]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/threadstest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: fix thread test config file problem
[thirdparty/openssl.git] / test / threadstest.c
1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* test_multi below tests the thread safety of a deprecated function */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #if defined(_WIN32)
14 # include <windows.h>
15 #endif
16
17 #include <string.h>
18 #include <openssl/crypto.h>
19 #include <openssl/rsa.h>
20 #include <openssl/aes.h>
21 #include <openssl/rsa.h>
22 #include "testutil.h"
23
24 static int do_fips = 0;
25 static char *privkey;
26 static char *config_file = NULL;
27
28 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
29
30 typedef unsigned int thread_t;
31
32 static int run_thread(thread_t *t, void (*f)(void))
33 {
34 f();
35 return 1;
36 }
37
38 static int wait_for_thread(thread_t thread)
39 {
40 return 1;
41 }
42
43 #elif defined(OPENSSL_SYS_WINDOWS)
44
45 typedef HANDLE thread_t;
46
47 static DWORD WINAPI thread_run(LPVOID arg)
48 {
49 void (*f)(void);
50
51 *(void **) (&f) = arg;
52
53 f();
54 return 0;
55 }
56
57 static int run_thread(thread_t *t, void (*f)(void))
58 {
59 *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL);
60 return *t != NULL;
61 }
62
63 static int wait_for_thread(thread_t thread)
64 {
65 return WaitForSingleObject(thread, INFINITE) == 0;
66 }
67
68 #else
69
70 typedef pthread_t thread_t;
71
72 static void *thread_run(void *arg)
73 {
74 void (*f)(void);
75
76 *(void **) (&f) = arg;
77
78 f();
79 return NULL;
80 }
81
82 static int run_thread(thread_t *t, void (*f)(void))
83 {
84 return pthread_create(t, NULL, thread_run, *(void **) &f) == 0;
85 }
86
87 static int wait_for_thread(thread_t thread)
88 {
89 return pthread_join(thread, NULL) == 0;
90 }
91
92 #endif
93
94 static int test_lock(void)
95 {
96 CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new();
97 int res;
98
99 res = TEST_true(CRYPTO_THREAD_read_lock(lock))
100 && TEST_true(CRYPTO_THREAD_unlock(lock));
101
102 CRYPTO_THREAD_lock_free(lock);
103
104 return res;
105 }
106
107 static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT;
108 static unsigned once_run_count = 0;
109
110 static void once_do_run(void)
111 {
112 once_run_count++;
113 }
114
115 static void once_run_thread_cb(void)
116 {
117 CRYPTO_THREAD_run_once(&once_run, once_do_run);
118 }
119
120 static int test_once(void)
121 {
122 thread_t thread;
123
124 if (!TEST_true(run_thread(&thread, once_run_thread_cb))
125 || !TEST_true(wait_for_thread(thread))
126 || !CRYPTO_THREAD_run_once(&once_run, once_do_run)
127 || !TEST_int_eq(once_run_count, 1))
128 return 0;
129 return 1;
130 }
131
132 static CRYPTO_THREAD_LOCAL thread_local_key;
133 static unsigned destructor_run_count = 0;
134 static int thread_local_thread_cb_ok = 0;
135
136 static void thread_local_destructor(void *arg)
137 {
138 unsigned *count;
139
140 if (arg == NULL)
141 return;
142
143 count = arg;
144
145 (*count)++;
146 }
147
148 static void thread_local_thread_cb(void)
149 {
150 void *ptr;
151
152 ptr = CRYPTO_THREAD_get_local(&thread_local_key);
153 if (!TEST_ptr_null(ptr)
154 || !TEST_true(CRYPTO_THREAD_set_local(&thread_local_key,
155 &destructor_run_count)))
156 return;
157
158 ptr = CRYPTO_THREAD_get_local(&thread_local_key);
159 if (!TEST_ptr_eq(ptr, &destructor_run_count))
160 return;
161
162 thread_local_thread_cb_ok = 1;
163 }
164
165 static int test_thread_local(void)
166 {
167 thread_t thread;
168 void *ptr = NULL;
169
170 if (!TEST_true(CRYPTO_THREAD_init_local(&thread_local_key,
171 thread_local_destructor)))
