projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 9aa78c36 MC |
1 | /* |
| 2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | * | |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
| 5 | * this file except in compliance with the License. You can obtain a copy | |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 8 | */ | |
| 9 | ||
| beb958cc | 10 | #include <string.h> |
| 9aa78c36 MC |
11 | #include <openssl/provider.h> |
| 12 | ||
| 13 | #include "ssltestlib.h" | |
| 14 | #include "testutil.h" | |
| 15 | ||
| 16 | static char *cert = NULL; | |
| 17 | static char *privkey = NULL; | |
| beb958cc MC |
18 | static char *modulename = NULL; |
| 19 | static char *configfile = NULL; | |
| 9aa78c36 | 20 | |
| beb958cc | 21 | static OSSL_PROVIDER *defctxlegacy = NULL; |
| 9aa78c36 MC |
22 | |
| 23 | static int test_different_libctx(void) | |
| 24 | { | |
| 25 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
| 26 | SSL *clientssl = NULL, *serverssl = NULL; | |
| 27 | int testresult = 0; | |
| 28 | OPENSSL_CTX *libctx = OPENSSL_CTX_new(); | |
| beb958cc | 29 | OSSL_PROVIDER *prov = NULL; |
| 9aa78c36 | 30 | |
| beb958cc MC |
31 | /* |
| 32 | * Verify that the default and fips providers in the default libctx are not | |
| 33 | * available | |
| 34 | */ | |
| 35 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) | |
| 36 | || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) | |
| 37 | goto end; | |
| 38 | ||
| 39 | if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile))) | |
| 40 | goto end; | |
| 41 | ||
| 42 | prov = OSSL_PROVIDER_load(libctx, modulename); | |
| 43 | if (!TEST_ptr(prov) | |
| 44 | /* Check we have the provider available */ | |
| 45 | || !TEST_true(OSSL_PROVIDER_available(libctx, modulename))) | |
| 46 | goto end; | |
| 47 | /* Check the default provider is not available */ | |
| 48 | if (strcmp(modulename, "default") != 0 | |
| 49 | && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) | |
| 9aa78c36 | 50 | goto end; |
| beb958cc | 51 | TEST_note("%s provider loaded", modulename); |
| 9aa78c36 | 52 | |
| 5093fec2 MC |
53 | /* |
| 54 | * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key | |
| 55 | * exchange, because we don't have key gen/param gen for EC yet - which | |
| 56 | * implies TLSv1.2 only | |
| 57 | */ | |
| 5e30f2fd MC |
58 | if (!TEST_true(create_ssl_ctx_pair(libctx, |
| 59 | TLS_server_method(), | |
| 60 | TLS_client_method(), | |
| 9aa78c36 | 61 | TLS1_VERSION, |
| 5093fec2 MC |
62 | TLS1_2_VERSION, |
| 63 | &sctx, &cctx, cert, privkey))) | |
| 64 | goto end; | |
| 65 | ||
| 66 | /* Ensure we use a FIPS compatible ciphersuite and sigalg */ | |
| 67 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256")) | |
| 68 | || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256"))) | |
| 9aa78c36 MC |
69 | goto end; |
| 70 | ||
| 71 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 72 | NULL, NULL))) | |
| 73 | goto end; | |
| 74 | ||
| 75 | /* This time we expect success */ | |
| 76 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
| 77 | goto end; | |
| 78 | ||
| 9aa78c36 | 79 | /* |
| beb958cc MC |
80 | * Verify that the default and fips providers in the default libctx are |
| 81 | * still not available | |
| 9aa78c36 | 82 | */ |
| beb958cc MC |
83 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) |
| 84 | || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) | |
| 9aa78c36 | 85 | goto end; |
| 9aa78c36 MC |
86 | |
| 87 | testresult = 1; | |
| 88 | ||
| 89 | end: | |
| 90 | SSL_free(serverssl); | |
| 91 | SSL_free(clientssl); | |
| 92 | SSL_CTX_free(sctx); | |
| 93 | SSL_CTX_free(cctx); | |
| 94 | ||
| beb958cc | 95 | OSSL_PROVIDER_unload(prov); |
| 9aa78c36 MC |
96 | OPENSSL_CTX_free(libctx); |
| 97 | ||
| 98 | return testresult; | |
| 99 | } | |
| 100 | ||
| 101 | int setup_tests(void) | |
| 102 | { | |
| 103 | char *certsdir = NULL; | |
| 9aa78c36 | 104 | |
| beb958cc MC |
105 | if (!test_skip_common_options()) { |
| 106 | TEST_error("Error parsing test options\n"); | |
| 107 | return 0; | |
| 108 | } | |
| 109 | ||
| 110 | if (!TEST_ptr(certsdir = test_get_argument(0)) | |
| 111 | || !TEST_ptr(modulename = test_get_argument(1)) | |
| 112 | || !TEST_ptr(configfile = test_get_argument(2))) | |
| 9aa78c36 MC |
113 | return 0; |
| 114 | ||
| 115 | cert = test_mk_file_path(certsdir, "servercert.pem"); | |
| 116 | if (cert == NULL) | |
| 117 | return 0; | |
| 118 | ||
| 119 | privkey = test_mk_file_path(certsdir, "serverkey.pem"); | |
| 120 | if (privkey == NULL) { | |
| 121 | OPENSSL_free(cert); | |
| 122 | return 0; | |
| 123 | } | |
| 124 | ||
| beb958cc MC |
125 | /* |
| 126 | * For tests in this file we want to ensure the default ctx does not have | |
| 127 | * the default provider loaded into the default ctx. So we load "legacy" to | |
| 128 | * prevent default from being auto-loaded. This tests that there is no | |
| 129 | * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the | |
| 130 | * specific libctx to be used - nothing should fall back to the default | |
| 131 | * libctx | |
| 132 | */ | |
| 133 | defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); | |
| 134 | ||
| 9aa78c36 MC |
135 | ADD_TEST(test_different_libctx); |
| 136 | ||
| 137 | return 1; | |
| 138 | } | |
| 139 | ||
| 140 | void cleanup_tests(void) | |
| 141 | { | |
| 9aa78c36 | 142 | OSSL_PROVIDER_unload(defctxlegacy); |
| 9aa78c36 | 143 | } |