From f6006ae72dd91e94a3c4244318ea54107ae8eedc Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 21 Nov 2021 11:55:00 +0000
Subject: [PATCH] wycheproof: modify RSA tests to work with opaque RSA struct

---
 .../lib/libcrypto/wycheproof/wycheproof.go    | 68 ++++++++++++++++---
 1 file changed, 57 insertions(+), 11 deletions(-)

diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go
index b10792ab6f4..e23b100bf7a 100644
--- a/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.123 2021/11/21 11:41:18 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.124 2021/11/21 11:55:00 tb Exp $ */
 /*
  * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
@@ -2229,23 +2229,36 @@ func runRsaesOaepTestGroup(algorithm string, wtg *wycheproofTestGroupRsaesOaep)
 	defer C.RSA_free(rsa)
 
 	d := C.CString(wtg.D)
-	if C.BN_hex2bn(&rsa.d, d) == 0 {
+	var rsaD *C.BIGNUM
+	defer C.BN_free(rsaD)
+	if C.BN_hex2bn(&rsaD, d) == 0 {
 		log.Fatal("Failed to set RSA d")
 	}
 	C.free(unsafe.Pointer(d))
 
 	e := C.CString(wtg.E)
-	if C.BN_hex2bn(&rsa.e, e) == 0 {
+	var rsaE *C.BIGNUM
+	defer C.BN_free(rsaE)
+	if C.BN_hex2bn(&rsaE, e) == 0 {
 		log.Fatal("Failed to set RSA e")
 	}
 	C.free(unsafe.Pointer(e))
 
 	n := C.CString(wtg.N)
-	if C.BN_hex2bn(&rsa.n, n) == 0 {
+	var rsaN *C.BIGNUM
+	defer C.BN_free(rsaN)
+	if C.BN_hex2bn(&rsaN, n) == 0 {
 		log.Fatal("Failed to set RSA n")
 	}
 	C.free(unsafe.Pointer(n))
 
+	if C.RSA_set0_key(rsa, rsaN, rsaE, rsaD) == 0 {
+		log.Fatal("RSA_set0_key failed")
+	}
+	rsaN = nil
+	rsaE = nil
+	rsaD = nil
+
 	sha, err := hashEvpMdFromString(wtg.SHA)
 	if err != nil {
 		log.Fatalf("Failed to get hash: %v", err)
@@ -2316,23 +2329,36 @@ func runRsaesPkcs1TestGroup(algorithm string, wtg *wycheproofTestGroupRsaesPkcs1
 	defer C.RSA_free(rsa)
 
 	d := C.CString(wtg.D)
-	if C.BN_hex2bn(&rsa.d, d) == 0 {
+	var rsaD *C.BIGNUM
+	defer C.BN_free(rsaD)
+	if C.BN_hex2bn(&rsaD, d) == 0 {
 		log.Fatal("Failed to set RSA d")
 	}
 	C.free(unsafe.Pointer(d))
 
 	e := C.CString(wtg.E)
-	if C.BN_hex2bn(&rsa.e, e) == 0 {
+	var rsaE *C.BIGNUM
+	defer C.BN_free(rsaE)
+	if C.BN_hex2bn(&rsaE, e) == 0 {
 		log.Fatal("Failed to set RSA e")
 	}
 	C.free(unsafe.Pointer(e))
 
 	n := C.CString(wtg.N)
-	if C.BN_hex2bn(&rsa.n, n) == 0 {
+	var rsaN *C.BIGNUM
+	defer C.BN_free(rsaN)
+	if C.BN_hex2bn(&rsaN, n) == 0 {
 		log.Fatal("Failed to set RSA n")
 	}
 	C.free(unsafe.Pointer(n))
 
+	if C.RSA_set0_key(rsa, rsaN, rsaE, rsaD) == 0 {
+		log.Fatal("RSA_set0_key failed")
+	}
+	rsaN = nil
+	rsaE = nil
+	rsaD = nil
+
 	success := true
 	for _, wt := range wtg.Tests {
 		if !runRsaesPkcs1Test(rsa, wt) {
@@ -2411,17 +2437,27 @@ func runRsassaTestGroup(algorithm string, wtg *wycheproofTestGroupRsassa) bool {
 	defer C.RSA_free(rsa)
 
 	e := C.CString(wtg.E)
-	if C.BN_hex2bn(&rsa.e, e) == 0 {
+	var rsaE *C.BIGNUM
+	defer C.BN_free(rsaE)
+	if C.BN_hex2bn(&rsaE, e) == 0 {
 		log.Fatal("Failed to set RSA e")
 	}
 	C.free(unsafe.Pointer(e))
 
 	n := C.CString(wtg.N)
-	if C.BN_hex2bn(&rsa.n, n) == 0 {
+	var rsaN *C.BIGNUM
+	defer C.BN_free(rsaN)
+	if C.BN_hex2bn(&rsaN, n) == 0 {
 		log.Fatal("Failed to set RSA n")
 	}
 	C.free(unsafe.Pointer(n))
 
+	if C.RSA_set0_key(rsa, rsaN, rsaE, nil) == 0 {
+		log.Fatal("RSA_set0_key failed")
+	}
+	rsaN = nil
+	rsaE = nil
+
 	h, err := hashFromString(wtg.SHA)
 	if err != nil {
 		log.Fatalf("Failed to get hash: %v", err)
@@ -2496,17 +2532,27 @@ func runRSATestGroup(algorithm string, wtg *wycheproofTestGroupRSA) bool {
 	defer C.RSA_free(rsa)
 
 	e := C.CString(wtg.E)
-	if C.BN_hex2bn(&rsa.e, e) == 0 {
+	var rsaE *C.BIGNUM
+	defer C.BN_free(rsaE)
+	if C.BN_hex2bn(&rsaE, e) == 0 {
 		log.Fatal("Failed to set RSA e")
 	}
 	C.free(unsafe.Pointer(e))
 
 	n := C.CString(wtg.N)
-	if C.BN_hex2bn(&rsa.n, n) == 0 {
+	var rsaN *C.BIGNUM
+	defer C.BN_free(rsaN)
+	if C.BN_hex2bn(&rsaN, n) == 0 {
 		log.Fatal("Failed to set RSA n")
 	}
 	C.free(unsafe.Pointer(n))
 
+	if C.RSA_set0_key(rsa, rsaN, rsaE, nil) == 0 {
+		log.Fatal("RSA_set0_key failed")
+	}
+	rsaN = nil
+	rsaE = nil
+
 	nid, err := nidFromString(wtg.SHA)
 	if err != nil {
 		log.Fatalf("Failed to get MD NID: %v", err)
-- 
2.20.1