172 return 0;
173
174 ptr = CRYPTO_THREAD_get_local(&thread_local_key);
175 if (!TEST_ptr_null(ptr)
176 || !TEST_true(run_thread(&thread, thread_local_thread_cb))
177 || !TEST_true(wait_for_thread(thread))
178 || !TEST_int_eq(thread_local_thread_cb_ok, 1))
179 return 0;
180
181 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
182
183 ptr = CRYPTO_THREAD_get_local(&thread_local_key);
184 if (!TEST_ptr_null(ptr))
185 return 0;
186
187 # if !defined(OPENSSL_SYS_WINDOWS)
188 if (!TEST_int_eq(destructor_run_count, 1))
189 return 0;
190 # endif
191 #endif
192
193 if (!TEST_true(CRYPTO_THREAD_cleanup_local(&thread_local_key)))
194 return 0;
195 return 1;
196 }
197
198 static int test_atomic(void)
199 {
200 int val = 0, ret = 0, testresult = 0;
201 uint64_t val64 = 1, ret64 = 0;
202 CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new();
203
204 if (!TEST_ptr(lock))
205 return 0;
206
207 if (CRYPTO_atomic_add(&val, 1, &ret, NULL)) {
208 /* This succeeds therefore we're on a platform with lockless atomics */
209 if (!TEST_int_eq(val, 1) || !TEST_int_eq(val, ret))
210 goto err;
211 } else {
212 /* This failed therefore we're on a platform without lockless atomics */
213 if (!TEST_int_eq(val, 0) || !TEST_int_eq(val, ret))
214 goto err;
215 }
216 val = 0;
217 ret = 0;
218
219 if (!TEST_true(CRYPTO_atomic_add(&val, 1, &ret, lock)))
220 goto err;
221 if (!TEST_int_eq(val, 1) || !TEST_int_eq(val, ret))
222 goto err;
223
224 if (CRYPTO_atomic_or(&val64, 2, &ret64, NULL)) {
225 /* This succeeds therefore we're on a platform with lockless atomics */
226 if (!TEST_uint_eq((unsigned int)val64, 3)
227 || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64))
228 goto err;
229 } else {
230 /* This failed therefore we're on a platform without lockless atomics */
231 if (!TEST_uint_eq((unsigned int)val64, 1)
232 || !TEST_int_eq((unsigned int)ret64, 0))
233 goto err;
234 }
235 val64 = 1;
236 ret64 = 0;
237
238 if (!TEST_true(CRYPTO_atomic_or(&val64, 2, &ret64, lock)))
239 goto err;
240
241 if (!TEST_uint_eq((unsigned int)val64, 3)
242 || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64))
243 goto err;
244
245 ret64 = 0;
246 if (CRYPTO_atomic_load(&val64, &ret64, NULL)) {
247 /* This succeeds therefore we're on a platform with lockless atomics */
248 if (!TEST_uint_eq((unsigned int)val64, 3)
249 || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64))
250 goto err;
251 } else {
252 /* This failed therefore we're on a platform without lockless atomics */
253 if (!TEST_uint_eq((unsigned int)val64, 3)
254 || !TEST_int_eq((unsigned int)ret64, 0))
255 goto err;
256 }
257
258 ret64 = 0;
259 if (!TEST_true(CRYPTO_atomic_load(&val64, &ret64, lock)))
260 goto err;
261
262 if (!TEST_uint_eq((unsigned int)val64, 3)
263 || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64))
264 goto err;
265
266 testresult = 1;
267 err:
268 CRYPTO_THREAD_lock_free(lock);
269 return testresult;
270 }
271
272 static OSSL_LIB_CTX *multi_libctx = NULL;
273 static int multi_success;
274
275 static void thread_general_worker(void)
276 {
277 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
278 EVP_MD *md = EVP_MD_fetch(multi_libctx, "SHA2-256", NULL);
279 EVP_CIPHER_CTX *cipherctx = EVP_CIPHER_CTX_new();
280 EVP_CIPHER *ciph = EVP_CIPHER_fetch(multi_libctx, "AES-128-CBC", NULL);
281 const char *message = "Hello World";
282 size_t messlen = strlen(message);
283 /* Should be big enough for encryption output too */
284 unsigned char out[EVP_MAX_MD_SIZE];
285 const unsigned char key[AES_BLOCK_SIZE] = {
286 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
287 0x0c, 0x0d, 0x0e, 0x0f
288 };
