diff options
| author | Matt Caswell <matt@openssl.org> | 2020-05-14 15:45:38 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-05-18 09:45:14 +0100 |
| commit | 88b15ed9a54c591c3962149560d4f851322a54c4 (patch) | |
| tree | a0911e269e00042373752564843cd702628f7820 /test | |
| parent | d9321c09ea0b1231d9752935e15eb05231ae147a (diff) | |
Delete the sslprovider test
This was added before the changes to the sslap/ssl_new/ssl_old tests which
run those tests with a non-default library context. It no longer adds
anything that those tests don't already do, so it can be deleted.
This also fixes a number of run-checker build failures which were failing
in this test if TLSv1.2 was disabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11832)
Diffstat (limited to 'test')
| -rw-r--r-- | test/build.info | 6 | ||||
| -rw-r--r-- | test/recipes/90-test_sslprovider.t | 50 | ||||
| -rw-r--r-- | test/sslprovidertest.c | 143 |
3 files changed, 1 insertions, 198 deletions
diff --git a/test/build.info b/test/build.info index 6d670ea175..112b68c22f 100644 --- a/test/build.info +++ b/test/build.info @@ -44,7 +44,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test param_build_test \ - bioprinttest sslapitest sslprovidertest dtlstest sslcorrupttest \ + bioprinttest sslapitest dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test \ asn1_encode_test asn1_decode_test asn1_string_table_test \ @@ -294,10 +294,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a - SOURCE[sslprovidertest]=sslprovidertest.c ssltestlib.c - INCLUDE[sslprovidertest]=../include ../apps/include .. - DEPEND[sslprovidertest]=../libcrypto ../libssl libtestutil.a - SOURCE[ocspapitest]=ocspapitest.c INCLUDE[ocspapitest]=../include ../apps/include DEPEND[ocspapitest]=../libcrypto libtestutil.a diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t deleted file mode 100644 index 1a2a28557e..0000000000 --- a/test/recipes/90-test_sslprovider.t +++ /dev/null @@ -1,50 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_file bldtop_dir/; - -BEGIN { -setup("test_sslprovider"); -} - -use lib srctop_dir('Configurations'); -use lib bldtop_dir('.'); -use platform; - -plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); - -plan tests => 3; - -SKIP: { - skip "Skipping FIPS installation", 1 - if disabled("fips"); - - ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', - '-section_name', 'fips_sect'])), - "fipsinstall"); -} - -ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "default", - srctop_file("test", "default.cnf")])), - "running sslprovidertest"); - -SKIP: { - skip "Skipping FIPS provider test", 1 - if disabled("fips"); - - ok(run(test(["sslprovidertest", srctop_dir("test", "certs"), "fips", - srctop_file("test", "fips.cnf")])), - "running sslprovidertest"); -} diff --git a/test/sslprovidertest.c b/test/sslprovidertest.c deleted file mode 100644 index 8bcfd5f94b..0000000000 --- a/test/sslprovidertest.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <string.h> -#include <openssl/provider.h> - -#include "ssltestlib.h" -#include "testutil.h" - -static char *cert = NULL; -static char *privkey = NULL; -static char *modulename = NULL; -static char *configfile = NULL; - -static OSSL_PROVIDER *defctxlegacy = NULL; - -static int test_different_libctx(void) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - OPENSSL_CTX *libctx = OPENSSL_CTX_new(); - OSSL_PROVIDER *prov = NULL; - - /* - * Verify that the default and fips providers in the default libctx are not - * available - */ - if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) - goto end; - - if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile))) - goto end; - - prov = OSSL_PROVIDER_load(libctx, modulename); - if (!TEST_ptr(prov) - /* Check we have the provider available */ - || !TEST_true(OSSL_PROVIDER_available(libctx, modulename))) - goto end; - /* Check the default provider is not available */ - if (strcmp(modulename, "default") != 0 - && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) - goto end; - TEST_note("%s provider loaded", modulename); - - /* - * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key - * exchange, because we don't have key gen/param gen for EC yet - which - * implies TLSv1.2 only - */ - if (!TEST_true(create_ssl_ctx_pair(libctx, - TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - TLS1_2_VERSION, - &sctx, &cctx, cert, privkey))) - goto end; - - /* Ensure we use a FIPS compatible ciphersuite and sigalg */ - if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256")) - || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256"))) - goto end; - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) - goto end; - - /* This time we expect success */ - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) - goto end; - - /* - * Verify that the default and fips providers in the default libctx are - * still not available - */ - if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) - goto end; - - testresult = 1; - - end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - OSSL_PROVIDER_unload(prov); - OPENSSL_CTX_free(libctx); - - return testresult; -} - -int setup_tests(void) -{ - char *certsdir = NULL; - - if (!test_skip_common_options()) { - TEST_error("Error parsing test options\n"); - return 0; - } - - if (!TEST_ptr(certsdir = test_get_argument(0)) - || !TEST_ptr(modulename = test_get_argument(1)) - || !TEST_ptr(configfile = test_get_argument(2))) - return 0; - - cert = test_mk_file_path(certsdir, "servercert.pem"); - if (cert == NULL) - return 0; - - privkey = test_mk_file_path(certsdir, "serverkey.pem"); - if (privkey == NULL) { - OPENSSL_free(cert); - return 0; - } - - /* - * For tests in this file we want to ensure the default ctx does not have - * the default provider loaded into the default ctx. So we load "legacy" to - * prevent default from being auto-loaded. This tests that there is no - * "leakage", i.e. when using SSL_CTX_new_with_libctx() we expect only the - * specific libctx to be used - nothing should fall back to the default - * libctx - */ - defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); - - ADD_TEST(test_different_libctx); - - return 1; -} - -void cleanup_tests(void) -{ - OSSL_PROVIDER_unload(defctxlegacy); -} |