Test RSA oaep in fips mode

Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11948)
author: Shane Lontis <shane.lontis@oracle.com> 2020-07-23 17:40:40 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-07-23 17:40:40 +1000
commit: ae89578be2930c726d6ef56451233757a89f224f (patch)
tree: dfe6f7fb5bc4b550b67bea0fe219fd6a132bd944 /apps/lib
parent: a27cb956c02220c502449176a8834b1d9643ac23 (diff)
2 files changed, 56 insertions, 11 deletions
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index ca24328a2e..60645e21d7 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -8,6 +8,7 @@
  */
 
 #include "apps.h"
+#include <string.h>
 #include <openssl/err.h>
 #include <openssl/provider.h>
 #include <openssl/safestack.h>
@@ -21,14 +22,19 @@ enum prov_range { OPT_PROV_ENUM };
 
 static STACK_OF(OSSL_PROVIDER) *app_providers = NULL;
 
-static int opt_provider_load(const char *provider)
+static void provider_free(OSSL_PROVIDER *prov)
+{
+    OSSL_PROVIDER_unload(prov);
+}
+
+int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name)
 {
     OSSL_PROVIDER *prov;
 
-    prov = OSSL_PROVIDER_load(NULL, provider);
+    prov = OSSL_PROVIDER_load(libctx, provider_name);
     if (prov == NULL) {
         opt_printf_stderr("%s: unable to load provider %s\n",
-                          opt_getprog(), provider);
+                          opt_getprog(), provider_name);
         return 0;
     }
     if (app_providers == NULL)
@@ -41,11 +47,6 @@ static int opt_provider_load(const char *provider)
     return 1;
 }
 
-static void provider_free(OSSL_PROVIDER *prov)
-{
-    OSSL_PROVIDER_unload(prov);
-}
-
 void app_providers_cleanup(void)
 {
     sk_OSSL_PROVIDER_pop_free(app_providers, provider_free);
@@ -56,7 +57,7 @@ static int opt_provider_path(const char *path)
 {
     if (path != NULL && *path == '\0')
         path = NULL;
-    return OSSL_PROVIDER_set_default_search_path(NULL, path);
+    return OSSL_PROVIDER_set_default_search_path(app_get0_libctx(), path);
 }
 
 int opt_provider(int opt)
@@ -66,7 +67,7 @@ int opt_provider(int opt)
     case OPT_PROV__LAST:
         return 1;
     case OPT_PROV_PROVIDER:
-        return opt_provider_load(opt_arg());
+        return app_provider_load(app_get0_libctx(), opt_arg());
     case OPT_PROV_PROVIDER_PATH:
         return opt_provider_path(opt_arg());
     }
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 777e4fed35..ba40e9bc7e 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -78,6 +78,8 @@ typedef struct {
     unsigned long mask;
 } NAME_EX_TBL;
 
+static OPENSSL_CTX *app_libctx = NULL;
+
 static int set_table_opts(unsigned long *flags, const char *arg,
                           const NAME_EX_TBL * in_tbl);
 static int set_multi_opts(unsigned long *flags, const char *arg,
@@ -335,13 +337,37 @@ static char *app_get_pass(const char *arg, int keepbio)
     return OPENSSL_strdup(tpass);
 }
 
+OPENSSL_CTX *app_get0_libctx(void)
+{
+    return app_libctx;
+}
+
+OPENSSL_CTX *app_create_libctx(void)
+{
+    /*
+     * Load the NULL provider into the default library context and create a
+     * library context which will then be used for any OPT_PROV options.
+     */
+    if (app_libctx == NULL) {
+
+        if (!app_provider_load(NULL, "null")) {
+            BIO_puts(bio_err, "Failed to create null provider\n");
+            return NULL;
+        }
+        app_libctx = OPENSSL_CTX_new();
+    }
+    if (app_libctx == NULL)
+        BIO_puts(bio_err, "Failed to create library context\n");
+    return app_libctx;
+}
+
 CONF *app_load_config_bio(BIO *in, const char *filename)
 {
     long errorline = -1;
     CONF *conf;
     int i;
 
-    conf = NCONF_new(NULL);
+    conf = NCONF_new_with_libctx(app_libctx, NULL);
     i = NCONF_load_bio(conf, in, &errorline);
     if (i > 0)
         return conf;
@@ -357,6 +383,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
     else
         BIO_printf(bio_err, "config input");
 
+    CONF_modules_load(conf, NULL, 0);
     NCONF_free(conf);
     return NULL;
 }
@@ -434,6 +461,23 @@ int add_oid_section(CONF *conf)
     return 1;
 }
 
+CONF *app_load_config_modules(const char *configfile)
+{
+    CONF *conf = NULL;
+
+    if (configfile != NULL) {
+        BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+
+        if ((conf = app_load_config(configfile)) == NULL)
+            return NULL;
+        if (configfile != default_config_file && !app_load_modules(conf)) {
+            NCONF_free(conf);
+            conf = NULL;
+        }
+    }
+    return conf;
+}
+
 X509 *load_cert_pass(const char *uri, int maybe_stdin,
                      const char *pass, const char *desc)
 {
author	Shane Lontis <shane.lontis@oracle.com>	2020-07-23 17:40:40 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-07-23 17:40:40 +1000
commit	ae89578be2930c726d6ef56451233757a89f224f (patch)
tree	dfe6f7fb5bc4b550b67bea0fe219fd6a132bd944 /apps/lib
parent	a27cb956c02220c502449176a8834b1d9643ac23 (diff)