289 const unsigned char iv[AES_BLOCK_SIZE] = {
290 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
291 0x0c, 0x0d, 0x0e, 0x0f
292 };
293 unsigned int mdoutl;
294 int ciphoutl;
295 EVP_PKEY *pkey = NULL;
296 int testresult = 0;
297 int i, isfips;
298
299 isfips = OSSL_PROVIDER_available(multi_libctx, "fips");
300
301 if (!TEST_ptr(mdctx)
302 || !TEST_ptr(md)
303 || !TEST_ptr(cipherctx)
304 || !TEST_ptr(ciph))
305 goto err;
306
307 /* Do some work */
308 for (i = 0; i < 5; i++) {
309 if (!TEST_true(EVP_DigestInit_ex(mdctx, md, NULL))
310 || !TEST_true(EVP_DigestUpdate(mdctx, message, messlen))
311 || !TEST_true(EVP_DigestFinal(mdctx, out, &mdoutl)))
312 goto err;
313 }
314 for (i = 0; i < 5; i++) {
315 if (!TEST_true(EVP_EncryptInit_ex(cipherctx, ciph, NULL, key, iv))
316 || !TEST_true(EVP_EncryptUpdate(cipherctx, out, &ciphoutl,
317 (unsigned char *)message,
318 messlen))
319 || !TEST_true(EVP_EncryptFinal(cipherctx, out, &ciphoutl)))
320 goto err;
321 }
322
323 /*
324 * We want the test to run quickly - not securely.
325 * Therefore we use an insecure bit length where we can (512).
326 * In the FIPS module though we must use a longer length.
327 */
328 pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512);
329 if (!TEST_ptr(pkey))
330 goto err;
331
332 testresult = 1;
333 err:
334 EVP_MD_CTX_free(mdctx);
335 EVP_MD_free(md);
336 EVP_CIPHER_CTX_free(cipherctx);
337 EVP_CIPHER_free(ciph);
338 EVP_PKEY_free(pkey);
339 if (!testresult)
340 multi_success = 0;
341 }
342
343 static void thread_multi_simple_fetch(void)
344 {
345 EVP_MD *md = EVP_MD_fetch(multi_libctx, "SHA2-256", NULL);
346
347 if (md != NULL)
348 EVP_MD_free(md);
349 else
350 multi_success = 0;
351 }
352
353 static EVP_PKEY *shared_evp_pkey = NULL;
354
355 static void thread_shared_evp_pkey(void)
356 {
357 char *msg = "Hello World";
358 unsigned char ctbuf[256];
359 unsigned char ptbuf[256];
360 size_t ptlen = sizeof(ptbuf), ctlen = sizeof(ctbuf);
361 EVP_PKEY_CTX *ctx = NULL;
362 int success = 0;
363 int i;
364
365 for (i = 0; i < 1 + do_fips; i++) {
366 if (i > 0)
367 EVP_PKEY_CTX_free(ctx);
368 ctx = EVP_PKEY_CTX_new_from_pkey(multi_libctx, shared_evp_pkey,
369 i == 0 ? "provider=default"
370 : "provider=fips");
371 if (!TEST_ptr(ctx))
372 goto err;
373
374 if (!TEST_int_ge(EVP_PKEY_encrypt_init(ctx), 0)
375 || !TEST_int_ge(EVP_PKEY_encrypt(ctx, ctbuf, &ctlen,
376 (unsigned char *)msg, strlen(msg)),
377 0))
378 goto err;
379
380 EVP_PKEY_CTX_free(ctx);
381 ctx = EVP_PKEY_CTX_new_from_pkey(multi_libctx, shared_evp_pkey, NULL);
382
383 if (!TEST_ptr(ctx))
384 goto err;
385
386 if (!TEST_int_ge(EVP_PKEY_decrypt_init(ctx), 0)
387 || !TEST_int_ge(EVP_PKEY_decrypt(ctx, ptbuf, &ptlen, ctbuf, ctlen),
388 0)
389 || !TEST_mem_eq(msg, strlen(msg), ptbuf, ptlen))
390 goto err;
391 }
392
393 success = 1;
394
395 err:
396 EVP_PKEY_CTX_free(ctx);
397 if (!success)
398 multi_success = 0;
399 }
400
401 static void thread_downgrade_shared_evp_pkey(void)
402 {
403 #ifndef OPENSSL_NO_DEPRECATED_3_0
404 /*
405 * This test is only relevant for deprecated functions that perform
406 * downgrading
407 */
408 if (EVP_PKEY_get0_RSA(shared_evp_pkey) == NULL)
409 multi_success = 0;
410 #else
411 /* Shouldn't ever get here */
412 multi_success = 0;
413 #endif
414 }
415
416 static void thread_provider_load_unload(void)
417 {
418 OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(multi_libctx, "default");
419
420 if (!TEST_ptr(deflt)
421 || !TEST_true(OSSL_PROVIDER_available(multi_libctx, "default")))
422 multi_success = 0;
423
424 OSSL_PROVIDER_unload(deflt);
425 }
426
427 /*
428 * Do work in multiple worker threads at the same time.
