mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Teach ssl_test_new to have different tests for different loaded providers

Browse Source 
We now run the tests twice: Once with no specific providers loaded and
just using the default libctx, and a second time with a non-default libctx
and the default provider.

In the second run we disable tests which use a PSS cert/key because we
don't yet have support for that.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
This commit is contained in:
Matt Caswell 2020-04-07 16:22:49 +01:00
parent fea4e2bd36
commit ab5a02f707
5 changed files with 577 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
test/generate_ssl_tests.pl
View File

@ -127,17 +127,28 @@ sub print_templates {
# Shamelessly copied from Configure.
sub read_config {
my $fname = shift;
my $provider = shift;
my $fips_mode = "0";
my $no_deflt_libctx = "0";
$fips_mode = "1" if $provider eq "fips";
$no_deflt_libctx = "1" if $provider eq "default" || $provider eq "fips";
open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n";
local $/ = undef;
my $content = <INPUT>;
$content =~ s/FIPS_MODE/$fips_mode/g;
$content =~ s/NO_DEFLT_LIBCTX/$no_deflt_libctx/g;
close(INPUT);
eval $content;
warn $@ if $@;
}
my $input_file = shift;
my $provider = shift;
# Reads the tests into ssltests::tests.
read_config($input_file);
read_config($input_file, $provider);
print_templates();
1;

18
test/recipes/80-test_ssl_new.t
View File

@ -108,26 +108,30 @@ my %skip = (
foreach my $conf (@conf_files) {
subtest "Test configuration $conf" => sub {
plan tests => 6;
test_conf($conf,
$conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
defined($skip{$conf}) ? $skip{$conf} : $no_tls);
defined($skip{$conf}) ? $skip{$conf} : $no_tls,
"none");
test_conf($conf,
0,
defined($skip{$conf}) ? $skip{$conf} : $no_tls,
"default");
}
}
sub test_conf {
plan tests => 3;
my ($conf, $check_source, $skip) = @_;
my ($conf, $check_source, $skip, $provider) = @_;
my $conf_file = srctop_file("test", "ssl-tests", $conf);
my $input_file = $conf_file . ".in";
my $output_file = $conf;
my $output_file = $conf . "." . $provider;
my $run_test = 1;
SKIP: {
# "Test" 1. Generate the source.
skip 'failure', 2 unless
ok(run(perltest(["generate_ssl_tests.pl", $input_file],
ok(run(perltest(["generate_ssl_tests.pl", $input_file, $provider],
interpreter_args => [ "-I", srctop_dir("util", "perl")],
stdout => $output_file)),
"Getting output from generate_ssl_tests.pl.");
@ -145,7 +149,7 @@ sub test_conf {
skip "No tests available; skipping tests", 1 if $skip;
skip "Stale sources; skipping tests", 1 if !$run_test;
ok(run(test(["ssl_test", $output_file, "default"])),
ok(run(test(["ssl_test", $output_file, $provider])),
"running ssl_test $conf");
}
}

