");
 
          Test::Result result("RFC 6979 nonce generation");
+
+         auto hash_func = Botan::HashFunction::create(hash);
+
+         if(!hash_func)
+            {
+            result.test_note("Skipping due to missing: " + hash);
+            return result;
+            }
+
          result.test_eq("vector matches", Botan::generate_rfc6979_nonce(X, Q, H, hash), K);
 
          Botan::RFC6979_Nonce_Generator gen(hash, Q, X);
diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp
index 6a9580345..7f1c1f123 100644
--- a/src/tests/test_rng.cpp
+++ b/src/tests/test_rng.cpp
@@ -40,15 +40,31 @@ Botan::RandomNumberGenerator* get_rng(const std::string& algo_str, const std::ve
 
 #if defined(BOTAN_HAS_HMAC_DRBG)
    if(rng_name == "HMAC_DRBG")
-      return new Botan::HMAC_DRBG(
-         Botan::MessageAuthenticationCode::create("HMAC(" + algo_name[1] + ")").release(),
-         new AllOnce_RNG(ikm));
+      {
+      auto mac = Botan::MessageAuthenticationCode::create("HMAC(" + algo_name[1] + ")");
+
+      if(!mac)
+         {
+         return nullptr;
+         }
+
+      return new Botan::HMAC_DRBG(mac.release(), new AllOnce_RNG(ikm));
+      }
+
 #endif
 
 #if defined(BOTAN_HAS_X931_RNG)
    if(rng_name == "X9.31-RNG")
-      return new Botan::ANSI_X931_RNG(Botan::BlockCipher::create(algo_name[1]).release(),
-                                      new Fixed_Output_RNG(ikm));
+      {
+      auto bc = Botan::BlockCipher::create(algo_name[1]);
+
+      if(!bc)
+         {
+         return nullptr;
+         }
+
+      return new Botan::ANSI_X931_RNG(bc.release(), new Fixed_Output_RNG(ikm));
+      }
 #endif
 
    return nullptr;
@@ -72,6 +88,11 @@ class X931_RNG_Tests : public Text_Based_Test
          result.test_eq("length", L, expected.size());
 
          std::unique_ptr<Botan::RandomNumberGenerator> rng(get_rng(algo, ikm));
+         if(!rng)
+            {
+            result.note_missing("RNG " + algo);
+            return result;
+            }
 
          result.test_eq("rng", rng->random_vec(L), expected);
 
diff --git a/src/tests/unit_ecdh.cpp b/src/tests/unit_ecdh.cpp
index 0368a53d1..40a10203a 100644
--- a/src/tests/unit_ecdh.cpp
+++ b/src/tests/unit_ecdh.cpp
@@ -41,24 +41,30 @@ class ECDH_Unit_Tests : public Test
          std::vector<std::string> oids = { "1.2.840.10045.3.1.7",
                                            "1.3.132.0.8",
                                            "1.2.840.10045.3.1.1" };
-
-         for(auto&& oid : oids)
+         try
             {
-            Botan::EC_Group dom_pars(Botan::OIDS::lookup(oid));
-            Botan::ECDH_PrivateKey private_a(Test::rng(), dom_pars);
-            Botan::ECDH_PrivateKey private_b(Test::rng(), dom_pars);
+            for(auto&& oid : oids)
+               {
+               Botan::EC_Group dom_pars(Botan::OIDS::lookup(oid));
+               Botan::ECDH_PrivateKey private_a(Test::rng(), dom_pars);
+               Botan::ECDH_PrivateKey private_b(Test::rng(), dom_pars);
 
-            Botan::PK_Key_Agreement ka(private_a, "KDF2(SHA-1)");
-            Botan::PK_Key_Agreement kb(private_b, "KDF2(SHA-1)");
+               Botan::PK_Key_Agreement ka(private_a, "KDF2(SHA-512)");
+               Botan::PK_Key_Agreement kb(private_b, "KDF2(SHA-512)");
 
-            Botan::SymmetricKey alice_key = ka.derive_key(32, private_b.public_value());
-            Botan::SymmetricKey bob_key = kb.derive_key(32, private_a.public_value());
+               Botan::SymmetricKey alice_key = ka.derive_key(32, private_b.public_value());
+               Botan::SymmetricKey bob_key = kb.derive_key(32, private_a.public_value());
 
