xref: /openssl/test/p_test.c (revision f6097c7c)
1 /*
2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * This is a very simple provider that does absolutely nothing except respond
12  * to provider global parameter requests.  It does this by simply echoing back
13  * a parameter request it makes to the loading library.
14  */
15 
16 #include <string.h>
17 #include <stdio.h>
18 
19 #include <stdarg.h>
20 
21 /*
22  * When built as an object file to link the application with, we get the
23  * init function name through the macro PROVIDER_INIT_FUNCTION_NAME.  If
24  * not defined, we use the standard init function name for the shared
25  * object form.
26  */
27 #ifdef PROVIDER_INIT_FUNCTION_NAME
28 # define OSSL_provider_init PROVIDER_INIT_FUNCTION_NAME
29 #endif
30 
31 #include "internal/e_os.h"
32 #include <openssl/core.h>
33 #include <openssl/core_dispatch.h>
34 #include <openssl/err.h>
35 #include <openssl/evp.h>
36 #include <openssl/crypto.h>
37 #include <openssl/provider.h>
38 
39 typedef struct p_test_ctx {
40     char *thisfile;
41     char *thisfunc;
42     const OSSL_CORE_HANDLE *handle;
43     OSSL_LIB_CTX *libctx;
44 } P_TEST_CTX;
45 
46 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
47 static OSSL_FUNC_core_get_params_fn *c_get_params = NULL;
48 static OSSL_FUNC_core_new_error_fn *c_new_error;
49 static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug;
50 static OSSL_FUNC_core_vset_error_fn *c_vset_error;
51 static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf;
52 
53 /* Tell the core what params we provide and what type they are */
54 static const OSSL_PARAM p_param_types[] = {
55     { "greeting", OSSL_PARAM_UTF8_STRING, NULL, 0, 0 },
56     { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
57     { NULL, 0, NULL, 0, 0 }
58 };
59 
60 /* This is a trick to ensure we define the provider functions correctly */
61 static OSSL_FUNC_provider_gettable_params_fn p_gettable_params;
62 static OSSL_FUNC_provider_get_params_fn p_get_params;
63 static OSSL_FUNC_provider_get_reason_strings_fn p_get_reason_strings;
64 static OSSL_FUNC_provider_teardown_fn p_teardown;
65 
local_snprintf(char * buf,size_t n,const char * format,...)66 static int local_snprintf(char *buf, size_t n, const char *format, ...)
67 {
68     va_list args;
69     int ret;
70 
71     va_start(args, format);
72     ret = (*c_BIO_vsnprintf)(buf, n, format, args);
73     va_end(args);
74     return ret;
75 }
76 
p_set_error(int lib,int reason,const char * file,int line,const char * func,const char * fmt,...)77 static void p_set_error(int lib, int reason, const char *file, int line,
78                         const char *func, const char *fmt, ...)
79 {
80     va_list ap;
81 
82     va_start(ap, fmt);
83     c_new_error(NULL);
84     c_set_error_debug(NULL, file, line, func);
85     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, ap);
86     va_end(ap);
87 }
88 
p_gettable_params(void * _)89 static const OSSL_PARAM *p_gettable_params(void *_)
90 {
91     return p_param_types;
92 }
93 
p_get_params(void * provctx,OSSL_PARAM params[])94 static int p_get_params(void *provctx, OSSL_PARAM params[])
95 {
96     P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
97     const OSSL_CORE_HANDLE *hand = ctx->handle;
98     OSSL_PARAM *p = params;
99     int ok = 1;
100 
101     for (; ok && p->key != NULL; p++) {
102         if (strcmp(p->key, "greeting") == 0) {
103             static char *opensslv;
104             static char *provname;
105             static char *greeting;
106             static OSSL_PARAM counter_request[] = {
107                 /* Known libcrypto provided parameters */
108                 { "openssl-version", OSSL_PARAM_UTF8_PTR,
109                   &opensslv, sizeof(&opensslv), 0 },
110                 { "provider-name", OSSL_PARAM_UTF8_PTR,
111                   &provname, sizeof(&provname), 0},
112 
113                 /* This might be present, if there's such a configuration */
114                 { "greeting", OSSL_PARAM_UTF8_PTR,
115                   &greeting, sizeof(&greeting), 0 },
116 
117                 { NULL, 0, NULL, 0, 0 }
118             };
119             char buf[256];
120             size_t buf_l;
121 
122             opensslv = provname = greeting = NULL;
123 
124             if (c_get_params(hand, counter_request)) {
125                 if (greeting) {
126                     strcpy(buf, greeting);
127                 } else {
128                     const char *versionp = *(void **)counter_request[0].data;
129                     const char *namep = *(void **)counter_request[1].data;
130 
131                     local_snprintf(buf, sizeof(buf), "Hello OpenSSL %.20s, greetings from %s!",
132                                    versionp, namep);
133                 }
134             } else {
135                 local_snprintf(buf, sizeof(buf), "Howdy stranger...");
136             }
137 
138             p->return_size = buf_l = strlen(buf) + 1;
139             if (p->data_size >= buf_l)
140                 strcpy(p->data, buf);
141             else
142                 ok = 0;
143         } else if (strcmp(p->key, "digest-check") == 0) {
144             unsigned int digestsuccess = 0;
145 
146             /*
147              * Test we can use an algorithm from another provider. We're using
148              * legacy to check that legacy is actually available and we haven't
149              * just fallen back to default.