850
test/ssl-tests/20-cert-select.cnf
View File

File diff suppressed because it is too large Load Diff

239
test/ssl-tests/20-cert-select.cnf.in
View File

@ -41,13 +41,21 @@ my $server_pss_restrict_only = {
"PrivateKey" => test_pem("server-pss-restrict-key.pem"),
};
my $server_rsa_all;
my $server_rsa_all = {
"PSS.Certificate" => test_pem("server-pss-cert.pem"),
"PSS.PrivateKey" => test_pem("server-pss-key.pem"),
"Certificate" => test_pem("servercert.pem"),
"PrivateKey" => test_pem("serverkey.pem"),
};
if (NO_DEFLT_LIBCTX) {
$server_rsa_all = {
"Certificate" => test_pem("servercert.pem"),
"PrivateKey" => test_pem("serverkey.pem"),
};
} else {
$server_rsa_all = {
"PSS.Certificate" => test_pem("server-pss-cert.pem"),
"PSS.PrivateKey" => test_pem("server-pss-key.pem"),
"Certificate" => test_pem("servercert.pem"),
"PrivateKey" => test_pem("serverkey.pem"),
};
}
our @tests = (
{
@ -180,19 +188,6 @@ our @tests = (
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Certificate CipherString Selection",
server => $server_pss,
client => {
"CipherString" => "aRSA",
"MaxProtocol" => "TLSv1.2",
},
test => {
"ExpectedServerCertType" =>, "RSA-PSS",
"ExpectedServerSignType" =>, "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "P-256 CipherString and Signature Algorithm Selection",
server => $server,
@ -350,6 +345,108 @@ our @tests = (
"ExpectedResult" => "Success"
},
},
{
name => "RSA key exchange with all RSA certificate types",
server => $server_rsa_all,
client => {
"CipherString" => "kRSA",
"MaxProtocol" => "TLSv1.2",
},
test => {
"ExpectedServerCertType" =>, "RSA",
"ExpectedResult" => "Success"
},
},
{
name => "Suite B P-256 Hash Algorithm Selection",
server => {
"ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
"ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
"MaxProtocol" => "TLSv1.2",
"CipherString" => "SUITEB128"
},
client => {
"VerifyCAFile" => test_pem("p384-root.pem"),
"SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
},
test => {
"ExpectedServerCertType" => "P-256",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success"
},
},
{
name => "Suite B P-384 Hash Algorithm Selection",
server => {
"ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
"ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
"MaxProtocol" => "TLSv1.2",
"CipherString" => "SUITEB128"
},
client => {
"VerifyCAFile" => test_pem("p384-root.pem"),
"SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
},
test => {
"ExpectedServerCertType" => "P-384",
"ExpectedServerSignHash" => "SHA384",
"ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success"
},
},
{
name => "TLS 1.2 Ed25519 Client Auth",
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require"
},
client => {
"Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
"Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
"MinProtocol" => "TLSv1.2",
"MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedClientCertType" => "Ed25519",
"ExpectedClientSignType" => "Ed25519",
"ExpectedResult" => "Success"
},
},
{
name => "TLS 1.2 Ed448 Client Auth",
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require"
},
client => {
"Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
"Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
"MinProtocol" => "TLSv1.2",
"MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedClientCertType" => "Ed448",
"ExpectedClientSignType" => "Ed448",
"ExpectedResult" => "Success"
},
},
);
my @tests_pss = (
{
name => "RSA-PSS Certificate CipherString Selection",
server => $server_pss,
client => {
"CipherString" => "aRSA",
"MaxProtocol" => "TLSv1.2",
},
test => {
"ExpectedServerCertType" =>, "RSA-PSS",
"ExpectedServerSignType" =>, "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
server => $server_pss,
@ -457,18 +554,6 @@ our @tests = (
"ExpectedResult" => "ServerFail"
},
},
{
name => "RSA key exchange with all RSA certificate types",
server => $server_rsa_all,
client => {
"CipherString" => "kRSA",
"MaxProtocol" => "TLSv1.2",
},
test => {
"ExpectedServerCertType" =>, "RSA",
"ExpectedResult" => "Success"
},
},
{
name => "RSA key exchange with only RSA-PSS certificate",
server => $server_pss_only,
@ -480,80 +565,6 @@ our @tests = (
"ExpectedResult" => "ServerFail"
},
},
{
name => "Suite B P-256 Hash Algorithm Selection",
server => {
"ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
"ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
"MaxProtocol" => "TLSv1.2",
"CipherString" => "SUITEB128"
},
client => {
"VerifyCAFile" => test_pem("p384-root.pem"),
"SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
},
test => {
"ExpectedServerCertType" => "P-256",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success"
},
},
{
name => "Suite B P-384 Hash Algorithm Selection",
server => {
"ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
"ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
"MaxProtocol" => "TLSv1.2",
"CipherString" => "SUITEB128"
},
client => {
"VerifyCAFile" => test_pem("p384-root.pem"),
"SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
},
test => {
"ExpectedServerCertType" => "P-384",
"ExpectedServerSignHash" => "SHA384",
"ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success"
},
},
{
name => "TLS 1.2 Ed25519 Client Auth",
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require"
},
client => {
"Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
"Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
"MinProtocol" => "TLSv1.2",
"MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedClientCertType" => "Ed25519",
"ExpectedClientSignType" => "Ed25519",
"ExpectedResult" => "Success"
},
},
{
name => "TLS 1.2 Ed448 Client Auth",
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require"
},
client => {
"Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
"Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
"MinProtocol" => "TLSv1.2",
"MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedClientCertType" => "Ed448",
"ExpectedClientSignType" => "Ed448",
"ExpectedResult" => "Success"
},
},
);
my @tests_tls_1_1 = (
@ -569,7 +580,10 @@ my @tests_tls_1_1 = (
},
);
push @tests, @tests_tls_1_1 unless disabled("tls1_1");
#TODO(3.0): Re-enable these PSS tests in a NO_DEFLT_LIBCTX build once we have
# support for it
push @tests, @tests_pss unless NO_DEFLT_LIBCTX;
push @tests, @tests_tls_1_1 unless disabled("tls1_1") || NO_DEFLT_LIBCTX;
my $server_tls_1_3 = {
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
@ -582,19 +596,6 @@ my $server_tls_1_3 = {
"MaxProtocol" => "TLSv1.3"
};
my $server_tls_1_3_pss = {
"PSS.Certificate" => test_pem("server-pss-cert.pem"),
"PSS.PrivateKey" => test_pem("server-pss-key.pem"),
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
"ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
"Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
"Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
"Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
"Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
};
my $client_tls_1_3 = {
"RSA.Certificate" => test_pem("ee-client-chain.pem"),
"RSA.PrivateKey" => test_pem("ee-key.pem"),

16
test/ssl_test.c
View File

@ -533,14 +533,16 @@ int setup_tests(void)
if (!TEST_ptr(modulename = test_get_argument(1)))
return 0;
defctxnull = OSSL_PROVIDER_load(NULL, "null");
libctx = OPENSSL_CTX_new();
if (!TEST_ptr(libctx))
return 0;
if (strcmp(modulename, "none") != 0) {
defctxnull = OSSL_PROVIDER_load(NULL, "null");
libctx = OPENSSL_CTX_new();
if (!TEST_ptr(libctx))
return 0;
thisprov = OSSL_PROVIDER_load(libctx, modulename);
if (!TEST_ptr(thisprov))
return 0;
thisprov = OSSL_PROVIDER_load(libctx, modulename);
if (!TEST_ptr(thisprov))
return 0;
}
ADD_ALL_TESTS(test_handshake, (int)num_tests);
return 1;