#! /usr/bin/env perl # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; use warnings; use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); use OpenSSL::Test::Utils; BEGIN { setup("test_evp"); } use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); my $no_dh = disabled("dh"); my $no_dsa = disabled("dsa"); my $no_ec = disabled("ec"); my $no_gost = disabled("gost"); my $no_sm2 = disabled("sm2"); # Default config depends on if the legacy module is built or not my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; my @configs = ( $defaultcnf ); # Only add the FIPS config if the FIPS module has been built push @configs, 'fips-and-base.cnf' unless $no_fips; # A list of tests that run with both the default and fips provider. my @files = qw( evpciph_aes_ccm_cavs.txt evpciph_aes_common.txt evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_des3_common.txt evpkdf_hkdf.txt evpkdf_pbkdf2.txt evpkdf_ss.txt evpkdf_ssh.txt evpkdf_tls12_prf.txt evpkdf_x942.txt evpkdf_x963.txt evpmac_common.txt evpmd_sha.txt evppbe_pbkdf2.txt evppkey_kdf_hkdf.txt evppkey_rsa_common.txt evprand.txt ); push @files, qw(evppkey_ffdhe.txt) unless $no_dh; push @files, qw(evppkey_dsa.txt) unless $no_dsa; push @files, qw(evppkey_ecx.txt) unless $no_ec; push @files, qw( evppkey_ecc.txt evppkey_ecdh.txt evppkey_ecdsa.txt evppkey_kas.txt evppkey_mismatch.txt ) unless $no_ec || $no_gost; # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) my @defltfiles = qw( evpciph_aes_ocb.txt evpciph_aes_siv.txt evpciph_aria.txt evpciph_bf.txt evpciph_camellia.txt evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt evpciph_idea.txt evpciph_rc2.txt evpciph_rc4.txt evpciph_rc5.txt evpciph_seed.txt evpciph_sm4.txt evpencod.txt evpkdf_krb5.txt evpkdf_scrypt.txt evpkdf_tls11_prf.txt evpmac_blake.txt evpmac_poly1305.txt evpmac_siphash.txt evpmd_blake.txt evpmd_md.txt evpmd_mdc2.txt evpmd_ripemd.txt evpmd_sm3.txt evpmd_whirlpool.txt evppbe_scrypt.txt evppbe_pkcs12.txt evppkey_kdf_scrypt.txt evppkey_kdf_tls1_prf.txt evppkey_rsa.txt ); push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; plan tests => ($no_fips ? 0 : 1) # FIPS install test + (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 3; # error output tests unless ($no_fips) { my $infile = bldtop_file('providers', platform->dso('fips')); ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), '-module', $infile])), "fipsinstall"); } foreach (@configs) { my $conf = srctop_file("test", $_); foreach my $f ( @files ) { ok(run(test(["evp_test", "-config", $conf, data_file("$f")])), "running evp_test -config $conf $f"); } } my $conf = srctop_file("test", $defaultcnf); foreach my $f ( @defltfiles ) { ok(run(test(["evp_test", "-config", $conf, data_file("$f")])), "running evp_test -config $conf $f"); } sub test_errors { # actually tests diagnostics of OSSL_STORE my ($expected, $key, @opts) = @_; my $infile = srctop_file('test', 'certs', $key); my @args = qw(openssl pkey -in); push(@args, $infile, @opts); my $tmpfile = 'out.txt'; my $res = !run(app([@args], stderr => $tmpfile)); my $found = 0; open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile"; while(<$in>) { print; # this may help debugging $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors $found = 1 if m/$expected/; # output must include $expected } close $in; # $tmpfile is kept to help with investigation in case of failure return $res && $found; } SKIP: { skip "DSA not disabled", 2 if !disabled("dsa"); ok(test_errors("unsupported algorithm", "server-dsa-key.pem"), "error loading unsupported dsa private key"); ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"), "error loading unsupported dsa public key"); } SKIP: { skip "sm2 not disabled", 1 if !disabled("sm2"); ok(test_errors("unknown group|unsupported algorithm", "sm2.key"), "error loading unsupported sm2 private key"); }