diff options
author | Matt Caswell <matt@openssl.org> | 2020-03-12 15:51:34 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-01 18:29:12 +0200 |
commit | 5093fec23b2fd724e688d01857ea4dc6cd18cf38 (patch) | |
tree | e353985c433ba98a3b1f9c502e34896f3ded85ec | |
parent | Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl (diff) | |
download | openssl-5093fec23b2fd724e688d01857ea4dc6cd18cf38.tar.xz openssl-5093fec23b2fd724e688d01857ea4dc6cd18cf38.zip |
Make sure we always use the correct libctx in sslprovidertest.c
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11401)
-rw-r--r-- | test/sslprovidertest.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/test/sslprovidertest.c b/test/sslprovidertest.c index 9a27d009ce..76a6f8f6b2 100644 --- a/test/sslprovidertest.c +++ b/test/sslprovidertest.c @@ -16,9 +16,7 @@ static char *cert = NULL; static char *privkey = NULL; /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ -#if 0 OSSL_PROVIDER *defctxlegacy = NULL; -#endif static int test_different_libctx(void) { @@ -27,12 +25,9 @@ static int test_different_libctx(void) int testresult = 0; OPENSSL_CTX *libctx = OPENSSL_CTX_new(); -/* TODO(3.0): Re-enable this code. See comment in setup_tests() */ -#if 0 /* Verify that the default provider in the default libctx is not available */ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))) goto end; -#endif cctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method()); if (!TEST_ptr(cctx)) @@ -41,11 +36,21 @@ static int test_different_libctx(void) if (!TEST_ptr(sctx)) goto end; + /* + * TODO(3.0): Make this work in TLSv1.3. Currently we can only do RSA key + * exchange, because we don't have key gen/param gen for EC yet - which + * implies TLSv1.2 only + */ if (!TEST_true(create_ssl_ctx_pair(NULL, NULL, TLS1_VERSION, - 0, - &sctx, NULL, cert, privkey))) + TLS1_2_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + /* Ensure we use a FIPS compatible ciphersuite and sigalg */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA256")) + || !TEST_true(SSL_CTX_set1_sigalgs_list(cctx, "RSA+SHA256"))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, @@ -56,15 +61,12 @@ static int test_different_libctx(void) if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; -/* TODO(3.0): Re-enable this code. See comment in setup_tests() */ -#if 0 /* * Verify that the default provider in the default libctx is still not * available */ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))) goto end; -#endif testresult = 1; @@ -83,14 +85,6 @@ int setup_tests(void) { char *certsdir = NULL; /* - * TODO(3.0): Re-enable this code when key generation is provider aware. At - * the moment the below causes the tests to fail because libssl attempts to - * generate a key for the key_share, which ultimately invokes RAND_bytes(). - * However, because key generation is not yet provider aware it just uses - * the default library context - and hence fails. - */ -#if 0 - /* * For tests in this file we want to ensure the default ctx does not have * the default provider loaded into the default ctx. So we load "legacy" to * prevent default from being auto-loaded. This tests that there is no @@ -99,7 +93,6 @@ int setup_tests(void) * libctx */ defctxlegacy = OSSL_PROVIDER_load(NULL, "legacy"); -#endif if (!TEST_ptr(certsdir = test_get_argument(0))) return 0; @@ -122,7 +115,5 @@ int setup_tests(void) void cleanup_tests(void) { /* TODO(3.0): Re-enable this code. See comment in setup_tests() */ -#if 0 OSSL_PROVIDER_unload(defctxlegacy); -#endif } |