150              */
151 #ifdef PROVIDER_INIT_FUNCTION_NAME
152             EVP_MD *md4 = EVP_MD_fetch(ctx->libctx, "MD4", NULL);
153             EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
154             const char *msg = "Hello world";
155             unsigned char out[16];
156             OSSL_PROVIDER *deflt;
157 
158             /*
159             * "default" has not been loaded into the parent libctx. We should be able
160             * to explicitly load it as a non-child provider.
161             */
162             deflt = OSSL_PROVIDER_load(ctx->libctx, "default");
163             if (deflt == NULL
164                     || !OSSL_PROVIDER_available(ctx->libctx, "default")) {
165                 /* We set error "3" for a failure to load the default provider */
166                 p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE,
167                             ctx->thisfunc, NULL);
168                 ok = 0;
169             }
170 
171             /*
172              * We should have the default provider available that we loaded
173              * ourselves, and the base and legacy providers which we inherit
174              * from the parent libctx. We should also have "this" provider
175              * available.
176              */
177             if (ok
178                     && OSSL_PROVIDER_available(ctx->libctx, "default")
179                     && OSSL_PROVIDER_available(ctx->libctx, "base")
180                     && OSSL_PROVIDER_available(ctx->libctx, "legacy")
181                     && OSSL_PROVIDER_available(ctx->libctx, "p_test")
182                     && md4 != NULL
183                     && mdctx != NULL) {
184                 if (EVP_DigestInit_ex(mdctx, md4, NULL)
185                         && EVP_DigestUpdate(mdctx, (const unsigned char *)msg,
186                                             strlen(msg))
187                         && EVP_DigestFinal(mdctx, out, NULL))
188                     digestsuccess = 1;
189             }
190             EVP_MD_CTX_free(mdctx);
191             EVP_MD_free(md4);
192             OSSL_PROVIDER_unload(deflt);
193 #endif
194             if (p->data_size >= sizeof(digestsuccess)) {
195                 *(unsigned int *)p->data = digestsuccess;
196                 p->return_size = sizeof(digestsuccess);
197             } else {
198                 ok = 0;
199             }
200         } else if (strcmp(p->key, "stop-property-mirror") == 0) {
201             /*
202              * Setting the default properties explicitly should stop mirroring
203              * of properties from the parent libctx.
