diff --git a/scripts/test-sanity.sh b/scripts/test-sanity.sh new file mode 100755 index 0000000..28f46d3 --- /dev/null +++ b/scripts/test-sanity.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# This script provides simple sanity checks to make sure the provider is working + +SET_PRE=$( set ) +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +LOG_FILE=${SCRIPT_DIR}/test-sanity.log +rm -f ${LOG_FILE} +source ${SCRIPT_DIR}/utils-wolfprovider.sh + +echo "Using openssl: $OPENSSL_TAG, wolfssl: $WOLFSSL_TAG" + +function doTestCmd() { + CMD=$* + echo ">>>>>> Running $CMD" + eval $CMD + RET=$? + if [ $RET -ne 0 ]; then + echo "Failed $CMD: $RET" + exit 1 + fi + echo "<<<<<<" +} + +function runSpotCheck() { + doTestCmd init_wolfprov + + SET_POST=$( set ) + echo "New variables set:" + diff <(echo "$SET_PRE") <(echo "$SET_POST") | grep "=" + + doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep 'Providers:' -A 10" + + if [ $(${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep libwolfprov | wc -l) = 0 ]; then + echo "Not using wolfProvider for some reason" + exit 2 + fi + + if [ $(${OPENSSL_INSTALL_DIR}/bin/openssl list -providers --verbose | grep OpenSSL | wc -l) -ne 0 ]; then + echo "OpenSSL provider is also enabled" + exit 2 + fi + + doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl s_client -CApath /etc/ssl/certs -connect github.com:443 >$LOG_FILE 2>&1 diff --git a/src/wp_aes_aead.c b/src/wp_aes_aead.c index e9d00e3..319180c 100644 --- a/src/wp_aes_aead.c +++ b/src/wp_aes_aead.c @@ -603,6 +603,7 @@ static int wp_aead_set_param_tls1_iv_rand(wp_AeadCtx* ctx, #else (void)ctx; (void)params; + WOLFPROV_LEAVE(WP_LOG_CIPHER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } diff --git a/src/wp_aes_stream.c b/src/wp_aes_stream.c index 91847f8..af4e17b 100644 --- a/src/wp_aes_stream.c +++ b/src/wp_aes_stream.c @@ -450,6 +450,7 @@ static int wp_aes_stream_final(wp_AesStreamCtx* ctx, unsigned char *out, (void)out; (void)outSize; *outLen = 0; + WOLFPROV_LEAVE(WP_LOG_CIPHER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_dh_kmgmt.c b/src/wp_dh_kmgmt.c index cc5b2e0..cbc5e5c 100644 --- a/src/wp_dh_kmgmt.c +++ b/src/wp_dh_kmgmt.c @@ -276,6 +276,7 @@ int wp_dh_up_ref(wp_Dh* dh) return ok; #else dh->refCnt++; + WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } diff --git a/src/wp_drbg.c b/src/wp_drbg.c index 5db2a87..babfdda 100644 --- a/src/wp_drbg.c +++ b/src/wp_drbg.c @@ -166,6 +166,7 @@ static int wp_drbg_uninstantiate(wp_DrbgCtx* ctx) OPENSSL_clear_free(ctx->rng, sizeof(*ctx->rng)); #endif ctx->rng = NULL; + WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -331,6 +332,7 @@ static int wp_drbg_unlock(wp_DrbgCtx* ctx) wc_UnLockMutex(ctx->mutex); } #endif + WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -419,6 +421,7 @@ static int wp_drbg_set_ctx_params(wp_DrbgCtx* ctx, const OSSL_PARAM params[]) { (void)ctx; (void)params; + WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -431,6 +434,7 @@ static int wp_drbg_set_ctx_params(wp_DrbgCtx* ctx, const OSSL_PARAM params[]) static int wp_drbg_verify_zeroization(wp_DrbgCtx* ctx) { (void)ctx; + WOLFPROV_LEAVE(WP_LOG_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_ecc_kmgmt.c b/src/wp_ecc_kmgmt.c index 3ccf7d2..47c19aa 100644 --- a/src/wp_ecc_kmgmt.c +++ b/src/wp_ecc_kmgmt.c @@ -256,6 +256,7 @@ int wp_ecc_up_ref(wp_Ecc* ecc) return ok; #else ecc->refCnt++; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } @@ -800,6 +801,14 @@ static int wp_ecc_get_params(wp_Ecc* ecc, OSSL_PARAM params[]) } } + if (ok) { + /* Always assume not decoded from explicit params for now */ + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); + if ((p != NULL) && !OSSL_PARAM_set_int(p, 0)) { + ok = 0; + } + } + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); return ok; } @@ -1869,11 +1878,13 @@ static int wp_ecc_decode_params(wp_Ecc* ecc, unsigned char* data, word32 len) ok = 0; } if (ok && (data[0] != 0x06)) { + WOLFPROV_MSG(WP_LOG_PK, "Invalid data"); ok = 0; } if (ok) { oidLen = data[1]; if ((oidLen >= 0x80) || (oidLen + 2 > len)) { + WOLFPROV_MSG(WP_LOG_PK, "OID out of bounds"); ok = 0; } } @@ -1884,6 +1895,7 @@ static int wp_ecc_decode_params(wp_Ecc* ecc, unsigned char* data, word32 len) ecc->curveId = wp_ecc_get_curve_id_from_oid(data + 2, oidLen); #endif if (ecc->curveId == ECC_CURVE_INVALID) { + WOLFPROV_MSG(WP_LOG_PK, "Invalid curve"); ok = 0; } } @@ -1891,10 +1903,12 @@ static int wp_ecc_decode_params(wp_Ecc* ecc, unsigned char* data, word32 len) if (ok) { rc = wc_ecc_set_curve(&ecc->key, 0, ecc->curveId); if (rc != 0) { + WOLFPROV_MSG(WP_LOG_PK, "Can't set curve: %d",rc); ok = 0; } } if (ok && (!wp_ecc_set_bits(ecc))) { + WOLFPROV_MSG(WP_LOG_PK, "Can't set bits"); ok = 0; } @@ -2108,6 +2122,7 @@ static int wp_ecc_encode_params_size(const wp_Ecc *ecc, size_t* keyLen) /* ASN.1 type, len and data. */ *keyLen = ecc->key.dp->oidSz + 2; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -2130,6 +2145,7 @@ static int wp_ecc_encode_params(const wp_Ecc *ecc, unsigned char* keyData, *keyLen = ecc->key.dp->oidSz + 2; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_ecx_kmgmt.c b/src/wp_ecx_kmgmt.c index 98ed5ae..430f315 100644 --- a/src/wp_ecx_kmgmt.c +++ b/src/wp_ecx_kmgmt.c @@ -224,6 +224,7 @@ int wp_ecx_up_ref(wp_Ecx* ecx) return ok; #else ecx->refCnt++; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } diff --git a/src/wp_file_store.c b/src/wp_file_store.c index be481c8..5b41378 100644 --- a/src/wp_file_store.c +++ b/src/wp_file_store.c @@ -480,6 +480,7 @@ static int wp_file_eof(wp_FileCtx* ctx) static int wp_file_close(wp_FileCtx* ctx) { wp_filectx_free(ctx); + WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_kdf_kmgmt.c b/src/wp_kdf_kmgmt.c index 0697186..d17351b 100644 --- a/src/wp_kdf_kmgmt.c +++ b/src/wp_kdf_kmgmt.c @@ -71,6 +71,7 @@ int wp_kdf_up_ref(wp_Kdf* kdf) return ok; #else kdf->refCnt++; + WOLFPROV_LEAVE(WP_LOG_KDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } @@ -151,6 +152,7 @@ static int wp_kdf_has(const wp_Kdf* kdf, int selection) { (void)kdf; (void)selection; + WOLFPROV_LEAVE(WP_LOG_KDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_mac_kmgmt.c b/src/wp_mac_kmgmt.c index b23ec5d..a14e548 100644 --- a/src/wp_mac_kmgmt.c +++ b/src/wp_mac_kmgmt.c @@ -108,6 +108,7 @@ int wp_mac_up_ref(wp_Mac* mac) return ok; #else mac->refCnt++; + WOLFPROV_LEAVE(WP_LOG_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } @@ -435,6 +436,7 @@ static int wp_mac_export_priv_key(wp_Mac* mac, OSSL_PARAM* params, int* pIdx, } *pIdx = i; + WOLFPROV_LEAVE(WP_LOG_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_rsa_kmgmt.c b/src/wp_rsa_kmgmt.c index 017e615..0c1a5b8 100644 --- a/src/wp_rsa_kmgmt.c +++ b/src/wp_rsa_kmgmt.c @@ -199,6 +199,7 @@ int wp_rsa_up_ref(wp_Rsa* rsa) return ok; #else rsa->refCnt++; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; #endif } @@ -468,6 +469,7 @@ static int wp_rsa_pss_params_set_pss_defaults(wp_RsaPssParams* pss) pss->saltLen = 20; pss->derTrailer = 1; /* Default: RFC8017 A.2.3 */ + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -1085,6 +1087,7 @@ static int wp_rsa_pss_params_export(wp_RsaPssParams* pss, OSSL_PARAM* params, &pss->saltLen); *idx = i; + WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } diff --git a/src/wp_wolfprov.c b/src/wp_wolfprov.c index 34664de..8b5cccf 100644 --- a/src/wp_wolfprov.c +++ b/src/wp_wolfprov.c @@ -33,6 +33,8 @@ #include "wolfprovider/wp_wolfprov.h" #include "wolfprovider/alg_funcs.h" +#include "wolfssl/wolfcrypt/logging.h" + const char* wolfprovider_id = "libwolfprov"; /* Core function that gets the table of parameters. */ @@ -73,6 +75,7 @@ static const OSSL_PARAM* wolfprov_gettable_params(void* provCtx) int wolfssl_prov_is_running(void) { /* Always running. */ + WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -172,6 +175,7 @@ static int bio_core_new(BIO *bio) { BIO_set_init(bio, 1); + WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -180,6 +184,7 @@ static int bio_core_free(BIO *bio) BIO_set_init(bio, 0); wolfssl_prov_bio_free(BIO_get_data(bio)); + WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } @@ -909,6 +914,7 @@ static int wp_dummy_decode(WOLFPROV_CTX* ctx, OSSL_CORE_BIO* cBio, (void)pwCb; (void)pwCbArg; + WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1); return 1; } /** @@ -1133,6 +1139,11 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle, int ok = 1; OSSL_FUNC_core_get_libctx_fn* c_get_libctx = NULL; +#ifdef WOLFPROV_DEBUG + ok = (wolfProv_Debugging_ON() == 0) && (wolfSSL_Debugging_ON() == 0); + wolfSSL_SetLoggingPrefix("wolfSSL"); +#endif + for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_GETTABLE_PARAMS: