2
0

p_test.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * This is a very simple provider that does absolutely nothing except respond
  11. * to provider global parameter requests. It does this by simply echoing back
  12. * a parameter request it makes to the loading library.
  13. */
  14. #include <string.h>
  15. #include <stdio.h>
  16. /*
  17. * When built as an object file to link the application with, we get the
  18. * init function name through the macro PROVIDER_INIT_FUNCTION_NAME. If
  19. * not defined, we use the standard init function name for the shared
  20. * object form.
  21. */
  22. #ifdef PROVIDER_INIT_FUNCTION_NAME
  23. # define OSSL_provider_init PROVIDER_INIT_FUNCTION_NAME
  24. #endif
  25. #include "internal/e_os.h"
  26. #include <openssl/core.h>
  27. #include <openssl/core_dispatch.h>
  28. #include <openssl/err.h>
  29. #include <openssl/evp.h>
  30. #include <openssl/crypto.h>
  31. #include <openssl/provider.h>
  32. typedef struct p_test_ctx {
  33. char *thisfile;
  34. char *thisfunc;
  35. const OSSL_CORE_HANDLE *handle;
  36. OSSL_LIB_CTX *libctx;
  37. } P_TEST_CTX;
  38. static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
  39. static OSSL_FUNC_core_get_params_fn *c_get_params = NULL;
  40. static OSSL_FUNC_core_new_error_fn *c_new_error;
  41. static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug;
  42. static OSSL_FUNC_core_vset_error_fn *c_vset_error;
  43. /* Tell the core what params we provide and what type they are */
  44. static const OSSL_PARAM p_param_types[] = {
  45. { "greeting", OSSL_PARAM_UTF8_STRING, NULL, 0, 0 },
  46. { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
  47. { NULL, 0, NULL, 0, 0 }
  48. };
  49. /* This is a trick to ensure we define the provider functions correctly */
  50. static OSSL_FUNC_provider_gettable_params_fn p_gettable_params;
  51. static OSSL_FUNC_provider_get_params_fn p_get_params;
  52. static OSSL_FUNC_provider_get_reason_strings_fn p_get_reason_strings;
  53. static OSSL_FUNC_provider_teardown_fn p_teardown;
  54. static void p_set_error(int lib, int reason, const char *file, int line,
  55. const char *func, const char *fmt, ...)
  56. {
  57. va_list ap;
  58. va_start(ap, fmt);
  59. c_new_error(NULL);
  60. c_set_error_debug(NULL, file, line, func);
  61. c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, ap);
  62. va_end(ap);
  63. }
  64. static const OSSL_PARAM *p_gettable_params(void *_)
  65. {
  66. return p_param_types;
  67. }
  68. static int p_get_params(void *provctx, OSSL_PARAM params[])
  69. {
  70. P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
  71. const OSSL_CORE_HANDLE *hand = ctx->handle;
  72. OSSL_PARAM *p = params;
  73. int ok = 1;
  74. for (; ok && p->key != NULL; p++) {
  75. if (strcmp(p->key, "greeting") == 0) {
  76. static char *opensslv;
  77. static char *provname;
  78. static char *greeting;
  79. static OSSL_PARAM counter_request[] = {
  80. /* Known libcrypto provided parameters */
  81. { "openssl-version", OSSL_PARAM_UTF8_PTR,
  82. &opensslv, sizeof(&opensslv), 0 },
  83. { "provider-name", OSSL_PARAM_UTF8_PTR,
  84. &provname, sizeof(&provname), 0},
  85. /* This might be present, if there's such a configuration */
  86. { "greeting", OSSL_PARAM_UTF8_PTR,
  87. &greeting, sizeof(&greeting), 0 },
  88. { NULL, 0, NULL, 0, 0 }
  89. };
  90. char buf[256];
  91. size_t buf_l;
  92. opensslv = provname = greeting = NULL;
  93. if (c_get_params(hand, counter_request)) {
  94. if (greeting) {
  95. strcpy(buf, greeting);
  96. } else {
  97. const char *versionp = *(void **)counter_request[0].data;
  98. const char *namep = *(void **)counter_request[1].data;
  99. sprintf(buf, "Hello OpenSSL %.20s, greetings from %s!",
  100. versionp, namep);
  101. }
  102. } else {
  103. sprintf(buf, "Howdy stranger...");
  104. }
  105. p->return_size = buf_l = strlen(buf) + 1;
  106. if (p->data_size >= buf_l)
  107. strcpy(p->data, buf);
  108. else
  109. ok = 0;
  110. } else if (strcmp(p->key, "digest-check") == 0) {
  111. unsigned int digestsuccess = 0;
  112. /*
  113. * Test we can use an algorithm from another provider. We're using
  114. * legacy to check that legacy is actually available and we haven't
  115. * just fallen back to default.
