/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
+#include <stdlib.h>
#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_ENGINE
-int main(int argc, char *argv[])
-{
- printf("No ENGINE support\n");
- return (0);
-}
-#else
+# include "testutil.h"
+
+#ifndef OPENSSL_NO_ENGINE
# include <openssl/buffer.h>
# include <openssl/crypto.h>
# include <openssl/engine.h>
+# include <openssl/rsa.h>
# include <openssl/err.h>
static void display_engine_list(void)
ENGINE *h;
int loop;
- h = ENGINE_get_first();
loop = 0;
- printf("listing available engine types\n");
- while (h) {
- printf("engine %i, id = \"%s\", name = \"%s\"\n",
+ for (h = ENGINE_get_first(); h != NULL; h = ENGINE_get_next(h)) {
+ TEST_info("#%d: id = \"%s\", name = \"%s\"",
loop++, ENGINE_get_id(h), ENGINE_get_name(h));
- h = ENGINE_get_next(h);
}
- printf("end of list\n");
+
/*
* ENGINE_get_first() increases the struct_ref counter, so we must call
* ENGINE_free() to decrease it again
ENGINE_free(h);
}
-int main(int argc, char *argv[])
+#define NUMTOADD 512
+
+static int test_engines(void)
{
- ENGINE *block[512];
+ ENGINE *block[NUMTOADD];
+ char *eid[NUMTOADD];
+ char *ename[NUMTOADD];
char buf[256];
- const char *id, *name, *p;
ENGINE *ptr;
int loop;
- int to_return = 1;
+ int to_return = 0;
ENGINE *new_h1 = NULL;
ENGINE *new_h2 = NULL;
ENGINE *new_h3 = NULL;
ENGINE *new_h4 = NULL;
- p = getenv("OPENSSL_DEBUG_MEMORY");
- if (p != NULL && strcmp(p, "on") == 0)
- CRYPTO_set_mem_debug(1);
- ERR_load_crypto_strings();
-
memset(block, 0, sizeof(block));
- if (((new_h1 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h1, "test_id0") ||
- !ENGINE_set_name(new_h1, "First test item") ||
- ((new_h2 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h2, "test_id1") ||
- !ENGINE_set_name(new_h2, "Second test item") ||
- ((new_h3 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h3, "test_id2") ||
- !ENGINE_set_name(new_h3, "Third test item") ||
- ((new_h4 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h4, "test_id3") ||
- !ENGINE_set_name(new_h4, "Fourth test item")) {
- printf("Couldn't set up test ENGINE structures\n");
+ if (!TEST_ptr(new_h1 = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(new_h1, "test_id0"))
+ || !TEST_true(ENGINE_set_name(new_h1, "First test item"))
+ || !TEST_ptr(new_h2 = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(new_h2, "test_id1"))
+ || !TEST_true(ENGINE_set_name(new_h2, "Second test item"))
+ || !TEST_ptr(new_h3 = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(new_h3, "test_id2"))
+ || !TEST_true(ENGINE_set_name(new_h3, "Third test item"))
+ || !TEST_ptr(new_h4 = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(new_h4, "test_id3"))
+ || !TEST_true(ENGINE_set_name(new_h4, "Fourth test item")))
goto end;
- }
- printf("\nenginetest beginning\n\n");
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_add(new_h1)) {
- printf("Add failed!\n");
+
+ if (!TEST_true(ENGINE_add(new_h1)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
+
ptr = ENGINE_get_first();
- if (!ENGINE_remove(ptr)) {
- printf("Remove failed!\n");
+ if (!TEST_true(ENGINE_remove(ptr)))
goto end;
- }
ENGINE_free(ptr);
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
- printf("Add failed!\n");
+
+ if (!TEST_true(ENGINE_add(new_h3))
+ || !TEST_true(ENGINE_add(new_h2)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_remove(new_h2)) {
- printf("Remove failed!\n");
+
+ if (!TEST_true(ENGINE_remove(new_h2)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_add(new_h4)) {
- printf("Add failed!\n");
+
+ if (!TEST_true(ENGINE_add(new_h4)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
- if (ENGINE_add(new_h3)) {
- printf("Add *should* have failed but didn't!\n");
+
+ /* Should fail. */
+ if (!TEST_false(ENGINE_add(new_h3)))
goto end;
- } else
- printf("Add that should fail did.\n");
ERR_clear_error();
- if (ENGINE_remove(new_h2)) {
- printf("Remove *should* have failed but didn't!\n");
+
+ /* Should fail. */
+ if (!TEST_false(ENGINE_remove(new_h2)))
goto end;
- } else
- printf("Remove that should fail did.\n");
ERR_clear_error();
- if (!ENGINE_remove(new_h3)) {
- printf("Remove failed!\n");
+
+ if (!TEST_true(ENGINE_remove(new_h3)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_remove(new_h4)) {
- printf("Remove failed!\n");
+
+ if (!TEST_true(ENGINE_remove(new_h4)))
goto end;
- }
+ TEST_info("Engines:");
display_engine_list();
+
/*
- * Depending on whether there's any hardware support compiled in, this
- * remove may be destined to fail.
