/*
- * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# define OSSL_TESTUTIL_H
# include <stdarg.h>
+# include "internal/common.h" /* for HAS_PREFIX */
# include <openssl/provider.h>
# include <openssl/err.h>
# include <openssl/e_os2.h>
# include <openssl/bn.h>
+# include <openssl/x509.h>
# include "opt.h"
/*-
* the test system.
*
* Tests that need to use opt_next() need to specify
- * (1) test_get_options() containing an options[] (Which should include either
- * OPT_TEST_OPTIONS_DEFAULT_USAGE OR
- * OPT_TEST_OPTIONS_WITH_EXTRA_USAGE).
+ * (1) test_get_options() containing an options[] which should include either
+ * OPT_TEST_OPTIONS_DEFAULT_USAGE or
+ * OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(...).
* (2) An enum outside the test_get_options() which contains OPT_TEST_ENUM, as
* well as the additional options that need to be handled.
* (3) case OPT_TEST_CASES: break; inside the opt_next() handling code.
*/
int test_skip_common_options(void);
-int test_get_libctx(OSSL_LIB_CTX **libctx,
- OSSL_PROVIDER **default_null_provider,
+/*
+ * Get a library context for the tests, populated with the specified provider
+ * and configuration. If default_null_prov is not NULL, a "null" provider is
+ * loaded into the default library context to prevent it being used.
+ * If libctx is NULL, the specified provider is loaded into the default library
+ * context.
+ */
+int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
+ const char *config_file,
+ OSSL_PROVIDER **provider, const char *module_name);
+int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
OSSL_PROVIDER **provider, int argn, const char *usage);
/*
int global_init(void);
int setup_tests(void);
void cleanup_tests(void);
+
+/*
+ * Helper functions to detect specific versions of the FIPS provider being in use.
+ * Because of FIPS rules, code changes after a module has been validated are
+ * difficult and because we provide a hard guarantee of ABI and behavioural
+ * stability going forwards, it is a requirement to have tests be conditional
+ * on specific FIPS provider versions. Without this, bug fixes cannot be tested
+ * in later releases.
+ *
+ * The reason for not including e.g. a less than test is to help avoid any
+ * temptation to use FIPS provider version numbers that don't exist. Until the
+ * `new' provider is validated, its version isn't set in stone. Thus a change
+ * in test behaviour must depend on already validated module versions only.
+ *
+ * In all cases, the function returns true if:
+ * 1. the FIPS provider version matches the criteria specified or
+ * 2. the FIPS provider isn't being used.
+ */
+int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch);
+
+/*
+ * This function matches fips provider version with (potentially multiple)
+ * <operator>maj.min.patch version strings in versions.
+ * The operator can be one of = ! <= or > comparison symbols.
+ * If the fips provider matches all the version comparisons (or if there is no
+ * fips provider available) the function returns 1.
+ * If the fips provider does not match the version comparisons, it returns 0.
+ * On error the function returns -1.
+ */
+int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions);
+
/*
* Used to supply test specific command line options,
* If non optional parameters are used, then the first entry in the OPTIONS[]
* should contain:
- * { OPT_HELP_STR, 1, '-', "list of non optional commandline params\n"},
+ * { OPT_HELP_STR, 1, '-', "<list of non-optional commandline params>\n"},
* The last entry should always be { NULL }.
*
* Run the test locally using './test/test_name -help' to check the usage.
*/
# define PRINTF_FORMAT(a, b)
-# if defined(__GNUC__) && defined(__STDC_VERSION__)
+# if defined(__GNUC__) && defined(__STDC_VERSION__) \
+ && !defined(__MINGW32__) && !defined(__MINGW64__) \
+ && !defined(__APPLE__)
/*
* Because we support the 'z' modifier, which made its appearance in C99,
* we can't use __attribute__ with pre C99 dialects.
DECLARE_COMPARISONS(unsigned char, uchar)
DECLARE_COMPARISONS(long, long)
DECLARE_COMPARISONS(unsigned long, ulong)
+DECLARE_COMPARISONS(int64_t, int64_t)
+DECLARE_COMPARISONS(uint64_t, uint64_t)
DECLARE_COMPARISONS(double, double)
DECLARE_COMPARISONS(time_t, time_t)
# define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_eq(a, b) test_int64_t_eq(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_ne(a, b) test_int64_t_ne(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_lt(a, b) test_int64_t_lt(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_le(a, b) test_int64_t_le(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_gt(a, b) test_int64_t_gt(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_int64_t_ge(a, b) test_int64_t_ge(__FILE__, __LINE__, #a, #b, a, b)
+
+# define TEST_uint64_t_eq(a, b) test_uint64_t_eq(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_uint64_t_ne(a, b) test_uint64_t_ne(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_uint64_t_lt(a, b) test_uint64_t_lt(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_uint64_t_le(a, b) test_uint64_t_le(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_uint64_t_gt(a, b) test_uint64_t_gt(__FILE__, __LINE__, #a, #b, a, b)
+# define TEST_uint64_t_ge(a, b) test_uint64_t_ge(__FILE__, __LINE__, #a, #b, a, b)
+
# define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b)
uint32_t test_random(void);
void test_random_seed(uint32_t sd);
+/* Fake non-secure random number generator */
+typedef int fake_random_generate_cb(unsigned char *out, size_t outlen,
+ const char *name, EVP_RAND_CTX *ctx);
+
+OSSL_PROVIDER *fake_rand_start(OSSL_LIB_CTX *libctx);
+void fake_rand_finish(OSSL_PROVIDER *p);
+void fake_rand_set_callback(EVP_RAND_CTX *ctx,
+ int (*cb)(unsigned char *out, size_t outlen,
+ const char *name, EVP_RAND_CTX *ctx));
+void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx,
+ fake_random_generate_cb *cb);
+
/* Create a file path from a directory and a filename */
char *test_mk_file_path(const char *dir, const char *file);
+EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx);
+X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx);
+X509 *load_cert_der(const unsigned char *bytes, int len);
+STACK_OF(X509) *load_certs_pem(const char *file);
+X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx);
+
#endif /* OSSL_TESTUTIL_H */