1 /* 2 * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/pem.h> 11 #include <openssl/evp.h> 12 #include "testutil.h" 13 14 static OSSL_LIB_CTX *libctx = NULL; 15 static OSSL_PROVIDER *nullprov = NULL; 16 static OSSL_PROVIDER *libprov = NULL; 17 static const char *filename = NULL; 18 static pem_password_cb passcb; 19 20 typedef enum OPTION_choice { 21 OPT_ERR = -1, 22 OPT_EOF = 0, 23 OPT_CONFIG_FILE, 24 OPT_PROVIDER_NAME, 25 OPT_TEST_ENUM 26 } OPTION_CHOICE; 27 28 const OPTIONS *test_get_options(void) 29 { 30 static const OPTIONS test_options[] = { 31 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"), 32 { "config", OPT_CONFIG_FILE, '<', 33 "The configuration file to use for the libctx" }, 34 { "provider", OPT_PROVIDER_NAME, 's', 35 "The provider to load (The default value is 'default')" }, 36 { OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" }, 37 { NULL } 38 }; 39 return test_options; 40 } 41 42 static int passcb(char *buf, int size, int rwflag, void *userdata) 43 { 44 strcpy(buf, "pass"); 45 return strlen(buf); 46 } 47 48 static int test_decode_nonfipsalg(void) 49 { 50 int ret = 0; 51 EVP_PKEY *privkey = NULL; 52 BIO *bio = NULL; 53 54 /* 55 * Apply the "fips=true" property to all fetches for the libctx. 56 * We do this to test that we are using the propq override 57 */ 58 EVP_default_properties_enable_fips(libctx, 1); 59 60 if (!TEST_ptr(bio = BIO_new_file(filename, "r"))) 61 goto err; 62 63 /* 64 * If NULL is passed as the propq here it uses the global property "fips=true", 65 * Which we expect to fail if the decode uses a non FIPS algorithm 66 */ 67 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL))) 68 goto err; 69 70 /* 71 * Pass if we override the libctx global prop query to optionally use fips=true 72 * This assumes that the libctx contains the default provider 73 */ 74 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true"))) 75 goto err; 76 77 ret = 1; 78 err: 79 BIO_free(bio); 80 EVP_PKEY_free(privkey); 81 return ret; 82 } 83 84 int setup_tests(void) 85 { 86 const char *prov_name = "default"; 87 char *config_file = NULL; 88 OPTION_CHOICE o; 89 90 while ((o = opt_next()) != OPT_EOF) { 91 switch (o) { 92 case OPT_PROVIDER_NAME: 93 prov_name = opt_arg(); 94 break; 95 case OPT_CONFIG_FILE: 96 config_file = opt_arg(); 97 break; 98 case OPT_TEST_CASES: 99 break; 100 default: 101 case OPT_ERR: 102 return 0; 103 } 104 } 105 106 filename = test_get_argument(0); 107 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) 108 return 0; 109 110 ADD_TEST(test_decode_nonfipsalg); 111 return 1; 112 } 113 114 void cleanup_tests(void) 115 { 116 OSSL_PROVIDER_unload(libprov); 117 OSSL_LIB_CTX_free(libctx); 118 OSSL_PROVIDER_unload(nullprov); 119 } 120
Indexes created Sat Feb 28 05:31:39 UTC 2026