+ * At this point, we should have an empty list, unless some hardware
+ * support engine got added. However, since we don't allow the config
+ * file to be loaded and don't otherwise load any built in engines,
+ * that is unlikely. Still, we check, if for nothing else, then to
+ * notify that something is a little off (and might mean that |new_h1|
+ * wasn't unloaded when it should have)
*/
- ptr = ENGINE_get_first();
- if (ptr)
+ if ((ptr = ENGINE_get_first()) != NULL) {
if (!ENGINE_remove(ptr))
- printf("Remove failed!i - probably no hardware "
- "support present.\n");
+ TEST_info("Remove failed - probably no hardware support present");
+ }
ENGINE_free(ptr);
+ TEST_info("Engines:");
display_engine_list();
- if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
- printf("Couldn't add and remove to an empty list!\n");
+
+ if (!TEST_true(ENGINE_add(new_h1))
+ || !TEST_true(ENGINE_remove(new_h1)))
goto end;
- } else
- printf("Successfully added and removed to an empty list!\n");
- printf("About to beef up the engine-type list\n");
- for (loop = 0; loop < 512; loop++) {
- sprintf(buf, "id%i", loop);
- id = OPENSSL_strdup(buf);
- sprintf(buf, "Fake engine type %i", loop);
- name = OPENSSL_strdup(buf);
- if (((block[loop] = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(block[loop], id) ||
- !ENGINE_set_name(block[loop], name)) {
- printf("Couldn't create block of ENGINE structures.\n"
- "I'll probably also core-dump now, damn.\n");
+
+ TEST_info("About to beef up the engine-type list");
+ for (loop = 0; loop < NUMTOADD; loop++) {
+ sprintf(buf, "id%d", loop);
+ eid[loop] = OPENSSL_strdup(buf);
+ sprintf(buf, "Fake engine type %d", loop);
+ ename[loop] = OPENSSL_strdup(buf);
+ if (!TEST_ptr(block[loop] = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(block[loop], eid[loop]))
+ || !TEST_true(ENGINE_set_name(block[loop], ename[loop])))
goto end;
- }
}
- for (loop = 0; loop < 512; loop++) {
- if (!ENGINE_add(block[loop])) {
- printf("\nAdding stopped at %i, (%s,%s)\n",
- loop, ENGINE_get_id(block[loop]),
- ENGINE_get_name(block[loop]));
+ for (loop = 0; loop < NUMTOADD; loop++) {
+ if (!TEST_true(ENGINE_add(block[loop]))) {
+ test_note("Adding stopped at %d, (%s,%s)",
+ loop, ENGINE_get_id(block[loop]),
+ ENGINE_get_name(block[loop]));
goto cleanup_loop;
- } else
- printf(".");
- fflush(stdout);
+ }
}
cleanup_loop:
- printf("\nAbout to empty the engine-type list\n");
+ TEST_info("About to empty the engine-type list");
while ((ptr = ENGINE_get_first()) != NULL) {
- if (!ENGINE_remove(ptr)) {
- printf("\nRemove failed!\n");
+ if (!TEST_true(ENGINE_remove(ptr)))
goto end;
- }
ENGINE_free(ptr);
- printf(".");
- fflush(stdout);
}
- for (loop = 0; loop < 512; loop++) {
- OPENSSL_free((void *)ENGINE_get_id(block[loop]));
- OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+ for (loop = 0; loop < NUMTOADD; loop++) {
+ OPENSSL_free(eid[loop]);
+ OPENSSL_free(ename[loop]);
}
- printf("\nTests completed happily\n");
- to_return = 0;
+ to_return = 1;
+
end:
- if (to_return)
- ERR_print_errors_fp(stderr);
ENGINE_free(new_h1);
ENGINE_free(new_h2);
ENGINE_free(new_h3);
ENGINE_free(new_h4);
- for (loop = 0; loop < 512; loop++)
+ for (loop = 0; loop < NUMTOADD; loop++)
ENGINE_free(block[loop]);
- ENGINE_cleanup();
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(NULL);
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- if (CRYPTO_mem_leaks_fp(stderr) <= 0)
- to_return = 1;
-#endif
return to_return;
}
+
+/* Test EVP_PKEY method */
+static EVP_PKEY_METHOD *test_rsa = NULL;
+
+static int called_encrypt = 0;
+
+/* Test function to check operation has been redirected */
+static int test_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig,
+ size_t *siglen, const unsigned char *tbs, size_t tbslen)
+{
+ called_encrypt = 1;
+ return 1;
+}
+
+static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ const int **pnids, int nid)
+{
+ static const int rnid = EVP_PKEY_RSA;
+ if (pmeth == NULL) {
+ *pnids = &rnid;
+ return 1;
+ }
+
+ if (nid == EVP_PKEY_RSA) {
+ *pmeth = test_rsa;
