TEST: Add a simple module loader, and test the FIPS module with it

This very simple module loader is only linked with the standard C
library, so cannot and should not provide any other symbol to the
module it tries to load.  It can thereby be used to verify that the
module it tries to load doesn't have any surprising dependencies when
it's supposed to be self contained.

A test recipe is added to verify the FIPS module with this loader.

Fixes #11020

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13507)

diff --git a/test/build.info b/test/build.info
index 3468be069113e58667df01a3cafbf80eb9521ddf..0386a1febf4008966fc403c7845eb799426811f4 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -434,6 +434,10 @@ IF[{- !$disabled{tests} -}]
     PROGRAMS{noinst}=shlibloadtest
     SOURCE[shlibloadtest]=shlibloadtest.c simpledynamic.c
     INCLUDE[shlibloadtest]=../include ../apps/include
+
+    PROGRAMS{noinst}=moduleloadtest
+    SOURCE[moduleloadtest]=moduleloadtest.c simpledynamic.c
+    INCLUDE[moduleloadtest]=../include ../apps/include
   ENDIF
 
   # cipher_overhead_test uses internal symbols, so it must be linked with

diff --git a/test/moduleloadtest.c b/test/moduleloadtest.c
new file mode 100644 (file)
index 0000000..915343f
--- /dev/null
+++ b/test/moduleloadtest.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Extremely simple dynamic loader, must never be linked with anything other
+ * than the standard C library.  Its purpose is to try to load a dynamic module
+ * and verify the presence of one symbol, if that's given.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/core.h>
+#include "simpledynamic.h"
+
+static int test_load(const char *path, const char *symbol)
+{
+#ifdef SD_INIT
+    SD sd = SD_INIT;
+    SD_SYM sym;
+
+    return sd_load(path, &sd, SD_MODULE)
+        && (symbol == NULL || sd_sym(sd, symbol, &sym))
+        && sd_close(sd);
+#else
+    fprintf(stderr, "No dynamic loader\n");
+    return 0;
+#endif
+}
+
+int main(int argc, char *argv[])
+{
+    const char *m, *s;
+
+    if (argc != 2 && argc != 3) {
+        fprintf(stderr, "Usage: %s sharedobject [ entrypoint ]\n", argv[0]);
+        return 1;
+    }
+
+    m = argv[1];
+    s = argc == 3 ? argv[2] : NULL;
+
+    return test_load(m, s) ? 0 : 1;
+}

diff --git a/test/recipes/90-test_fipsload.t b/test/recipes/90-test_fipsload.t
new file mode 100644 (file)
index 0000000..c4f7133
--- /dev/null
+++ b/test/recipes/90-test_fipsload.t
@@ -0,0 +1,30 @@
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir/;
+use OpenSSL::Test::Utils;
+
+BEGIN {
+    setup('test_shlibload');
+}
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+plan skip_all => 'Test only supported in a shared build' if disabled('shared');
+plan skip_all => 'Test is disabled on AIX' if config('target') =~ m|^aix|;
+plan skip_all => 'Test is disabled on NonStop' if config('target') =~ m|^nonstop|;
+plan skip_all => 'Test only supported in a dso build' if disabled('dso');
+plan skip_all => 'Test is disabled in an address sanitizer build' unless disabled('asan');
+
+plan tests => 1;
+
+my $fips = bldtop_dir('providers', platform->dso('fips'));
+
+ok(run(test(['moduleloadtest', $fips, 'OSSL_provider_init'])),
+   "trying to load $fips in its own");