provider_test.c 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stddef.h>
  10. #include <openssl/provider.h>
  11. #include <openssl/param_build.h>
  12. #include "testutil.h"
  13. extern OSSL_provider_init_fn PROVIDER_INIT_FUNCTION_NAME;
  14. static char buf[256];
  15. static OSSL_PARAM greeting_request[] = {
  16. { "greeting", OSSL_PARAM_UTF8_STRING, buf, sizeof(buf) },
  17. { NULL, 0, NULL, 0, 0 }
  18. };
  19. static unsigned int digestsuccess = 0;
  20. static OSSL_PARAM digest_check[] = {
  21. { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, &digestsuccess,
  22. sizeof(digestsuccess) },
  23. { NULL, 0, NULL, 0, 0 }
  24. };
  25. static unsigned int stopsuccess = 0;
  26. static OSSL_PARAM stop_property_mirror[] = {
  27. { "stop-property-mirror", OSSL_PARAM_UNSIGNED_INTEGER, &stopsuccess,
  28. sizeof(stopsuccess) },
  29. { NULL, 0, NULL, 0, 0 }
  30. };
  31. static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
  32. OSSL_PROVIDER *legacy)
  33. {
  34. OSSL_PROVIDER *prov = NULL;
  35. const char *greeting = NULL;
  36. char expected_greeting[256];
  37. int ok = 0;
  38. long err;
  39. int dolegacycheck = (legacy != NULL);
  40. OSSL_PROVIDER *deflt = NULL, *base = NULL;
  41. BIO_snprintf(expected_greeting, sizeof(expected_greeting),
  42. "Hello OpenSSL %.20s, greetings from %s!",
  43. OPENSSL_VERSION_STR, name);
  44. /*
  45. * We set properties that we know the providers we are using don't have.
  46. * This should mean that the p_test provider will fail any fetches - which
  47. * is something we test inside the provider.
  48. */
  49. EVP_set_default_properties(*libctx, "fips=yes");
  50. /*
  51. * Check that it is possible to have a built-in provider mirrored in
  52. * a child lib ctx.
  53. */
  54. if (!TEST_ptr(base = OSSL_PROVIDER_load(*libctx, "base")))
  55. goto err;
  56. if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name)))
  57. goto err;
  58. /*
  59. * Once the provider is loaded we clear the default properties and fetches
  60. * should start working again.
  61. */
  62. EVP_set_default_properties(*libctx, "");
  63. if (dolegacycheck) {
  64. if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
  65. || !TEST_true(digestsuccess))
  66. goto err;
  67. /*
  68. * Check that a provider can prevent property mirroring if it sets its
  69. * own properties explicitly
  70. */
  71. if (!TEST_true(OSSL_PROVIDER_get_params(prov, stop_property_mirror))
  72. || !TEST_true(stopsuccess))
  73. goto err;
  74. EVP_set_default_properties(*libctx, "fips=yes");
  75. if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
  76. || !TEST_true(digestsuccess))
  77. goto err;
  78. EVP_set_default_properties(*libctx, "");
  79. }
  80. if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
  81. || !TEST_ptr(greeting = greeting_request[0].data)
  82. || !TEST_size_t_gt(greeting_request[0].data_size, 0)
  83. || !TEST_str_eq(greeting, expected_greeting))
  84. goto err;
  85. /* Make sure we got the error we were expecting */
  86. err = ERR_peek_last_error();
  87. if (!TEST_int_gt(err, 0)
  88. || !TEST_int_eq(ERR_GET_REASON(err), 1))
  89. goto err;
  90. OSSL_PROVIDER_unload(legacy);
  91. legacy = NULL;
  92. if (dolegacycheck) {
  93. /* Legacy provider should also be unloaded from child libctx */
  94. if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
  95. || !TEST_false(digestsuccess))
  96. goto err;
  97. /*
  98. * Loading the legacy provider again should make it available again in
  99. * the child libctx. Loading and unloading the default provider should
  100. * have no impact on the child because the child loads it explicitly
  101. * before this point.
