[thirdparty/openssl.git] / test / recipes / 30-test_evp.t

#! /usr/bin/env perl
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
use OpenSSL::Test::Utils;

BEGIN {
    setup("test_evp");
}

use lib srctop_dir('Configurations');
use lib bldtop_dir('.');

my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
my $no_dh = disabled("dh");
my $no_dsa = disabled("dsa");
my $no_ec = disabled("ec");
my $no_gost = disabled("gost");
my $no_sm2 = disabled("sm2");

# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';

my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
push @configs, 'fips-and-base.cnf' unless $no_fips;

# A list of tests that run with both the default and fips provider.
my @files = qw(
                evpciph_aes_ccm_cavs.txt
                evpciph_aes_common.txt
                evpciph_aes_cts.txt
                evpciph_aes_wrap.txt
                evpciph_des3_common.txt
                evpkdf_hkdf.txt
                evpkdf_pbkdf2.txt
                evpkdf_ss.txt
                evpkdf_ssh.txt
                evpkdf_tls12_prf.txt
                evpkdf_x942.txt
                evpkdf_x963.txt
                evpmac_common.txt
                evpmd_sha.txt
                evppbe_pbkdf2.txt
                evppkey_kdf_hkdf.txt
                evppkey_rsa_common.txt
                evprand.txt
              );
push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
push @files, qw(evppkey_ecx.txt) unless $no_ec;
push @files, qw(
                evppkey_ecc.txt
                evppkey_ecdh.txt
                evppkey_ecdsa.txt
                evppkey_kas.txt
                evppkey_mismatch.txt
              ) unless $no_ec || $no_gost;

# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
my @defltfiles = qw(
                     evpciph_aes_ocb.txt
                     evpciph_aes_siv.txt
                     evpciph_aria.txt 
                     evpciph_bf.txt
                     evpciph_camellia.txt
                     evpciph_cast5.txt
                     evpciph_chacha.txt
                     evpciph_des.txt
                     evpciph_idea.txt
                     evpciph_rc2.txt
                     evpciph_rc4.txt
                     evpciph_rc5.txt
                     evpciph_seed.txt
                     evpciph_sm4.txt
                     evpencod.txt
                     evpkdf_krb5.txt
                     evpkdf_scrypt.txt
                     evpkdf_tls11_prf.txt
                     evpmac_blake.txt
                     evpmac_poly1305.txt
                     evpmac_siphash.txt
                     evpmd_blake.txt
                     evpmd_md.txt
                     evpmd_mdc2.txt
                     evpmd_ripemd.txt
                     evpmd_sm3.txt
                     evpmd_whirlpool.txt
                     evppbe_scrypt.txt
                     evppbe_pkcs12.txt
                     evppkey_kdf_scrypt.txt
                     evppkey_kdf_tls1_prf.txt
                     evppkey_rsa.txt
                    );
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;

plan tests =>
    + (scalar(@configs) * scalar(@files))
    + scalar(@defltfiles)
    + 3; # error output tests

foreach (@configs) {
    my $conf = srctop_file("test", $_);

    foreach my $f ( @files ) {
        ok(run(test(["evp_test",
                     "-config", $conf,
                     data_file("$f")])),
           "running evp_test -config $conf $f");
    }
}

my $conf = srctop_file("test", $defaultcnf);
foreach my $f ( @defltfiles ) {
    ok(run(test(["evp_test",
                 "-config", $conf,
                 data_file("$f")])),
       "running evp_test -config $conf $f");
}

sub test_errors { # actually tests diagnostics of OSSL_STORE
    my ($expected, $key, @opts) = @_;
    my $infile = srctop_file('test', 'certs', $key);
    my @args = qw(openssl pkey -in);
    push(@args, $infile, @opts);
    my $tmpfile = 'out.txt';
    my $res = !run(app([@args], stderr => $tmpfile));
    my $found = 0;
    open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
    while(<$in>) {
        print; # this may help debugging
        $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
        $found = 1 if m/$expected/; # output must include $expected
    }
    close $in;
    # $tmpfile is kept to help with investigation in case of failure
    return $res && $found;
}

SKIP: {
    skip "DSA not disabled", 2 if !disabled("dsa");

    ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
       "error loading unsupported dsa private key");
    ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
       "error loading unsupported dsa public key");
}

SKIP: {
    skip "sm2 not disabled", 1 if !disabled("sm2");

    ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
       "error loading unsupported sm2 private key");
}
Commit	Line	Data
596d6b7e	1	#! /usr/bin/env perl
8020d79b	2	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
596d6b7e	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
596d6b7e RS	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
4fb35f8f RL	9
	10	use strict;
	11	use warnings;
	12
7bb82f92	13	use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
23ccf13d	14	use OpenSSL::Test::Utils;
4fb35f8f	15
7bb82f92	16	BEGIN {
5ccada09	17	setup("test_evp");
7bb82f92 SL	18	}
	19
	20	use lib srctop_dir('Configurations');
	21	use lib bldtop_dir('.');
4fb35f8f	22
e0d952fc RL	23	my $no_fips = disabled('fips') \|\| ($ENV{NO_FIPS} // 0);
e0d952fc RL	24	my $no_legacy = disabled('legacy') \|\| ($ENV{NO_LEGACY} // 0);
5e26c339 DDO	25	my $no_dh = disabled("dh");
	26	my $no_dsa = disabled("dsa");
	27	my $no_ec = disabled("ec");
	28	my $no_gost = disabled("gost");
	29	my $no_sm2 = disabled("sm2");
e0d952fc	30
23ccf13d	31	# Default config depends on if the legacy module is built or not
e0d952fc	32	my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
23ccf13d RL	33
	34	my @configs = ( $defaultcnf );
	35	# Only add the FIPS config if the FIPS module has been built
7192e4df	36	push @configs, 'fips-and-base.cnf' unless $no_fips;
23ccf13d	37
5ccada09 SL	38	# A list of tests that run with both the default and fips provider.
	39	my @files = qw(
	40	evpciph_aes_ccm_cavs.txt
	41	evpciph_aes_common.txt
3dafbd44	42	evpciph_aes_cts.txt
8ea761bf	43	evpciph_aes_wrap.txt
5ccada09 SL	44	evpciph_des3_common.txt
	45	evpkdf_hkdf.txt
	46	evpkdf_pbkdf2.txt
	47	evpkdf_ss.txt
	48	evpkdf_ssh.txt
	49	evpkdf_tls12_prf.txt
89cccbea	50	evpkdf_x942.txt
5ccada09 SL	51	evpkdf_x963.txt
	52	evpmac_common.txt
	53	evpmd_sha.txt
	54	evppbe_pbkdf2.txt
5e26c339 DDO	55	evppkey_kdf_hkdf.txt
	56	evppkey_rsa_common.txt
	57	evprand.txt
	58	);
	59	push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
	60	push @files, qw(evppkey_dsa.txt) unless $no_dsa;
	61	push @files, qw(evppkey_ecx.txt) unless $no_ec;
	62	push @files, qw(
96b92410 RL	63	evppkey_ecc.txt
96b92410 RL	64	evppkey_ecdh.txt
5ccada09	65	evppkey_ecdsa.txt
5ccada09	66	evppkey_kas.txt
5ccada09	67	evppkey_mismatch.txt
5e26c339	68	) unless $no_ec \|\| $no_gost;
5ccada09 SL	69
	70	# A list of tests that only run with the default provider
	71	# (i.e. The algorithms are not present in the fips provider)
	72	my @defltfiles = qw(
5ccada09 SL	73	evpciph_aes_ocb.txt
	74	evpciph_aes_siv.txt
	75	evpciph_aria.txt
	76	evpciph_bf.txt
	77	evpciph_camellia.txt
	78	evpciph_cast5.txt
	79	evpciph_chacha.txt
	80	evpciph_des.txt
	81	evpciph_idea.txt
	82	evpciph_rc2.txt
	83	evpciph_rc4.txt
	84	evpciph_rc5.txt
	85	evpciph_seed.txt
	86	evpciph_sm4.txt
	87	evpencod.txt
	88	evpkdf_krb5.txt
	89	evpkdf_scrypt.txt
	90	evpkdf_tls11_prf.txt
5ccada09 SL	91	evpmac_blake.txt
	92	evpmac_poly1305.txt
	93	evpmac_siphash.txt
	94	evpmd_blake.txt
	95	evpmd_md.txt
	96	evpmd_mdc2.txt
	97	evpmd_ripemd.txt
	98	evpmd_sm3.txt
	99	evpmd_whirlpool.txt
	100	evppbe_scrypt.txt
0e53cd52	101	evppbe_pkcs12.txt
5ccada09 SL	102	evppkey_kdf_scrypt.txt
5ccada09 SL	103	evppkey_kdf_tls1_prf.txt
3f699197	104	evppkey_rsa.txt
5ccada09	105	);
5e26c339 DDO	106	push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
5e26c339 DDO	107	push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
ed5cb177	108
e0d952fc	109	plan tests =>
e0d952fc	110	+ (scalar(@configs) * scalar(@files))
66066e1b DDO	111	+ scalar(@defltfiles)
66066e1b DDO	112	+ 3; # error output tests
e0d952fc	113
e2f72313	114	foreach (@configs) {
5ccada09	115	my $conf = srctop_file("test", $_);
e2f72313 RL	116
e2f72313 RL	117	foreach my $f ( @files ) {
5ccada09 SL	118	ok(run(test(["evp_test",
	119	"-config", $conf,
	120	data_file("$f")])),
	121	"running evp_test -config $conf $f");
e2f72313	122	}
6b7b3433	123	}
f305ecda	124
5ccada09	125	my $conf = srctop_file("test", $defaultcnf);
f305ecda	126	foreach my $f ( @defltfiles ) {
5ccada09 SL	127	ok(run(test(["evp_test",
	128	"-config", $conf,
	129	data_file("$f")])),
	130	"running evp_test -config $conf $f");
f305ecda	131	}
66066e1b DDO	132
	133	sub test_errors { # actually tests diagnostics of OSSL_STORE
	134	my ($expected, $key, @opts) = @_;
	135	my $infile = srctop_file('test', 'certs', $key);
	136	my @args = qw(openssl pkey -in);
	137	push(@args, $infile, @opts);
	138	my $tmpfile = 'out.txt';
	139	my $res = !run(app([@args], stderr => $tmpfile));
	140	my $found = 0;
	141	open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
	142	while(<$in>) {
	143	print; # this may help debugging
	144	$res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
	145	$found = 1 if m/$expected/; # output must include $expected
	146	}
	147	close $in;
	148	# $tmpfile is kept to help with investigation in case of failure
	149	return $res && $found;
	150	}
	151
	152	SKIP: {
	153	skip "DSA not disabled", 2 if !disabled("dsa");
	154
	155	ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
	156	"error loading unsupported dsa private key");
	157	ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
	158	"error loading unsupported dsa public key");
	159	}
	160
	161	SKIP: {
	162	skip "sm2 not disabled", 1 if !disabled("sm2");
	163
	164	ok(test_errors("unknown group\|unsupported algorithm", "sm2.key"),
	165	"error loading unsupported sm2 private key");
	166	}