2
0

90-test_sslapi.t 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. #! /usr/bin/env perl
  2. # Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use OpenSSL::Test::Utils;
  9. use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
  10. use File::Temp qw(tempfile);
  11. BEGIN {
  12. setup("test_sslapi");
  13. }
  14. use lib srctop_dir('Configurations');
  15. use lib bldtop_dir('.');
  16. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  17. my $fipsmodcfg_filename = "fipsmodule.cnf";
  18. my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
  19. my $provconf = srctop_file("test", "fips-and-base.cnf");
  20. # A modified copy of "fipsmodule.cnf"
  21. my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf";
  22. my $fipsmodcfgnew = bldtop_file("test", $fipsmodcfgnew_filename);
  23. # A modified copy of "fips-and-base.cnf"
  24. my $provconfnew = bldtop_file("test", "temp.cnf");
  25. plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
  26. if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
  27. plan tests => 4;
  28. (undef, my $tmpfilename) = tempfile();
  29. ok(run(test(["sslapitest", srctop_dir("test", "certs"),
  30. srctop_file("test", "recipes", "90-test_sslapi_data",
  31. "passwd.txt"), $tmpfilename, "default",
  32. srctop_file("test", "default.cnf"),
  33. srctop_file("test",
  34. "recipes",
  35. "90-test_sslapi_data",
  36. "dhparams.pem")])),
  37. "running sslapitest");
  38. SKIP: {
  39. skip "Skipping FIPS tests", 2
  40. if $no_fips;
  41. ok(run(test(["sslapitest", srctop_dir("test", "certs"),
  42. srctop_file("test", "recipes", "90-test_sslapi_data",
  43. "passwd.txt"), $tmpfilename, "fips",
  44. $provconf,
  45. srctop_file("test",
  46. "recipes",
  47. "90-test_sslapi_data",
  48. "dhparams.pem")])),
  49. "running sslapitest");
  50. run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
  51. capture => 1, statusvar => \my $exit);
  52. skip "FIPS provider version is too old for TLS_PRF EMS option test", 1
  53. if !$exit;
  54. # Read in a text $infile and replace the regular expression in $srch with the
  55. # value in $repl and output to a new file $outfile.
  56. sub replace_line_file_internal {
  57. my ($infile, $srch, $repl, $outfile) = @_;
  58. my $msg;
  59. open(my $in, "<", $infile) or return 0;
  60. read($in, $msg, 1024);
  61. close $in;
  62. $msg =~ s/$srch/$repl/;
  63. open(my $fh, ">", $outfile) or return 0;
  64. print $fh $msg;
  65. close $fh;
  66. return 1;
  67. }
  68. # Read in the text input file $infile
  69. # and replace a single Key = Value line with a new value in $value.
  70. # OR remove the Key = Value line if the passed in $value is empty.
  71. # and then output a new file $outfile.
  72. # $key is the Key to find
  73. sub replace_kv_file {
  74. my ($infile, $key, $value, $outfile) = @_;
  75. my $srch = qr/$key\s*=\s*\S*\n/;
  76. my $rep;
  77. if ($value eq "") {
  78. $rep = "";
  79. } else {
  80. $rep = "$key = $value\n";
  81. }
  82. return replace_line_file_internal($infile, $srch, $rep, $outfile);
  83. }
  84. # Read in the text $input file
  85. # and search for the $key and replace with $newkey
  86. # and then output a new file $outfile.
  87. sub replace_line_file {
  88. my ($infile, $key, $newkey, $outfile) = @_;
  89. my $srch = qr/$key/;
  90. my $rep = "$newkey";
  91. return replace_line_file_internal($infile,
  92. $srch, $rep, $outfile);
  93. }
  94. # In order to enable the tls1-prf-ems-check=1 in a fips config file
  95. # copy the existing fipsmodule.cnf and modify it.
  96. # Then copy fips-and-base.cfg to make a file that includes the changed file
  97. # NOTE that this just runs test_no_ems() to check that the connection
  98. # fails if ems is not used and the fips check is enabled.
  99. ok(replace_kv_file($fipsmodcfg,
  100. 'tls1-prf-ems-check', '1',
  101. $fipsmodcfgnew)
  102. && replace_line_file($provconf,
  103. $fipsmodcfg_filename, $fipsmodcfgnew_filename,
  104. $provconfnew)
  105. && run(test(["sslapitest", srctop_dir("test", "certs"),
  106. srctop_file("test", "recipes", "90-test_sslapi_data",
  107. "passwd.txt"),
  108. $tmpfilename, "fips",
  109. $provconfnew,
  110. srctop_file("test",
  111. "recipes",
  112. "90-test_sslapi_data",
  113. "dhparams.pem")])),
  114. "running sslapitest");
  115. unlink $fipsmodcfgnew;
  116. unlink $provconfnew;
  117. }
  118. ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test");
  119. unlink $tmpfilename;