/* * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include "../testutil.h" #include #include #include #include int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, const char *config_file, OSSL_PROVIDER **provider, const char *module_name) { OSSL_LIB_CTX *new_libctx = NULL; if (libctx != NULL) { if ((new_libctx = *libctx = OSSL_LIB_CTX_new()) == NULL) { opt_printf_stderr("Failed to create libctx\n"); goto err; } } if (default_null_prov != NULL && (*default_null_prov = OSSL_PROVIDER_load(NULL, "null")) == NULL) { opt_printf_stderr("Failed to load null provider into default libctx\n"); goto err; } if (config_file != NULL && !OSSL_LIB_CTX_load_config(new_libctx, config_file)) { opt_printf_stderr("Error loading config from file %s\n", config_file); goto err; } if (provider != NULL && module_name != NULL && (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) { opt_printf_stderr("Failed to load provider %s\n", module_name); goto err; } return 1; err: ERR_print_errors_fp(stderr); return 0; } int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, OSSL_PROVIDER **provider, int argn, const char *usage) { const char *module_name; if (!TEST_ptr(module_name = test_get_argument(argn))) { TEST_error("usage: %s", usage); return 0; } if (strcmp(module_name, "none") == 0) return 1; return test_get_libctx(libctx, default_null_prov, test_get_argument(argn + 1), provider, module_name); } typedef struct { int major, minor, patch; } FIPS_VERSION; /* * Query the FIPS provider to determine it's version number. * Returns 1 if the version is retrieved correctly, 0 if the FIPS provider isn't * loaded and -1 on error. */ static int fips_provider_version(OSSL_LIB_CTX *libctx, FIPS_VERSION *vers) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; OSSL_PROVIDER *fips_prov; char *vs; if (!OSSL_PROVIDER_available(libctx, "fips")) return 0; *params = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vs, 0); if ((fips_prov = OSSL_PROVIDER_load(libctx, "fips")) == NULL) return -1; if (!OSSL_PROVIDER_get_params(fips_prov, params) || sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3) goto err; if (!OSSL_PROVIDER_unload(fips_prov)) return -1; return 1; err: OSSL_PROVIDER_unload(fips_prov); return -1; } int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return major == prov.major && minor == prov.minor && patch == prov.patch; } int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return major != prov.major || minor != prov.minor || patch != prov.patch; } int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major < major || (prov.major == major && (prov.minor < minor || (prov.minor == minor && prov.patch <= patch))); } int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major < major || (prov.major == major && (prov.minor < minor || (prov.minor == minor && prov.patch < patch))); } int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major > major || (prov.major == major && (prov.minor > minor || (prov.minor == minor && prov.patch > patch))); } int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; int res; if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major > major || (prov.major == major && (prov.minor > minor || (prov.minor == minor && prov.patch >= patch))); } int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) { const char *p; int major, minor, patch, r; enum { MODE_EQ, MODE_NE, MODE_LE, MODE_LT, MODE_GT, MODE_GE } mode; while (*versions != '\0') { for (; isspace((unsigned char)(*versions)); versions++) continue; if (*versions == '\0') break; for (p = versions; *versions != '\0' && !isspace((unsigned char)(*versions)); versions++) continue; if (*p == '!') { mode = MODE_NE; p++; } else if (*p == '=') { mode = MODE_EQ; p++; } else if (*p == '<' && p[1] == '=') { mode = MODE_LE; p += 2; } else if (*p == '>' && p[1] == '=') { mode = MODE_GE; p += 2; } else if (*p == '<') { mode = MODE_LT; p++; } else if (*p == '>') { mode = MODE_GT; p++; } else if (isdigit((unsigned char)*p)) { mode = MODE_EQ; } else { TEST_info("Error matching FIPS version: mode %s\n", p); return -1; } if (sscanf(p, "%d.%d.%d", &major, &minor, &patch) != 3) { TEST_info("Error matching FIPS version: version %s\n", p); return -1; } switch (mode) { case MODE_EQ: r = fips_provider_version_eq(libctx, major, minor, patch); break; case MODE_NE: r = fips_provider_version_ne(libctx, major, minor, patch); break; case MODE_LE: r = fips_provider_version_le(libctx, major, minor, patch); break; case MODE_LT: r = fips_provider_version_lt(libctx, major, minor, patch); break; case MODE_GT: r = fips_provider_version_gt(libctx, major, minor, patch); break; case MODE_GE: r = fips_provider_version_ge(libctx, major, minor, patch); break; } if (r < 0) { TEST_info("Error matching FIPS version: internal error\n"); return -1; } if (r == 0) return 0; } return 1; }