test/decoder_propq_test.c - third_party/openssl - Git at Google

 /*
  * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */

 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include "testutil.h"

 static OSSL_LIB_CTX *libctx = NULL;
 static OSSL_PROVIDER *nullprov = NULL;
 static OSSL_PROVIDER *libprov = NULL;
 static const char *filename = NULL;
 static pem_password_cb passcb;

 typedef enum OPTION_choice {
     OPT_ERR = -1,
     OPT_EOF = 0,
     OPT_CONFIG_FILE,
     OPT_PROVIDER_NAME,
     OPT_TEST_ENUM
 } OPTION_CHOICE;

 const OPTIONS *test_get_options(void)
 {
     static const OPTIONS test_options[] = {
         OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
         { "config", OPT_CONFIG_FILE, '<',
           "The configuration file to use for the libctx" },
         { "provider", OPT_PROVIDER_NAME, 's',
           "The provider to load (The default value is 'default')" },
         { OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
         { NULL }
     };
     return test_options;
 }

 static int passcb(char *buf, int size, int rwflag, void *userdata)
 {
     strcpy(buf, "pass");
     return strlen(buf);
 }

 static int test_decode_nonfipsalg(void)
 {
     int ret = 0;
     EVP_PKEY *privkey = NULL;
     BIO *bio = NULL;

     /*
      * Apply the "fips=true" property to all fetches for the libctx.
      * We do this to test that we are using the propq override
      */
     EVP_default_properties_enable_fips(libctx, 1);

     if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
         goto err;

     /*
      * If NULL is passed as the propq here it uses the global property "fips=true",
      * Which we expect to fail if the decode uses a non FIPS algorithm
      */
     if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
         goto err;

     /*
      * Pass if we override the libctx global prop query to optionally use fips=true
      * This assumes that the libctx contains the default provider
      */
     if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
         goto err;

     ret = 1;
 err:
     BIO_free(bio);
     EVP_PKEY_free(privkey);
     return ret;
 }

 int setup_tests(void)
 {
     const char *prov_name = "default";
     char *config_file = NULL;
     OPTION_CHOICE o;

     while ((o = opt_next()) != OPT_EOF) {
         switch (o) {
         case OPT_PROVIDER_NAME:
             prov_name = opt_arg();
             break;
         case OPT_CONFIG_FILE:
             config_file = opt_arg();
             break;
         case OPT_TEST_CASES:
            break;
         default:
         case OPT_ERR:
             return 0;
         }
     }

     filename = test_get_argument(0);
     if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
         return 0;

     ADD_TEST(test_decode_nonfipsalg);
     return 1;
 }

 void cleanup_tests(void)
 {
     OSSL_PROVIDER_unload(libprov);
     OSSL_LIB_CTX_free(libctx);
     OSSL_PROVIDER_unload(nullprov);
 }
	/*
	* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
	*
	* Licensed under the Apache License 2.0 (the "License"). You may not use
	* this file except in compliance with the License. You can obtain a copy
	* in the file LICENSE in the source distribution or at
	* https://www.openssl.org/source/license.html
	*/

	#include <openssl/pem.h>
	#include <openssl/evp.h>
	#include "testutil.h"

	static OSSL_LIB_CTX *libctx = NULL;
	static OSSL_PROVIDER *nullprov = NULL;
	static OSSL_PROVIDER *libprov = NULL;
	static const char *filename = NULL;
	static pem_password_cb passcb;

	typedef enum OPTION_choice {
	OPT_ERR = -1,
	OPT_EOF = 0,
	OPT_CONFIG_FILE,
	OPT_PROVIDER_NAME,
	OPT_TEST_ENUM
	} OPTION_CHOICE;

	const OPTIONS *test_get_options(void)
	{
	static const OPTIONS test_options[] = {
	OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
	{ "config", OPT_CONFIG_FILE, '<',
	"The configuration file to use for the libctx" },
	{ "provider", OPT_PROVIDER_NAME, 's',
	"The provider to load (The default value is 'default')" },
	{ OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
	{ NULL }
	};
	return test_options;
	}

	static int passcb(char buf, int size, int rwflag, void userdata)
	{
	strcpy(buf, "pass");
	return strlen(buf);
	}

	static int test_decode_nonfipsalg(void)
	{
	int ret = 0;
	EVP_PKEY *privkey = NULL;
	BIO *bio = NULL;

	/*
	* Apply the "fips=true" property to all fetches for the libctx.
	* We do this to test that we are using the propq override
	*/
	EVP_default_properties_enable_fips(libctx, 1);

	if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
	goto err;

	/*
	* If NULL is passed as the propq here it uses the global property "fips=true",
	* Which we expect to fail if the decode uses a non FIPS algorithm
	*/
	if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
	goto err;

	/*
	* Pass if we override the libctx global prop query to optionally use fips=true
	* This assumes that the libctx contains the default provider
	*/
	if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
	goto err;

	ret = 1;
	err:
	BIO_free(bio);
	EVP_PKEY_free(privkey);
	return ret;
	}

	int setup_tests(void)
	{
	const char *prov_name = "default";
	char *config_file = NULL;
	OPTION_CHOICE o;

	while ((o = opt_next()) != OPT_EOF) {
	switch (o) {
	case OPT_PROVIDER_NAME:
	prov_name = opt_arg();
	break;
	case OPT_CONFIG_FILE:
	config_file = opt_arg();
	break;
	case OPT_TEST_CASES:
	break;
	default:
	case OPT_ERR:
	return 0;
	}
	}

	filename = test_get_argument(0);
	if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
	return 0;

	ADD_TEST(test_decode_nonfipsalg);
	return 1;
	}

	void cleanup_tests(void)
	{
	OSSL_PROVIDER_unload(libprov);
	OSSL_LIB_CTX_free(libctx);
	OSSL_PROVIDER_unload(nullprov);
	}