2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* test_multi below tests the thread safety of a deprecated function */
11 #define OPENSSL_SUPPRESS_DEPRECATED
18 #include <openssl/crypto.h>
19 #include <openssl/evp.h>
20 #include <openssl/aes.h>
21 #include <openssl/rsa.h>
24 static int do_fips
= 0;
27 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
29 typedef unsigned int thread_t
;
31 static int run_thread(thread_t
*t
, void (*f
)(void))
37 static int wait_for_thread(thread_t thread
)
42 #elif defined(OPENSSL_SYS_WINDOWS)
44 typedef HANDLE thread_t
;
46 static DWORD WINAPI
thread_run(LPVOID arg
)
50 *(void **) (&f
) = arg
;
56 static int run_thread(thread_t
*t
, void (*f
)(void))
58 *t
= CreateThread(NULL
, 0, thread_run
, *(void **) &f
, 0, NULL
);
62 static int wait_for_thread(thread_t thread
)
64 return WaitForSingleObject(thread
, INFINITE
) == 0;
69 typedef pthread_t thread_t
;
71 static void *thread_run(void *arg
)
75 *(void **) (&f
) = arg
;
81 static int run_thread(thread_t
*t
, void (*f
)(void))
83 return pthread_create(t
, NULL
, thread_run
, *(void **) &f
) == 0;
86 static int wait_for_thread(thread_t thread
)
88 return pthread_join(thread
, NULL
) == 0;
93 static int test_lock(void)
95 CRYPTO_RWLOCK
*lock
= CRYPTO_THREAD_lock_new();
98 res
= TEST_true(CRYPTO_THREAD_read_lock(lock
))
99 && TEST_true(CRYPTO_THREAD_unlock(lock
));
101 CRYPTO_THREAD_lock_free(lock
);
106 static CRYPTO_ONCE once_run
= CRYPTO_ONCE_STATIC_INIT
;
107 static unsigned once_run_count
= 0;
109 static void once_do_run(void)
114 static void once_run_thread_cb(void)
116 CRYPTO_THREAD_run_once(&once_run
, once_do_run
);
119 static int test_once(void)
123 if (!TEST_true(run_thread(&thread
, once_run_thread_cb
))
124 || !TEST_true(wait_for_thread(thread
))
125 || !CRYPTO_THREAD_run_once(&once_run
, once_do_run
)
126 || !TEST_int_eq(once_run_count
, 1))
131 static CRYPTO_THREAD_LOCAL thread_local_key
;
132 static unsigned destructor_run_count
= 0;
133 static int thread_local_thread_cb_ok
= 0;
135 static void thread_local_destructor(void *arg
)
147 static void thread_local_thread_cb(void)
151 ptr
= CRYPTO_THREAD_get_local(&thread_local_key
);
152 if (!TEST_ptr_null(ptr
)
153 || !TEST_true(CRYPTO_THREAD_set_local(&thread_local_key
,
154 &destructor_run_count
)))
157 ptr
= CRYPTO_THREAD_get_local(&thread_local_key
);
158 if (!TEST_ptr_eq(ptr
, &destructor_run_count
))
161 thread_local_thread_cb_ok
= 1;
164 static int test_thread_local(void)
169 if (!TEST_true(CRYPTO_THREAD_init_local(&thread_local_key
,
170 thread_local_destructor
)))
173 ptr
= CRYPTO_THREAD_get_local(&thread_local_key
);
174 if (!TEST_ptr_null(ptr
)
175 || !TEST_true(run_thread(&thread
, thread_local_thread_cb
))
176 || !TEST_true(wait_for_thread(thread
))
177 || !TEST_int_eq(thread_local_thread_cb_ok
, 1))
180 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
182 ptr
= CRYPTO_THREAD_get_local(&thread_local_key
);
183 if (!TEST_ptr_null(ptr
))
186 # if !defined(OPENSSL_SYS_WINDOWS)
187 if (!TEST_int_eq(destructor_run_count
, 1))
192 if (!TEST_true(CRYPTO_THREAD_cleanup_local(&thread_local_key
)))
197 static int test_atomic(void)
199 int val
= 0, ret
= 0, testresult
= 0;
200 uint64_t val64
= 1, ret64
= 0;
201 CRYPTO_RWLOCK
*lock
= CRYPTO_THREAD_lock_new();
206 if (CRYPTO_atomic_add(&val
, 1, &ret
, NULL
)) {
