[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Mar 17 07:51:59 UTC 2021
The branch master has been updated
via d11f644ba5f5c7a6e925e625899589d0cdd2c84b (commit)
via 062490dbd05a205824a239336f6a60bf00a7ca1d (commit)
from 4139a0c6ec4633351929fdde728dc984f562c51c (commit)
- Log -----------------------------------------------------------------
commit d11f644ba5f5c7a6e925e625899589d0cdd2c84b
Author: Jon Spillett <jon.spillett at oracle.com>
Date: Mon Mar 15 11:33:21 2021 +1000
Fix up issues found when running evp_extra_test with a non-default library context
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14478)
commit 062490dbd05a205824a239336f6a60bf00a7ca1d
Author: Jon Spillett <jon.spillett at oracle.com>
Date: Tue Mar 9 20:42:57 2021 +1000
Add testing for non-default library context into evp_extra_test
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14478)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_chk.c | 8 +-
crypto/rsa/rsa_gen.c | 5 +-
crypto/sm2/sm2_crypt.c | 2 +-
test/evp_extra_test.c | 197 ++++++++++++++++++++++++++++-----------
test/recipes/30-test_evp_extra.t | 6 +-
5 files changed, 157 insertions(+), 61 deletions(-)
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index e61a5df089..0c32e01426 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -47,7 +47,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
k = BN_new();
l = BN_new();
m = BN_new();
- ctx = BN_CTX_new();
+ ctx = BN_CTX_new_ex(key->libctx);
if (i == NULL || j == NULL || k == NULL || l == NULL
|| m == NULL || ctx == NULL) {
ret = -1;
@@ -65,13 +65,13 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
}
/* p prime? */
- if (BN_check_prime(key->p, NULL, cb) != 1) {
+ if (BN_check_prime(key->p, ctx, cb) != 1) {
ret = 0;
ERR_raise(ERR_LIB_RSA, RSA_R_P_NOT_PRIME);
}
/* q prime? */
- if (BN_check_prime(key->q, NULL, cb) != 1) {
+ if (BN_check_prime(key->q, ctx, cb) != 1) {
ret = 0;
ERR_raise(ERR_LIB_RSA, RSA_R_Q_NOT_PRIME);
}
@@ -79,7 +79,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
/* r_i prime? */
for (idx = 0; idx < ex_primes; idx++) {
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
- if (BN_check_prime(pinfo->r, NULL, cb) != 1) {
+ if (BN_check_prime(pinfo->r, ctx, cb) != 1) {
ret = 0;
ERR_raise(ERR_LIB_RSA, RSA_R_MP_R_NOT_PRIME);
}
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index ccd07c33fb..a2192df575 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -103,7 +103,7 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
goto err;
}
- ctx = BN_CTX_new();
+ ctx = BN_CTX_new_ex(rsa->libctx);
if (ctx == NULL)
goto err;
BN_CTX_start(ctx);
@@ -187,7 +187,8 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
for (;;) {
redo:
- if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+ if (!BN_generate_prime_ex2(prime, bitsr[i] + adj, 0, NULL, NULL,
+ cb, ctx))
goto err;
/*
* prime should not be equal to p, q, r_3...
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index cadc8ae201..2b8b10e25d 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -187,7 +187,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
memset(ciphertext_buf, 0, *ciphertext_len);
- if (!BN_priv_rand_range(k, order)) {
+ if (!BN_priv_rand_range_ex(k, order, ctx)) {
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
goto done;
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 9317917303..45ca43aee1 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -37,6 +37,11 @@
#include "../e_os.h" /* strcasecmp */
static OSSL_LIB_CTX *testctx = NULL;
+static char *testpropq = NULL;
+
+static OSSL_PROVIDER *nullprov = NULL;
+static OSSL_PROVIDER *deflprov = NULL;
+static OSSL_PROVIDER *lgcyprov = NULL;
/*
* kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
@@ -442,7 +447,7 @@ static EVP_PKEY *load_example_key(const char *keytype,
EVP_PKEY *pkey = NULL;
OSSL_DECODER_CTX *dctx =
OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
- testctx, NULL);
+ testctx, testpropq);
/* |pkey| will be NULL on error */
(void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
@@ -516,7 +521,7 @@ static int test_fromdata(char *keytype, OSSL_PARAM *params)
EVP_PKEY *pkey = NULL;
int testresult = 0;
- if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
goto err;
if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
@@ -777,7 +782,8 @@ static int test_EC_priv_only_legacy(void)
* The EVP_DigestSignInit function should create the key on the provider
* side which is sufficient for this test.
