1 /*
2 * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/pem.h>
11 #include <openssl/evp.h>
12 #include "testutil.h"
13
14 static OSSL_LIB_CTX *libctx = NULL;
15 static OSSL_PROVIDER *nullprov = NULL;
16 static OSSL_PROVIDER *libprov = NULL;
17 static const char *filename = NULL;
18 static pem_password_cb passcb;
19
20 typedef enum OPTION_choice {
21 OPT_ERR = -1,
22 OPT_EOF = 0,
23 OPT_CONFIG_FILE,
24 OPT_PROVIDER_NAME,
25 OPT_TEST_ENUM
26 } OPTION_CHOICE;
27
test_get_options(void)28 const OPTIONS *test_get_options(void)
29 {
30 static const OPTIONS test_options[] = {
31 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
32 { "config", OPT_CONFIG_FILE, '<',
33 "The configuration file to use for the libctx" },
34 { "provider", OPT_PROVIDER_NAME, 's',
35 "The provider to load (The default value is 'default')" },
36 { OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
37 { NULL }
38 };
39 return test_options;
40 }
41
passcb(char * buf,int size,int rwflag,void * userdata)42 static int passcb(char *buf, int size, int rwflag, void *userdata)
43 {
44 strcpy(buf, "pass");
45 return strlen(buf);
46 }
47
test_decode_nonfipsalg(void)48 static int test_decode_nonfipsalg(void)
49 {
50 int ret = 0;
51 EVP_PKEY *privkey = NULL;
52 BIO *bio = NULL;
53
54 /*
55 * Apply the "fips=true" property to all fetches for the libctx.
56 * We do this to test that we are using the propq override
57 */
58 EVP_default_properties_enable_fips(libctx, 1);
59
60 if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
61 goto err;
62
63 /*
64 * If NULL is passed as the propq here it uses the global property "fips=true",
65 * Which we expect to fail if the decode uses a non FIPS algorithm
66 */
67 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
68 goto err;
69
70 /*
71 * Pass if we override the libctx global prop query to optionally use fips=true
72 * This assumes that the libctx contains the default provider
73 */
74 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
75 goto err;
76
77 ret = 1;
78 err:
79 BIO_free(bio);
80 EVP_PKEY_free(privkey);
81 return ret;
82 }
83
setup_tests(void)84 int setup_tests(void)
85 {
86 const char *prov_name = "default";
87 char *config_file = NULL;
88 OPTION_CHOICE o;
89
90 while ((o = opt_next()) != OPT_EOF) {
91 switch (o) {
92 case OPT_PROVIDER_NAME:
93 prov_name = opt_arg();
94 break;
95 case OPT_CONFIG_FILE:
96 config_file = opt_arg();
97 break;
98 case OPT_TEST_CASES:
99 break;
100 default:
101 case OPT_ERR:
102 return 0;
103 }
104 }
105
106 filename = test_get_argument(0);
107 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
108 return 0;
109
110 ADD_TEST(test_decode_nonfipsalg);
111 return 1;
112 }
113
cleanup_tests(void)114 void cleanup_tests(void)
115 {
116 OSSL_PROVIDER_unload(libprov);
117 OSSL_LIB_CTX_free(libctx);
118 OSSL_PROVIDER_unload(nullprov);
119 }
120