  102. */
  103. legacy = OSSL_PROVIDER_load(*libctx, "legacy");
  104. deflt = OSSL_PROVIDER_load(*libctx, "default");
  105. if (!TEST_ptr(deflt)
  106. || !TEST_true(OSSL_PROVIDER_available(*libctx, "default")))
  107. goto err;
  108. OSSL_PROVIDER_unload(deflt);
  109. deflt = NULL;
  110. if (!TEST_ptr(legacy)
  111. || !TEST_false(OSSL_PROVIDER_available(*libctx, "default"))
  112. || !TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
  113. || !TEST_true(digestsuccess))
  114. goto err;
  115. OSSL_PROVIDER_unload(legacy);
  116. legacy = NULL;
  117. }
  118. if (!TEST_true(OSSL_PROVIDER_unload(base)))
  119. goto err;
  120. base = NULL;
  121. if (!TEST_true(OSSL_PROVIDER_unload(prov)))
  122. goto err;
  123. prov = NULL;
  124. /*
  125. * We must free the libctx to force the provider to really be unloaded from
  126. * memory
  127. */
  128. OSSL_LIB_CTX_free(*libctx);
  129. *libctx = NULL;
  130. /* We print out all the data to make sure it can still be accessed */
  131. ERR_print_errors_fp(stderr);
  132. ok = 1;
  133. err:
  134. OSSL_PROVIDER_unload(base);
  135. OSSL_PROVIDER_unload(deflt);
  136. OSSL_PROVIDER_unload(legacy);
  137. legacy = NULL;
  138. OSSL_PROVIDER_unload(prov);
  139. OSSL_LIB_CTX_free(*libctx);
  140. *libctx = NULL;
  141. return ok;
  142. }
  143. #ifndef NO_PROVIDER_MODULE
  144. static int test_provider_ex(OSSL_LIB_CTX **libctx, const char *name)
  145. {
  146. OSSL_PROVIDER *prov = NULL;
  147. const char *greeting = NULL;
  148. int ok = 0;
  149. long err;
  150. const char custom_buf[] = "Custom greeting";
  151. OSSL_PARAM_BLD *bld = NULL;
  152. OSSL_PARAM *params = NULL;
  153. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  154. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, "greeting", custom_buf,
  155. strlen(custom_buf)))
  156. || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) {
  157. goto err;
  158. }
  159. if (!TEST_ptr(prov = OSSL_PROVIDER_load_ex(*libctx, name, params)))
  160. goto err;
  161. if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
  162. || !TEST_ptr(greeting = greeting_request[0].data)
  163. || !TEST_size_t_gt(greeting_request[0].data_size, 0)
  164. || !TEST_str_eq(greeting, custom_buf))
  165. goto err;
  166. /* Make sure we got the error we were expecting */
  167. err = ERR_peek_last_error();
  168. if (!TEST_int_gt(err, 0)
  169. || !TEST_int_eq(ERR_GET_REASON(err), 1))
  170. goto err;
  171. if (!TEST_true(OSSL_PROVIDER_unload(prov)))
  172. goto err;
  173. prov = NULL;
  174. /*
  175. * We must free the libctx to force the provider to really be unloaded from
  176. * memory
  177. */
  178. OSSL_LIB_CTX_free(*libctx);
  179. *libctx = NULL;
  180. /* We print out all the data to make sure it can still be accessed */
  181. ERR_print_errors_fp(stderr);
  182. ok = 1;
  183. err:
  184. OSSL_PARAM_BLD_free(bld);
  185. OSSL_PARAM_free(params);
  186. OSSL_PROVIDER_unload(prov);
  187. OSSL_LIB_CTX_free(*libctx);
  188. *libctx = NULL;
  189. return ok;
  190. }
  191. #endif
  192. static int test_builtin_provider(void)
  193. {
  194. OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
  195. const char *name = "p_test_builtin";
  196. int ok;
  197. ok =
  198. TEST_ptr(libctx)
  199. && TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
  200. PROVIDER_INIT_FUNCTION_NAME))
  201. && test_provider(&libctx, name, NULL);
  202. OSSL_LIB_CTX_free(libctx);
  203. return ok;
  204. }
  205. /* Test relies on fetching the MD4 digest from the legacy provider */
  206. #ifndef OPENSSL_NO_MD4
  207. static int test_builtin_provider_with_child(void)
  208. {
  209. OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
  210. const char *name = "p_test";
  211. OSSL_PROVIDER *legacy;
  212. if (!TEST_ptr(libctx))
  213. return 0;
  214. legacy = OSSL_PROVIDER_load(libctx, "legacy");
  215. if (legacy == NULL) {
  216. /*
  217. * In this case we assume we've been built with "no-legacy" and skip
  218. * this test (there is no OPENSSL_NO_LEGACY)
  219. */
  220. OSSL_LIB_CTX_free(libctx);
  221. return 1;
  222. }
  223. if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
  224. PROVIDER_INIT_FUNCTION_NAME))) {
  225. OSSL_LIB_CTX_free(libctx);
  226. return 0;
  227. }
  228. /* test_provider will free libctx and unload legacy as part of the test */
  229. return test_provider(&libctx, name, legacy);
  230. }
  231. #endif
  232. #ifndef NO_PROVIDER_MODULE
  233. static int test_loaded_provider(void)
  234. {
  235. OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
  236. const char *name = "p_test";
  237. int res = 0;
  238. if (!TEST_ptr(libctx))
  239. return 0;
  240. /* test_provider will free libctx as part of the test */
  241. res = test_provider(&libctx, name, NULL);
  242. libctx = OSSL_LIB_CTX_new();
  243. if (!TEST_ptr(libctx))
  244. return 0;
  245. /* test_provider_ex will free libctx as part of the test */
  246. res = res && test_provider_ex(&libctx, name);
  247. return res;
  248. }
  249. #endif
  250. typedef enum OPTION_choice {
  251. OPT_ERR = -1,
  252. OPT_EOF = 0,
  253. OPT_LOADED,
  254. OPT_TEST_ENUM
  255. } OPTION_CHOICE;
  256. const OPTIONS *test_get_options(void)
  257. {
  258. static const OPTIONS test_options[] = {
  259. OPT_TEST_OPTIONS_DEFAULT_USAGE,
  260. { "loaded", OPT_LOADED, '-', "Run test with a loaded provider" },
  261. { NULL }
  262. };
  263. return test_options;
  264. }
  265. int setup_tests(void)
  266. {
  267. OPTION_CHOICE o;
  268. int loaded = 0;
  269. while ((o = opt_next()) != OPT_EOF) {
  270. switch (o) {
  271. case OPT_TEST_CASES:
  272. break;
  273. case OPT_LOADED:
  274. loaded = 1;
  275. break;
  276. default:
  277. return 0;
  278. }
  279. }
  280. if (!loaded) {
  281. ADD_TEST(test_builtin_provider);
  282. #ifndef OPENSSL_NO_MD4
  283. ADD_TEST(test_builtin_provider_with_child);
  284. #endif
  285. }
  286. #ifndef NO_PROVIDER_MODULE
  287. else {
  288. ADD_TEST(test_loaded_provider);
  289. }
  290. #endif
  291. return 1;
  292. }