  116. */
  117. #ifdef PROVIDER_INIT_FUNCTION_NAME
  118. EVP_MD *md4 = EVP_MD_fetch(ctx->libctx, "MD4", NULL);
  119. EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
  120. const char *msg = "Hello world";
  121. unsigned char out[16];
  122. OSSL_PROVIDER *deflt;
  123. /*
  124. * "default" has not been loaded into the parent libctx. We should be able
  125. * to explicitly load it as a non-child provider.
  126. */
  127. deflt = OSSL_PROVIDER_load(ctx->libctx, "default");
  128. if (deflt == NULL
  129. || !OSSL_PROVIDER_available(ctx->libctx, "default")) {
  130. /* We set error "3" for a failure to load the default provider */
  131. p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE,
  132. ctx->thisfunc, NULL);
  133. ok = 0;
  134. }
  135. /*
  136. * We should have the default provider available that we loaded
  137. * ourselves, and the base and legacy providers which we inherit
  138. * from the parent libctx. We should also have "this" provider
  139. * available.
  140. */
  141. if (ok
  142. && OSSL_PROVIDER_available(ctx->libctx, "default")
  143. && OSSL_PROVIDER_available(ctx->libctx, "base")
  144. && OSSL_PROVIDER_available(ctx->libctx, "legacy")
  145. && OSSL_PROVIDER_available(ctx->libctx, "p_test")
  146. && md4 != NULL
  147. && mdctx != NULL) {
  148. if (EVP_DigestInit_ex(mdctx, md4, NULL)
  149. && EVP_DigestUpdate(mdctx, (const unsigned char *)msg,
  150. strlen(msg))
  151. && EVP_DigestFinal(mdctx, out, NULL))
  152. digestsuccess = 1;
  153. }
  154. EVP_MD_CTX_free(mdctx);
  155. EVP_MD_free(md4);
  156. OSSL_PROVIDER_unload(deflt);
  157. #endif
  158. if (p->data_size >= sizeof(digestsuccess)) {
  159. *(unsigned int *)p->data = digestsuccess;
  160. p->return_size = sizeof(digestsuccess);
  161. } else {
  162. ok = 0;
  163. }
  164. } else if (strcmp(p->key, "stop-property-mirror") == 0) {
  165. /*
  166. * Setting the default properties explicitly should stop mirroring
  167. * of properties from the parent libctx.
