123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 |
- /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
- #include <stddef.h>
- #include <openssl/provider.h>
- #include "testutil.h"
- extern OSSL_provider_init_fn PROVIDER_INIT_FUNCTION_NAME;
- static char buf[256];
- static OSSL_PARAM greeting_request[] = {
- { "greeting", OSSL_PARAM_UTF8_STRING, buf, sizeof(buf) },
- { NULL, 0, NULL, 0, 0 }
- };
- static unsigned int digestsuccess = 0;
- static OSSL_PARAM digest_check[] = {
- { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, &digestsuccess,
- sizeof(digestsuccess) },
- { NULL, 0, NULL, 0, 0 }
- };
- static unsigned int stopsuccess = 0;
- static OSSL_PARAM stop_property_mirror[] = {
- { "stop-property-mirror", OSSL_PARAM_UNSIGNED_INTEGER, &stopsuccess,
- sizeof(stopsuccess) },
- { NULL, 0, NULL, 0, 0 }
- };
- static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
- OSSL_PROVIDER *legacy)
- {
- OSSL_PROVIDER *prov = NULL;
- const char *greeting = NULL;
- char expected_greeting[256];
- int ok = 0;
- long err;
- int dolegacycheck = (legacy != NULL);
- OSSL_PROVIDER *deflt = NULL, *base = NULL;
- BIO_snprintf(expected_greeting, sizeof(expected_greeting),
- "Hello OpenSSL %.20s, greetings from %s!",
- OPENSSL_VERSION_STR, name);
- /*
- * We set properties that we know the providers we are using don't have.
- * This should mean that the p_test provider will fail any fetches - which
- * is something we test inside the provider.
- */
- EVP_set_default_properties(*libctx, "fips=yes");
- /*
- * Check that it is possible to have a built-in provider mirrored in
- * a child lib ctx.
- */
- if (!TEST_ptr(base = OSSL_PROVIDER_load(*libctx, "base")))
- goto err;
- if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name)))
- goto err;
- /*
- * Once the provider is loaded we clear the default properties and fetches
- * should start working again.
- */
- EVP_set_default_properties(*libctx, "");
- if (dolegacycheck) {
- if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
- || !TEST_true(digestsuccess))
- goto err;
- /*
- * Check that a provider can prevent property mirroring if it sets its
- * own properties explicitly
- */
- if (!TEST_true(OSSL_PROVIDER_get_params(prov, stop_property_mirror))
- || !TEST_true(stopsuccess))
- goto err;
- EVP_set_default_properties(*libctx, "fips=yes");
- if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
- || !TEST_true(digestsuccess))
- goto err;
- EVP_set_default_properties(*libctx, "");
- }
- if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
- || !TEST_ptr(greeting = greeting_request[0].data)
- || !TEST_size_t_gt(greeting_request[0].data_size, 0)
- || !TEST_str_eq(greeting, expected_greeting))
- goto err;
- /* Make sure we got the error we were expecting */
- err = ERR_peek_last_error();
- if (!TEST_int_gt(err, 0)
- || !TEST_int_eq(ERR_GET_REASON(err), 1))
- goto err;
- OSSL_PROVIDER_unload(legacy);
- legacy = NULL;
- if (dolegacycheck) {
- /* Legacy provider should also be unloaded from child libctx */
- if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
- || !TEST_false(digestsuccess))
- goto err;
- /*
- * Loading the legacy provider again should make it available again in
- * the child libctx. Loading and unloading the default provider should
- * have no impact on the child because the child loads it explicitly
- * before this point.
