diff options
author | Matt Caswell <matt@openssl.org> | 2021-01-26 13:30:06 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-02 12:21:21 +0000 |
commit | a0134d293e907672e2717fe54ce6a4b3ae425388 (patch) | |
tree | e5c1bbd31b62a714ee4f2cbc080aef615a78fc75 /test | |
parent | 7ff9fdd4b31757f70080bd3fa2e633ca080408a4 (diff) |
Add a multi-thread test for shared EVP_PKEYs
EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for
an SSL_CTX, which is then shared between multiple threads for each SSL
object.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/90-test_threads.t | 6 | ||||
-rw-r--r-- | test/recipes/90-test_threads_data/rsakey.pem | 28 | ||||
-rw-r--r-- | test/threadstest.c | 82 |
3 files changed, 111 insertions, 5 deletions
diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t index f46121a751..0410cd8007 100644 --- a/test/recipes/90-test_threads.t +++ b/test/recipes/90-test_threads.t @@ -8,7 +8,7 @@ use OpenSSL::Test::Simple; -use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file data_dir/; use OpenSSL::Test::Utils; use Cwd qw(abs_path); @@ -35,8 +35,8 @@ if (!$no_fips) { if ($no_fips) { $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf")); - ok(run(test(["threadstest"])), "running test_threads"); + ok(run(test(["threadstest", data_dir()])), "running test_threads"); } else { $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-fips.cnf")); - ok(run(test(["threadstest", "-fips"])), "running test_threads"); + ok(run(test(["threadstest", "-fips", data_dir()])), "running test_threads"); } diff --git a/test/recipes/90-test_threads_data/rsakey.pem b/test/recipes/90-test_threads_data/rsakey.pem new file mode 100644 index 0000000000..0d7e4049fd --- /dev/null +++ b/test/recipes/90-test_threads_data/rsakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq +jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH +EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd +igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp +4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/ +WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p +8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq +gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD +nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u +OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4 +nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU +otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4 +XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA +trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V ++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G +PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd +vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs +7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT +SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5 +lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/ +yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww +poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY +rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx +Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL +Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws +KQypwAFz0tbHxaNag/bSAN0J +-----END PRIVATE KEY----- diff --git a/test/threadstest.c b/test/threadstest.c index 2b9afa7d47..9c8e2181d0 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -19,6 +19,7 @@ #include "testutil.h" static int do_fips = 0; +static char *privkey; #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) @@ -352,17 +353,66 @@ static void thread_multi_simple_fetch(void) multi_success = 0; } +static EVP_PKEY *shared_evp_pkey = NULL; + +static void thread_shared_evp_pkey(void) +{ + char *msg = "Hello World"; + unsigned char ctbuf[256]; + unsigned char ptbuf[256]; + size_t ptlen = sizeof(ptbuf), ctlen = sizeof(ctbuf); + EVP_PKEY_CTX *ctx = NULL; + int success = 0; + int i; + + for (i = 0; i < 1 + do_fips; i++) { + if (i > 0) + EVP_PKEY_CTX_free(ctx); + ctx = EVP_PKEY_CTX_new_from_pkey(multi_libctx, shared_evp_pkey, + i == 0 ? "provider=default" + : "provider=fips"); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_int_ge(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_ge(EVP_PKEY_encrypt(ctx, ctbuf, &ctlen, + (unsigned char *)msg, strlen(msg)), + 0)) + goto err; + + EVP_PKEY_CTX_free(ctx); + ctx = EVP_PKEY_CTX_new_from_pkey(multi_libctx, shared_evp_pkey, NULL); + + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_int_ge(EVP_PKEY_decrypt_init(ctx), 0) + || !TEST_int_ge(EVP_PKEY_decrypt(ctx, ptbuf, &ptlen, ctbuf, ctlen), + 0) + || !TEST_mem_eq(msg, strlen(msg), ptbuf, ptlen)) + goto err; + } + + success = 1; + + err: + EVP_PKEY_CTX_free(ctx); + if (!success) + multi_success = 0; +} + /* * Do work in multiple worker threads at the same time. * Test 0: General worker, using the default provider * Test 1: General worker, using the fips provider * Test 2: Simple fetch worker + * Test 3: Worker using a shared EVP_PKEY */ static int test_multi(int idx) { thread_t thread1, thread2; int testresult = 0; - OSSL_PROVIDER *prov = NULL; + OSSL_PROVIDER *prov = NULL, *prov2 = NULL; void (*worker)(void); if (idx == 1 && !do_fips) @@ -384,6 +434,18 @@ static int test_multi(int idx) case 2: worker = thread_multi_simple_fetch; break; + case 3: + /* + * If available we have both the default and fips providers for this + * test + */ + if (do_fips + && !TEST_ptr(prov2 = OSSL_PROVIDER_load(multi_libctx, "fips"))) + goto err; + if (!TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx))) + goto err; + worker = thread_shared_evp_pkey; + break; default: TEST_error("Invalid test index"); goto err; @@ -404,7 +466,10 @@ static int test_multi(int idx) err: OSSL_PROVIDER_unload(prov); + OSSL_PROVIDER_unload(prov2); OSSL_LIB_CTX_free(multi_libctx); + EVP_PKEY_free(shared_evp_pkey); + shared_evp_pkey = NULL; return testresult; } @@ -428,6 +493,7 @@ const OPTIONS *test_get_options(void) int setup_tests(void) { OPTION_CHOICE o; + char *datadir; while ((o = opt_next()) != OPT_EOF) { switch (o) { @@ -441,10 +507,22 @@ int setup_tests(void) } } + if (!TEST_ptr(datadir = test_get_argument(0))) + return 0; + + privkey = test_mk_file_path(datadir, "rsakey.pem"); + if (!TEST_ptr(privkey)) + return 0; + ADD_TEST(test_lock); ADD_TEST(test_once); ADD_TEST(test_thread_local); ADD_TEST(test_atomic); - ADD_ALL_TESTS(test_multi, 3); + ADD_ALL_TESTS(test_multi, 4); return 1; } + +void cleanup_tests(void) +{ + OPENSSL_free(privkey); +} |