From: Matt Caswell <matt@openssl.org>
Date: Thu, 14 May 2020 10:33:01 +0000 (+0100)
Subject: Add a test for fetching EVP_PKEY style algs without a provider
X-Git-Tag: openssl-3.0.0-alpha3~25
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=5ddec6a7d3206c61209a016db4227b847dcaad27;ds=sidebyside

Add a test for fetching EVP_PKEY style algs without a provider

Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
---

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 53d2f3afdb..2ab4be89a3 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1625,6 +1625,47 @@ static int test_keygen_with_empty_template(int n)
     return ret;
 }
 
+/*
+ * Test that we fail if we attempt to use an algorithm that is not available
+ * in the current library context (unless we are using an algorithm that should
+ * be made available via legacy codepaths).
+ */
+static int test_pkey_ctx_fail_without_provider(int tst)
+{
+    OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
+    OSSL_PROVIDER *nullprov = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    int ret = 0;
+
+    if (!TEST_ptr(tmpctx))
+        goto err;
+
+    nullprov = OSSL_PROVIDER_load(tmpctx, "null");
+    if (!TEST_ptr(nullprov))
+        goto err;
+
+    pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", "");
+
+    /* RSA is not available via any provider so we expect this to fail */
+    if (tst == 0 && !TEST_ptr_null(pctx))
+        goto err;
+
+    /*
+     * HMAC is always available because it is implemented via legacy codepaths
+     * and not in a provider at all. We expect this to pass.
+     */
+    if (tst == 1 && !TEST_ptr(pctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    OSSL_PROVIDER_unload(nullprov);
+    OPENSSL_CTX_free(tmpctx);
+    return ret;
+}
+
 int setup_tests(void)
 {
     testctx = OPENSSL_CTX_new();
@@ -1673,6 +1714,7 @@ int setup_tests(void)
     ADD_TEST(test_EVP_PKEY_set1_DH);
 #endif
     ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
+    ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
 
     return 1;
 }