- */
- legacy = OSSL_PROVIDER_load(*libctx, "legacy");
- deflt = OSSL_PROVIDER_load(*libctx, "default");
- if (!TEST_ptr(deflt)
- || !TEST_true(OSSL_PROVIDER_available(*libctx, "default")))
- goto err;
- OSSL_PROVIDER_unload(deflt);
- deflt = NULL;
- if (!TEST_ptr(legacy)
- || !TEST_false(OSSL_PROVIDER_available(*libctx, "default"))
- || !TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
- || !TEST_true(digestsuccess))
- goto err;
- OSSL_PROVIDER_unload(legacy);
- legacy = NULL;
- }
- if (!TEST_true(OSSL_PROVIDER_unload(base)))
- goto err;
- base = NULL;
- if (!TEST_true(OSSL_PROVIDER_unload(prov)))
- goto err;
- prov = NULL;
- /*
- * We must free the libctx to force the provider to really be unloaded from
- * memory
- */
- OSSL_LIB_CTX_free(*libctx);
- *libctx = NULL;
- /* We print out all the data to make sure it can still be accessed */
- ERR_print_errors_fp(stderr);
- ok = 1;
- err:
- OSSL_PROVIDER_unload(base);
- OSSL_PROVIDER_unload(deflt);
- OSSL_PROVIDER_unload(legacy);
- legacy = NULL;
- OSSL_PROVIDER_unload(prov);
- OSSL_LIB_CTX_free(*libctx);
- *libctx = NULL;
- return ok;
- }
- static int test_builtin_provider(void)
- {
- OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
- const char *name = "p_test_builtin";
- int ok;
- ok =
- TEST_ptr(libctx)
- && TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
- PROVIDER_INIT_FUNCTION_NAME))
- && test_provider(&libctx, name, NULL);
- OSSL_LIB_CTX_free(libctx);
- return ok;
- }
- /* Test relies on fetching the MD4 digest from the legacy provider */
- #ifndef OPENSSL_NO_MD4
- static int test_builtin_provider_with_child(void)
- {
- OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
- const char *name = "p_test";
- OSSL_PROVIDER *legacy;
- if (!TEST_ptr(libctx))
- return 0;
- legacy = OSSL_PROVIDER_load(libctx, "legacy");
- if (legacy == NULL) {
- /*
- * In this case we assume we've been built with "no-legacy" and skip
- * this test (there is no OPENSSL_NO_LEGACY)
- */
- OSSL_LIB_CTX_free(libctx);
- return 1;
- }
- if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
- PROVIDER_INIT_FUNCTION_NAME))) {
- OSSL_LIB_CTX_free(libctx);
- return 0;
- }
- /* test_provider will free libctx and unload legacy as part of the test */
- return test_provider(&libctx, name, legacy);
- }
- #endif
- #ifndef NO_PROVIDER_MODULE
- static int test_loaded_provider(void)
- {
- OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
- const char *name = "p_test";
- if (!TEST_ptr(libctx))
- return 0;
- /* test_provider will free libctx as part of the test */
- return test_provider(&libctx, name, NULL);
- }
- #endif
- typedef enum OPTION_choice {
- OPT_ERR = -1,
- OPT_EOF = 0,
- OPT_LOADED,
- OPT_TEST_ENUM
- } OPTION_CHOICE;
- const OPTIONS *test_get_options(void)
- {
- static const OPTIONS test_options[] = {
- OPT_TEST_OPTIONS_DEFAULT_USAGE,
- { "loaded", OPT_LOADED, '-', "Run test with a loaded provider" },
- { NULL }
- };
- return test_options;
- }
- int setup_tests(void)
- {
- OPTION_CHOICE o;
- int loaded = 0;
- while ((o = opt_next()) != OPT_EOF) {
- switch (o) {
- case OPT_TEST_CASES:
- break;
- case OPT_LOADED:
- loaded = 1;
- break;
- default:
- return 0;
- }
- }
- if (!loaded) {
- ADD_TEST(test_builtin_provider);
- #ifndef OPENSSL_NO_MD4
- ADD_TEST(test_builtin_provider_with_child);
- #endif
- }
- #ifndef NO_PROVIDER_MODULE
- else {
- ADD_TEST(test_loaded_provider);
- }
- #endif
- return 1;
- }
|