*/
- if (!TEST_true(EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)))
+ if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, testpropq,
+ pkey, NULL)))
goto err;
ret = 1;
@@ -803,7 +809,12 @@ static int test_EVP_Enveloped(void)
static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int len, kek_len, ciphertext_len, plaintext_len;
unsigned char ciphertext[32], plaintext[16];
- const EVP_CIPHER *type = EVP_aes_256_cbc();
+ const EVP_CIPHER *type = NULL;
+
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ type = EVP_aes_256_cbc();
if (!TEST_ptr(keypair = load_example_rsa_key())
|| !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
@@ -860,6 +871,9 @@ static int test_EVP_DigestSignInit(int tst)
const EVP_MD *md;
EVP_MD *mdexp = NULL;
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
if (tst >= 6) {
membio = BIO_new(BIO_s_mem());
mdbio = BIO_new(BIO_f_md());
@@ -959,6 +973,9 @@ static int test_EVP_DigestVerifyInit(void)
EVP_PKEY *pkey = NULL;
EVP_MD_CTX *md_ctx = NULL;
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
|| !TEST_ptr(pkey = load_example_rsa_key()))
goto out;
@@ -984,18 +1001,24 @@ static int test_EVP_Digest(void)
int ret = 0;
EVP_MD_CTX *md_ctx = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
+ EVP_MD *sha256 = NULL;
+ EVP_MD *shake256 = NULL;
if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
goto out;
- if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
+ if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
+ || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
+ goto out;
+
+ if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
/* EVP_DigestFinal resets the EVP_MD_CTX. */
|| !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
goto out;
- if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
+ if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
/* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
@@ -1007,7 +1030,7 @@ static int test_EVP_Digest(void)
|| !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
goto out;
- if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
+ if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
/* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
@@ -1018,6 +1041,8 @@ static int test_EVP_Digest(void)
out:
EVP_MD_CTX_free(md_ctx);
+ EVP_MD_free(sha256);
+ EVP_MD_free(shake256);
return ret;
}
@@ -1266,12 +1291,13 @@ static int test_EVP_SM2_verify(void)
EVP_PKEY *pkey = NULL;
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
+ EVP_MD *sm3 = NULL;
bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
if (!TEST_true(bio != NULL))
goto done;
- pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
if (!TEST_true(pkey != NULL))
goto done;
@@ -1281,12 +1307,15 @@ static int test_EVP_SM2_verify(void)
if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
goto done;
- if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
goto done;
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
- if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
+ if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
+ goto done;
+
+ if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
goto done;
if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
@@ -1304,6 +1333,7 @@ static int test_EVP_SM2_verify(void)
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
EVP_MD_CTX_free(mctx);
+ EVP_MD_free(sm3);
return rc;
}
@@ -1320,6 +1350,7 @@ static int test_EVP_SM2(void)
EVP_MD_CTX *md_ctx = NULL;
EVP_MD_CTX *md_ctx_verify = NULL;
EVP_PKEY_CTX *cctx = NULL;
+ EVP_MD *sm3 = NULL;
uint8_t ciphertext[128];
size_t ctext_len = sizeof(ciphertext);
@@ -1334,7 +1365,7 @@ static int test_EVP_SM2(void)
int i;
char mdname[20];
- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
+ pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
if (!TEST_ptr(pctx))
goto done;
@@ -1347,7 +1378,7 @@ static int test_EVP_SM2(void)
if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
goto done;
- kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
+ kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
if (!TEST_ptr(kctx))
goto done;
@@ -1363,13 +1394,16 @@ static int test_EVP_SM2(void)
if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
goto done;
- if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
+ if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
goto done;
EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
- if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
+ if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
+ goto done;
+
+ if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
goto done;
if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
@@ -1390,7 +1424,7 @@ static int test_EVP_SM2(void)
/* Ensure that the signature round-trips. */
- if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
+ if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
goto done;
if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
@@ -1413,7 +1447,7 @@ static int test_EVP_SM2(void)
i == 0 ? "SM3" : "SHA2-256",
0);
- if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
+ if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
goto done;
if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
@@ -1462,6 +1496,7 @@ done:
EVP_PKEY_free(pkeyparams);
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md_ctx_verify);
+ EVP_MD_free(sm3);
OPENSSL_free(sig);
return ret;
}
@@ -1507,6 +1542,9 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
size_t inlen, len = 0;
EVP_PKEY *pkey;
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
/* Check if this algorithm supports public keys */
if (keys[tst].pub == NULL)
return 1;
@@ -1611,7 +1649,7 @@ static int test_EVP_PKEY_check(int i)
&& !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
goto done;
- if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
goto done;
if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
@@ -1659,7 +1697,8 @@ static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
int ret = 1;
if (!TEST_ptr(mdctx)
- || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
+ || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
+ testpropq, pkey, NULL))
|| !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
|| !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
|| !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
@@ -1676,11 +1715,7 @@ static int test_CMAC_keygen(void)
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
- /*
- * This is a legacy method for CMACs, but should still work.