  168. */
  169. unsigned int stopsuccess = 0;
  170. #ifdef PROVIDER_INIT_FUNCTION_NAME
  171. stopsuccess = EVP_set_default_properties(ctx->libctx, NULL);
  172. #endif
  173. if (p->data_size >= sizeof(stopsuccess)) {
  174. *(unsigned int *)p->data = stopsuccess;
  175. p->return_size = sizeof(stopsuccess);
  176. } else {
  177. ok = 0;
  178. }
  179. }
  180. }
  181. return ok;
  182. }
  183. static const OSSL_ITEM *p_get_reason_strings(void *_)
  184. {
  185. static const OSSL_ITEM reason_strings[] = {
  186. {1, "dummy reason string"},
  187. {2, "Can't create child library context"},
  188. {3, "Can't load default provider"},
  189. {0, NULL}
  190. };
  191. return reason_strings;
  192. }
  193. static const OSSL_DISPATCH p_test_table[] = {
  194. { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params },
  195. { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params },
  196. { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS,
  197. (void (*)(void))p_get_reason_strings},
  198. { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
  199. OSSL_DISPATCH_END
  200. };
  201. int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
  202. const OSSL_DISPATCH *oin,
  203. const OSSL_DISPATCH **out,
  204. void **provctx)
  205. {
  206. P_TEST_CTX *ctx;
  207. const OSSL_DISPATCH *in = oin;
  208. for (; in->function_id != 0; in++) {
  209. switch (in->function_id) {
  210. case OSSL_FUNC_CORE_GETTABLE_PARAMS:
  211. c_gettable_params = OSSL_FUNC_core_gettable_params(in);
  212. break;
  213. case OSSL_FUNC_CORE_GET_PARAMS:
  214. c_get_params = OSSL_FUNC_core_get_params(in);
  215. break;
  216. case OSSL_FUNC_CORE_NEW_ERROR:
  217. c_new_error = OSSL_FUNC_core_new_error(in);
  218. break;
  219. case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
  220. c_set_error_debug = OSSL_FUNC_core_set_error_debug(in);
  221. break;
  222. case OSSL_FUNC_CORE_VSET_ERROR:
  223. c_vset_error = OSSL_FUNC_core_vset_error(in);
  224. break;
  225. default:
  226. /* Just ignore anything we don't understand */
  227. break;
  228. }
  229. }
  230. /*
  231. * We want to test that libcrypto doesn't use the file and func pointers
  232. * that we provide to it via c_set_error_debug beyond the time that they
  233. * are valid for. Therefore we dynamically allocate these strings now and
  234. * free them again when the provider is torn down. If anything tries to
  235. * use those strings after that point there will be a use-after-free and
  236. * asan will complain (and hence the tests will fail).
  237. * This file isn't linked against libcrypto, so we use malloc and strdup
  238. * instead of OPENSSL_malloc and OPENSSL_strdup
  239. */
  240. ctx = malloc(sizeof(*ctx));
  241. if (ctx == NULL)
  242. return 0;
  243. ctx->thisfile = strdup(OPENSSL_FILE);
  244. ctx->thisfunc = strdup(OPENSSL_FUNC);
  245. ctx->handle = handle;
  246. #ifdef PROVIDER_INIT_FUNCTION_NAME
  247. /* We only do this if we are linked with libcrypto */
  248. ctx->libctx = OSSL_LIB_CTX_new_child(handle, oin);
  249. if (ctx->libctx == NULL) {
  250. /* We set error "2" for a failure to create the child libctx*/
  251. p_set_error(ERR_LIB_PROV, 2, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc,
  252. NULL);
  253. p_teardown(ctx);
  254. return 0;
  255. }
  256. /*
  257. * The default provider is loaded - but the default properties should not
  258. * allow its use.
  259. */
  260. {
  261. EVP_MD *sha256 = EVP_MD_fetch(ctx->libctx, "SHA2-256", NULL);
  262. if (sha256 != NULL) {
  263. EVP_MD_free(sha256);
  264. p_teardown(ctx);
  265. return 0;
  266. }
  267. }
  268. #endif
  269. /*
  270. * Set a spurious error to check error handling works correctly. This will
  271. * be ignored
  272. */
  273. p_set_error(ERR_LIB_PROV, 1, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc, NULL);
  274. *provctx = (void *)ctx;
  275. *out = p_test_table;
  276. return 1;
  277. }
  278. static void p_teardown(void *provctx)
  279. {
  280. P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
  281. #ifdef PROVIDER_INIT_FUNCTION_NAME
  282. OSSL_LIB_CTX_free(ctx->libctx);
  283. #endif
  284. free(ctx->thisfile);
  285. free(ctx->thisfunc);
  286. free(ctx);
  287. }