[thirdparty/openssl.git] / test / sslprovidertest.c

/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/provider.h>

#include "ssltestlib.h"
#include "testutil.h"

static char *cert = NULL;
static char *privkey = NULL;

/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
#if 0
OSSL_PROVIDER *defctxlegacy = NULL;
#endif

static int test_different_libctx(void)
{
    SSL_CTX *cctx = NULL, *sctx = NULL;
    SSL *clientssl = NULL, *serverssl = NULL;
    int testresult = 0;
    OPENSSL_CTX *libctx = OPENSSL_CTX_new();

/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
#if 0
    /* Verify that the default provider in the default libctx is not available */
    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
        goto end;
#endif

    cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
    if (!TEST_ptr(cctx))
        goto end;
    sctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
    if (!TEST_ptr(sctx))
        goto end;

    if (!TEST_true(create_ssl_ctx_pair(NULL,
                                       NULL,
                                       TLS1_VERSION,
                                       0,
                                       &sctx, NULL, cert, privkey)))
        goto end;

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                      NULL, NULL)))
        goto end;

    /* This time we expect success */
    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
        goto end;

/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
#if 0
    /*
     * Verify that the default provider in the default libctx is still not
     * available
     */
    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
        goto end;
#endif

    testresult = 1;

 end:
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    OPENSSL_CTX_free(libctx);

    return testresult;
}

int setup_tests(void)
{
    char *certsdir = NULL;
    /*
     * TODO(3.0): Re-enable this code when key generation is provider aware. At
     * the moment the below causes the tests to fail because libssl attempts to
     * generate a key for the key_share, which ultimately invokes RAND_bytes().
     * However, because key generation is not yet provider aware it just uses
     * the default library context - and hence fails.
     */
#if 0
    /*
     * For tests in this file we want to ensure the default ctx does not have
     * the default provider loaded into the default ctx. So we load "legacy" to
     * prevent default from being auto-loaded. This tests that there is no
     * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
     * specific libctx to be used - nothing should fall back to the default
     * libctx
     */
    defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
#endif

    if (!TEST_ptr(certsdir = test_get_argument(0)))
        return 0;

    cert = test_mk_file_path(certsdir, "servercert.pem");
    if (cert == NULL)
        return 0;

    privkey = test_mk_file_path(certsdir, "serverkey.pem");
    if (privkey == NULL) {
        OPENSSL_free(cert);
        return 0;
    }

    ADD_TEST(test_different_libctx);

    return 1;
}

void cleanup_tests(void)
{
    /* TODO(3.0): Re-enable this code. See comment in setup_tests() */
#if 0
    OSSL_PROVIDER_unload(defctxlegacy);
#endif
}
Commit	Line	Data
9aa78c36 MC	1	/*
	2	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/provider.h>
	11
	12	#include "ssltestlib.h"
	13	#include "testutil.h"
	14
	15	static char *cert = NULL;
	16	static char *privkey = NULL;
	17
	18	/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
	19	#if 0
	20	OSSL_PROVIDER *defctxlegacy = NULL;
	21	#endif
	22
	23	static int test_different_libctx(void)
	24	{
	25	SSL_CTX cctx = NULL, sctx = NULL;
	26	SSL clientssl = NULL, serverssl = NULL;
	27	int testresult = 0;
	28	OPENSSL_CTX *libctx = OPENSSL_CTX_new();
	29
	30	/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
	31	#if 0
	32	/* Verify that the default provider in the default libctx is not available */
	33	if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
	34	goto end;
	35	#endif
	36
	37	cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
	38	if (!TEST_ptr(cctx))
	39	goto end;
	40	sctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
	41	if (!TEST_ptr(sctx))
	42	goto end;
	43
	44	if (!TEST_true(create_ssl_ctx_pair(NULL,
	45	NULL,
	46	TLS1_VERSION,
	47	0,
	48	&sctx, NULL, cert, privkey)))
	49	goto end;
	50
	51	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	52	NULL, NULL)))
	53	goto end;
	54
	55	/* This time we expect success */
	56	if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
	57	goto end;
	58
	59	/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
	60	#if 0
	61	/*
	62	* Verify that the default provider in the default libctx is still not
	63	* available
	64	*/
65	if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
66	goto end;
67	#endif
68
69	testresult = 1;
70
71	end:
72	SSL_free(serverssl);
73	SSL_free(clientssl);
74	SSL_CTX_free(sctx);
75	SSL_CTX_free(cctx);
76
77	OPENSSL_CTX_free(libctx);
78
79	return testresult;
80	}
81
82	int setup_tests(void)
83	{
84	char *certsdir = NULL;
85	/*
86	* TODO(3.0): Re-enable this code when key generation is provider aware. At
87	* the moment the below causes the tests to fail because libssl attempts to
88	* generate a key for the key_share, which ultimately invokes RAND_bytes().
89	* However, because key generation is not yet provider aware it just uses
90	* the default library context - and hence fails.
91	*/
92	#if 0
93	/*
94	* For tests in this file we want to ensure the default ctx does not have
95	* the default provider loaded into the default ctx. So we load "legacy" to
96	* prevent default from being auto-loaded. This tests that there is no
97	* "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
98	* specific libctx to be used - nothing should fall back to the default
99	* libctx
100	*/
101	defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
102	#endif
103
104	if (!TEST_ptr(certsdir = test_get_argument(0)))
105	return 0;
106
107	cert = test_mk_file_path(certsdir, "servercert.pem");
108	if (cert == NULL)
109	return 0;
110
111	privkey = test_mk_file_path(certsdir, "serverkey.pem");
112	if (privkey == NULL) {
113	OPENSSL_free(cert);
114	return 0;
115	}
116
117	ADD_TEST(test_different_libctx);
118
119	return 1;
120	}
121
122	void cleanup_tests(void)
123	{
124	/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
125	#if 0
126	OSSL_PROVIDER_unload(defctxlegacy);
127	#endif
128	}