- * This verifies that it works without an ENGINE.
- */
- EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
+ EVP_PKEY_CTX *kctx = NULL;
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char mac[AES_BLOCK_SIZE];
@@ -1688,6 +1723,15 @@ static int test_CMAC_keygen(void)
unsigned char mac2[AES_BLOCK_SIZE];
# endif
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ /*
+ * This is a legacy method for CMACs, but should still work.
+ * This verifies that it works without an ENGINE.
+ */
+ kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
+
/* Test a CMAC key created using the "generated" method */
if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
@@ -1739,7 +1783,7 @@ static int test_HKDF(void)
};
size_t expectedlen = sizeof(expected);
- if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
goto done;
/* We do this twice to test reuse of the EVP_PKEY_CTX */
@@ -1783,7 +1827,7 @@ static int test_emptyikm_HKDF(void)
};
size_t expectedlen = sizeof(expected);
- if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
goto done;
outlen = sizeof(out);
@@ -1853,7 +1897,7 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
char ssl3ms[48];
/* Initialise a sign operation */
- ctx = EVP_PKEY_CTX_new(pkey, NULL);
+ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
if (!TEST_ptr(ctx)
|| !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
goto err;
@@ -1909,7 +1953,7 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
*/
mdctx = EVP_MD_CTX_new();
if (!TEST_ptr(mdctx)
- || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
+ || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
pkey, NULL)))
goto err;
@@ -2062,6 +2106,7 @@ static int test_RSA_get_set_params(void)
static int test_decrypt_null_chunks(void)
{
EVP_CIPHER_CTX* ctx = NULL;
+ EVP_CIPHER *cipher = NULL;
const unsigned char key[32] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
@@ -2078,8 +2123,9 @@ static int test_decrypt_null_chunks(void)
int ret = 0;
const int enc_offset = 10, dec_offset = 20;
- if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
- || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
+ if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
+ || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+ || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
key, iv))
|| !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
enc_offset))
@@ -2097,8 +2143,7 @@ static int test_decrypt_null_chunks(void)
/* Deliberately initialise tmp to a non zero value */
tmp = 99;
- if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
- iv))
+ if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
|| !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
dec_offset))
/*
@@ -2120,6 +2165,7 @@ static int test_decrypt_null_chunks(void)
ret = 1;
err:
EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_free(cipher);
return ret;
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
@@ -2196,6 +2242,9 @@ static int test_keygen_with_empty_template(int n)
EVP_PKEY *tkey = NULL;
int ret = 0;
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
switch (n) {
case 0:
/* We do test with no template at all as well */
@@ -2234,7 +2283,7 @@ static int test_keygen_with_empty_template(int n)
static int test_pkey_ctx_fail_without_provider(int tst)
{
OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
- OSSL_PROVIDER *nullprov = NULL;
+ OSSL_PROVIDER *tmpnullprov = NULL;
EVP_PKEY_CTX *pctx = NULL;
const char *keytype = NULL;
int expect_null = 0;
@@ -2243,8 +2292,8 @@ static int test_pkey_ctx_fail_without_provider(int tst)
if (!TEST_ptr(tmpctx))
goto err;
- nullprov = OSSL_PROVIDER_load(tmpctx, "null");
- if (!TEST_ptr(nullprov))
+ tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
+ if (!TEST_ptr(tmpnullprov))
goto err;
/*
@@ -2287,7 +2336,7 @@ static int test_pkey_ctx_fail_without_provider(int tst)
err:
EVP_PKEY_CTX_free(pctx);
- OSSL_PROVIDER_unload(nullprov);
+ OSSL_PROVIDER_unload(tmpnullprov);
OSSL_LIB_CTX_free(tmpctx);
return ret;
}
@@ -2304,7 +2353,7 @@ static int test_rand_agglomeration(void)
unsigned char out[sizeof(seed)];
if (!TEST_int_ne(sizeof(seed) % step, 0)
- || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
+ || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
return 0;
ctx = EVP_RAND_CTX_new(rand, NULL);
EVP_RAND_free(rand);
@@ -2357,13 +2406,16 @@ static int test_evp_iv(int idx)
size_t ivlen, ref_len;
const EVP_CIPHER *type = NULL;
