X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=test%2Fenginetest.c;h=9957f59dc3d6cbcaeba127155e437726c239b140;hb=0dc7c8e8314f27ac093b2d7bc8f13d0dfd302bdb;hp=d50e41818dc2ed5db7636e6edc62294c5765e80e;hpb=8fe3127cda7ee89e169184eeeaaca5eebcf8664e;p=openssl.git diff --git a/test/enginetest.c b/test/enginetest.c index d50e41818d..9957f59dc3 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -1,7 +1,7 @@ /* * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,20 +9,17 @@ #include #include +#include #include -#ifdef OPENSSL_NO_ENGINE -int main(int argc, char *argv[]) -{ - printf("No ENGINE support\n"); - return (0); -} -#else +# include "testutil.h" + +#ifndef OPENSSL_NO_ENGINE # include # include # include +# include # include -# include "testutil.h" static void display_engine_list(void) { @@ -47,8 +44,9 @@ static void display_engine_list(void) static int test_engines(void) { ENGINE *block[NUMTOADD]; + char *eid[NUMTOADD]; + char *ename[NUMTOADD]; char buf[256]; - const char *id, *name; ENGINE *ptr; int loop; int to_return = 0; @@ -123,8 +121,12 @@ static int test_engines(void) display_engine_list(); /* - * Depending on whether there's any hardware support compiled in, this - * remove may be destined to fail. + * At this point, we should have an empty list, unless some hardware + * support engine got added. However, since we don't allow the config + * file to be loaded and don't otherwise load any built in engines, + * that is unlikely. Still, we check, if for nothing else, then to + * notify that something is a little off (and might mean that |new_h1| + * wasn't unloaded when it should have) */ if ((ptr = ENGINE_get_first()) != NULL) { if (!ENGINE_remove(ptr)) @@ -141,12 +143,12 @@ static int test_engines(void) TEST_info("About to beef up the engine-type list"); for (loop = 0; loop < NUMTOADD; loop++) { sprintf(buf, "id%d", loop); - id = OPENSSL_strdup(buf); + eid[loop] = OPENSSL_strdup(buf); sprintf(buf, "Fake engine type %d", loop); - name = OPENSSL_strdup(buf); + ename[loop] = OPENSSL_strdup(buf); if (!TEST_ptr(block[loop] = ENGINE_new()) - || !TEST_true(ENGINE_set_id(block[loop], id)) - || !TEST_true(ENGINE_set_name(block[loop], name))) + || !TEST_true(ENGINE_set_id(block[loop], eid[loop])) + || !TEST_true(ENGINE_set_name(block[loop], ename[loop]))) goto end; } for (loop = 0; loop < NUMTOADD; loop++) { @@ -165,8 +167,8 @@ static int test_engines(void) ENGINE_free(ptr); } for (loop = 0; loop < NUMTOADD; loop++) { - OPENSSL_free((void *)ENGINE_get_id(block[loop])); - OPENSSL_free((void *)ENGINE_get_name(block[loop])); + OPENSSL_free(eid[loop]); + OPENSSL_free(ename[loop]); } to_return = 1; @@ -180,8 +182,191 @@ static int test_engines(void) return to_return; } -void register_tests(void) +/* Test EVP_PKEY method */ +static EVP_PKEY_METHOD *test_rsa = NULL; + +static int called_encrypt = 0; + +/* Test function to check operation has been redirected */ +static int test_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, size_t tbslen) { - ADD_TEST(test_engines); + called_encrypt = 1; + return 1; +} + +static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **pnids, int nid) +{ + static const int rnid = EVP_PKEY_RSA; + if (pmeth == NULL) { + *pnids = &rnid; + return 1; + } + + if (nid == EVP_PKEY_RSA) { + *pmeth = test_rsa; + return 1; + } + + *pmeth = NULL; + return 0; } + +/* Return a test EVP_PKEY value */ + +static EVP_PKEY *get_test_pkey(void) +{ + static unsigned char n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + static unsigned char e[] = "\x11"; + + RSA *rsa = RSA_new(); + EVP_PKEY *pk = EVP_PKEY_new(); + + if (rsa == NULL || pk == NULL || !EVP_PKEY_assign_RSA(pk, rsa)) { + RSA_free(rsa); + EVP_PKEY_free(pk); + return NULL; + } + + if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n)-1, NULL), + BN_bin2bn(e, sizeof(e)-1, NULL), NULL)) { + EVP_PKEY_free(pk); + return NULL; + } + + return pk; +} + +static int test_redirect(void) +{ + const unsigned char pt[] = "Hello World\n"; + unsigned char *tmp = NULL; + size_t len; + EVP_PKEY_CTX *ctx = NULL; + ENGINE *e = NULL; + EVP_PKEY *pkey = NULL; + + int to_return = 0; + + if (!TEST_ptr(pkey = get_test_pkey())) + goto err; + + len = EVP_PKEY_size(pkey); + if (!TEST_ptr(tmp = OPENSSL_malloc(len))) + goto err; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto err; + TEST_info("EVP_PKEY_encrypt test: no redirection"); + /* Encrypt some data: should succeed but not be redirected */ + if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) + goto err; + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Create a test ENGINE */ + if (!TEST_ptr(e = ENGINE_new()) + || !TEST_true(ENGINE_set_id(e, "Test redirect engine")) + || !TEST_true(ENGINE_set_name(e, "Test redirect engine"))) + goto err; + + /* + * Try to create a context for this engine and test key. + * Try setting test key engine. Both should fail because the + * engine has no public key methods. + */ + if (!TEST_ptr_null(ctx = EVP_PKEY_CTX_new(pkey, e)) + || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0)) + goto err; + + /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */ + if (!TEST_ptr(test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0))) + goto err; + ENGINE_set_pkey_meths(e, test_pkey_meths); + + /* Getting a context for test ENGINE should now succeed */ + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e))) + goto err; + /* Encrypt should fail because operation is not supported */ + if (!TEST_int_le(EVP_PKEY_encrypt_init(ctx), 0)) + goto err; + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Add test encrypt operation to method */ + EVP_PKEY_meth_set_encrypt(test_rsa, 0, test_encrypt); + + TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e))) + goto err; + /* Encrypt some data: should succeed and be redirected */ + if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) + goto err; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + called_encrypt = 0; + + /* Create context with default engine: should not be redirected */ + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) + goto err; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Set engine explicitly for test key */ + if (!TEST_true(EVP_PKEY_set1_engine(pkey, e))) + goto err; + + TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()"); + + /* Create context with default engine: should be redirected now */ + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) + goto err; + + to_return = 1; + + err: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + ENGINE_free(e); + OPENSSL_free(tmp); + return to_return; +} +#endif + +int global_init(void) +{ + /* + * If the config file gets loaded, the dynamic engine will be loaded, + * and that interferes with our test above. + */ + return OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); +} + +int setup_tests(void) +{ +#ifdef OPENSSL_NO_ENGINE + TEST_note("No ENGINE support"); +#else + ADD_TEST(test_engines); + ADD_TEST(test_redirect); #endif + return 1; +}