]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/testutil/provider.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: make unit tests FIPS provider version aware
[thirdparty/openssl.git] / test / testutil / provider.c
1 /*
2 * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "../testutil.h"
11 #include <openssl/provider.h>
12 #include <openssl/core_names.h>
13 #include <string.h>
14
15 int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
16 const char *config_file,
17 OSSL_PROVIDER **provider, const char *module_name)
18 {
19 OSSL_LIB_CTX *new_libctx = NULL;
20
21 if (libctx != NULL) {
22 if ((new_libctx = *libctx = OSSL_LIB_CTX_new()) == NULL) {
23 opt_printf_stderr("Failed to create libctx\n");
24 goto err;
25 }
26 }
27
28 if (default_null_prov != NULL
29 && (*default_null_prov = OSSL_PROVIDER_load(NULL, "null")) == NULL) {
30 opt_printf_stderr("Failed to load null provider into default libctx\n");
31 goto err;
32 }
33
34 if (config_file != NULL
35 && !OSSL_LIB_CTX_load_config(new_libctx, config_file)) {
36 opt_printf_stderr("Error loading config from file %s\n", config_file);
37 goto err;
38 }
39
40 if (module_name != NULL
41 && (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) {
42 opt_printf_stderr("Failed to load provider %s\n", module_name);
43 goto err;
44 }
45 return 1;
46
47 err:
48 ERR_print_errors_fp(stderr);
49 return 0;
50 }
51
52 int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
53 OSSL_PROVIDER **provider, int argn, const char *usage)
54 {
55 const char *module_name;
56
57 if (!TEST_ptr(module_name = test_get_argument(argn))) {
58 TEST_error("usage: <prog> %s", usage);
59 return 0;
60 }
61 if (strcmp(module_name, "none") == 0)
62 return 1;
63 return test_get_libctx(libctx, default_null_prov,
64 test_get_argument(argn + 1), provider, module_name);
65 }
66
67 typedef struct {
68 int major, minor, patch;
69 } FIPS_VERSION;
70
71 /*
72 * Query the FIPS provider to determine it's version number.
73 * Returns 1 if the version is retrieved correctly, 0 if the FIPS provider isn't
74 * loaded and -1 on error.
75 */
76 static int fips_provider_version(OSSL_LIB_CTX *libctx, FIPS_VERSION *vers)
77 {
78 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
79 OSSL_PROVIDER *fips_prov;
80 char *vs;
81
82 if (!OSSL_PROVIDER_available(libctx, "fips"))
83 return 0;
84 *params = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vs, 0);
85 if ((fips_prov = OSSL_PROVIDER_load(libctx, "fips")) == NULL)
86 return -1;
87 if (!OSSL_PROVIDER_get_params(fips_prov, params)
88 || sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3)
89 goto err;
90 if (!OSSL_PROVIDER_unload(fips_prov))
91 return -1; /* WTF do we do here??? */
92 return 1;
93 err:
94 OSSL_PROVIDER_unload(fips_prov);
95 return -1;
96 }
97
98 int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
99 {
100 FIPS_VERSION prov;
101 int res;
102
103 if ((res = fips_provider_version(libctx, &prov)) <= 0)
104 return res == 0;
105 return major == prov.major && minor == prov.minor && patch == prov.patch;
106 }
107
108 int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
109 {
110 FIPS_VERSION prov;
111 int res;
112
113 if ((res = fips_provider_version(libctx, &prov)) <= 0)
114 return res == 0;
115 return major != prov.major || minor != prov.minor || patch != prov.patch;
116 }
117
118 int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
119 {
120 FIPS_VERSION prov;
121 int res;
122
123 if ((res = fips_provider_version(libctx, &prov)) <= 0)
124 return res == 0;
125 return prov.major < major
126 || (prov.major == major
127 && (prov.minor < minor
128 || (prov.minor == minor && prov.patch <= patch)));
129 }
130
131 int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
132 {
133 FIPS_VERSION prov;
134 int res;
135
136 if ((res = fips_provider_version(libctx, &prov)) <= 0)
137 return res == 0;
138 return prov.major > major
139 || (prov.major == major
140 && (prov.minor > minor
141 || (prov.minor == minor && prov.patch > patch)));
142 }
A mirror of the official openssl repository