30-test_evp.t 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
  11. use OpenSSL::Test::Utils;
  12. BEGIN {
  13. setup("test_evp");
  14. }
  15. use lib srctop_dir('Configurations');
  16. use lib bldtop_dir('.');
  17. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  18. my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
  19. my $no_des = disabled("des");
  20. my $no_dh = disabled("dh");
  21. my $no_dsa = disabled("dsa");
  22. my $no_ec = disabled("ec");
  23. my $no_gost = disabled("gost");
  24. my $no_sm2 = disabled("sm2");
  25. my $no_siv = disabled("siv");
  26. # Default config depends on if the legacy module is built or not
  27. my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
  28. my @configs = ( $defaultcnf );
  29. # Only add the FIPS config if the FIPS module has been built
  30. push @configs, 'fips-and-base.cnf' unless $no_fips;
  31. # A list of tests that run with both the default and fips provider.
  32. my @files = qw(
  33. evpciph_aes_ccm_cavs.txt
  34. evpciph_aes_common.txt
  35. evpciph_aes_cts.txt
  36. evpciph_aes_wrap.txt
  37. evpciph_aes_stitched.txt
  38. evpciph_des3_common.txt
  39. evpkdf_hkdf.txt
  40. evpkdf_kbkdf_counter.txt
  41. evpkdf_pbkdf1.txt
  42. evpkdf_pbkdf2.txt
  43. evpkdf_ss.txt
  44. evpkdf_ssh.txt
  45. evpkdf_tls12_prf.txt
  46. evpkdf_tls13_kdf.txt
  47. evpkdf_x942.txt
  48. evpkdf_x963.txt
  49. evpmac_common.txt
  50. evpmd_sha.txt
  51. evppbe_pbkdf2.txt
  52. evppkey_kdf_hkdf.txt
  53. evppkey_rsa_common.txt
  54. evprand.txt
  55. );
  56. push @files, qw(
  57. evppkey_ffdhe.txt
  58. evppkey_dh.txt
  59. ) unless $no_dh;
  60. push @files, qw(
  61. evpkdf_x942_des.txt
  62. evpmac_cmac_des.txt
  63. ) unless $no_des;
  64. push @files, qw(evppkey_dsa.txt) unless $no_dsa;
  65. push @files, qw(evppkey_ecx.txt) unless $no_ec;
  66. push @files, qw(
  67. evppkey_ecc.txt
  68. evppkey_ecdh.txt
  69. evppkey_ecdsa.txt
  70. evppkey_kas.txt
  71. evppkey_mismatch.txt
  72. ) unless $no_ec || $no_gost;
  73. # A list of tests that only run with the default provider
  74. # (i.e. The algorithms are not present in the fips provider)
  75. my @defltfiles = qw(
  76. evpciph_aes_ocb.txt
  77. evpciph_aria.txt
  78. evpciph_bf.txt
  79. evpciph_camellia.txt
  80. evpciph_camellia_cts.txt
  81. evpciph_cast5.txt
  82. evpciph_chacha.txt
  83. evpciph_des.txt
  84. evpciph_idea.txt
  85. evpciph_rc2.txt
  86. evpciph_rc4.txt
  87. evpciph_rc4_stitched.txt
  88. evpciph_rc5.txt
  89. evpciph_seed.txt
  90. evpciph_sm4.txt
  91. evpencod.txt
  92. evpkdf_krb5.txt
  93. evpkdf_scrypt.txt
  94. evpkdf_tls11_prf.txt
  95. evpmac_blake.txt
  96. evpmac_poly1305.txt
  97. evpmac_siphash.txt
  98. evpmac_sm3.txt
  99. evpmd_blake.txt
  100. evpmd_md.txt
  101. evpmd_mdc2.txt
  102. evpmd_ripemd.txt
  103. evpmd_sm3.txt
  104. evpmd_whirlpool.txt
  105. evppbe_scrypt.txt
  106. evppbe_pkcs12.txt
  107. evppkey_kdf_scrypt.txt
  108. evppkey_kdf_tls1_prf.txt
  109. evppkey_rsa.txt
  110. );
  111. push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
  112. push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
  113. push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
  114. push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
  115. plan tests =>
  116. + (scalar(@configs) * scalar(@files))
  117. + scalar(@defltfiles)
  118. + 3; # error output tests
  119. foreach (@configs) {
  120. my $conf = srctop_file("test", $_);
  121. foreach my $f ( @files ) {
  122. ok(run(test(["evp_test",
  123. "-config", $conf,
  124. data_file("$f")])),
  125. "running evp_test -config $conf $f");
  126. }
  127. }
  128. my $conf = srctop_file("test", $defaultcnf);
  129. foreach my $f ( @defltfiles ) {
  130. ok(run(test(["evp_test",
  131. "-config", $conf,
  132. data_file("$f")])),
  133. "running evp_test -config $conf $f");
  134. }
  135. # test_errors OPTIONS
  136. #
  137. # OPTIONS may include:
  138. #
  139. # key => "filename" # expected to be found in $SRCDIR/test/certs
  140. # out => "filename" # file to write error strings to
  141. # args => [ ... extra openssl pkey args ... ]
  142. # expected => regexps to match error lines against
  143. sub test_errors { # actually tests diagnostics of OSSL_STORE
  144. my %opts = @_;
  145. my $infile = srctop_file('test', 'certs', $opts{key});
  146. my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
  147. my $res = !run(app([@args], stderr => $opts{out}));
  148. my $found = !exists $opts{expected};
  149. open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
  150. while(my $errline = <$in>) {
  151. print $errline; # this may help debugging
  152. # output must not include ASN.1 parse errors
  153. $res &&= $errline !~ m/asn1 encoding/;
  154. # output must include what is expressed in $opts{$expected}
  155. $found = 1
  156. if exists $opts{expected} && $errline =~ m/$opts{expected}/;
  157. }
  158. close $in;
  159. # $tmpfile is kept to help with investigation in case of failure
  160. return $res && $found;
  161. }
  162. SKIP: {
  163. skip "DSA not disabled", 2 if !disabled("dsa");
  164. ok(test_errors(key => 'server-dsa-key.pem',
  165. out => 'server-dsa-key.err'),
  166. "expected error loading unsupported dsa private key");
  167. ok(test_errors(key => 'server-dsa-pubkey.pem',
  168. out => 'server-dsa-pubkey.err',
  169. args => [ '-pubin' ],
  170. expected => 'unsupported'),
  171. "expected error loading unsupported dsa public key");
  172. }
  173. SKIP: {
  174. skip "SM2 not disabled", 1 if !disabled("sm2");
  175. ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
  176. "expected error loading unsupported sm2 private key");
  177. }