429 * Test 0: General worker, using the default provider
430 * Test 1: General worker, using the fips provider
431 * Test 2: Simple fetch worker
432 * Test 3: Worker downgrading a shared EVP_PKEY
433 * Test 4: Worker using a shared EVP_PKEY
434 * Test 5: Workder loading and unloading a provider
435 */
436 static int test_multi(int idx)
437 {
438 thread_t thread1, thread2;
439 int testresult = 0;
440 OSSL_PROVIDER *prov = NULL, *prov2 = NULL;
441 void (*worker)(void) = NULL;
442 void (*worker2)(void) = NULL;
443 EVP_MD *sha256 = NULL;
444
445 if (idx == 1 && !do_fips)
446 return TEST_skip("FIPS not supported");
447
448 #ifdef OPENSSL_NO_DEPRECATED_3_0
449 if (idx == 3)
450 return TEST_skip("Skipping tests for deprected functions");
451 #endif
452
453 multi_success = 1;
454 if (!TEST_true(test_get_libctx(&multi_libctx, NULL, config_file,
455 NULL, NULL)))
456 return 0;
457
458 prov = OSSL_PROVIDER_load(multi_libctx, (idx == 1) ? "fips" : "default");
459 if (!TEST_ptr(prov))
460 goto err;
461
462 switch (idx) {
463 case 0:
464 case 1:
465 worker = thread_general_worker;
466 break;
467 case 2:
468 worker = thread_multi_simple_fetch;
469 break;
470 case 3:
471 worker2 = thread_downgrade_shared_evp_pkey;
472 /* fall through */
473 case 4:
474 /*
475 * If available we have both the default and fips providers for this
476 * test
477 */
478 if (do_fips
479 && !TEST_ptr(prov2 = OSSL_PROVIDER_load(multi_libctx, "fips")))
480 goto err;
481 if (!TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx)))
482 goto err;
483 worker = thread_shared_evp_pkey;
484 break;
485 case 5:
486 /*
487 * We ensure we get an md from the default provider, and then unload the
488 * provider. This ensures the provider remains around but in a
489 * deactivated state.
490 */
491 sha256 = EVP_MD_fetch(multi_libctx, "SHA2-256", NULL);
492 OSSL_PROVIDER_unload(prov);
493 prov = NULL;
494 worker = thread_provider_load_unload;
495 break;
496 default:
497 TEST_error("Invalid test index");
498 goto err;
499 }
500 if (worker2 == NULL)
501 worker2 = worker;
502
503 if (!TEST_true(run_thread(&thread1, worker))
504 || !TEST_true(run_thread(&thread2, worker2)))
505 goto err;
506
507 worker();
508
509 if (!TEST_true(wait_for_thread(thread1))
510 || !TEST_true(wait_for_thread(thread2))
511 || !TEST_true(multi_success))
512 goto err;
513
514 testresult = 1;
515
516 err:
517 EVP_MD_free(sha256);
518 OSSL_PROVIDER_unload(prov);
519 OSSL_PROVIDER_unload(prov2);
520 OSSL_LIB_CTX_free(multi_libctx);
521 EVP_PKEY_free(shared_evp_pkey);
522 shared_evp_pkey = NULL;
523 multi_libctx = NULL;
524 return testresult;
525 }
526
527 /*
528 * This test attempts to load several providers at the same time, and if
529 * run with a thread sanitizer, should crash if the core provider code
530 * doesn't synchronize well enough.
