mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 03:54:14 +08:00
Fix decoders so that they use the passed in propq.
Fixes #21198 decoder objects were setting propq as NULL. Added a set_ctx/settable_ctx to all decoders that should supply a property query parameter to internal functions. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21219)
This commit is contained in:
parent
a25715be77
commit
39ed7636e0
@ -745,6 +745,10 @@ OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
|
||||
OSSL_LIB_CTX *libctx, const char *propquery)
|
||||
{
|
||||
OSSL_DECODER_CTX *ctx = NULL;
|
||||
OSSL_PARAM decoder_params[] = {
|
||||
OSSL_PARAM_END,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
DECODER_CACHE *cache
|
||||
= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_CACHE_INDEX);
|
||||
DECODER_CACHE_ENTRY cacheent, *res, *newcache = NULL;
|
||||
@ -753,6 +757,9 @@ OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
|
||||
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
||||
return NULL;
|
||||
}
|
||||
if (propquery != NULL)
|
||||
decoder_params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DECODER_PARAM_PROPERTIES,
|
||||
(char *)propquery, 0);
|
||||
|
||||
/* It is safe to cast away the const here */
|
||||
cacheent.input_type = (char *)input_type;
|
||||
@ -794,7 +801,9 @@ OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
|
||||
&& OSSL_DECODER_CTX_set_input_structure(ctx, input_structure)
|
||||
&& OSSL_DECODER_CTX_set_selection(ctx, selection)
|
||||
&& ossl_decoder_ctx_setup_for_pkey(ctx, keytype, libctx, propquery)
|
||||
&& OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)) {
|
||||
&& OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)
|
||||
&& (propquery == NULL
|
||||
|| OSSL_DECODER_CTX_set_params(ctx, decoder_params))) {
|
||||
OSSL_TRACE_BEGIN(DECODER) {
|
||||
BIO_printf(trc_out, "(ctx %p) Got %d decoders\n",
|
||||
(void *)ctx, OSSL_DECODER_CTX_get_num_decoders(ctx));
|
||||
|
@ -66,7 +66,8 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
|
||||
} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
|
||||
|
||||
X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
|
||||
long len, OSSL_LIB_CTX *libctx)
|
||||
long len, OSSL_LIB_CTX *libctx,
|
||||
const char *propq)
|
||||
{
|
||||
X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
|
||||
|
||||
@ -74,7 +75,7 @@ X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
|
||||
return NULL;
|
||||
return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len,
|
||||
ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL),
|
||||
libctx, NULL);
|
||||
libctx, propq);
|
||||
}
|
||||
|
||||
void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub)
|
||||
|
@ -336,7 +336,8 @@ int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
|
||||
ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey);
|
||||
|
||||
X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
|
||||
long len, OSSL_LIB_CTX *libctx);
|
||||
long len, OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub);
|
||||
|
||||
RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length);
|
||||
|
@ -89,6 +89,7 @@ struct keytype_desc_st {
|
||||
*/
|
||||
struct der2key_ctx_st {
|
||||
PROV_CTX *provctx;
|
||||
char propq[OSSL_MAX_PROPQUERY_SIZE];
|
||||
const struct keytype_desc_st *desc;
|
||||
/* The selection that is passed to der2key_decode() */
|
||||
int selection;
|
||||
@ -109,7 +110,7 @@ static void *der2key_decode_p8(const unsigned char **input_der,
|
||||
if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
|
||||
&& PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
|
||||
&& OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
|
||||
key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
|
||||
key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
|
||||
return key;
|
||||
@ -120,6 +121,8 @@ static void *der2key_decode_p8(const unsigned char **input_der,
|
||||
static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
|
||||
static OSSL_FUNC_decoder_decode_fn der2key_decode;
|
||||
static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
|
||||
static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params;
|
||||
static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params;
