80-test_ssl_new.t 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Basename;
  11. use File::Compare qw/compare_text/;
  12. use OpenSSL::Glob;
  13. use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_file bldtop_dir/;
  14. use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
  15. BEGIN {
  16. setup("test_ssl_new");
  17. }
  18. use lib srctop_dir('Configurations');
  19. use lib bldtop_dir('.');
  20. use platform;
  21. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  22. my $infile = bldtop_file('providers', platform->dso('fips'));
  23. $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
  24. my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
  25. map { s/;.*// } @conf_srcs if $^O eq "VMS";
  26. my @conf_files = map { basename($_, ".in") } @conf_srcs;
  27. map { s/\^// } @conf_files if $^O eq "VMS";
  28. # We hard-code the number of tests to double-check that the globbing above
  29. # finds all files as expected.
  30. plan tests => 30 # = scalar @conf_srcs
  31. + ($no_fips ? 0 : 1); # fipsinstall
  32. # Some test results depend on the configuration of enabled protocols. We only
  33. # verify generated sources in the default configuration.
  34. my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
  35. !disabled("tls1_1") && !disabled("tls1_2") &&
  36. !disabled("tls1_3"));
  37. my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
  38. my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2");
  39. my $no_tls = alldisabled(available_protocols("tls"));
  40. my $no_tls_below1_3 = $no_tls || (disabled("tls1_2") && !disabled("tls1_3"));
  41. my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3);
  42. my $no_dtls = alldisabled(available_protocols("dtls"));
  43. my $no_npn = disabled("nextprotoneg");
  44. my $no_ct = disabled("ct");
  45. my $no_ec = disabled("ec");
  46. my $no_dh = disabled("dh");
  47. my $no_dsa = disabled("dsa");
  48. my $no_ec2m = disabled("ec2m");
  49. my $no_ocsp = disabled("ocsp");
  50. # Add your test here if the test conf.in generates test cases and/or
  51. # expectations dynamically based on the OpenSSL compile-time config.
  52. my %conf_dependent_tests = (
  53. "02-protocol-version.cnf" => !$is_default_tls,
  54. "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
  55. || !disabled("sctp"),
  56. "05-sni.cnf" => disabled("tls1_1"),
  57. "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
  58. "10-resumption.cnf" => !$is_default_tls || $no_ec,
  59. "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
  60. "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
  61. "17-renegotiate.cnf" => disabled("tls1_2"),
  62. "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
  63. "19-mac-then-encrypt.cnf" => !$is_default_tls,
  64. "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
  65. "22-compression.cnf" => !$is_default_tls,
  66. "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
  67. "27-ticket-appdata.cnf" => !$is_default_tls,
  68. "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
  69. "30-extended-master-secret.cnf" => disabled("tls1_2"),
  70. );
  71. # Add your test here if it should be skipped for some compile-time
  72. # configurations. Default is $no_tls but some tests have different skip
  73. # conditions.
  74. my %skip = (
  75. "06-sni-ticket.cnf" => $no_tls_below1_3,
  76. "07-dtls-protocol-version.cnf" => $no_dtls,
  77. "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
  78. && disabled("tls1_2")) || $no_npn,
  79. "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
  80. "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
  81. "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
  82. # We could run some of these tests without TLS 1.2 if we had a per-test
  83. # disable instruction but that's a bizarre configuration not worth
  84. # special-casing for.
  85. # TODO(TLS 1.3): We should review this once we have TLS 1.3.
  86. "13-fragmentation.cnf" => disabled("tls1_2"),
  87. "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
  88. "15-certstatus.cnf" => $no_tls || $no_ocsp,
  89. "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
  90. "17-renegotiate.cnf" => $no_tls_below1_3,
  91. "18-dtls-renegotiate.cnf" => $no_dtls,
  92. "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
  93. "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
  94. "21-key-update.cnf" => disabled("tls1_3"),
  95. "22-compression.cnf" => disabled("zlib") || $no_tls,
  96. "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
  97. && disabled("tls1_2")) || disabled("srp"),
  98. "24-padding.cnf" => disabled("tls1_3"),
  99. "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
  100. "26-tls13_client_auth.cnf" => disabled("tls1_3"),
  101. "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
  102. );
  103. unless ($no_fips) {
  104. ok(run(app(['openssl', 'fipsinstall',
  105. '-out', bldtop_file('providers', 'fipsmodule.cnf'),
  106. '-module', $infile])),
  107. "fipsinstall");
  108. }
  109. foreach my $conf (@conf_files) {
  110. subtest "Test configuration $conf" => sub {
  111. plan tests => 6 + ($no_fips ? 0 : 3);
  112. test_conf($conf,
  113. $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
  114. defined($skip{$conf}) ? $skip{$conf} : $no_tls,
  115. "none");
  116. test_conf($conf,
  117. 0,
  118. defined($skip{$conf}) ? $skip{$conf} : $no_tls,
  119. "default");
  120. test_conf($conf,
  121. 0,
  122. defined($skip{$conf}) ? $skip{$conf} : $no_tls,
  123. "fips") unless $no_fips;
  124. }
  125. }
  126. sub test_conf {
  127. my ($conf, $check_source, $skip, $provider) = @_;
  128. my $conf_file = srctop_file("test", "ssl-tests", $conf);
  129. my $input_file = $conf_file . ".in";
  130. my $output_file = $conf . "." . $provider;
  131. my $run_test = 1;
  132. SKIP: {
  133. # "Test" 1. Generate the source.
  134. skip 'failure', 2 unless
  135. ok(run(perltest(["generate_ssl_tests.pl", $input_file, $provider],
  136. interpreter_args => [ "-I", srctop_dir("util", "perl")],
  137. stdout => $output_file)),
  138. "Getting output from generate_ssl_tests.pl.");
  139. SKIP: {
  140. # Test 2. Compare against existing output in test/ssl_tests.cnf.
  141. skip "Skipping generated source test for $conf", 1
  142. if !$check_source;
  143. $run_test = is(cmp_text($output_file, $conf_file), 0,
  144. "Comparing generated sources.");
  145. }
  146. # Test 3. Run the test.
  147. skip "No tests available; skipping tests", 1 if $skip;
  148. skip "Stale sources; skipping tests", 1 if !$run_test;
  149. if ($provider eq "fips") {
  150. ok(run(test(["ssl_test", $output_file, $provider,
  151. srctop_file("test", "fips-and-base.cnf")])),
  152. "running ssl_test $conf");
  153. } else {
  154. ok(run(test(["ssl_test", $output_file, $provider])),
  155. "running ssl_test $conf");
  156. }
  157. }
  158. }
  159. sub cmp_text {
  160. return compare_text(@_, sub {
  161. $_[0] =~ s/\R//g;
  162. $_[1] =~ s/\R//g;
  163. return $_[0] ne $_[1];
  164. });
  165. }