]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/30-test_evp.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add PBKDF1 to the legacy provider
[thirdparty/openssl.git] / test / recipes / 30-test_evp.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
14 use OpenSSL::Test::Utils;
15
16 BEGIN {
17 setup("test_evp");
18 }
19
20 use lib srctop_dir('Configurations');
21 use lib bldtop_dir('.');
22
23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
25 my $no_des = disabled("des");
26 my $no_dh = disabled("dh");
27 my $no_dsa = disabled("dsa");
28 my $no_ec = disabled("ec");
29 my $no_gost = disabled("gost");
30 my $no_sm2 = disabled("sm2");
31
32 # Default config depends on if the legacy module is built or not
33 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
34
35 my @configs = ( $defaultcnf );
36 # Only add the FIPS config if the FIPS module has been built
37 push @configs, 'fips-and-base.cnf' unless $no_fips;
38
39 # A list of tests that run with both the default and fips provider.
40 my @files = qw(
41 evpciph_aes_ccm_cavs.txt
42 evpciph_aes_common.txt
43 evpciph_aes_cts.txt
44 evpciph_aes_wrap.txt
45 evpciph_des3_common.txt
46 evpkdf_hkdf.txt
47 evpkdf_pbkdf1.txt
48 evpkdf_pbkdf2.txt
49 evpkdf_ss.txt
50 evpkdf_ssh.txt
51 evpkdf_tls12_prf.txt
52 evpkdf_x942.txt
53 evpkdf_x963.txt
54 evpmac_common.txt
55 evpmd_sha.txt
56 evppbe_pbkdf2.txt
57 evppkey_kdf_hkdf.txt
58 evppkey_rsa_common.txt
59 evprand.txt
60 );
61 push @files, qw(
62 evppkey_ffdhe.txt
63 evppkey_dh.txt
64 ) unless $no_dh;
65 push @files, qw(
66 evpkdf_x942_des.txt
67 evpmac_cmac_des.txt
68 ) unless $no_des;
69 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
70 push @files, qw(evppkey_ecx.txt) unless $no_ec;
71 push @files, qw(
72 evppkey_ecc.txt
73 evppkey_ecdh.txt
74 evppkey_ecdsa.txt
75 evppkey_kas.txt
76 evppkey_mismatch.txt
77 ) unless $no_ec || $no_gost;
78
79 # A list of tests that only run with the default provider
80 # (i.e. The algorithms are not present in the fips provider)
81 my @defltfiles = qw(
82 evpciph_aes_ocb.txt
83 evpciph_aes_siv.txt
84 evpciph_aria.txt
85 evpciph_bf.txt
86 evpciph_camellia.txt
87 evpciph_cast5.txt
88 evpciph_chacha.txt
89 evpciph_des.txt
90 evpciph_idea.txt
91 evpciph_rc2.txt
92 evpciph_rc4.txt
93 evpciph_rc5.txt
94 evpciph_seed.txt
95 evpciph_sm4.txt
96 evpencod.txt
97 evpkdf_krb5.txt
98 evpkdf_scrypt.txt
99 evpkdf_tls11_prf.txt
100 evpmac_blake.txt
101 evpmac_poly1305.txt
102 evpmac_siphash.txt
103 evpmd_blake.txt
104 evpmd_md.txt
105 evpmd_mdc2.txt
106 evpmd_ripemd.txt
107 evpmd_sm3.txt
108 evpmd_whirlpool.txt
109 evppbe_scrypt.txt
110 evppbe_pkcs12.txt
111 evppkey_kdf_scrypt.txt
112 evppkey_kdf_tls1_prf.txt
113 evppkey_rsa.txt
114 );
115 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
116 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
117
118 plan tests =>
119 + (scalar(@configs) * scalar(@files))
120 + scalar(@defltfiles)
121 + 3; # error output tests
122
123 foreach (@configs) {
124 my $conf = srctop_file("test", $_);
125
126 foreach my $f ( @files ) {
127 ok(run(test(["evp_test",
128 "-config", $conf,
129 data_file("$f")])),
130 "running evp_test -config $conf $f");
131 }
132 }
133
134 my $conf = srctop_file("test", $defaultcnf);
135 foreach my $f ( @defltfiles ) {
136 ok(run(test(["evp_test",
137 "-config", $conf,
138 data_file("$f")])),
139 "running evp_test -config $conf $f");
140 }
141
142 # test_errors OPTIONS
143 #
144 # OPTIONS may include:
145 #
146 # key => "filename" # expected to be found in $SRCDIR/test/certs
147 # out => "filename" # file to write error strings to
148 # args => [ ... extra openssl pkey args ... ]
149 # expected => regexps to match error lines against
150 sub test_errors { # actually tests diagnostics of OSSL_STORE
151 my %opts = @_;
152 my $infile = srctop_file('test', 'certs', $opts{key});
153 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
154 my $res = !run(app([@args], stderr => $opts{out}));
155 my $found = !exists $opts{expected};
156 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
157 while(my $errline = <$in>) {
158 print $errline; # this may help debugging
159
160 # output must not include ASN.1 parse errors
161 $res &&= $errline !~ m/asn1 encoding/;
162 # output must include what is expressed in $opts{$expected}
163 $found = 1
164 if exists $opts{expected} && $errline =~ m/$opts{expected}/;
165 }
166 close $in;
167 # $tmpfile is kept to help with investigation in case of failure
168 return $res && $found;
169 }
170
171 SKIP: {
172 skip "DSA not disabled", 2 if !disabled("dsa");
173
174 ok(test_errors(key => 'server-dsa-key.pem',
175 out => 'server-dsa-key.err'),
176 "expected error loading unsupported dsa private key");
177 ok(test_errors(key => 'server-dsa-pubkey.pem',
178 out => 'server-dsa-pubkey.err',
179 args => [ '-pubin' ],
180 expected => 'unsupported'),
181 "expected error loading unsupported dsa public key");
182 }
183
184 SKIP: {
185 skip "SM2 not disabled", 1 if !disabled("sm2");
186
187 ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
188 "expected error loading unsupported sm2 private key");
189 }
A mirror of the official openssl repository