+ return 1;
+ }
+
+ *pmeth = NULL;
+ return 0;
+}
+
+/* Return a test EVP_PKEY value */
+
+static EVP_PKEY *get_test_pkey(void)
+{
+ static unsigned char n[] =
+ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+ "\xF5";
+ static unsigned char e[] = "\x11";
+
+ RSA *rsa = RSA_new();
+ EVP_PKEY *pk = EVP_PKEY_new();
+
+ if (rsa == NULL || pk == NULL || !EVP_PKEY_assign_RSA(pk, rsa)) {
+ RSA_free(rsa);
+ EVP_PKEY_free(pk);
+ return NULL;
+ }
+
+ if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n)-1, NULL),
+ BN_bin2bn(e, sizeof(e)-1, NULL), NULL)) {
+ EVP_PKEY_free(pk);
+ return NULL;
+ }
+
+ return pk;
+}
+
+static int test_redirect(void)
+{
+ const unsigned char pt[] = "Hello World\n";
+ unsigned char *tmp = NULL;
+ size_t len;
+ EVP_PKEY_CTX *ctx = NULL;
+ ENGINE *e = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ int to_return = 0;
+
+ if (!TEST_ptr(pkey = get_test_pkey()))
+ goto err;
+
+ len = EVP_PKEY_size(pkey);
+ if (!TEST_ptr(tmp = OPENSSL_malloc(len)))
+ goto err;
+
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
+ goto err;
+ TEST_info("EVP_PKEY_encrypt test: no redirection");
+ /* Encrypt some data: should succeed but not be redirected */
+ if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0)
+ || !TEST_false(called_encrypt))
+ goto err;
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+
+ /* Create a test ENGINE */
+ if (!TEST_ptr(e = ENGINE_new())
+ || !TEST_true(ENGINE_set_id(e, "Test redirect engine"))
+ || !TEST_true(ENGINE_set_name(e, "Test redirect engine")))
+ goto err;
+
+ /*
+ * Try to create a context for this engine and test key.
+ * Try setting test key engine. Both should fail because the
+ * engine has no public key methods.
+ */
+ if (!TEST_ptr_null(ctx = EVP_PKEY_CTX_new(pkey, e))
+ || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0))
+ goto err;
+
+ /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */
+ if (!TEST_ptr(test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)))
+ goto err;
+ ENGINE_set_pkey_meths(e, test_pkey_meths);
+
+ /* Getting a context for test ENGINE should now succeed */
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e)))
+ goto err;
+ /* Encrypt should fail because operation is not supported */
+ if (!TEST_int_le(EVP_PKEY_encrypt_init(ctx), 0))
+ goto err;
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+
+ /* Add test encrypt operation to method */
+ EVP_PKEY_meth_set_encrypt(test_rsa, 0, test_encrypt);
+
+ TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()");
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e)))
+ goto err;
+ /* Encrypt some data: should succeed and be redirected */
+ if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0)
+ || !TEST_true(called_encrypt))
+ goto err;
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+ called_encrypt = 0;
+
+ /* Create context with default engine: should not be redirected */
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))
+ || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0)
+ || !TEST_false(called_encrypt))
+ goto err;
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+
+ /* Set engine explicitly for test key */
+ if (!TEST_true(EVP_PKEY_set1_engine(pkey, e)))
+ goto err;
+
+ TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()");
+
+ /* Create context with default engine: should be redirected now */
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))
+ || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0)
+ || !TEST_true(called_encrypt))
+ goto err;
+
+ to_return = 1;
+
+ err:
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
+ ENGINE_free(e);
+ OPENSSL_free(tmp);
+ return to_return;
+}
+#endif
+
+int global_init(void)
+{
+ /*
+ * If the config file gets loaded, the dynamic engine will be loaded,
+ * and that interferes with our test above.
+ */
+ return OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
+}
+
+int setup_tests(void)
+{
+#ifdef OPENSSL_NO_ENGINE
+ TEST_note("No ENGINE support");
+#else
+ ADD_TEST(test_engines);
+ ADD_TEST(test_redirect);
#endif
+ return 1;
+}