diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 18:06:52 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 18:06:52 +1000 |
| commit | 04cb5ec0b74896fe806625ac4d87e3396890f246 (patch) | |
| tree | 558c92ddf1b1fb2421d9f3f9aae3c82595a94830 /test/recipes/30-test_provider_status.t | |
| parent | dda4e259e51aeaf05a2417ef577accf778c9f6f6 (diff) | |
| download | openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.tar.gz | |
Add 'on demand self test' and status test to providers
The default and legacy providers currently return 1 for status and self test checks.
Added test to show the 3 different stages the self test can be run (for installation, loading and on demand).
For the fips provider:
- If the on demand self test fails, then any subsequent fetches should also fail. To implement this the
cached algorithms are flushed on failure.
- getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core
libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at
any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11752)
Diffstat (limited to 'test/recipes/30-test_provider_status.t')
| -rw-r--r-- | test/recipes/30-test_provider_status.t | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/recipes/30-test_provider_status.t b/test/recipes/30-test_provider_status.t new file mode 100644 index 0000000000..03304ba4a2 --- /dev/null +++ b/test/recipes/30-test_provider_status.t @@ -0,0 +1,40 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); +use OpenSSL::Test::Utils; + +BEGIN { +setup("test_provider_status"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan skip_all => "provider_status is not supported by this test" + if $no_fips; + +plan tests => 2; + +my $infile = bldtop_file('providers', platform->dso('fips')); + +ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', $infile])), + "fipsinstall"); + +ok(run(test(["provider_status_test", "-config", srctop_file("test","fips.cnf"), + "-provider_name", "fips"])), + "running provider_status_test"); |