2 * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/pem.h>
11 #include <openssl/evp.h>
14 static OSSL_LIB_CTX *libctx = NULL;
15 static OSSL_PROVIDER *nullprov = NULL;
16 static OSSL_PROVIDER *libprov = NULL;
17 static const char *filename = NULL;
18 static pem_password_cb passcb;
20 typedef enum OPTION_choice {
28 const OPTIONS *test_get_options(void)
30 static const OPTIONS test_options[] = {
31 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
32 { "config", OPT_CONFIG_FILE, '<',
33 "The configuration file to use for the libctx" },
34 { "provider", OPT_PROVIDER_NAME, 's',
35 "The provider to load (The default value is 'default')" },
36 { OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
42 static int passcb(char *buf, int size, int rwflag, void *userdata)
48 static int test_decode_nonfipsalg(void)
51 EVP_PKEY *privkey = NULL;
55 * Apply the "fips=true" property to all fetches for the libctx.
56 * We do this to test that we are using the propq override
58 EVP_default_properties_enable_fips(libctx, 1);
60 if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
64 * If NULL is passed as the propq here it uses the global property "fips=true",
65 * Which we expect to fail if the decode uses a non FIPS algorithm
67 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
71 * Pass if we override the libctx global prop query to optionally use fips=true
72 * This assumes that the libctx contains the default provider
74 if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
80 EVP_PKEY_free(privkey);
86 const char *prov_name = "default";
87 char *config_file = NULL;
90 while ((o = opt_next()) != OPT_EOF) {
92 case OPT_PROVIDER_NAME:
93 prov_name = opt_arg();
96 config_file = opt_arg();
106 filename = test_get_argument(0);
107 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
110 ADD_TEST(test_decode_nonfipsalg);
114 void cleanup_tests(void)
116 OSSL_PROVIDER_unload(libprov);
117 OSSL_LIB_CTX_free(libctx);
118 OSSL_PROVIDER_unload(nullprov);