1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/*
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stddef.h>
#include <string.h>
#include <openssl/provider.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/evp.h>
#include "testutil.h"
#include "fake_rsaprov.h"
static OSSL_LIB_CTX *libctx = NULL;
/* Fetch SIGNATURE method using a libctx and propq */
static int fetch_sig(OSSL_LIB_CTX *ctx, const char *alg, const char *propq,
OSSL_PROVIDER *expected_prov)
{
OSSL_PROVIDER *prov;
EVP_SIGNATURE *sig = EVP_SIGNATURE_fetch(ctx, "RSA", propq);
int ret = 0;
if (!TEST_ptr(sig))
return 0;
if (!TEST_ptr(prov = EVP_SIGNATURE_get0_provider(sig)))
goto end;
if (!TEST_ptr_eq(prov, expected_prov)) {
TEST_info("Fetched provider: %s, Expected provider: %s",
OSSL_PROVIDER_get0_name(prov),
OSSL_PROVIDER_get0_name(expected_prov));
goto end;
}
ret = 1;
end:
EVP_SIGNATURE_free(sig);
return ret;
}
static int test_pkey_sig(void)
{
OSSL_PROVIDER *deflt = NULL;
OSSL_PROVIDER *fake_rsa = NULL;
int i, ret = 0;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
return 0;
if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
goto end;
/* Do a direct fetch to see it works */
if (!TEST_true(fetch_sig(libctx, "RSA", "provider=fake-rsa", fake_rsa))
|| !TEST_true(fetch_sig(libctx, "RSA", "?provider=fake-rsa", fake_rsa)))
goto end;
/* Construct a pkey using precise propq to use our provider */
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
"provider=fake-rsa"))
|| !TEST_true(EVP_PKEY_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
|| !TEST_ptr(pkey))
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
/* try exercising signature_init ops a few times */
for (i = 0; i < 3; i++) {
size_t siglen;
/*
* Create a signing context for our pkey with optional propq.
* The sign init should pick both keymgmt and signature from
* fake-rsa as the key is not exportable.
*/
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey,
"?provider=default")))
goto end;
/*
* If this picks the wrong signature without realizing it
* we can get a segfault or some internal error. At least watch
* whether fake-rsa sign_init is is exercised by calling sign.
*/
if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1))
goto end;
if (!TEST_int_eq(EVP_PKEY_sign(ctx, NULL, &siglen, NULL, 0), 1)
|| !TEST_size_t_eq(siglen, 256))
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
ret = 1;
end:
fake_rsa_finish(fake_rsa);
OSSL_PROVIDER_unload(deflt);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
int setup_tests(void)
{
libctx = OSSL_LIB_CTX_new();
if (libctx == NULL)
return 0;
ADD_TEST(test_pkey_sig);
return 1;
}
void cleanup_tests(void)
{
OSSL_LIB_CTX_free(libctx);
}
|
