xref: /freebsd/crypto/openssl/test/decoder_propq_test.c (revision 086ce467adec42d58414fdb4d54c2b6819cf0c07) 
1 /*
2  * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <openssl/pem.h>
11 #include <openssl/evp.h>
12 #include "testutil.h"
13 
14 static OSSL_LIB_CTX *libctx = NULL;
15 static OSSL_PROVIDER *nullprov = NULL;
16 static OSSL_PROVIDER *libprov = NULL;
17 static const char *filename = NULL;
18 static pem_password_cb passcb;
19 
20 typedef enum OPTION_choice {
21     OPT_ERR = -1,
22     OPT_EOF = 0,
23     OPT_CONFIG_FILE,
24     OPT_PROVIDER_NAME,
25     OPT_TEST_ENUM
26 } OPTION_CHOICE;
27 
28 const OPTIONS *test_get_options(void)
29 {
30     static const OPTIONS test_options[] = {
31         OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
32         { "config", OPT_CONFIG_FILE, '<',
33           "The configuration file to use for the libctx" },
34         { "provider", OPT_PROVIDER_NAME, 's',
35           "The provider to load (The default value is 'default')" },
36         { OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
37         { NULL }
38     };
39     return test_options;
40 }
41 
42 static int passcb(char *buf, int size, int rwflag, void *userdata)
43 {
44     strcpy(buf, "pass");
45     return strlen(buf);
46 }
47 
48 static int test_decode_nonfipsalg(void)
49 {
50     int ret = 0;
51     EVP_PKEY *privkey = NULL;
52     BIO *bio = NULL;
53 
54     /*
55      * Apply the "fips=true" property to all fetches for the libctx.
56      * We do this to test that we are using the propq override
57      */
58     EVP_default_properties_enable_fips(libctx, 1);
59 
60     if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
61         goto err;
62 
63     /*
64      * If NULL is passed as the propq here it uses the global property "fips=true",
65      * Which we expect to fail if the decode uses a non FIPS algorithm
66      */
67     if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
68         goto err;
69 
70     /*
71      * Pass if we override the libctx global prop query to optionally use fips=true
72      * This assumes that the libctx contains the default provider
73      */
74     if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
75         goto err;
76 
77     ret = 1;
78 err:
79     BIO_free(bio);
80     EVP_PKEY_free(privkey);
81     return ret;
82 }
83 
84 int setup_tests(void)
85 {
86     const char *prov_name = "default";
87     char *config_file = NULL;
88     OPTION_CHOICE o;
89 
90     while ((o = opt_next()) != OPT_EOF) {
91         switch (o) {
92         case OPT_PROVIDER_NAME:
93             prov_name = opt_arg();
94             break;
95         case OPT_CONFIG_FILE:
96             config_file = opt_arg();
97             break;
98         case OPT_TEST_CASES:
99            break;
100         default:
101         case OPT_ERR:
102             return 0;
103         }
104     }
105 
106     filename = test_get_argument(0);
107     if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
108         return 0;
109 
110     ADD_TEST(test_decode_nonfipsalg);
111     return 1;
112 }
113 
114 void cleanup_tests(void)
115 {
116     OSSL_PROVIDER_unload(libprov);
117     OSSL_LIB_CTX_free(libctx);
118     OSSL_PROVIDER_unload(nullprov);
119 }
120