]>
Commit | Line | Data |
---|---|---|
9aa78c36 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
beb958cc | 10 | #include <string.h> |
9aa78c36 MC |
11 | #include <openssl/provider.h> |
12 | ||
13 | #include "ssltestlib.h" | |
14 | #include "testutil.h" | |
15 | ||
16 | static char *cert = NULL; | |
17 | static char *privkey = NULL; | |
beb958cc MC |
18 | static char *modulename = NULL; |
19 | static char *configfile = NULL; | |
9aa78c36 | 20 | |
beb958cc | 21 | static OSSL_PROVIDER *defctxlegacy = NULL; |
9aa78c36 MC |
22 | |
23 | static int test_different_libctx(void) | |
24 | { | |
25 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
26 | SSL *clientssl = NULL, *serverssl = NULL; | |
27 | int testresult = 0; | |
28 | OPENSSL_CTX *libctx = OPENSSL_CTX_new(); | |
beb958cc | 29 | OSSL_PROVIDER *prov = NULL; |
9aa78c36 | 30 | |
beb958cc MC |
31 | /* |
32 | * Verify that the default and fips providers in the default libctx are not | |
33 | * available | |
34 | */ | |
35 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) | |
36 | || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) | |
37 | goto end; | |
38 | ||
39 | if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile))) | |
40 | goto end; | |
41 | ||
42 | prov = OSSL_PROVIDER_load(libctx, modulename); | |
43 | if (!TEST_ptr(prov) | |
44 | /* Check we have the provider available */ | |
45 | || !TEST_true(OSSL_PROVIDER_available(libctx, modulename))) | |
46 | goto end; | |
47 | /* Check the default provider is not available */ | |
48 | if (strcmp(modulename, "default") != 0 | |
49 | && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) | |
9aa78c36 | 50 | goto end; |
beb958cc | 51 | TEST_note("%s provider loaded", modulename); |
9aa78c36 | 52 | |
5093fec2 MC |
53 | /* |
54 | * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key | |
55 | * exchange, because we don't have key gen/param gen for EC yet - which | |
56 | * implies TLSv1.2 only | |
57 | */ | |
5e30f2fd MC |
58 | if (!TEST_true(create_ssl_ctx_pair(libctx, |
59 | TLS_server_method(), | |
60 | TLS_client_method(), | |
9aa78c36 | 61 | TLS1_VERSION, |
5093fec2 MC |
62 | TLS1_2_VERSION, |
63 | &sctx, &cctx, cert, privkey))) | |
64 | goto end; | |
65 | ||
66 | /* Ensure we use a FIPS compatible ciphersuite and sigalg */ | |
67 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256")) | |
68 | || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256"))) | |
9aa78c36 MC |
69 | goto end; |
70 | ||
71 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
72 | NULL, NULL))) | |
73 | goto end; | |
74 | ||
75 | /* This time we expect success */ | |
76 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
77 | goto end; | |
78 | ||
9aa78c36 | 79 | /* |
beb958cc MC |
80 | * Verify that the default and fips providers in the default libctx are |
81 | * still not available | |
9aa78c36 | 82 | */ |
beb958cc MC |
83 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) |
84 | || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) | |
9aa78c36 | 85 | goto end; |
9aa78c36 MC |
86 | |
87 | testresult = 1; | |
88 | ||
89 | end: | |
90 | SSL_free(serverssl); | |
91 | SSL_free(clientssl); | |
92 | SSL_CTX_free(sctx); | |
93 | SSL_CTX_free(cctx); | |
94 | ||
beb958cc | 95 | OSSL_PROVIDER_unload(prov); |
9aa78c36 MC |
96 | OPENSSL_CTX_free(libctx); |
97 | ||
98 | return testresult; | |
99 | } | |
100 | ||
101 | int setup_tests(void) | |
102 | { | |
103 | char *certsdir = NULL; | |
9aa78c36 | 104 | |
beb958cc MC |
105 | if (!test_skip_common_options()) { |
106 | TEST_error("Error parsing test options\n"); | |
107 | return 0; | |
108 | } | |
109 | ||
110 | if (!TEST_ptr(certsdir = test_get_argument(0)) | |
111 | || !TEST_ptr(modulename = test_get_argument(1)) | |
112 | || !TEST_ptr(configfile = test_get_argument(2))) | |
9aa78c36 MC |
113 | return 0; |
114 | ||
115 | cert = test_mk_file_path(certsdir, "servercert.pem"); | |
116 | if (cert == NULL) | |
117 | return 0; | |
118 | ||
119 | privkey = test_mk_file_path(certsdir, "serverkey.pem"); | |
120 | if (privkey == NULL) { | |
121 | OPENSSL_free(cert); | |
122 | return 0; | |
123 | } | |
124 | ||
beb958cc MC |
125 | /* |
126 | * For tests in this file we want to ensure the default ctx does not have | |
127 | * the default provider loaded into the default ctx. So we load "legacy" to | |
128 | * prevent default from being auto-loaded. This tests that there is no | |
129 | * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the | |
130 | * specific libctx to be used - nothing should fall back to the default | |
131 | * libctx | |
132 | */ | |
133 | defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); | |
134 | ||
9aa78c36 MC |
135 | ADD_TEST(test_different_libctx); |
136 | ||
137 | return 1; | |
138 | } | |
139 | ||
140 | void cleanup_tests(void) | |
141 | { | |
9aa78c36 | 142 | OSSL_PROVIDER_unload(defctxlegacy); |
9aa78c36 | 143 | } |