Skip to content

Commit

Permalink
test: op_state
Browse files Browse the repository at this point in the history
Test for quirk no-operation-state.

Signed-off-by: Florian Wernli <florian.wernli@securosys.ch>
  • Loading branch information
Florian Wernli committed Dec 12, 2023
1 parent eec76a3 commit 2f260f4
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 3 deletions.
1 change: 1 addition & 0 deletions .github/workflows/shellcheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
test-wrapper
thkdf
toaepsha2
top_state
tpubkey
trand
trsapss
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ tests/openssl.cnf.softhsm
tests/tmp.softhsm
tests/tmp.softokn
tests/tdigests
tests/tdigest_dupctx
tests/tsession
tests/tgenkey
tests/treadkeys
Expand Down
11 changes: 8 additions & 3 deletions tests/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ testssrcdir=@abs_srcdir@
#VALGRIND_SUPPRESSIONS_FILES = $(top_srcdir)/tests/pkcs11-provider.supp
VALGRIND_FLAGS = --num-callers=30 -q --keep-debuginfo=yes

check_PROGRAMS = tsession tgenkey tlsctx tdigests treadkeys tcmpkeys tfork pincache
check_PROGRAMS = tsession tgenkey tlsctx tdigests tdigest_dupctx treadkeys tcmpkeys tfork pincache

tsession_SOURCES = tsession.c
tsession_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
Expand All @@ -28,6 +28,10 @@ tdigests_SOURCES = tdigests.c
tdigests_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
tdigests_LDADD = $(OPENSSL_LIBS)

tdigest_dupctx_SOURCES = tdigest_dupctx.c
tdigest_dupctx_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
tdigest_dupctx_LDADD = $(OPENSSL_LIBS)

treadkeys_SOURCES = treadkeys.c
treadkeys_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
treadkeys_LDADD = $(OPENSSL_LIBS)
Expand Down Expand Up @@ -63,7 +67,7 @@ dist_check_SCRIPTS = \
helpers.sh setup-softhsm.sh setup-softokn.sh softhsm-proxy.sh \
test-wrapper tbasic tcerts tecc tecdh tedwards tdemoca thkdf \
toaepsha2 trsapss tdigest ttls tpubkey tfork turi trand tecxc \
tcms
tcms top_state

test_LIST = \
basic-softokn.t basic-softhsm.t \
Expand All @@ -85,7 +89,8 @@ test_LIST = \
tls-softokn.t tls-softhsm.t \
uri-softokn.t uri-softhsm.t \
ecxc-softhsm.t \
cms-softokn.t
cms-softokn.t \
op_state-softhsm.t

.PHONY: $(test_LIST)

Expand Down
54 changes: 54 additions & 0 deletions tests/tdigest_dupctx.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/* Copyright (C) 2022 Simo Sorce <simo@redhat.com>
SPDX-License-Identifier: Apache-2.0 */

#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/provider.h>

#define EXIT_TEST_SKIPPED 77

int main(int argc, char *argv[])
{
const char *propq = "provider=pkcs11";
const char *digest = "sha256";
const char *provname;
const OSSL_PROVIDER *pk11prov;

EVP_MD *pk11md = EVP_MD_fetch(NULL, digest, propq);
if (!pk11md) {
fprintf(stderr, "%s: Unsupported by pkcs11 token\n", digest);
exit(EXIT_FAILURE);
}

pk11prov = EVP_MD_get0_provider(pk11md);
provname = OSSL_PROVIDER_get0_name(pk11prov);

if (strcmp(provname, "pkcs11") != 0) {
fprintf(stderr, "%s: Not a pkcs11 method, provider=%s\n", digest,
provname);
EVP_MD_free(pk11md);
exit(EXIT_FAILURE);
}

EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(mdctx, pk11md, NULL);

EVP_MD_CTX *mdctx_dup = EVP_MD_CTX_new();
EVP_MD_CTX_copy(mdctx_dup, mdctx);

char error_string[2048];
ERR_error_string_n(ERR_peek_last_error(), error_string,
sizeof error_string);
printf("%s\n", error_string);

EVP_MD_CTX_free(mdctx);
EVP_MD_CTX_free(mdctx_dup);

EVP_MD_free(pk11md);

exit(EXIT_SUCCESS);
}
25 changes: 25 additions & 0 deletions tests/top_state
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/bash -e
# Copyright (C) 2022 Simo Sorce <simo@redhat.com>
# SPDX-License-Identifier: Apache-2.0

source "${TESTSSRCDIR}/helpers.sh"

title PARA "OSSL error stack has error from failing C_Get/SetOperationState"
# We need to configure early loading otherwise no digests are loaded,
# and all checks are skipped
sed "s/#pkcs11-module-load-behavior/pkcs11-module-load-behavior = early/" \
"${OPENSSL_CONF}" > "${OPENSSL_CONF}.op_state.early_load"
OPENSSL_CONF=${OPENSSL_CONF}.op_state.early_load

$CHECKER ./tdigest_dupctx | grep -e "error:.*:pkcs11::reason(84)"


title PARA "No error is logged when quirk no-operation-state is enabled"
sed "s/pkcs11-module-quirks = /pkcs11-module-quirks = no-operation-state /" \
"${OPENSSL_CONF}" > "${OPENSSL_CONF}.no_op_state"
OPENSSL_CONF=${OPENSSL_CONF}.no_op_state

title PARA "Test Digests support"
$CHECKER ./tdigest_dupctx | grep -e "error:.*:lib(0)::reason(0)"

exit 0

0 comments on commit 2f260f4

Please sign in to comment.