|
||||
|
||||
static struct der2key_ctx_st *
|
||||
der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
|
||||
@ -133,6 +136,28 @@ der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
|
||||
return ctx;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx)
|
||||
{
|
||||
static const OSSL_PARAM settables[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return settables;
|
||||
}
|
||||
|
||||
static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
{
|
||||
struct der2key_ctx_st *ctx = vctx;
|
||||
const OSSL_PARAM *p;
|
||||
char *str = ctx->propq;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
|
||||
if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void der2key_freectx(void *vctx)
|
||||
{
|
||||
struct der2key_ctx_st *ctx = vctx;
|
||||
@ -755,6 +780,10 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
|
||||
(void (*)(void))der2key_decode }, \
|
||||
{ OSSL_FUNC_DECODER_EXPORT_OBJECT, \
|
||||
(void (*)(void))der2key_export_object }, \
|
||||
{ OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))der2key_settable_ctx_params }, \
|
||||
{ OSSL_FUNC_DECODER_SET_CTX_PARAMS, \
|
||||
(void (*)(void))der2key_set_ctx_params }, \
|
||||
OSSL_DISPATCH_END \
|
||||
}
|
||||
|
||||
|
@ -26,12 +26,15 @@
|
||||
static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
|
||||
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
|
||||
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
|
||||
static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
|
||||
static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;
|
||||
|
||||
/*
|
||||
* Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
|
||||
*/
|
||||
struct epki2pki_ctx_st {
|
||||
PROV_CTX *provctx;
|
||||
char propq[OSSL_MAX_PROPQUERY_SIZE];
|
||||
};
|
||||
|
||||
static void *epki2pki_newctx(void *provctx)
|
||||
@ -50,6 +53,28 @@ static void epki2pki_freectx(void *vctx)
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)
|
||||
{
|
||||
static const OSSL_PARAM settables[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return settables;
|
||||
}
|
||||
|
||||
static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
{
|
||||
struct epki2pki_ctx_st *ctx = vctx;
|
||||
const OSSL_PARAM *p;
|
||||
char *str = ctx->propq;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
|
||||
if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* The selection parameter in epki2pki_decode() is not used by this function
|
||||
* because it's not relevant just to decode EncryptedPrivateKeyInfo to
|
||||
@ -104,7 +129,8 @@ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
|
||||
if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
|
||||
oct->data, oct->length,
|
||||
&new_der, &new_der_len, 0,
|
||||
PROV_LIBCTX_OF(ctx->provctx), NULL)) {
|
||||
PROV_LIBCTX_OF(ctx->provctx),
|
||||
ctx->propq)) {
|
||||
ok = 0;
|
||||
} else {
|
||||
OPENSSL_free(der);
|
||||
@ -154,5 +180,9 @@ const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[]
|
||||
{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
|
||||
{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
|
||||
{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
|
||||
{ OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))epki2pki_settable_ctx_params },
|
||||
{ OSSL_FUNC_DECODER_SET_CTX_PARAMS,
|
||||
(void (*)(void))epki2pki_set_ctx_params },
|
||||
OSSL_DISPATCH_END
|
||||
};
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include <openssl/pem.h> /* For public PVK functions */
|
||||
#include <openssl/x509.h>
|
||||
#include "internal/passphrase.h"
|
||||
#include "internal/sizes.h"
|
||||
#include "crypto/pem.h" /* For internal PVK and "blob" headers */
|
||||
#include "crypto/rsa.h"
|
||||
#include "prov/bio.h"
|
||||
@ -49,12 +50,15 @@ struct keytype_desc_st {
|
||||
static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx;
|
||||
static OSSL_FUNC_decoder_decode_fn pvk2key_decode;
|
||||
static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object;
|
||||
static OSSL_FUNC_decoder_settable_ctx_params_fn pvk2key_settable_ctx_params;
|
||||
static OSSL_FUNC_decoder_set_ctx_params_fn pvk2key_set_ctx_params;
|
||||
|
||||
/*
|
||||
* Context used for DER to key decoding.
