1#! /usr/bin/env perl 2# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); 14use OpenSSL::Test::Utils; 15 16BEGIN { 17 setup("test_evp"); 18} 19 20use lib srctop_dir('Configurations'); 21use lib bldtop_dir('.'); 22 23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); 25my $no_des = disabled("des"); 26my $no_dh = disabled("dh"); 27my $no_dsa = disabled("dsa"); 28my $no_ec = disabled("ec"); 29my $no_gost = disabled("gost"); 30my $no_sm2 = disabled("sm2"); 31 32# Default config depends on if the legacy module is built or not 33my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; 34 35my @configs = ( $defaultcnf ); 36# Only add the FIPS config if the FIPS module has been built 37push @configs, 'fips-and-base.cnf' unless $no_fips; 38 39# A list of tests that run with both the default and fips provider. 40my @files = qw( 41 evpciph_aes_ccm_cavs.txt 42 evpciph_aes_common.txt 43 evpciph_aes_cts.txt 44 evpciph_aes_wrap.txt 45 evpciph_aes_stitched.txt 46 evpciph_des3_common.txt 47 evpkdf_hkdf.txt 48 evpkdf_pbkdf1.txt 49 evpkdf_pbkdf2.txt 50 evpkdf_ss.txt 51 evpkdf_ssh.txt 52 evpkdf_tls12_prf.txt 53 evpkdf_tls13_kdf.txt 54 evpkdf_x942.txt 55 evpkdf_x963.txt 56 evpmac_common.txt 57 evpmd_sha.txt 58 evppbe_pbkdf2.txt 59 evppkey_kdf_hkdf.txt 60 evppkey_rsa_common.txt 61 evprand.txt 62 ); 63push @files, qw( 64 evppkey_ffdhe.txt 65 evppkey_dh.txt 66 ) unless $no_dh; 67push @files, qw( 68 evpkdf_x942_des.txt 69 evpmac_cmac_des.txt 70 ) unless $no_des; 71push @files, qw(evppkey_dsa.txt) unless $no_dsa; 72push @files, qw(evppkey_ecx.txt) unless $no_ec; 73push @files, qw( 74 evppkey_ecc.txt 75 evppkey_ecdh.txt 76 evppkey_ecdsa.txt 77 evppkey_kas.txt 78 evppkey_mismatch.txt 79 ) unless $no_ec || $no_gost; 80 81# A list of tests that only run with the default provider 82# (i.e. The algorithms are not present in the fips provider) 83my @defltfiles = qw( 84 evpciph_aes_ocb.txt 85 evpciph_aes_siv.txt 86 evpciph_aria.txt 87 evpciph_bf.txt 88 evpciph_camellia.txt 89 evpciph_camellia_cts.txt 90 evpciph_cast5.txt 91 evpciph_chacha.txt 92 evpciph_des.txt 93 evpciph_idea.txt 94 evpciph_rc2.txt 95 evpciph_rc4.txt 96 evpciph_rc4_stitched.txt 97 evpciph_rc5.txt 98 evpciph_seed.txt 99 evpciph_sm4.txt 100 evpencod.txt 101 evpkdf_krb5.txt 102 evpkdf_scrypt.txt 103 evpkdf_tls11_prf.txt 104 evpmac_blake.txt 105 evpmac_poly1305.txt 106 evpmac_siphash.txt 107 evpmd_blake.txt 108 evpmd_md.txt 109 evpmd_mdc2.txt 110 evpmd_ripemd.txt 111 evpmd_sm3.txt 112 evpmd_whirlpool.txt 113 evppbe_scrypt.txt 114 evppbe_pkcs12.txt 115 evppkey_kdf_scrypt.txt 116 evppkey_kdf_tls1_prf.txt 117 evppkey_rsa.txt 118 ); 119push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; 120push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; 121 122plan tests => 123 + (scalar(@configs) * scalar(@files)) 124 + scalar(@defltfiles) 125 + 3; # error output tests 126 127foreach (@configs) { 128 my $conf = srctop_file("test", $_); 129 130 foreach my $f ( @files ) { 131 ok(run(test(["evp_test", 132 "-config", $conf, 133 data_file("$f")])), 134 "running evp_test -config $conf $f"); 135 } 136} 137 138my $conf = srctop_file("test", $defaultcnf); 139foreach my $f ( @defltfiles ) { 140 ok(run(test(["evp_test", 141 "-config", $conf, 142 data_file("$f")])), 143 "running evp_test -config $conf $f"); 144} 145 146# test_errors OPTIONS 147# 148# OPTIONS may include: 149# 150# key => "filename" # expected to be found in $SRCDIR/test/certs 151# out => "filename" # file to write error strings to 152# args => [ ... extra openssl pkey args ... ] 153# expected => regexps to match error lines against 154sub test_errors { # actually tests diagnostics of OSSL_STORE 155 my %opts = @_; 156 my $infile = srctop_file('test', 'certs', $opts{key}); 157 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} ); 158 my $res = !run(app([@args], stderr => $opts{out})); 159 my $found = !exists $opts{expected}; 160 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}"; 161 while(my $errline = <$in>) { 162 print $errline; # this may help debugging 163 164 # output must not include ASN.1 parse errors 165 $res &&= $errline !~ m/asn1 encoding/; 166 # output must include what is expressed in $opts{$expected} 167 $found = 1 168 if exists $opts{expected} && $errline =~ m/$opts{expected}/; 169 } 170 close $in; 171 # $tmpfile is kept to help with investigation in case of failure 172 return $res && $found; 173} 174 175SKIP: { 176 skip "DSA not disabled", 2 if !disabled("dsa"); 177 178 ok(test_errors(key => 'server-dsa-key.pem', 179 out => 'server-dsa-key.err'), 180 "expected error loading unsupported dsa private key"); 181 ok(test_errors(key => 'server-dsa-pubkey.pem', 182 out => 'server-dsa-pubkey.err', 183 args => [ '-pubin' ], 184 expected => 'unsupported'), 185 "expected error loading unsupported dsa public key"); 186} 187 188SKIP: { 189 skip "SM2 not disabled", 1 if !disabled("sm2"); 190 191 ok(test_errors(key => 'sm2.key', out => 'sm2.err'), 192 "expected error loading unsupported sm2 private key"); 193} 194