From fea4e2bd36584cebb79f45680c6da0c14fde3d1e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 3 Apr 2020 15:40:00 +0100 Subject: [PATCH] Run ssl_test_new with a non-default library context We also prepare the way for a future commit to run ssl_test_new with just the FIPS provider loaded. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11511) --- test/recipes/80-test_ssl_new.t | 3 ++- test/ssl_test.c | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 3b1857cc79..5ee872557d 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -145,7 +145,8 @@ sub test_conf { skip "No tests available; skipping tests", 1 if $skip; skip "Stale sources; skipping tests", 1 if !$run_test; - ok(run(test(["ssl_test", $output_file])), "running ssl_test $conf"); + ok(run(test(["ssl_test", $output_file, "default"])), + "running ssl_test $conf"); } } diff --git a/test/ssl_test.c b/test/ssl_test.c index e6ce9a6741..6715cd69d5 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -13,12 +13,15 @@ #include #include #include +#include #include "handshake_helper.h" #include "ssl_test_ctx.h" #include "testutil.h" static CONF *conf = NULL; +static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL; +static OPENSSL_CTX *libctx = NULL; /* Currently the section names are of the form test-, e.g. test-15. */ #define MAX_TESTCASE_NAME_LENGTH 100 @@ -405,22 +408,26 @@ static int test_handshake(int idx) #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { - server_ctx = SSL_CTX_new(DTLS_server_method()); + server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) goto err; if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method()))) + if (!TEST_ptr(server2_ctx = + SSL_CTX_new_with_libctx(libctx, NULL, + DTLS_server_method()))) goto err; } - client_ctx = SSL_CTX_new(DTLS_client_method()); + client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new(DTLS_server_method()); + resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, + DTLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))) goto err; - resume_client_ctx = SSL_CTX_new(DTLS_client_method()); + resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, + DTLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) goto err; if (!TEST_ptr(resume_server_ctx) @@ -430,26 +437,30 @@ static int test_handshake(int idx) } #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { - server_ctx = SSL_CTX_new(TLS_server_method()); + server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) goto err; /* SNI on resumption isn't supported/tested yet. */ if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + if (!TEST_ptr(server2_ctx = + SSL_CTX_new_with_libctx(libctx, NULL, + TLS_server_method()))) goto err; if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0))) goto err; } - client_ctx = SSL_CTX_new(TLS_client_method()); + client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new(TLS_server_method()); + resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, + TLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))) goto err; - resume_client_ctx = SSL_CTX_new(TLS_client_method()); + resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, + TLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) goto err; if (!TEST_ptr(resume_server_ctx) @@ -505,6 +516,7 @@ OPT_TEST_DECLARE_USAGE("conf_file\n") int setup_tests(void) { long num_tests; + const char *modulename; if (!test_skip_common_options()) { TEST_error("Error parsing test options\n"); @@ -518,6 +530,18 @@ int setup_tests(void) &num_tests), 0)) return 0; + if (!TEST_ptr(modulename = test_get_argument(1))) + return 0; + + defctxnull = OSSL_PROVIDER_load(NULL, "null"); + libctx = OPENSSL_CTX_new(); + if (!TEST_ptr(libctx)) + return 0; + + thisprov = OSSL_PROVIDER_load(libctx, modulename); + if (!TEST_ptr(thisprov)) + return 0; + ADD_ALL_TESTS(test_handshake, (int)num_tests); return 1; } @@ -525,4 +549,7 @@ int setup_tests(void) void cleanup_tests(void) { NCONF_free(conf); + OSSL_PROVIDER_unload(defctxnull); + OSSL_PROVIDER_unload(thisprov); + OPENSSL_CTX_free(libctx); } -- 2.25.1