|
||||
*/
|
||||
struct pvk2key_ctx_st {
|
||||
PROV_CTX *provctx;
|
||||
char propq[OSSL_MAX_PROPQUERY_SIZE];
|
||||
const struct keytype_desc_st *desc;
|
||||
/* The selection that is passed to der2key_decode() */
|
||||
int selection;
|
||||
@ -79,6 +83,28 @@ static void pvk2key_freectx(void *vctx)
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *pvk2key_settable_ctx_params(ossl_unused void *provctx)
|
||||
{
|
||||
static const OSSL_PARAM settables[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
|
||||
OSSL_PARAM_END,
|
||||
};
|
||||
return settables;
|
||||
}
|
||||
|
||||
static int pvk2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
{
|
||||
struct pvk2key_ctx_st *ctx = vctx;
|
||||
const OSSL_PARAM *p;
|
||||
char *str = ctx->propq;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
|
||||
if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int pvk2key_does_selection(void *provctx, int selection)
|
||||
{
|
||||
if (selection == 0)
|
||||
@ -115,7 +141,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
|
||||
goto end;
|
||||
|
||||
key = ctx->desc->read_private_key(in, ossl_pw_pvk_password, &pwdata,
|
||||
PROV_LIBCTX_OF(ctx->provctx), NULL);
|
||||
PROV_LIBCTX_OF(ctx->provctx),
|
||||
ctx->propq);
|
||||
|
||||
/*
|
||||
* Because the PVK API doesn't have a separate decrypt call, we need
|
||||
@ -247,6 +274,10 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
|
||||
(void (*)(void))pvk2key_decode }, \
|
||||
{ OSSL_FUNC_DECODER_EXPORT_OBJECT, \
|
||||
(void (*)(void))pvk2key_export_object }, \
|
||||
{ OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))pvk2key_settable_ctx_params }, \
|
||||
{ OSSL_FUNC_DECODER_SET_CTX_PARAMS, \
|
||||
(void (*)(void))pvk2key_set_ctx_params }, \
|
||||
OSSL_DISPATCH_END \
|
||||
}
|
||||
|
||||
|
@ -23,6 +23,8 @@
|
||||
static OSSL_FUNC_decoder_newctx_fn spki2typespki_newctx;
|
||||
static OSSL_FUNC_decoder_freectx_fn spki2typespki_freectx;
|
||||
static OSSL_FUNC_decoder_decode_fn spki2typespki_decode;
|
||||
static OSSL_FUNC_decoder_settable_ctx_params_fn spki2typespki_settable_ctx_params;
|
||||
static OSSL_FUNC_decoder_set_ctx_params_fn spki2typespki_set_ctx_params;
|
||||
|
||||
/*
|
||||
* Context used for SubjectPublicKeyInfo to Type specific SubjectPublicKeyInfo
|
||||
@ -30,6 +32,7 @@ static OSSL_FUNC_decoder_decode_fn spki2typespki_decode;
|
||||
*/
|
||||
struct spki2typespki_ctx_st {
|
||||
PROV_CTX *provctx;
|
||||
char propq[OSSL_MAX_PROPQUERY_SIZE];
|
||||
};
|
||||
|
||||
static void *spki2typespki_newctx(void *provctx)
|
||||
@ -48,6 +51,28 @@ static void spki2typespki_freectx(void *vctx)
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *spki2typespki_settable_ctx_params(ossl_unused void *provctx)
|
||||
{
|
||||
static const OSSL_PARAM settables[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return settables;
|
||||
}
|
||||
|
||||
static int spki2typespki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
{
|
||||
struct spki2typespki_ctx_st *ctx = vctx;
|
||||
const OSSL_PARAM *p;
|
||||
char *str = ctx->propq;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
|
||||
if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
|
||||
OSSL_CALLBACK *data_cb, void *data_cbarg,
|
||||
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
|
||||
@ -67,8 +92,8 @@ static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
|
||||
return 1;
|
||||
derp = der;
|
||||
xpub = ossl_d2i_X509_PUBKEY_INTERNAL((const unsigned char **)&derp, len,
|
||||
PROV_LIBCTX_OF(ctx->provctx));
|
||||
|
||||
PROV_LIBCTX_OF(ctx->provctx),
|
||||
ctx->propq);
|
||||
|
||||
if (xpub == NULL) {
|
||||
/* We return "empty handed". This is not an error. */
|
||||
@ -120,5 +145,9 @@ const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_der_decoder_functions[] = {
|
||||
{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))spki2typespki_newctx },
|
||||
{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))spki2typespki_freectx },
|
||||
{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))spki2typespki_decode },
|
||||
{ OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))spki2typespki_settable_ctx_params },
|
||||
{ OSSL_FUNC_DECODER_SET_CTX_PARAMS,
|
||||
(void (*)(void))spki2typespki_set_ctx_params },
|
||||
OSSL_DISPATCH_END
|
||||
};
|
||||
|
@ -1071,6 +1071,11 @@ IF[{- !$disabled{tests} -}]
|
||||
DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
|
||||
ENDIF
|
||||
|
||||
PROGRAMS{noinst}=decoder_propq_test
|
||||
SOURCE[decoder_propq_test]=decoder_propq_test.c
|
||||
INCLUDE[decoder_propq_test]=.. ../include ../apps/include
|
||||
DEPEND[decoder_propq_test]=../libcrypto.a libtestutil.a
|
||||
|
||||
PROGRAMS{noinst}=namemap_internal_test
|
||||
SOURCE[namemap_internal_test]=namemap_internal_test.c
|
||||
INCLUDE[namemap_internal_test]=.. ../include ../apps/include
|
||||
|
119
test/decoder_propq_test.c
Normal file
119
test/decoder_propq_test.c
Normal file
@ -0,0 +1,119 @@
|
||||
/*
|
||||
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "testutil.h"
|
||||
|
||||
static OSSL_LIB_CTX *libctx = NULL;
|
||||
static OSSL_PROVIDER *nullprov = NULL;
|
||||
static OSSL_PROVIDER *libprov = NULL;
|
||||
static const char *filename = NULL;
|
||||
static pem_password_cb passcb;
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1,
|
||||
OPT_EOF = 0,
|
||||
OPT_CONFIG_FILE,
|
||||
OPT_PROVIDER_NAME,
|
||||
OPT_TEST_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS *test_get_options(void)
|
||||
{
|
||||
static const OPTIONS test_options[] = {
|
||||
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file\n"),
|
||||
{ "config", OPT_CONFIG_FILE, '<',
|
||||
"The configuration file to use for the libctx" },
|
||||
{ "provider", OPT_PROVIDER_NAME, 's',
|
||||
"The provider to load (The default value is 'default')" },
|
||||
{ OPT_HELP_STR, 1, '-', "file\tFile to decode.\n" },
|
||||
{ NULL }
|
||||
};
|
||||
return test_options;
|
||||
}
|
||||
|
||||
static int passcb(char *buf, int size, int rwflag, void *userdata)
|
||||
{
|
||||
strcpy(buf, "pass");
|
||||
return strlen(buf);
|
||||
}
|
||||
|
||||
static int test_decode_nonfipsalg(void)
|
||||
{
|
||||
int ret = 0;
|
||||
EVP_PKEY *privkey = NULL;
|
||||
BIO *bio = NULL;
|
||||
|
||||
/*
|
||||
* Apply the "fips=true" property to all fetches for the libctx.
|
||||
* We do this to test that we are using the propq override
|
||||
*/
|
||||
EVP_default_properties_enable_fips(libctx, 1);
|
||||
|
||||
if (!TEST_ptr(bio = BIO_new_file(filename, "r")))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* If NULL is passed as the propq here it uses the global property "fips=true",
|
||||
* Which we expect to fail if the decode uses a non FIPS algorithm
|
||||
*/
|
||||
if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, NULL)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* Pass if we override the libctx global prop query to optionally use fips=true
|
||||
* This assumes that the libctx contains the default provider
|
||||
*/
|
||||
if (!TEST_ptr_null(PEM_read_bio_PrivateKey_ex(bio, &privkey, &passcb, NULL, libctx, "?fips=true")))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
BIO_free(bio);
|
||||
EVP_PKEY_free(privkey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
const char *prov_name = "default";
|
||||
char *config_file = NULL;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_PROVIDER_NAME:
|
||||
prov_name = opt_arg();
|
||||
break;
|
||||
case OPT_CONFIG_FILE:
|
||||
config_file = opt_arg();
|
||||
break;
|
||||
case OPT_TEST_CASES:
|
||||
break;
|
||||
default:
|
||||
case OPT_ERR:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
filename = test_get_argument(0);
|
||||
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
|
||||
return 0;
|
||||
|
||||
ADD_TEST(test_decode_nonfipsalg);
|
||||
return 1;
|
||||
}
|
||||
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
OSSL_PROVIDER_unload(libprov);
|
||||
OSSL_LIB_CTX_free(libctx);
|
||||
OSSL_PROVIDER_unload(nullprov);
|
||||
}
|
@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
|
||||
my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem");
|
||||
|
||||
plan tests => ($no_fips ? 0 : 1) + 2; # FIPS install test + test
|
||||
plan tests => ($no_fips ? 0 : 3) + 2; # FIPS install test + test
|
||||
|
||||
my $conf = srctop_file("test", "default.cnf");
|
||||
ok(run(test(["endecode_test", "-rsa", $rsa_key,
|
||||
@ -47,5 +47,16 @@ unless ($no_fips) {
|
||||
"-pss", $pss_key,
|
||||
"-config", $conf,
|
||||
"-provider", "fips"])));
|
||||
}
|
||||
|
||||
my $no_des = disabled("des");
|
||||
SKIP: {
|
||||
skip "DES disabled", 2 if disabled("des");
|
||||
ok(run(app([ 'openssl', 'genrsa', '-des3', '-out', 'epki.pem',
|
||||
'-passout', 'pass:pass' ])),
|
||||
"rsa encrypt using a non fips algorithm");
|
||||
|
||||
my $conf2 = srctop_file("test", "default-and-fips.cnf");
|
||||
ok(run(test(['decoder_propq_test', '-config', $conf2,
|
||||
'-provider', 'fips', 'epki.pem'])));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user