From 18cb5c31e16ace483e09a3d72d47d675feb898b2 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 11 May 2021 11:44:43 +0100
Subject: [PATCH] Test that properties are mirrored as we expect

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
---
 test/p_test.c                 | 12 ++++++++++++
 test/provider_internal_test.c | 14 +++++++++++++-
 test/provider_test.c          | 19 ++++++++++++++++---
 3 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/test/p_test.c b/test/p_test.c
index 22bf8648fe..d4e187f94a 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -266,6 +266,18 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         p_teardown(ctx);
         return 0;
     }
+    /*
+     * The default provider is loaded - but the default properties should not
+     * allow its use.
+     */
+    {
+        EVP_MD *sha256 = EVP_MD_fetch(ctx->libctx, "SHA2-256", NULL);
+        if (sha256 != NULL) {
+            EVP_MD_free(sha256);
+            p_teardown(ctx);
+            return 0;
+        }
+    }
 #endif
 
     /*
diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c
index 2341dd3dac..6c295451c1 100644
--- a/test/provider_internal_test.c
+++ b/test/provider_internal_test.c
@@ -53,11 +53,23 @@ static int test_builtin_provider(void)
 {
     const char *name = "p_test_builtin";
     OSSL_PROVIDER *prov = NULL;
+    int ret;
 
-    return
+    /*
+     * We set properties that we know the providers we are using don't have.
+     * This should mean that the p_test provider will fail any fetches - which
+     * is something we test inside the provider.
+     */
+    EVP_set_default_properties(NULL, "fips=yes");
+
+    ret =
         TEST_ptr(prov =
                  ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0))
         && test_provider(prov, expected_greeting1(name));
+
+    EVP_set_default_properties(NULL, "");
+
+    return ret;
 }
 
 #ifndef NO_PROVIDER_MODULE
diff --git a/test/provider_test.c b/test/provider_test.c
index 4d8dbaee6f..79a1a375e8 100644
--- a/test/provider_test.c
+++ b/test/provider_test.c
@@ -41,14 +41,27 @@ static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
                  "Hello OpenSSL %.20s, greetings from %s!",
                  OPENSSL_VERSION_STR, name);
 
+
+    /*
+     * We set properties that we know the providers we are using don't have.
+     * This should mean that the p_test provider will fail any fetches - which
+     * is something we test inside the provider.
+     */
+    EVP_set_default_properties(*libctx, "fips=yes");
     /*
-        * Check that it is possible to have a built-in provider mirrored in
-        * a child lib ctx.
-        */
+     * Check that it is possible to have a built-in provider mirrored in
+     * a child lib ctx.
+     */
     if (!TEST_ptr(base = OSSL_PROVIDER_load(*libctx, "base")))
         goto err;
     if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name)))
         goto err;
+
+    /*
+     * Once the provider is loaded we clear the default properties and fetches
+     * should start working again.
+     */
+    EVP_set_default_properties(*libctx, "");
     if (dolegacycheck) {
         if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
                 || !TEST_true(digestsuccess))
-- 
2.34.1