30-test_evp.t 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
  11. use OpenSSL::Test::Utils;
  12. BEGIN {
  13. setup("test_evp");
  14. }
  15. use lib srctop_dir('Configurations');
  16. use lib bldtop_dir('.');
  17. use platform;
  18. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  19. my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
  20. my $no_dh = disabled("dh");
  21. my $no_dsa = disabled("dsa");
  22. my $no_ec = disabled("ec");
  23. my $no_gost = disabled("gost");
  24. my $no_sm2 = disabled("sm2");
  25. # Default config depends on if the legacy module is built or not
  26. my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
  27. my @configs = ( $defaultcnf );
  28. # Only add the FIPS config if the FIPS module has been built
  29. push @configs, 'fips-and-base.cnf' unless $no_fips;
  30. # A list of tests that run with both the default and fips provider.
  31. my @files = qw(
  32. evpciph_aes_ccm_cavs.txt
  33. evpciph_aes_common.txt
  34. evpciph_aes_cts1.txt
  35. evpciph_aes_wrap.txt
  36. evpciph_des3_common.txt
  37. evpkdf_hkdf.txt
  38. evpkdf_pbkdf2.txt
  39. evpkdf_ss.txt
  40. evpkdf_ssh.txt
  41. evpkdf_tls12_prf.txt
  42. evpkdf_x942.txt
  43. evpkdf_x963.txt
  44. evpmac_common.txt
  45. evpmd_sha.txt
  46. evppbe_pbkdf2.txt
  47. evppkey_kdf_hkdf.txt
  48. evppkey_rsa_common.txt
  49. evprand.txt
  50. );
  51. push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
  52. push @files, qw(evppkey_dsa.txt) unless $no_dsa;
  53. push @files, qw(evppkey_ecx.txt) unless $no_ec;
  54. push @files, qw(
  55. evppkey_ecc.txt
  56. evppkey_ecdh.txt
  57. evppkey_ecdsa.txt
  58. evppkey_kas.txt
  59. evppkey_mismatch.txt
  60. ) unless $no_ec || $no_gost;
  61. # A list of tests that only run with the default provider
  62. # (i.e. The algorithms are not present in the fips provider)
  63. my @defltfiles = qw(
  64. evpciph_aes_cts23.txt
  65. evpciph_aes_ocb.txt
  66. evpciph_aes_siv.txt
  67. evpciph_aria.txt
  68. evpciph_bf.txt
  69. evpciph_camellia.txt
  70. evpciph_cast5.txt
  71. evpciph_chacha.txt
  72. evpciph_des.txt
  73. evpciph_idea.txt
  74. evpciph_rc2.txt
  75. evpciph_rc4.txt
  76. evpciph_rc5.txt
  77. evpciph_seed.txt
  78. evpciph_sm4.txt
  79. evpencod.txt
  80. evpkdf_krb5.txt
  81. evpkdf_scrypt.txt
  82. evpkdf_tls11_prf.txt
  83. evpmac_blake.txt
  84. evpmac_poly1305.txt
  85. evpmac_siphash.txt
  86. evpmd_blake.txt
  87. evpmd_md.txt
  88. evpmd_mdc2.txt
  89. evpmd_ripemd.txt
  90. evpmd_sm3.txt
  91. evpmd_whirlpool.txt
  92. evppbe_scrypt.txt
  93. evppbe_pkcs12.txt
  94. evppkey_kdf_scrypt.txt
  95. evppkey_kdf_tls1_prf.txt
  96. evppkey_rsa.txt
  97. );
  98. push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
  99. push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
  100. plan tests =>
  101. ($no_fips ? 0 : 1) # FIPS install test
  102. + (scalar(@configs) * scalar(@files))
  103. + scalar(@defltfiles)
  104. + 3; # error output tests
  105. unless ($no_fips) {
  106. my $infile = bldtop_file('providers', platform->dso('fips'));
  107. ok(run(app(['openssl', 'fipsinstall',
  108. '-out', bldtop_file('providers', 'fipsmodule.cnf'),
  109. '-module', $infile])),
  110. "fipsinstall");
  111. }
  112. foreach (@configs) {
  113. my $conf = srctop_file("test", $_);
  114. foreach my $f ( @files ) {
  115. ok(run(test(["evp_test",
  116. "-config", $conf,
  117. data_file("$f")])),
  118. "running evp_test -config $conf $f");
  119. }
  120. }
  121. my $conf = srctop_file("test", $defaultcnf);
  122. foreach my $f ( @defltfiles ) {
  123. ok(run(test(["evp_test",
  124. "-config", $conf,
  125. data_file("$f")])),
  126. "running evp_test -config $conf $f");
  127. }
  128. sub test_errors { # actually tests diagnostics of OSSL_STORE
  129. my ($expected, $key, @opts) = @_;
  130. my $infile = srctop_file('test', 'certs', $key);
  131. my @args = qw(openssl pkey -in);
  132. push(@args, $infile, @opts);
  133. my $tmpfile = 'out.txt';
  134. my $res = !run(app([@args], stderr => $tmpfile));
  135. my $found = 0;
  136. open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
  137. while(<$in>) {
  138. print; # this may help debugging
  139. $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
  140. $found = 1 if m/$expected/; # output must include $expected
  141. }
  142. close $in;
  143. # $tmpfile is kept to help with investigation in case of failure
  144. return $res && $found;
  145. }
  146. SKIP: {
  147. skip "DSA not disabled", 2 if !disabled("dsa");
  148. ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
  149. "error loading unsupported dsa private key");
  150. ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
  151. "error loading unsupported dsa public key");
  152. }
  153. SKIP: {
  154. skip "sm2 not disabled", 1 if !disabled("sm2");
  155. ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
  156. "error loading unsupported sm2 private key");
  157. }