mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
3dafbd4468
The initial thought was that only CS1 mode (the NIST variant) was allowed. The lab has asked if these other modes should be included. The algorithm form indicates that these are able to be validated. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13639)
178 lines
5.8 KiB
Perl
178 lines
5.8 KiB
Perl
#! /usr/bin/env perl
|
|
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
|
|
use OpenSSL::Test::Utils;
|
|
|
|
BEGIN {
|
|
setup("test_evp");
|
|
}
|
|
|
|
use lib srctop_dir('Configurations');
|
|
use lib bldtop_dir('.');
|
|
use platform;
|
|
|
|
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
|
|
my $no_dh = disabled("dh");
|
|
my $no_dsa = disabled("dsa");
|
|
my $no_ec = disabled("ec");
|
|
my $no_gost = disabled("gost");
|
|
my $no_sm2 = disabled("sm2");
|
|
|
|
# Default config depends on if the legacy module is built or not
|
|
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
|
|
|
|
my @configs = ( $defaultcnf );
|
|
# Only add the FIPS config if the FIPS module has been built
|
|
push @configs, 'fips-and-base.cnf' unless $no_fips;
|
|
|
|
# A list of tests that run with both the default and fips provider.
|
|
my @files = qw(
|
|
evpciph_aes_ccm_cavs.txt
|
|
evpciph_aes_common.txt
|
|
evpciph_aes_cts.txt
|
|
evpciph_aes_wrap.txt
|
|
evpciph_des3_common.txt
|
|
evpkdf_hkdf.txt
|
|
evpkdf_pbkdf2.txt
|
|
evpkdf_ss.txt
|
|
evpkdf_ssh.txt
|
|
evpkdf_tls12_prf.txt
|
|
evpkdf_x942.txt
|
|
evpkdf_x963.txt
|
|
evpmac_common.txt
|
|
evpmd_sha.txt
|
|
evppbe_pbkdf2.txt
|
|
evppkey_kdf_hkdf.txt
|
|
evppkey_rsa_common.txt
|
|
evprand.txt
|
|
);
|
|
push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
|
|
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
|
|
push @files, qw(evppkey_ecx.txt) unless $no_ec;
|
|
push @files, qw(
|
|
evppkey_ecc.txt
|
|
evppkey_ecdh.txt
|
|
evppkey_ecdsa.txt
|
|
evppkey_kas.txt
|
|
evppkey_mismatch.txt
|
|
) unless $no_ec || $no_gost;
|
|
|
|
# A list of tests that only run with the default provider
|
|
# (i.e. The algorithms are not present in the fips provider)
|
|
my @defltfiles = qw(
|
|
evpciph_aes_ocb.txt
|
|
evpciph_aes_siv.txt
|
|
evpciph_aria.txt
|
|
evpciph_bf.txt
|
|
evpciph_camellia.txt
|
|
evpciph_cast5.txt
|
|
evpciph_chacha.txt
|
|
evpciph_des.txt
|
|
evpciph_idea.txt
|
|
evpciph_rc2.txt
|
|
evpciph_rc4.txt
|
|
evpciph_rc5.txt
|
|
evpciph_seed.txt
|
|
evpciph_sm4.txt
|
|
evpencod.txt
|
|
evpkdf_krb5.txt
|
|
evpkdf_scrypt.txt
|
|
evpkdf_tls11_prf.txt
|
|
evpmac_blake.txt
|
|
evpmac_poly1305.txt
|
|
evpmac_siphash.txt
|
|
evpmd_blake.txt
|
|
evpmd_md.txt
|
|
evpmd_mdc2.txt
|
|
evpmd_ripemd.txt
|
|
evpmd_sm3.txt
|
|
evpmd_whirlpool.txt
|
|
evppbe_scrypt.txt
|
|
evppbe_pkcs12.txt
|
|
evppkey_kdf_scrypt.txt
|
|
evppkey_kdf_tls1_prf.txt
|
|
evppkey_rsa.txt
|
|
);
|
|
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
|
|
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
|
|
|
|
plan tests =>
|
|
($no_fips ? 0 : 1) # FIPS install test
|
|
+ (scalar(@configs) * scalar(@files))
|
|
+ scalar(@defltfiles)
|
|
+ 3; # error output tests
|
|
|
|
unless ($no_fips) {
|
|
my $infile = bldtop_file('providers', platform->dso('fips'));
|
|
|
|
ok(run(app(['openssl', 'fipsinstall',
|
|
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
|
|
'-module', $infile])),
|
|
"fipsinstall");
|
|
}
|
|
|
|
foreach (@configs) {
|
|
my $conf = srctop_file("test", $_);
|
|
|
|
foreach my $f ( @files ) {
|
|
ok(run(test(["evp_test",
|
|
"-config", $conf,
|
|
data_file("$f")])),
|
|
"running evp_test -config $conf $f");
|
|
}
|
|
}
|
|
|
|
my $conf = srctop_file("test", $defaultcnf);
|
|
foreach my $f ( @defltfiles ) {
|
|
ok(run(test(["evp_test",
|
|
"-config", $conf,
|
|
data_file("$f")])),
|
|
"running evp_test -config $conf $f");
|
|
}
|
|
|
|
sub test_errors { # actually tests diagnostics of OSSL_STORE
|
|
my ($expected, $key, @opts) = @_;
|
|
my $infile = srctop_file('test', 'certs', $key);
|
|
my @args = qw(openssl pkey -in);
|
|
push(@args, $infile, @opts);
|
|
my $tmpfile = 'out.txt';
|
|
my $res = !run(app([@args], stderr => $tmpfile));
|
|
my $found = 0;
|
|
open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
|
|
while(<$in>) {
|
|
print; # this may help debugging
|
|
$res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
|
|
$found = 1 if m/$expected/; # output must include $expected
|
|
}
|
|
close $in;
|
|
# $tmpfile is kept to help with investigation in case of failure
|
|
return $res && $found;
|
|
}
|
|
|
|
SKIP: {
|
|
skip "DSA not disabled", 2 if !disabled("dsa");
|
|
|
|
ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
|
|
"error loading unsupported dsa private key");
|
|
ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
|
|
"error loading unsupported dsa public key");
|
|
}
|
|
|
|
SKIP: {
|
|
skip "sm2 not disabled", 1 if !disabled("sm2");
|
|
|
|
ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
|
|
"error loading unsupported sm2 private key");
|
|
}
|