Run ssl_test_new with a non-default library context
authorMatt Caswell <matt@openssl.org>
Fri, 3 Apr 2020 14:40:00 +0000 (15:40 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 20 Apr 2020 10:25:56 +0000 (11:25 +0100)
We also prepare the way for a future commit to run ssl_test_new with
just the FIPS provider loaded.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)

test/recipes/80-test_ssl_new.t
test/ssl_test.c

index 3b1857c..5ee8725 100644 (file)
@@ -145,7 +145,8 @@ sub test_conf {
       skip "No tests available; skipping tests", 1 if $skip;
       skip "Stale sources; skipping tests", 1 if !$run_test;
 
-      ok(run(test(["ssl_test", $output_file])), "running ssl_test $conf");
+      ok(run(test(["ssl_test", $output_file, "default"])),
+         "running ssl_test $conf");
     }
 }
 
index e6ce9a6..6715cd6 100644 (file)
 #include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include <openssl/provider.h>
 
 #include "handshake_helper.h"
 #include "ssl_test_ctx.h"
 #include "testutil.h"
 
 static CONF *conf = NULL;
+static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
+static OPENSSL_CTX *libctx = NULL;
 
 /* Currently the section names are of the form test-<number>, e.g. test-15. */
 #define MAX_TESTCASE_NAME_LENGTH 100
@@ -405,22 +408,26 @@ static int test_handshake(int idx)
 
 #ifndef OPENSSL_NO_DTLS
     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
-        server_ctx = SSL_CTX_new(DTLS_server_method());
+        server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_server_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
             goto err;
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
+            if (!TEST_ptr(server2_ctx =
+                            SSL_CTX_new_with_libctx(libctx, NULL,
+                                                    DTLS_server_method())))
                 goto err;
         }
-        client_ctx = SSL_CTX_new(DTLS_client_method());
+        client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_client_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
             goto err;
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-            resume_server_ctx = SSL_CTX_new(DTLS_server_method());
+            resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
+                                                        DTLS_server_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
                 goto err;
-            resume_client_ctx = SSL_CTX_new(DTLS_client_method());
+            resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
+                                                        DTLS_client_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
                 goto err;
             if (!TEST_ptr(resume_server_ctx)
@@ -430,26 +437,30 @@ static int test_handshake(int idx)
     }
 #endif
     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
-        server_ctx = SSL_CTX_new(TLS_server_method());
+        server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
             goto err;
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
+            if (!TEST_ptr(server2_ctx =
+                            SSL_CTX_new_with_libctx(libctx, NULL,
+                                                    TLS_server_method())))
                 goto err;
             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0)))
                 goto err;
         }
-        client_ctx = SSL_CTX_new(TLS_client_method());
+        client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
             goto err;
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-            resume_server_ctx = SSL_CTX_new(TLS_server_method());
+            resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
+                                                        TLS_server_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
                 goto err;
-            resume_client_ctx = SSL_CTX_new(TLS_client_method());
+            resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
+                                                        TLS_client_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
                 goto err;
             if (!TEST_ptr(resume_server_ctx)
@@ -505,6 +516,7 @@ OPT_TEST_DECLARE_USAGE("conf_file\n")
 int setup_tests(void)
 {
     long num_tests;
+    const char *modulename;
 
     if (!test_skip_common_options()) {
         TEST_error("Error parsing test options\n");
@@ -518,6 +530,18 @@ int setup_tests(void)
                                                &num_tests), 0))
         return 0;
 
+    if (!TEST_ptr(modulename = test_get_argument(1)))
+        return 0;
+
+    defctxnull = OSSL_PROVIDER_load(NULL, "null");
+    libctx = OPENSSL_CTX_new();
+    if (!TEST_ptr(libctx))
+        return 0;
+
+    thisprov = OSSL_PROVIDER_load(libctx, modulename);
+    if (!TEST_ptr(thisprov))
+        return 0;
+
     ADD_ALL_TESTS(test_handshake, (int)num_tests);
     return 1;
 }
@@ -525,4 +549,7 @@ int setup_tests(void)
 void cleanup_tests(void)
 {
     NCONF_free(conf);
+    OSSL_PROVIDER_unload(defctxnull);
+    OSSL_PROVIDER_unload(thisprov);
+    OPENSSL_CTX_free(libctx);
 }