-            if(!result.test_eq("same derived key", alice_key.bits_of(), bob_key.bits_of()))
-               {
-               result.test_note("Keys where " + alice_key.as_string() + " and " + bob_key.as_string());
+               if(!result.test_eq("same derived key", alice_key.bits_of(), bob_key.bits_of()))
+                  {
+                  result.test_note("Keys where " + alice_key.as_string() + " and " + bob_key.as_string());
+                  }
                }
             }
+         catch(Botan::Lookup_Error&)
+            {
+            result.test_note("Skipping due to missing KFD2 or SHA-512");
+            }
 
          return result;
          }
diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp
index ecafb3c7f..2ad341e5e 100644
--- a/src/tests/unit_ecdsa.cpp
+++ b/src/tests/unit_ecdsa.cpp
@@ -17,6 +17,7 @@
   #include <botan/ec_group.h>
   #include <botan/oids.h>
   #include <botan/pkcs8.h>
+  #include <botan/hash.h>
 #endif
 
 #if defined(BOTAN_HAS_X509_CERTIFICATES)
@@ -49,6 +50,15 @@ Test::Result test_hash_larger_than_n()
    for(size_t i = 0; i != message.size(); ++i)
       message[i] = i;
 
+   auto sha1 = Botan::HashFunction::create("SHA-1");
+   auto sha224 = Botan::HashFunction::create("SHA-224");
+
+   if(!sha1 || !sha224)
+      {
+      result.test_note("Skipping due to missing SHA-1 or SHA-224");
+      return result;
+      }
+
    Botan::PK_Signer pk_signer_160(priv_key, "EMSA1_BSI(SHA-1)");
    Botan::PK_Verifier pk_verifier_160(priv_key, "EMSA1_BSI(SHA-1)");
 
@@ -130,12 +140,12 @@ Test::Result test_sign_then_ver()
    Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8"));
    Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars);
 
-   Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-1)");
+   Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-256)");
 
    auto msg = Botan::hex_decode("12345678901234567890abcdef12");
    std::vector<byte> sig = signer.sign_message(msg, Test::rng());
 
-   Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)");
+   Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)");
 
    result.confirm("signature verifies", verifier.verify_message(msg, sig));
 
@@ -205,7 +215,7 @@ Test::Result test_ecdsa_create_save_load()
       Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8"));
       Botan::ECDSA_PrivateKey key(Test::rng(), dom_pars);
 
-      Botan::PK_Signer signer(key, "EMSA1(SHA-1)");
+      Botan::PK_Signer signer(key, "EMSA1(SHA-256)");
       msg_signature = signer.sign_message(msg, Test::rng());
 
       ecc_private_key_pem = Botan::PKCS8::PEM_encode(key);
@@ -220,7 +230,7 @@ Test::Result test_ecdsa_create_save_load()
    Botan::ECDSA_PrivateKey* loaded_ec_key = dynamic_cast<Botan::ECDSA_PrivateKey*>(loaded_key.get());
    result.confirm("the loaded key could be converted into an ECDSA_PrivateKey", loaded_ec_key);
 
-   Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-1)");
+   Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-256)");
 
    result.confirm("generated signature valid", verifier.verify_message(msg, msg_signature));
 
@@ -268,8 +278,8 @@ Test::Result test_read_pkcs8()
       Botan::ECDSA_PrivateKey* ecdsa_nodp = dynamic_cast<Botan::ECDSA_PrivateKey*>(loaded_key_nodp.get());
       result.confirm("key loaded", ecdsa_nodp);
 
-      Botan::PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-1)");
-      Botan::PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-1)");
+      Botan::PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-256)");
+      Botan::PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-256)");
 
       std::vector<byte> signature_nodp = signer.sign_message(msg, Test::rng());
 
@@ -335,8 +345,8 @@ Test::Result test_curve_registry()
          Botan::EC_Group dom_pars(oid);
          Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars);
 
-         Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-1)");
-         Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)");
+         Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-256)");
+         Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)");
 
          auto msg = Botan::hex_decode("12345678901234567890abcdef12");
          std::vector<byte> sig = signer.sign_message(msg, Test::rng());