+ if (nullprov != NULL && idx < 5)
+ return TEST_skip("Test does not support a non-default library context");
+
switch(idx) {
case 0:
type = EVP_aes_128_cbc();
/* FALLTHROUGH */
case 5:
type = (type != NULL) ? type :
- EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
+ EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
ref_iv = cbc_state;
ref_len = sizeof(cbc_state);
break;
@@ -2372,7 +2424,7 @@ static int test_evp_iv(int idx)
/* FALLTHROUGH */
case 6:
type = (type != NULL) ? type :
- EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
+ EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
ref_iv = ofb_state;
ref_len = sizeof(ofb_state);
break;
@@ -2381,7 +2433,7 @@ static int test_evp_iv(int idx)
/* FALLTHROUGH */
case 7:
type = (type != NULL) ? type :
- EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
+ EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
ref_iv = gcm_state;
ref_len = sizeof(gcm_state);
break;
@@ -2390,7 +2442,7 @@ static int test_evp_iv(int idx)
/* FALLTHROUGH */
case 8:
type = (type != NULL) ? type :
- EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
+ EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
ref_iv = ccm_state;
ref_len = sizeof(ccm_state);
break;
@@ -2404,7 +2456,7 @@ static int test_evp_iv(int idx)
/* FALLTHROUGH */
case 9:
type = (type != NULL) ? type :
- EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
+ EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
ref_iv = ocb_state;
ref_len = sizeof(ocb_state);
break;
@@ -2455,6 +2507,9 @@ static int test_ecpub(int idx)
EC_KEY *ec = NULL;
# endif
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
nid = ecpub_nids[idx];
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
@@ -2505,20 +2560,20 @@ static int test_ecpub(int idx)
static int test_EVP_rsa_pss_with_keygen_bits(void)
{
- int ret;
- EVP_PKEY_CTX *ctx;
- EVP_PKEY *pkey;
- const EVP_MD *md;
- pkey = NULL;
- ret = 0;
+ int ret = 0;
+ EVP_PKEY_CTX *ctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ EVP_MD *md;
- md = EVP_get_digestbyname("sha256");
- ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
+ md = EVP_MD_fetch(testctx, "sha256", testpropq);
+ ret = TEST_ptr(md)
+ && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
&& TEST_true(EVP_PKEY_keygen_init(ctx))
&& TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
&& TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
&& TEST_true(EVP_PKEY_keygen(ctx, &pkey));
+ EVP_MD_free(md);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
return ret;
@@ -2572,12 +2627,45 @@ static int test_names_do_all(void)
return testresult;
}
-int setup_tests(void)
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_CONTEXT,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
{
- testctx = OSSL_LIB_CTX_new();
+ static const OPTIONS options[] = {
+ OPT_TEST_OPTIONS_DEFAULT_USAGE,
+ { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
+ { NULL }
+ };
+ return options;
+}
- if (!TEST_ptr(testctx))
- return 0;
+int setup_tests(void)
+{
+ OPTION_CHOICE o;
+
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_CONTEXT:
+ /* Set up an alternate library context */
+ testctx = OSSL_LIB_CTX_new();
+ if (!TEST_ptr(testctx))
+ return 0;
+ /* Swap the libctx to test non-default context only */
+ nullprov = OSSL_PROVIDER_load(NULL, "null");
+ deflprov = OSSL_PROVIDER_load(testctx, "default");
+ lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
+ break;
+ case OPT_TEST_CASES:
+ break;
+ default:
+ return 0;
+ }
+ }
ADD_TEST(test_EVP_set_default_properties);
ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
@@ -2655,5 +2743,8 @@ int setup_tests(void)
void cleanup_tests(void)
{
+ OSSL_PROVIDER_unload(nullprov);
+ OSSL_PROVIDER_unload(deflprov);
+ OSSL_PROVIDER_unload(lgcyprov);
OSSL_LIB_CTX_free(testctx);
}
diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t
index f7fdca7f06..e437e579f0 100644
--- a/test/recipes/30-test_evp_extra.t
+++ b/test/recipes/30-test_evp_extra.t
@@ -14,7 +14,11 @@ use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
setup("test_evp_extra");
-plan tests => 2;
+plan tests => 3;
ok(run(test(["evp_extra_test"])), "running evp_extra_test");
+
+# Run tests with a non-default library context
+ok(run(test(["evp_extra_test", "-context"])), "running evp_extra_test with a non-default library context");
+
ok(run(test(["evp_extra_test2"])), "running evp_extra_test2");
More information about the openssl-commits
mailing list