531 */
532 #define MULTI_LOAD_THREADS 3
533 static void test_multi_load_worker(void)
534 {
535 OSSL_PROVIDER *prov;
536
537 (void)TEST_ptr(prov = OSSL_PROVIDER_load(NULL, "default"));
538 (void)TEST_true(OSSL_PROVIDER_unload(prov));
539 }
540
541 static int test_multi_load(void)
542 {
543 thread_t threads[MULTI_LOAD_THREADS];
544 int i;
545
546 for (i = 0; i < MULTI_LOAD_THREADS; i++)
547 (void)TEST_true(run_thread(&threads[i], test_multi_load_worker));
548
549 for (i = 0; i < MULTI_LOAD_THREADS; i++)
550 (void)TEST_true(wait_for_thread(threads[i]));
551
552 return 1;
553 }
554
555 static int test_multi_default(void)
556 {
557 thread_t thread1, thread2;
558 int testresult = 0;
559 OSSL_PROVIDER *prov = NULL;
560
561 multi_success = 1;
562 multi_libctx = NULL;
563 prov = OSSL_PROVIDER_load(multi_libctx, "default");
564 if (!TEST_ptr(prov))
565 goto err;
566
567 if (!TEST_true(run_thread(&thread1, thread_multi_simple_fetch))
568 || !TEST_true(run_thread(&thread2, thread_multi_simple_fetch)))
569 goto err;
570
571 thread_multi_simple_fetch();
572
573 if (!TEST_true(wait_for_thread(thread1))
574 || !TEST_true(wait_for_thread(thread2))
575 || !TEST_true(multi_success))
576 goto err;
577
578 testresult = 1;
579
580 err:
581 OSSL_PROVIDER_unload(prov);
582 return testresult;
583 }
584
585 typedef enum OPTION_choice {
586 OPT_ERR = -1,
587 OPT_EOF = 0,
588 OPT_FIPS, OPT_CONFIG_FILE,
589 OPT_TEST_ENUM
590 } OPTION_CHOICE;
591
592 const OPTIONS *test_get_options(void)
593 {
594 static const OPTIONS options[] = {
595 OPT_TEST_OPTIONS_DEFAULT_USAGE,
596 { "fips", OPT_FIPS, '-', "Test the FIPS provider" },
597 { "config", OPT_CONFIG_FILE, '<',
598 "The configuration file to use for the libctx" },
599 { NULL }
600 };
601 return options;
602 }
603
604 int setup_tests(void)
605 {
606 OPTION_CHOICE o;
607 char *datadir;
608
609 while ((o = opt_next()) != OPT_EOF) {
610 switch (o) {
611 case OPT_FIPS:
612 do_fips = 1;
613 break;
614 case OPT_CONFIG_FILE:
615 config_file = opt_arg();
616 break;
617 case OPT_TEST_CASES:
618 break;
619 default:
620 return 0;
621 }
622 }
623
624 if (!TEST_ptr(datadir = test_get_argument(0)))
625 return 0;
626
627 privkey = test_mk_file_path(datadir, "rsakey.pem");
628 if (!TEST_ptr(privkey))
629 return 0;
630
631 /* Keep first to validate auto creation of default library context */
632 ADD_TEST(test_multi_default);
633
634 ADD_TEST(test_lock);
635 ADD_TEST(test_once);
636 ADD_TEST(test_thread_local);
637 ADD_TEST(test_atomic);
638 ADD_TEST(test_multi_load);
639 ADD_ALL_TESTS(test_multi, 6);
640 return 1;
641 }
642
643 void cleanup_tests(void)
644 {
645 OPENSSL_free(privkey);
646 }
A mirror of the official openssl repository