1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
use OpenSSL::Test::Utils;
BEGIN {
setup("test_evp");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
my $no_dh = disabled("dh");
my $no_dsa = disabled("dsa");
my $no_ec = disabled("ec");
my $no_gost = disabled("gost");
my $no_sm2 = disabled("sm2");
# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
push @configs, 'fips-and-base.cnf' unless $no_fips;
# A list of tests that run with both the default and fips provider.
my @files = qw(
evpciph_aes_ccm_cavs.txt
evpciph_aes_common.txt
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_des3_common.txt
evpkdf_hkdf.txt
evpkdf_pbkdf2.txt
evpkdf_ss.txt
evpkdf_ssh.txt
evpkdf_tls12_prf.txt
evpkdf_x942.txt
evpkdf_x963.txt
evpmac_common.txt
evpmd_sha.txt
evppbe_pbkdf2.txt
evppkey_kdf_hkdf.txt
evppkey_rsa_common.txt
evprand.txt
);
push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
push @files, qw(evppkey_ecx.txt) unless $no_ec;
push @files, qw(
evppkey_ecc.txt
evppkey_ecdh.txt
evppkey_ecdsa.txt
evppkey_kas.txt
evppkey_mismatch.txt
) unless $no_ec || $no_gost;
# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
my @defltfiles = qw(
evpciph_aes_ocb.txt
evpciph_aes_siv.txt
evpciph_aria.txt
evpciph_bf.txt
evpciph_camellia.txt
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
evpciph_rc5.txt
evpciph_seed.txt
evpciph_sm4.txt
evpencod.txt
evpkdf_krb5.txt
evpkdf_scrypt.txt
evpkdf_tls11_prf.txt
evpmac_blake.txt
evpmac_poly1305.txt
evpmac_siphash.txt
evpmd_blake.txt
evpmd_md.txt
evpmd_mdc2.txt
evpmd_ripemd.txt
evpmd_sm3.txt
evpmd_whirlpool.txt
evppbe_scrypt.txt
evppbe_pkcs12.txt
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
evppkey_rsa.txt
);
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
plan tests =>
($no_fips ? 0 : 1) # FIPS install test
+ (scalar(@configs) * scalar(@files))
+ scalar(@defltfiles)
+ 3; # error output tests
unless ($no_fips) {
my $infile = bldtop_file('providers', platform->dso('fips'));
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
'-module', $infile])),
"fipsinstall");
}
foreach (@configs) {
my $conf = srctop_file("test", $_);
foreach my $f ( @files ) {
ok(run(test(["evp_test",
"-config", $conf,
data_file("$f")])),
"running evp_test -config $conf $f");
}
}
my $conf = srctop_file("test", $defaultcnf);
foreach my $f ( @defltfiles ) {
ok(run(test(["evp_test",
"-config", $conf,
data_file("$f")])),
"running evp_test -config $conf $f");
}
sub test_errors { # actually tests diagnostics of OSSL_STORE
my ($expected, $key, @opts) = @_;
my $infile = srctop_file('test', 'certs', $key);
my @args = qw(openssl pkey -in);
push(@args, $infile, @opts);
my $tmpfile = 'out.txt';
my $res = !run(app([@args], stderr => $tmpfile));
my $found = 0;
open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
while(<$in>) {
print; # this may help debugging
$res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
$found = 1 if m/$expected/; # output must include $expected
}
close $in;
# $tmpfile is kept to help with investigation in case of failure
return $res && $found;
}
SKIP: {
skip "DSA not disabled", 2 if !disabled("dsa");
ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
"error loading unsupported dsa private key");
ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
"error loading unsupported dsa public key");
}
SKIP: {
skip "sm2 not disabled", 1 if !disabled("sm2");
ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
"error loading unsupported sm2 private key");
}
|
