mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
da1c088f59
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
243 lines
7.3 KiB
C
243 lines
7.3 KiB
C
/*
|
|
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "../testutil.h"
|
|
#include <ctype.h>
|
|
#include <openssl/provider.h>
|
|
#include <openssl/core_names.h>
|
|
#include <string.h>
|
|
|
|
int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
|
|
const char *config_file,
|
|
OSSL_PROVIDER **provider, const char *module_name)
|
|
{
|
|
OSSL_LIB_CTX *new_libctx = NULL;
|
|
|
|
if (libctx != NULL) {
|
|
if ((new_libctx = *libctx = OSSL_LIB_CTX_new()) == NULL) {
|
|
opt_printf_stderr("Failed to create libctx\n");
|
|
goto err;
|
|
}
|
|
}
|
|
|
|
if (default_null_prov != NULL
|
|
&& (*default_null_prov = OSSL_PROVIDER_load(NULL, "null")) == NULL) {
|
|
opt_printf_stderr("Failed to load null provider into default libctx\n");
|
|
goto err;
|
|
}
|
|
|
|
if (config_file != NULL
|
|
&& !OSSL_LIB_CTX_load_config(new_libctx, config_file)) {
|
|
opt_printf_stderr("Error loading config from file %s\n", config_file);
|
|
goto err;
|
|
}
|
|
|
|
if (provider != NULL && module_name != NULL
|
|
&& (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) {
|
|
opt_printf_stderr("Failed to load provider %s\n", module_name);
|
|
goto err;
|
|
}
|
|
return 1;
|
|
|
|
err:
|
|
ERR_print_errors_fp(stderr);
|
|
return 0;
|
|
}
|
|
|
|
int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov,
|
|
OSSL_PROVIDER **provider, int argn, const char *usage)
|
|
{
|
|
const char *module_name;
|
|
|
|
if (!TEST_ptr(module_name = test_get_argument(argn))) {
|
|
TEST_error("usage: <prog> %s", usage);
|
|
return 0;
|
|
}
|
|
if (strcmp(module_name, "none") == 0)
|
|
return 1;
|
|
return test_get_libctx(libctx, default_null_prov,
|
|
test_get_argument(argn + 1), provider, module_name);
|
|
}
|
|
|
|
typedef struct {
|
|
int major, minor, patch;
|
|
} FIPS_VERSION;
|
|
|
|
/*
|
|
* Query the FIPS provider to determine it's version number.
|
|
* Returns 1 if the version is retrieved correctly, 0 if the FIPS provider isn't
|
|
* loaded and -1 on error.
|
|
*/
|
|
static int fips_provider_version(OSSL_LIB_CTX *libctx, FIPS_VERSION *vers)
|
|
{
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
OSSL_PROVIDER *fips_prov;
|
|
char *vs;
|
|
|
|
if (!OSSL_PROVIDER_available(libctx, "fips"))
|
|
return 0;
|
|
*params = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vs, 0);
|
|
if ((fips_prov = OSSL_PROVIDER_load(libctx, "fips")) == NULL)
|
|
return -1;
|
|
if (!OSSL_PROVIDER_get_params(fips_prov, params)
|
|
|| sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3)
|
|
goto err;
|
|
if (!OSSL_PROVIDER_unload(fips_prov))
|
|
return -1;
|
|
return 1;
|
|
err:
|
|
OSSL_PROVIDER_unload(fips_prov);
|
|
return -1;
|
|
}
|
|
|
|
int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return major == prov.major && minor == prov.minor && patch == prov.patch;
|
|
}
|
|
|
|
int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return major != prov.major || minor != prov.minor || patch != prov.patch;
|
|
}
|
|
|
|
int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return prov.major < major
|
|
|| (prov.major == major
|
|
&& (prov.minor < minor
|
|
|| (prov.minor == minor && prov.patch <= patch)));
|
|
}
|
|
|
|
int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return prov.major < major
|
|
|| (prov.major == major
|
|
&& (prov.minor < minor
|
|
|| (prov.minor == minor && prov.patch < patch)));
|
|
}
|
|
|
|
int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return prov.major > major
|
|
|| (prov.major == major
|
|
&& (prov.minor > minor
|
|
|| (prov.minor == minor && prov.patch > patch)));
|
|
}
|
|
|
|
int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch)
|
|
{
|
|
FIPS_VERSION prov;
|
|
int res;
|
|
|
|
if ((res = fips_provider_version(libctx, &prov)) <= 0)
|
|
return res == 0;
|
|
return prov.major > major
|
|
|| (prov.major == major
|
|
&& (prov.minor > minor
|
|
|| (prov.minor == minor && prov.patch >= patch)));
|
|
}
|
|
|
|
int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions)
|
|
{
|
|
const char *p;
|
|
int major, minor, patch, r;
|
|
enum {
|
|
MODE_EQ, MODE_NE, MODE_LE, MODE_LT, MODE_GT, MODE_GE
|
|
} mode;
|
|
|
|
while (*versions != '\0') {
|
|
for (; isspace((unsigned char)(*versions)); versions++)
|
|
continue;
|
|
if (*versions == '\0')
|
|
break;
|
|
for (p = versions; *versions != '\0' && !isspace((unsigned char)(*versions)); versions++)
|
|
continue;
|
|
if (*p == '!') {
|
|
mode = MODE_NE;
|
|
p++;
|
|
} else if (*p == '=') {
|
|
mode = MODE_EQ;
|
|
p++;
|
|
} else if (*p == '<' && p[1] == '=') {
|
|
mode = MODE_LE;
|
|
p += 2;
|
|
} else if (*p == '>' && p[1] == '=') {
|
|
mode = MODE_GE;
|
|
p += 2;
|
|
} else if (*p == '<') {
|
|
mode = MODE_LT;
|
|
p++;
|
|
} else if (*p == '>') {
|
|
mode = MODE_GT;
|
|
p++;
|
|
} else if (isdigit((unsigned char)*p)) {
|
|
mode = MODE_EQ;
|
|
} else {
|
|
TEST_info("Error matching FIPS version: mode %s\n", p);
|
|
return -1;
|
|
}
|
|
if (sscanf(p, "%d.%d.%d", &major, &minor, &patch) != 3) {
|
|
TEST_info("Error matching FIPS version: version %s\n", p);
|
|
return -1;
|
|
}
|
|
switch (mode) {
|
|
case MODE_EQ:
|
|
r = fips_provider_version_eq(libctx, major, minor, patch);
|
|
break;
|
|
case MODE_NE:
|
|
r = fips_provider_version_ne(libctx, major, minor, patch);
|
|
break;
|
|
case MODE_LE:
|
|
r = fips_provider_version_le(libctx, major, minor, patch);
|
|
break;
|
|
case MODE_LT:
|
|
r = fips_provider_version_lt(libctx, major, minor, patch);
|
|
break;
|
|
case MODE_GT:
|
|
r = fips_provider_version_gt(libctx, major, minor, patch);
|
|
break;
|
|
case MODE_GE:
|
|
r = fips_provider_version_ge(libctx, major, minor, patch);
|
|
break;
|
|
}
|
|
if (r < 0) {
|
|
TEST_info("Error matching FIPS version: internal error\n");
|
|
return -1;
|
|
}
|
|
if (r == 0)
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|