mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
45e72d1f27
One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into their own files which are conditionally excluded. Fixes #14958 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
189 lines
6.2 KiB
Perl
189 lines
6.2 KiB
Perl
#! /usr/bin/env perl
|
|
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
|
|
use OpenSSL::Test::Utils;
|
|
|
|
BEGIN {
|
|
setup("test_evp");
|
|
}
|
|
|
|
use lib srctop_dir('Configurations');
|
|
use lib bldtop_dir('.');
|
|
|
|
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
|
|
my $no_des = disabled("des");
|
|
my $no_dh = disabled("dh");
|
|
my $no_dsa = disabled("dsa");
|
|
my $no_ec = disabled("ec");
|
|
my $no_gost = disabled("gost");
|
|
my $no_sm2 = disabled("sm2");
|
|
|
|
# Default config depends on if the legacy module is built or not
|
|
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
|
|
|
|
my @configs = ( $defaultcnf );
|
|
# Only add the FIPS config if the FIPS module has been built
|
|
push @configs, 'fips-and-base.cnf' unless $no_fips;
|
|
|
|
# A list of tests that run with both the default and fips provider.
|
|
my @files = qw(
|
|
evpciph_aes_ccm_cavs.txt
|
|
evpciph_aes_common.txt
|
|
evpciph_aes_cts.txt
|
|
evpciph_aes_wrap.txt
|
|
evpciph_des3_common.txt
|
|
evpkdf_hkdf.txt
|
|
evpkdf_pbkdf2.txt
|
|
evpkdf_ss.txt
|
|
evpkdf_ssh.txt
|
|
evpkdf_tls12_prf.txt
|
|
evpkdf_x942.txt
|
|
evpkdf_x963.txt
|
|
evpmac_common.txt
|
|
evpmd_sha.txt
|
|
evppbe_pbkdf2.txt
|
|
evppkey_kdf_hkdf.txt
|
|
evppkey_rsa_common.txt
|
|
evprand.txt
|
|
);
|
|
push @files, qw(
|
|
evppkey_ffdhe.txt
|
|
evppkey_dh.txt
|
|
) unless $no_dh;
|
|
push @files, qw(
|
|
evpkdf_x942_des.txt
|
|
evpmac_cmac_des.txt
|
|
) unless $no_des;
|
|
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
|
|
push @files, qw(evppkey_ecx.txt) unless $no_ec;
|
|
push @files, qw(
|
|
evppkey_ecc.txt
|
|
evppkey_ecdh.txt
|
|
evppkey_ecdsa.txt
|
|
evppkey_kas.txt
|
|
evppkey_mismatch.txt
|
|
) unless $no_ec || $no_gost;
|
|
|
|
# A list of tests that only run with the default provider
|
|
# (i.e. The algorithms are not present in the fips provider)
|
|
my @defltfiles = qw(
|
|
evpciph_aes_ocb.txt
|
|
evpciph_aes_siv.txt
|
|
evpciph_aria.txt
|
|
evpciph_bf.txt
|
|
evpciph_camellia.txt
|
|
evpciph_cast5.txt
|
|
evpciph_chacha.txt
|
|
evpciph_des.txt
|
|
evpciph_idea.txt
|
|
evpciph_rc2.txt
|
|
evpciph_rc4.txt
|
|
evpciph_rc5.txt
|
|
evpciph_seed.txt
|
|
evpciph_sm4.txt
|
|
evpencod.txt
|
|
evpkdf_krb5.txt
|
|
evpkdf_scrypt.txt
|
|
evpkdf_tls11_prf.txt
|
|
evpmac_blake.txt
|
|
evpmac_poly1305.txt
|
|
evpmac_siphash.txt
|
|
evpmd_blake.txt
|
|
evpmd_md.txt
|
|
evpmd_mdc2.txt
|
|
evpmd_ripemd.txt
|
|
evpmd_sm3.txt
|
|
evpmd_whirlpool.txt
|
|
evppbe_scrypt.txt
|
|
evppbe_pkcs12.txt
|
|
evppkey_kdf_scrypt.txt
|
|
evppkey_kdf_tls1_prf.txt
|
|
evppkey_rsa.txt
|
|
);
|
|
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
|
|
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
|
|
|
|
plan tests =>
|
|
+ (scalar(@configs) * scalar(@files))
|
|
+ scalar(@defltfiles)
|
|
+ 3; # error output tests
|
|
|
|
foreach (@configs) {
|
|
my $conf = srctop_file("test", $_);
|
|
|
|
foreach my $f ( @files ) {
|
|
ok(run(test(["evp_test",
|
|
"-config", $conf,
|
|
data_file("$f")])),
|
|
"running evp_test -config $conf $f");
|
|
}
|
|
}
|
|
|
|
my $conf = srctop_file("test", $defaultcnf);
|
|
foreach my $f ( @defltfiles ) {
|
|
ok(run(test(["evp_test",
|
|
"-config", $conf,
|
|
data_file("$f")])),
|
|
"running evp_test -config $conf $f");
|
|
}
|
|
|
|
# test_errors OPTIONS
|
|
#
|
|
# OPTIONS may include:
|
|
#
|
|
# key => "filename" # expected to be found in $SRCDIR/test/certs
|
|
# out => "filename" # file to write error strings to
|
|
# args => [ ... extra openssl pkey args ... ]
|
|
# expected => regexps to match error lines against
|
|
sub test_errors { # actually tests diagnostics of OSSL_STORE
|
|
my %opts = @_;
|
|
my $infile = srctop_file('test', 'certs', $opts{key});
|
|
my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
|
|
my $res = !run(app([@args], stderr => $opts{out}));
|
|
my $found = !exists $opts{expected};
|
|
open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
|
|
while(my $errline = <$in>) {
|
|
print $errline; # this may help debugging
|
|
|
|
# output must not include ASN.1 parse errors
|
|
$res &&= $errline !~ m/asn1 encoding/;
|
|
# output must include what is expressed in $opts{$expected}
|
|
$found = 1
|
|
if exists $opts{expected} && $errline =~ m/$opts{expected}/;
|
|
}
|
|
close $in;
|
|
# $tmpfile is kept to help with investigation in case of failure
|
|
return $res && $found;
|
|
}
|
|
|
|
SKIP: {
|
|
skip "DSA not disabled", 2 if !disabled("dsa");
|
|
|
|
ok(test_errors(key => 'server-dsa-key.pem',
|
|
out => 'server-dsa-key.err'),
|
|
"expected error loading unsupported dsa private key");
|
|
ok(test_errors(key => 'server-dsa-pubkey.pem',
|
|
out => 'server-dsa-pubkey.err',
|
|
args => [ '-pubin' ],
|
|
expected => 'unsupported'),
|
|
"expected error loading unsupported dsa public key");
|
|
}
|
|
|
|
SKIP: {
|
|
skip "SM2 not disabled", 1 if !disabled("sm2");
|
|
|
|
ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
|
|
"expected error loading unsupported sm2 private key");
|
|
}
|