dtlsv1listentest ct_test threadstest afalgtest d2i_test \
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test param_build_test \
- bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
- pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
+ bioprinttest sslapitest sslprovidertest dtlstest sslcorrupttest \
+ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
cipherbytes_test \
asn1_encode_test asn1_decode_test asn1_string_table_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
INCLUDE[sslapitest]=../include ../apps/include ..
DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a
+ SOURCE[sslprovidertest]=sslprovidertest.c ssltestlib.c
+ INCLUDE[sslprovidertest]=../include ../apps/include ..
+ DEPEND[sslprovidertest]=../libcrypto ../libssl libtestutil.a
+
SOURCE[ocspapitest]=ocspapitest.c
INCLUDE[ocspapitest]=../include ../apps/include
DEPEND[ocspapitest]=../libcrypto libtestutil.a
--- /dev/null
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_dir/;
+
+setup("test_sslprovider");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+ if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["sslprovidertest", srctop_dir("test", "certs")])),
+ "running sslprovidertest");
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/provider.h>
+
+#include "ssltestlib.h"
+#include "testutil.h"
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
+#if 0
+OSSL_PROVIDER *defctxlegacy = NULL;
+#endif
+
+static int test_different_libctx(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OPENSSL_CTX *libctx = OPENSSL_CTX_new();
+
+/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
+#if 0
+ /* Verify that the default provider in the default libctx is not available */
+ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
+ goto end;
+#endif
+
+ cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
+ if (!TEST_ptr(cctx))
+ goto end;
+ sctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(sctx))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(NULL,
+ NULL,
+ TLS1_VERSION,
+ 0,
+ &sctx, NULL, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /* This time we expect success */
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+/* TODO(3.0): Re-enable this code. See comment in setup_tests() */
+#if 0
+ /*
+ * Verify that the default provider in the default libctx is still not
+ * available
+ */
+ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")))
+ goto end;
+#endif
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ OPENSSL_CTX_free(libctx);
+
+ return testresult;
+}
+
+int setup_tests(void)
+{
+ char *certsdir = NULL;
+ /*
+ * TODO(3.0): Re-enable this code when key generation is provider aware. At
+ * the moment the below causes the tests to fail because libssl attempts to
+ * generate a key for the key_share, which ultimately invokes RAND_bytes().
+ * However, because key generation is not yet provider aware it just uses
+ * the default library context - and hence fails.
+ */
+#if 0
+ /*
+ * For tests in this file we want to ensure the default ctx does not have
+ * the default provider loaded into the default ctx. So we load "legacy" to
+ * prevent default from being auto-loaded. This tests that there is no
+ * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the
+ * specific libctx to be used - nothing should fall back to the default
+ * libctx
+ */
+ defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy");
+#endif
+
+ if (!TEST_ptr(certsdir = test_get_argument(0)))
+ return 0;
+
+ cert = test_mk_file_path(certsdir, "servercert.pem");
+ if (cert == NULL)
+ return 0;
+
+ privkey = test_mk_file_path(certsdir, "serverkey.pem");
+ if (privkey == NULL) {
+ OPENSSL_free(cert);
+ return 0;
+ }
+
+ ADD_TEST(test_different_libctx);
+
+ return 1;
+}
+
+void cleanup_tests(void)
+{
+ /* TODO(3.0): Re-enable this code. See comment in setup_tests() */
+#if 0
+ OSSL_PROVIDER_unload(defctxlegacy);
+#endif
+}
projects / oweals / openssl.git / commitdiff