mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
745fc918e7
Replace the properties default, fips and legacy with a single property called "provider". So, for example, instead of writing "default=yes" to get algorithms from the default provider you would instead write "provider=default". We also have a new "fips" property to indicate that an algorithm is compatible with FIPS mode. This applies to all the algorithms in the FIPS provider, as well as any non-cryptographic algorithms (currently only serializers). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11097)
145 lines
6.0 KiB
Perl
145 lines
6.0 KiB
Perl
#! /usr/bin/env perl
|
|
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir bldtop_file);
|
|
use OpenSSL::Test::Utils;
|
|
|
|
BEGIN {
|
|
setup("test_evp_fetch_prov");
|
|
}
|
|
|
|
use lib srctop_dir('Configurations');
|
|
use lib bldtop_dir('.');
|
|
use platform;
|
|
|
|
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
|
|
my @types = ( "digest", "cipher" );
|
|
|
|
$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
|
|
$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
|
|
|
|
my @setups = ();
|
|
my @testdata = (
|
|
{ config => srctop_file("test", "default.cnf"),
|
|
providers => [ 'default' ],
|
|
tests => [ { providers => [] },
|
|
{ },
|
|
{ args => [ '-property', 'provider=default' ],
|
|
message => 'using property "provider=default"' },
|
|
{ args => [ '-property', 'provider!=fips' ],
|
|
message => 'using property "provider!=fips"' },
|
|
{ args => [ '-property', 'provider!=default', '-fetchfail' ],
|
|
message =>
|
|
'using property "provider!=default" is expected to fail' },
|
|
{ args => [ '-property', 'provider=fips', '-fetchfail' ],
|
|
message =>
|
|
'using property "provider=fips" is expected to fail' } ] }
|
|
);
|
|
|
|
unless ($no_fips) {
|
|
push @setups, {
|
|
cmd => app(['openssl', 'fipsinstall',
|
|
'-out', bldtop_file('providers', 'fipsinstall.conf'),
|
|
'-module', bldtop_file('providers', platform->dso('fips')),
|
|
'-provider_name', 'fips', '-mac_name', 'HMAC',
|
|
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
|
|
'-section_name', 'fips_sect']),
|
|
message => "fipsinstall"
|
|
};
|
|
push @testdata, (
|
|
{ config => srctop_file("test", "fips.cnf"),
|
|
providers => [ 'fips' ],
|
|
tests => [
|
|
{ args => [ '-property', '' ] },
|
|
{ args => [ '-property', 'provider=fips' ],
|
|
message => 'using property "provider=fips"' },
|
|
{ args => [ '-property', 'provider!=default' ],
|
|
message => 'using property "provider!=default"' },
|
|
{ args => [ '-property', 'provider=default', '-fetchfail' ],
|
|
message =>
|
|
'using property "provider=default" is expected to fail' },
|
|
{ args => [ '-property', 'provider!=fips', '-fetchfail' ],
|
|
message =>
|
|
'using property "provider!=fips" is expected to fail' },
|
|
{ args => [ '-property', 'fips=yes' ],
|
|
message => 'using property "fips=yes"' },
|
|
{ args => [ '-property', 'fips!=no' ],
|
|
message => 'using property "fips!=no"' },
|
|
{ args => [ '-property', '-fips' ],
|
|
message => 'using property "-fips"' },
|
|
{ args => [ '-property', 'fips=no', '-fetchfail' ],
|
|
message => 'using property "fips=no is expected to fail"' },
|
|
{ args => [ '-property', 'fips!=yes', '-fetchfail' ],
|
|
message => 'using property "fips!=yes is expected to fail"' } ] },
|
|
{ config => srctop_file("test", "default-and-fips.cnf"),
|
|
providers => [ 'default', 'fips' ],
|
|
tests => [
|
|
{ args => [ '-property', '' ] },
|
|
{ args => [ '-property', 'provider!=default' ],
|
|
message => 'using property "provider!=default"' },
|
|
{ args => [ '-property', 'provider=default' ],
|
|
message => 'using property "provider=default"' },
|
|
{ args => [ '-property', 'provider!=fips' ],
|
|
message => 'using property "provider!=fips"' },
|
|
{ args => [ '-property', 'provider=fips' ],
|
|
message => 'using property "provider=fips"' },
|
|
{ args => [ '-property', 'fips=yes' ],
|
|
message => 'using property "fips=yes"' },
|
|
{ args => [ '-property', 'fips!=no' ],
|
|
message => 'using property "fips!=no"' },
|
|
{ args => [ '-property', '-fips' ],
|
|
message => 'using property "-fips"' },
|
|
{ args => [ '-property', 'fips=no' ],
|
|
message => 'using property "fips=no"' },
|
|
{ args => [ '-property', 'fips!=yes' ],
|
|
message => 'using property "fips!=yes"' } ] },
|
|
);
|
|
}
|
|
|
|
my $testcount = 0;
|
|
foreach (@testdata) {
|
|
$testcount += scalar @{$_->{tests}};
|
|
}
|
|
|
|
plan tests => 1 + scalar @setups + $testcount * scalar(@types);
|
|
|
|
ok(run(test(["evp_fetch_prov_test", "-defaultctx"])),
|
|
"running evp_fetch_prov_test using the default libctx");
|
|
|
|
foreach my $setup (@setups) {
|
|
ok(run($setup->{cmd}), $setup->{message});
|
|
}
|
|
|
|
foreach my $alg (@types) {
|
|
foreach my $testcase (@testdata) {
|
|
$ENV{OPENSSL_CONF} = $testcase->{config};
|
|
foreach my $test (@{$testcase->{tests}}) {
|
|
my @testproviders =
|
|
@{ $test->{providers} // $testcase->{providers} };
|
|
my $testprovstr = @testproviders
|
|
? ' and loaded providers ' . join(' & ',
|
|
map { "'$_'" } @testproviders)
|
|
: '';
|
|
my @testargs = @{ $test->{args} // [] };
|
|
my $testmsg =
|
|
defined $test->{message} ? ' '.$test->{message} : '';
|
|
|
|
my $message =
|
|
"running evp_fetch_prov_test with $alg$testprovstr$testmsg";
|
|
|
|
ok(run(test(["evp_fetch_prov_test", "-type", "$alg",
|
|
@testargs, @testproviders])),
|
|
$message);
|
|
}
|
|
}
|
|
}
|