207 /* This succeeds therefore we're on a platform with lockless atomics */
208 if (!TEST_int_eq(val
, 1) || !TEST_int_eq(val
, ret
))
211 /* This failed therefore we're on a platform without lockless atomics */
212 if (!TEST_int_eq(val
, 0) || !TEST_int_eq(val
, ret
))
218 if (!TEST_true(CRYPTO_atomic_add(&val
, 1, &ret
, lock
)))
220 if (!TEST_int_eq(val
, 1) || !TEST_int_eq(val
, ret
))
223 if (CRYPTO_atomic_or(&val64
, 2, &ret64
, NULL
)) {
224 /* This succeeds therefore we're on a platform with lockless atomics */
225 if (!TEST_uint_eq((unsigned int)val64
, 3)
226 || !TEST_uint_eq((unsigned int)val64
, (unsigned int)ret64
))
229 /* This failed therefore we're on a platform without lockless atomics */
230 if (!TEST_uint_eq((unsigned int)val64
, 1)
231 || !TEST_int_eq((unsigned int)ret64
, 0))
237 if (!TEST_true(CRYPTO_atomic_or(&val64
, 2, &ret64
, lock
)))
240 if (!TEST_uint_eq((unsigned int)val64
, 3)
241 || !TEST_uint_eq((unsigned int)val64
, (unsigned int)ret64
))
245 if (CRYPTO_atomic_load(&val64
, &ret64
, NULL
)) {
246 /* This succeeds therefore we're on a platform with lockless atomics */
247 if (!TEST_uint_eq((unsigned int)val64
, 3)
248 || !TEST_uint_eq((unsigned int)val64
, (unsigned int)ret64
))
251 /* This failed therefore we're on a platform without lockless atomics */
252 if (!TEST_uint_eq((unsigned int)val64
, 3)
253 || !TEST_int_eq((unsigned int)ret64
, 0))
258 if (!TEST_true(CRYPTO_atomic_load(&val64
, &ret64
, lock
)))
261 if (!TEST_uint_eq((unsigned int)val64
, 3)
262 || !TEST_uint_eq((unsigned int)val64
, (unsigned int)ret64
))
267 CRYPTO_THREAD_lock_free(lock
);
271 static OSSL_LIB_CTX
*multi_libctx
= NULL
;
272 static int multi_success
;
274 static void thread_general_worker(void)
276 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
277 EVP_MD
*md
= EVP_MD_fetch(multi_libctx
, "SHA2-256", NULL
);
278 EVP_CIPHER_CTX
*cipherctx
= EVP_CIPHER_CTX_new();
279 EVP_CIPHER
*ciph
= EVP_CIPHER_fetch(multi_libctx
, "AES-128-CBC", NULL
);
280 const char *message
= "Hello World";
281 size_t messlen
= strlen(message
);
282 /* Should be big enough for encryption output too */
283 unsigned char out
[EVP_MAX_MD_SIZE
];
284 const unsigned char key
[AES_BLOCK_SIZE
] = {
285 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
286 0x0c, 0x0d, 0x0e, 0x0f
288 const unsigned char iv
[AES_BLOCK_SIZE
] = {
289 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
290 0x0c, 0x0d, 0x0e, 0x0f
294 EVP_PKEY_CTX
*pctx
= NULL
;
295 EVP_PKEY
*pkey
= NULL
;
299 isfips
= OSSL_PROVIDER_available(multi_libctx
, "fips");
303 || !TEST_ptr(cipherctx
)
308 for (i
= 0; i
< 5; i
++) {
309 if (!TEST_true(EVP_DigestInit_ex(mdctx
, md
, NULL
))
310 || !TEST_true(EVP_DigestUpdate(mdctx
, message
, messlen
))
311 || !TEST_true(EVP_DigestFinal(mdctx
, out
, &mdoutl
)))
314 for (i
= 0; i
< 5; i
++) {
315 if (!TEST_true(EVP_EncryptInit_ex(cipherctx
, ciph
, NULL
, key
, iv
))
316 || !TEST_true(EVP_EncryptUpdate(cipherctx
, out
, &ciphoutl
,
317 (unsigned char *)message
,
319 || !TEST_true(EVP_EncryptFinal(cipherctx
, out
, &ciphoutl
)))
323 pctx
= EVP_PKEY_CTX_new_from_name(multi_libctx
, "RSA", NULL
);
325 || !TEST_int_gt(EVP_PKEY_keygen_init(pctx
), 0)
327 * We want the test to run quickly - not securely. Therefore we
328 * use an insecure bit length where we can (512). In the FIPS
329 * module though we must use a longer length.
