From 5ddec6a7d3206c61209a016db4227b847dcaad27 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 14 May 2020 11:33:01 +0100 Subject: [PATCH] Add a test for fetching EVP_PKEY style algs without a provider Following on from the previous commit, add a test to check that we fail to create an EVP_PKEY_CTX if an algorithm is not available in any provider, *unless* it is an algorithm that has no provider support. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11826) --- test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 53d2f3afdb..2ab4be89a3 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1625,6 +1625,47 @@ static int test_keygen_with_empty_template(int n) return ret; } +/* + * Test that we fail if we attempt to use an algorithm that is not available + * in the current library context (unless we are using an algorithm that should + * be made available via legacy codepaths). + */ +static int test_pkey_ctx_fail_without_provider(int tst) +{ + OPENSSL_CTX *tmpctx = OPENSSL_CTX_new(); + OSSL_PROVIDER *nullprov = NULL; + EVP_PKEY_CTX *pctx = NULL; + int ret = 0; + + if (!TEST_ptr(tmpctx)) + goto err; + + nullprov = OSSL_PROVIDER_load(tmpctx, "null"); + if (!TEST_ptr(nullprov)) + goto err; + + pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", ""); + + /* RSA is not available via any provider so we expect this to fail */ + if (tst == 0 && !TEST_ptr_null(pctx)) + goto err; + + /* + * HMAC is always available because it is implemented via legacy codepaths + * and not in a provider at all. We expect this to pass. + */ + if (tst == 1 && !TEST_ptr(pctx)) + goto err; + + ret = 1; + + err: + EVP_PKEY_CTX_free(pctx); + OSSL_PROVIDER_unload(nullprov); + OPENSSL_CTX_free(tmpctx); + return ret; +} + int setup_tests(void) { testctx = OPENSSL_CTX_new(); @@ -1673,6 +1714,7 @@ int setup_tests(void) ADD_TEST(test_EVP_PKEY_set1_DH); #endif ADD_ALL_TESTS(test_keygen_with_empty_template, 2); + ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); return 1; } -- 2.25.1