]>
Commit | Line | Data |
---|---|---|
9aa78c36 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/provider.h> | |
11 | ||
12 | #include "ssltestlib.h" | |
13 | #include "testutil.h" | |
14 | ||
15 | static char *cert = NULL; | |
16 | static char *privkey = NULL; | |
17 | ||
18 | /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ | |
19 | #if 0 | |
20 | OSSL_PROVIDER *defctxlegacy = NULL; | |
21 | #endif | |
22 | ||
23 | static int test_different_libctx(void) | |
24 | { | |
25 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
26 | SSL *clientssl = NULL, *serverssl = NULL; | |
27 | int testresult = 0; | |
28 | OPENSSL_CTX *libctx = OPENSSL_CTX_new(); | |
29 | ||
30 | /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ | |
31 | #if 0 | |
32 | /* Verify that the default provider in the default libctx is not available */ | |
33 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))) | |
34 | goto end; | |
35 | #endif | |
36 | ||
37 | cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method()); | |
38 | if (!TEST_ptr(cctx)) | |
39 | goto end; | |
40 | sctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method()); | |
41 | if (!TEST_ptr(sctx)) | |
42 | goto end; | |
43 | ||
44 | if (!TEST_true(create_ssl_ctx_pair(NULL, | |
45 | NULL, | |
46 | TLS1_VERSION, | |
47 | 0, | |
48 | &sctx, NULL, cert, privkey))) | |
49 | goto end; | |
50 | ||
51 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
52 | NULL, NULL))) | |
53 | goto end; | |
54 | ||
55 | /* This time we expect success */ | |
56 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
57 | goto end; | |
58 | ||
59 | /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ | |
60 | #if 0 | |
61 | /* | |
62 | * Verify that the default provider in the default libctx is still not | |
63 | * available | |
64 | */ | |
65 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))) | |
66 | goto end; | |
67 | #endif | |
68 | ||
69 | testresult = 1; | |
70 | ||
71 | end: | |
72 | SSL_free(serverssl); | |
73 | SSL_free(clientssl); | |
74 | SSL_CTX_free(sctx); | |
75 | SSL_CTX_free(cctx); | |
76 | ||
77 | OPENSSL_CTX_free(libctx); | |
78 | ||
79 | return testresult; | |
80 | } | |
81 | ||
82 | int setup_tests(void) | |
83 | { | |
84 | char *certsdir = NULL; | |
85 | /* | |
86 | * TODO(3.0): Re-enable this code when key generation is provider aware. At | |
87 | * the moment the below causes the tests to fail because libssl attempts to | |
88 | * generate a key for the key_share, which ultimately invokes RAND_bytes(). | |
89 | * However, because key generation is not yet provider aware it just uses | |
90 | * the default library context - and hence fails. | |
91 | */ | |
92 | #if 0 | |
93 | /* | |
94 | * For tests in this file we want to ensure the default ctx does not have | |
95 | * the default provider loaded into the default ctx. So we load "legacy" to | |
96 | * prevent default from being auto-loaded. This tests that there is no | |
97 | * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the | |
98 | * specific libctx to be used - nothing should fall back to the default | |
99 | * libctx | |
100 | */ | |
101 | defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); | |
102 | #endif | |
103 | ||
104 | if (!TEST_ptr(certsdir = test_get_argument(0))) | |
105 | return 0; | |
106 | ||
107 | cert = test_mk_file_path(certsdir, "servercert.pem"); | |
108 | if (cert == NULL) | |
109 | return 0; | |
110 | ||
111 | privkey = test_mk_file_path(certsdir, "serverkey.pem"); | |
112 | if (privkey == NULL) { | |
113 | OPENSSL_free(cert); | |
114 | return 0; | |
115 | } | |
116 | ||
117 | ADD_TEST(test_different_libctx); | |
118 | ||
119 | return 1; | |
120 | } | |
121 | ||
122 | void cleanup_tests(void) | |
123 | { | |
124 | /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ | |
125 | #if 0 | |
126 | OSSL_PROVIDER_unload(defctxlegacy); | |
127 | #endif | |
128 | } |