diff options
| author | Matt Caswell <matt@openssl.org> | 2020-05-14 11:33:01 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-05-28 17:01:47 +0100 |
| commit | 5ddec6a7d3206c61209a016db4227b847dcaad27 (patch) | |
| tree | 151e433683d55945cf9813034d4618a819a00d08 | |
| parent | b533510f3bc70957dbf447f7ea8ec20765c5b314 (diff) | |
Add a test for fetching EVP_PKEY style algs without a provider
Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
| -rw-r--r-- | test/evp_extra_test.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 53d2f3afdb..2ab4be89a3 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1625,6 +1625,47 @@ static int test_keygen_with_empty_template(int n) return ret; } +/* + * Test that we fail if we attempt to use an algorithm that is not available + * in the current library context (unless we are using an algorithm that should + * be made available via legacy codepaths). + */ +static int test_pkey_ctx_fail_without_provider(int tst) +{ + OPENSSL_CTX *tmpctx = OPENSSL_CTX_new(); + OSSL_PROVIDER *nullprov = NULL; + EVP_PKEY_CTX *pctx = NULL; + int ret = 0; + + if (!TEST_ptr(tmpctx)) + goto err; + + nullprov = OSSL_PROVIDER_load(tmpctx, "null"); + if (!TEST_ptr(nullprov)) + goto err; + + pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", ""); + + /* RSA is not available via any provider so we expect this to fail */ + if (tst == 0 && !TEST_ptr_null(pctx)) + goto err; + + /* + * HMAC is always available because it is implemented via legacy codepaths + * and not in a provider at all. We expect this to pass. + */ + if (tst == 1 && !TEST_ptr(pctx)) + goto err; + + ret = 1; + + err: + EVP_PKEY_CTX_free(pctx); + OSSL_PROVIDER_unload(nullprov); + OPENSSL_CTX_free(tmpctx); + return ret; +} + int setup_tests(void) { testctx = OPENSSL_CTX_new(); @@ -1673,6 +1714,7 @@ int setup_tests(void) ADD_TEST(test_EVP_PKEY_set1_DH); #endif ADD_ALL_TESTS(test_keygen_with_empty_template, 2); + ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); return 1; } |