331 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx
,
332 isfips
? 2048 : 512),
334 || !TEST_int_gt(EVP_PKEY_keygen(pctx
, &pkey
), 0))
339 EVP_MD_CTX_free(mdctx
);
341 EVP_CIPHER_CTX_free(cipherctx
);
342 EVP_CIPHER_free(ciph
);
343 EVP_PKEY_CTX_free(pctx
);
349 static void thread_multi_simple_fetch(void)
351 EVP_MD
*md
= EVP_MD_fetch(multi_libctx
, "SHA2-256", NULL
);
359 static EVP_PKEY
*shared_evp_pkey
= NULL
;
361 static void thread_shared_evp_pkey(void)
363 char *msg
= "Hello World";
364 unsigned char ctbuf
[256];
365 unsigned char ptbuf
[256];
366 size_t ptlen
= sizeof(ptbuf
), ctlen
= sizeof(ctbuf
);
367 EVP_PKEY_CTX
*ctx
= NULL
;
371 for (i
= 0; i
< 1 + do_fips
; i
++) {
373 EVP_PKEY_CTX_free(ctx
);
374 ctx
= EVP_PKEY_CTX_new_from_pkey(multi_libctx
, shared_evp_pkey
,
375 i
== 0 ? "provider=default"
380 if (!TEST_int_ge(EVP_PKEY_encrypt_init(ctx
), 0)
381 || !TEST_int_ge(EVP_PKEY_encrypt(ctx
, ctbuf
, &ctlen
,
382 (unsigned char *)msg
, strlen(msg
)),
386 EVP_PKEY_CTX_free(ctx
);
387 ctx
= EVP_PKEY_CTX_new_from_pkey(multi_libctx
, shared_evp_pkey
, NULL
);
392 if (!TEST_int_ge(EVP_PKEY_decrypt_init(ctx
), 0)
393 || !TEST_int_ge(EVP_PKEY_decrypt(ctx
, ptbuf
, &ptlen
, ctbuf
, ctlen
),
395 || !TEST_mem_eq(msg
, strlen(msg
), ptbuf
, ptlen
))
402 EVP_PKEY_CTX_free(ctx
);
407 static void thread_downgrade_shared_evp_pkey(void)
409 #ifndef OPENSSL_NO_DEPRECATED_3_0
411 * This test is only relevant for deprecated functions that perform
414 if (EVP_PKEY_get0_RSA(shared_evp_pkey
) == NULL
)
417 /* Shouldn't ever get here */
422 static void thread_provider_load_unload(void)
424 OSSL_PROVIDER
*deflt
= OSSL_PROVIDER_load(multi_libctx
, "default");
427 || !TEST_true(OSSL_PROVIDER_available(multi_libctx
, "default")))
430 OSSL_PROVIDER_unload(deflt
);
434 * Do work in multiple worker threads at the same time.
