git: a7c692e02293 - releng/15.0 - openssl: add a simple smoke test for the legacy provider

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Colin Percival <cperciva_at_FreeBSD.org>
Date: Wed, 05 Nov 2025 19:37:42 UTC
The branch releng/15.0 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=a7c692e02293ca2380f94016465d0043aac80156

commit a7c692e02293ca2380f94016465d0043aac80156
Author:     Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2025-10-11 20:45:20 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-11-05 19:37:03 +0000

    openssl: add a simple smoke test for the legacy provider
    
    This change adds a simple smoke test for the legacy provider to ensure
    that the provider doesn't break in the future when performing updates.
    
    This is not a functional or system test; the OpenSSL test suite does a
    much better job at doing this than we can.
    
    Approved by:    re (cperciva)
    MFC after:              1 week
    Differential Revision:  https://reviews.freebsd.org/D53045
    
    (cherry picked from commit 3b6442370a17c57c4c290b9a8e1e8328da820705)
    (cherry picked from commit 9b3c89ce8b2b6455d50e364708988c832672a042)
---
 etc/mtree/BSD.tests.dist                     |  2 ++
 secure/lib/libcrypto/Makefile                |  3 +++
 secure/lib/libcrypto/tests/Makefile          |  5 ++++
 secure/lib/libcrypto/tests/libcrypto_test.sh | 40 ++++++++++++++++++++++++++++
 4 files changed, 50 insertions(+)

diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist
index 9ab2f3e972d6..520b41c8b88f 100644
--- a/etc/mtree/BSD.tests.dist
+++ b/etc/mtree/BSD.tests.dist
@@ -520,6 +520,8 @@
     ..
     secure
         lib
+            libcrypto
+            ..
         ..
         libexec
         ..
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index 75ebb6e65327..6f9dd62d8610 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -673,6 +673,9 @@ buildasm cleanasm:
 	    ${.TARGET:S/build/all/:S/asm$//}
 .endfor
 
+HAS_TESTS=	yes
+SUBDIR.${MK_TESTS}=	tests
+
 .include <bsd.lib.mk>
 
 .if ${MACHINE} == "powerpc"
diff --git a/secure/lib/libcrypto/tests/Makefile b/secure/lib/libcrypto/tests/Makefile
new file mode 100644
index 000000000000..d309a1b1100c
--- /dev/null
+++ b/secure/lib/libcrypto/tests/Makefile
@@ -0,0 +1,5 @@
+PACKAGE=		tests
+
+ATF_TESTS_SH+=		libcrypto_test
+
+.include <bsd.test.mk>
diff --git a/secure/lib/libcrypto/tests/libcrypto_test.sh b/secure/lib/libcrypto/tests/libcrypto_test.sh
new file mode 100755
index 000000000000..83ef1686089d
--- /dev/null
+++ b/secure/lib/libcrypto/tests/libcrypto_test.sh
@@ -0,0 +1,40 @@
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2025 Enji Cooper
+
+atf_test_case legacy_provider
+legacy_provider_head() {
+	atf_set "descr" "daemon should drop privileges"
+}
+legacy_provider_body() {
+	local passphrase="test"
+	local plaintext="test"
+
+	export OPENSSL_CONF="$PWD/openssl.conf"
+	cat > "$OPENSSL_CONF" <<EOF
+HOME = .
+
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+# List of providers to load
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
+EOF
+
+	echo "$plaintext" | atf_check -s exit:0 -e empty -o not-empty \
+	    openssl rc4 -e -k "$passphrase" -a -pbkdf2
+}
+
+atf_init_test_cases() {
+	atf_add_test_case legacy_provider
+}