1 /*
2 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stddef.h>
11 #include <string.h>
12 #include <openssl/provider.h>
13 #include <openssl/params.h>
14 #include <openssl/core_names.h>
15 #include <openssl/evp.h>
16 #include "testutil.h"
17 #include "fake_rsaprov.h"
18
19 static OSSL_LIB_CTX *libctx = NULL;
20
21 /* Fetch SIGNATURE method using a libctx and propq */
fetch_sig(OSSL_LIB_CTX * ctx,const char * alg,const char * propq,OSSL_PROVIDER * expected_prov)22 static int fetch_sig(OSSL_LIB_CTX *ctx, const char *alg, const char *propq,
23 OSSL_PROVIDER *expected_prov)
24 {
25 OSSL_PROVIDER *prov;
26 EVP_SIGNATURE *sig = EVP_SIGNATURE_fetch(ctx, "RSA", propq);
27 int ret = 0;
28
29 if (!TEST_ptr(sig))
30 return 0;
31
32 if (!TEST_ptr(prov = EVP_SIGNATURE_get0_provider(sig)))
33 goto end;
34
35 if (!TEST_ptr_eq(prov, expected_prov)) {
36 TEST_info("Fetched provider: %s, Expected provider: %s",
37 OSSL_PROVIDER_get0_name(prov),
38 OSSL_PROVIDER_get0_name(expected_prov));
39 goto end;
40 }
41
42 ret = 1;
43 end:
44 EVP_SIGNATURE_free(sig);
45 return ret;
46 }
47
48
test_pkey_sig(void)49 static int test_pkey_sig(void)
50 {
51 OSSL_PROVIDER *deflt = NULL;
52 OSSL_PROVIDER *fake_rsa = NULL;
53 int i, ret = 0;
54 EVP_PKEY *pkey = NULL;
55 EVP_PKEY_CTX *ctx = NULL;
56
57 if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
58 return 0;
59
60 if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
61 goto end;
62
63 /* Do a direct fetch to see it works */
64 if (!TEST_true(fetch_sig(libctx, "RSA", "provider=fake-rsa", fake_rsa))
65 || !TEST_true(fetch_sig(libctx, "RSA", "?provider=fake-rsa", fake_rsa)))
66 goto end;
67
68 /* Construct a pkey using precise propq to use our provider */
69 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
70 "provider=fake-rsa"))
71 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
72 || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
73 || !TEST_ptr(pkey))
74 goto end;
75
76 EVP_PKEY_CTX_free(ctx);
77 ctx = NULL;
78
79 /* try exercising signature_init ops a few times */
80 for (i = 0; i < 3; i++) {
81 size_t siglen;
82
83 /*
84 * Create a signing context for our pkey with optional propq.
85 * The sign init should pick both keymgmt and signature from
86 * fake-rsa as the key is not exportable.
87 */
88 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey,
89 "?provider=default")))
90 goto end;
91
92 /*
93 * If this picks the wrong signature without realizing it
94 * we can get a segfault or some internal error. At least watch
95 * whether fake-rsa sign_init is is exercised by calling sign.
96 */
97 if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1))
98 goto end;
99
100 if (!TEST_int_eq(EVP_PKEY_sign(ctx, NULL, &siglen, NULL, 0), 1)
101 || !TEST_size_t_eq(siglen, 256))
102 goto end;
103
104 EVP_PKEY_CTX_free(ctx);
105 ctx = NULL;
106 }
107
108 ret = 1;
109
110 end:
111 fake_rsa_finish(fake_rsa);
112 OSSL_PROVIDER_unload(deflt);
113 EVP_PKEY_CTX_free(ctx);
114 EVP_PKEY_free(pkey);
115 return ret;
116 }
117
setup_tests(void)118 int setup_tests(void)
119 {
120 libctx = OSSL_LIB_CTX_new();
121 if (libctx == NULL)
122 return 0;
123
124 ADD_TEST(test_pkey_sig);
125
126 return 1;
127 }
128
cleanup_tests(void)129 void cleanup_tests(void)
130 {
131 OSSL_LIB_CTX_free(libctx);
132 }
133