204              */
205             unsigned int stopsuccess = 0;
206 
207 #ifdef PROVIDER_INIT_FUNCTION_NAME
208             stopsuccess = EVP_set_default_properties(ctx->libctx, NULL);
209 #endif
210             if (p->data_size >= sizeof(stopsuccess)) {
211                 *(unsigned int *)p->data = stopsuccess;
212                 p->return_size = sizeof(stopsuccess);
213             } else {
214                 ok = 0;
215             }
216         }
217     }
218     return ok;
219 }
220 
p_get_reason_strings(void * _)221 static const OSSL_ITEM *p_get_reason_strings(void *_)
222 {
223     static const OSSL_ITEM reason_strings[] = {
224         {1, "dummy reason string"},
225         {2, "Can't create child library context"},
226         {3, "Can't load default provider"},
227         {0, NULL}
228     };
229 
230     return reason_strings;
231 }
232 
p_query(OSSL_PROVIDER * prov,int operation_id,int * no_cache)233 static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov,
234                                      int operation_id,
235                                      int *no_cache)
236 {
237     *no_cache = 1;
238     return NULL;
239 }
240 
241 static const OSSL_DISPATCH p_test_table[] = {
242     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params },
243     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params },
244     { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS,
245         (void (*)(void))p_get_reason_strings},
246     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
247     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
248     OSSL_DISPATCH_END
249 };
250 
OSSL_provider_init(const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * oin,const OSSL_DISPATCH ** out,void ** provctx)251 int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
252                        const OSSL_DISPATCH *oin,
253                        const OSSL_DISPATCH **out,
254                        void **provctx)
255 {
256     P_TEST_CTX *ctx;
257     const OSSL_DISPATCH *in = oin;
258 
259     for (; in->function_id != 0; in++) {
260         switch (in->function_id) {
261         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
262             c_gettable_params = OSSL_FUNC_core_gettable_params(in);
263             break;
264         case OSSL_FUNC_CORE_GET_PARAMS:
265             c_get_params = OSSL_FUNC_core_get_params(in);
266             break;
267         case OSSL_FUNC_CORE_NEW_ERROR:
268             c_new_error = OSSL_FUNC_core_new_error(in);
269             break;
270         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
271             c_set_error_debug = OSSL_FUNC_core_set_error_debug(in);
272             break;
273         case OSSL_FUNC_CORE_VSET_ERROR:
274             c_vset_error = OSSL_FUNC_core_vset_error(in);
275             break;
276         case OSSL_FUNC_BIO_VSNPRINTF:
277             c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in);
278             break;
279         default:
280             /* Just ignore anything we don't understand */
281             break;
282         }
283     }
284 
285     /*
286      * We want to test that libcrypto doesn't use the file and func pointers
287      * that we provide to it via c_set_error_debug beyond the time that they
288      * are valid for. Therefore we dynamically allocate these strings now and
289      * free them again when the provider is torn down. If anything tries to
290      * use those strings after that point there will be a use-after-free and
291      * asan will complain (and hence the tests will fail).
292      * This file isn't linked against libcrypto, so we use malloc and strdup
293      * instead of OPENSSL_malloc and OPENSSL_strdup
294      */
295     ctx = malloc(sizeof(*ctx));
296     if (ctx == NULL)
297         return 0;
298     ctx->thisfile = strdup(OPENSSL_FILE);
299     ctx->thisfunc = strdup(OPENSSL_FUNC);
300     ctx->handle = handle;
301 #ifdef PROVIDER_INIT_FUNCTION_NAME
302     /* We only do this if we are linked with libcrypto */
303     ctx->libctx = OSSL_LIB_CTX_new_child(handle, oin);
304     if (ctx->libctx == NULL) {
305         /* We set error "2" for a failure to create the child libctx*/
306         p_set_error(ERR_LIB_PROV, 2, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc,
307                     NULL);
308         p_teardown(ctx);
309         return 0;
310     }
311     /*
312      * The default provider is loaded - but the default properties should not
313      * allow its use.
314      */
315     {
316         EVP_MD *sha256 = EVP_MD_fetch(ctx->libctx, "SHA2-256", NULL);
317         if (sha256 != NULL) {
318             EVP_MD_free(sha256);
319             p_teardown(ctx);
320             return 0;
321         }
322     }
323 #endif
324 
325     /*
326      * Set a spurious error to check error handling works correctly. This will
327      * be ignored
328      */
329     p_set_error(ERR_LIB_PROV, 1, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc, NULL);
330 
331     *provctx = (void *)ctx;
332     *out = p_test_table;
333     return 1;
334 }
335 
p_teardown(void * provctx)336 static void p_teardown(void *provctx)
337 {
338     P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
339 
340 #ifdef PROVIDER_INIT_FUNCTION_NAME
341     OSSL_LIB_CTX_free(ctx->libctx);
342 #endif
343     free(ctx->thisfile);
344     free(ctx->thisfunc);
345     free(ctx);
346 }
347