435 * Test 0: General worker, using the default provider
436 * Test 1: General worker, using the fips provider
437 * Test 2: Simple fetch worker
438 * Test 3: Worker downgrading a shared EVP_PKEY
439 * Test 4: Worker using a shared EVP_PKEY
440 * Test 5: Workder loading and unloading a provider
442 static int test_multi(int idx
)
444 thread_t thread1
, thread2
;
446 OSSL_PROVIDER
*prov
= NULL
, *prov2
= NULL
;
447 void (*worker
)(void) = NULL
;
448 void (*worker2
)(void) = NULL
;
449 EVP_MD
*sha256
= NULL
;
451 if (idx
== 1 && !do_fips
)
452 return TEST_skip("FIPS not supported");
454 #ifdef OPENSSL_NO_DEPRECATED_3_0
456 return TEST_skip("Skipping tests for deprected functions");
460 multi_libctx
= OSSL_LIB_CTX_new();
461 if (!TEST_ptr(multi_libctx
))
463 prov
= OSSL_PROVIDER_load(multi_libctx
, (idx
== 1) ? "fips" : "default");
470 worker
= thread_general_worker
;
473 worker
= thread_multi_simple_fetch
;
476 worker2
= thread_downgrade_shared_evp_pkey
;
480 * If available we have both the default and fips providers for this
484 && !TEST_ptr(prov2
= OSSL_PROVIDER_load(multi_libctx
, "fips")))
486 if (!TEST_ptr(shared_evp_pkey
= load_pkey_pem(privkey
, multi_libctx
)))
488 worker
= thread_shared_evp_pkey
;
492 * We ensure we get an md from the default provider, and then unload the
493 * provider. This ensures the provider remains around but in a
496 sha256
= EVP_MD_fetch(multi_libctx
, "SHA2-256", NULL
);
497 OSSL_PROVIDER_unload(prov
);
499 worker
= thread_provider_load_unload
;
502 TEST_error("Invalid test index");
508 if (!TEST_true(run_thread(&thread1
, worker
))
509 || !TEST_true(run_thread(&thread2
, worker2
)))
514 if (!TEST_true(wait_for_thread(thread1
))
515 || !TEST_true(wait_for_thread(thread2
))
516 || !TEST_true(multi_success
))
523 OSSL_PROVIDER_unload(prov
);
524 OSSL_PROVIDER_unload(prov2
);
525 OSSL_LIB_CTX_free(multi_libctx
);
526 EVP_PKEY_free(shared_evp_pkey
);
527 shared_evp_pkey
= NULL
;
533 * This test attempts to load several providers at the same time, and if
534 * run with a thread sanitizer, should crash if the core provider code
535 * doesn't synchronize well enough.
537 #define MULTI_LOAD_THREADS 3
538 static void test_multi_load_worker(void)
542 (void)TEST_ptr(prov
= OSSL_PROVIDER_load(NULL
, "default"));
543 (void)TEST_true(OSSL_PROVIDER_unload(prov
));
546 static int test_multi_load(void)
548 thread_t threads
[MULTI_LOAD_THREADS
];
551 for (i
= 0; i
< MULTI_LOAD_THREADS
; i
++)
552 (void)TEST_true(run_thread(&threads
[i
], test_multi_load_worker
));
554 for (i
= 0; i
< MULTI_LOAD_THREADS
; i
++)
555 (void)TEST_true(wait_for_thread(threads
[i
]));
560 static int test_multi_default(void)
562 thread_t thread1
, thread2
;
564 OSSL_PROVIDER
*prov
= NULL
;
568 prov
= OSSL_PROVIDER_load(multi_libctx
, "default");
572 if (!TEST_true(run_thread(&thread1
, thread_multi_simple_fetch
))
573 || !TEST_true(run_thread(&thread2
, thread_multi_simple_fetch
)))
576 thread_multi_simple_fetch();
578 if (!TEST_true(wait_for_thread(thread1
))
579 || !TEST_true(wait_for_thread(thread2
))
580 || !TEST_true(multi_success
))
586 OSSL_PROVIDER_unload(prov
);
590 typedef enum OPTION_choice
{
597 const OPTIONS
*test_get_options(void)
599 static const OPTIONS options
[] = {
600 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
601 { "fips", OPT_FIPS
, '-', "Test the FIPS provider" },
607 int setup_tests(void)
612 while ((o
= opt_next()) != OPT_EOF
) {
624 if (!TEST_ptr(datadir
= test_get_argument(0)))
627 privkey
= test_mk_file_path(datadir
, "rsakey.pem");
628 if (!TEST_ptr(privkey
))
631 /* Keep first to validate auto creation of default library context */
632 ADD_TEST(test_multi_default
);
636 ADD_TEST(test_thread_local
);
637 ADD_TEST(test_atomic
);
638 ADD_TEST(test_multi_load
);
639 ADD_ALL_TESTS(test_multi
, 6);
643 void cleanup_tests(void)
645 OPENSSL_free(privkey
);