#! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
use OpenSSL::Test::Utils;
BEGIN {
-setup("test_evp");
+ setup("test_evp");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
+my $no_des = disabled("des");
+my $no_dh = disabled("dh");
+my $no_dsa = disabled("dsa");
+my $no_ec = disabled("ec");
+my $no_ec2m = disabled("ec2m");
+my $no_sm2 = disabled("sm2");
+my $no_siv = disabled("siv");
# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
-push @configs, 'fips.cnf' unless $no_fips;
-
-my @files = qw( evpciph.txt evpdigest.txt );
-my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
- evppbe.txt evppkey.txt evppkey_ecc.txt evpcase.txt evpaessiv.txt
- evpccmcavs.txt );
-my @ideafiles = qw( evpciph_idea.txt );
-push @defltfiles, @ideafiles unless disabled("idea");
-
-my @castfiles = qw( evpciph_cast5.txt );
-push @defltfiles, @castfiles unless disabled("cast");
-
-my @seedfiles = qw( evpciph_seed.txt );
-push @defltfiles, @seedfiles unless disabled("seed");
-
-my @sm4files = qw( evpciph_sm4.txt );
-push @defltfiles, @sm4files unless disabled("sm4");
-
-my @desfiles = qw( evpciph_des.txt );
-push @defltfiles, @desfiles unless disabled("des");
-
-my @rc4files = qw( evpciph_rc4.txt );
-push @defltfiles, @rc4files unless disabled("rc4");
-
-my @rc5files = qw( evpciph_rc5.txt );
-push @defltfiles, @rc5files unless disabled("rc5");
+push @configs, 'fips-and-base.cnf' unless $no_fips;
+
+# A list of tests that run with both the default and fips provider.
+my @files = qw(
+ evpciph_aes_ccm_cavs.txt
+ evpciph_aes_common.txt
+ evpciph_aes_cts.txt
+ evpciph_aes_wrap.txt
+ evpciph_aes_stitched.txt
+ evpciph_des3_common.txt
+ evpkdf_hkdf.txt
+ evpkdf_kbkdf_counter.txt
+ evpkdf_pbkdf1.txt
+ evpkdf_pbkdf2.txt
+ evpkdf_ss.txt
+ evpkdf_ssh.txt
+ evpkdf_tls12_prf.txt
+ evpkdf_tls13_kdf.txt
+ evpkdf_x942.txt
+ evpkdf_x963.txt
+ evpmac_common.txt
+ evpmd_sha.txt
+ evppbe_pbkdf2.txt
+ evppkey_kdf_hkdf.txt
+ evppkey_rsa_common.txt
+ evprand.txt
+ );
+push @files, qw(
+ evppkey_ffdhe.txt
+ evppkey_dh.txt
+ ) unless $no_dh;
+push @files, qw(
+ evpkdf_x942_des.txt
+ evpmac_cmac_des.txt
+ ) unless $no_des;
+push @files, qw(evppkey_dsa.txt) unless $no_dsa;
+push @files, qw(evppkey_ecx.txt) unless $no_ec;
+push @files, qw(
+ evppkey_ecc.txt
+ evppkey_ecdh.txt
+ evppkey_ecdsa.txt
+ evppkey_kas.txt
+ evppkey_mismatch.txt
+ ) unless $no_ec;
+push @files, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
+
+# A list of tests that only run with the default provider
+# (i.e. The algorithms are not present in the fips provider)
+my @defltfiles = qw(
+ evpciph_aes_ocb.txt
+ evpciph_aria.txt
+ evpciph_bf.txt
+ evpciph_camellia.txt
+ evpciph_camellia_cts.txt
+ evpciph_cast5.txt
+ evpciph_chacha.txt
+ evpciph_des.txt
+ evpciph_idea.txt
+ evpciph_rc2.txt
+ evpciph_rc4.txt
+ evpciph_rc4_stitched.txt
+ evpciph_rc5.txt
+ evpciph_seed.txt
+ evpciph_sm4.txt
+ evpencod.txt
+ evpkdf_krb5.txt
+ evpkdf_scrypt.txt
+ evpkdf_tls11_prf.txt
+ evpkdf_hmac_drbg.txt
+ evpmac_blake.txt
+ evpmac_poly1305.txt
+ evpmac_siphash.txt
+ evpmac_sm3.txt
+ evpmd_blake.txt
+ evpmd_md.txt
+ evpmd_mdc2.txt
+ evpmd_ripemd.txt
+ evpmd_sm3.txt
+ evpmd_whirlpool.txt
+ evppbe_scrypt.txt
+ evppbe_pkcs12.txt
+ evppkey_kdf_scrypt.txt
+ evppkey_kdf_tls1_prf.txt
+ evppkey_rsa.txt
+ );
+push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
+push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
+push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
+push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
plan tests =>
- ($no_fips ? 0 : 1) # FIPS install test
+ (scalar(@configs) * scalar(@files))
- + scalar(@defltfiles);
-
-unless ($no_fips) {
- my $infile = bldtop_file('providers', platform->dso('fips'));
- $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
- $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsinstall.conf'),
- '-module', $infile,
- '-provider_name', 'fips', '-mac_name', 'HMAC',
- '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
- '-section_name', 'fips_sect'])),
- "fipinstall");
-}
+ + scalar(@defltfiles)
+ + 3; # error output tests
foreach (@configs) {
- $ENV{OPENSSL_CONF} = srctop_file("test", $_);
+ my $conf = srctop_file("test", $_);
foreach my $f ( @files ) {
- ok(run(test(["evp_test", data_file("$f")])),
- "running evp_test $f");
+ ok(run(test(["evp_test",
+ "-config", $conf,
+ data_file("$f")])),
+ "running evp_test -config $conf $f");
+ }
+}
+
+my $conf = srctop_file("test", $defaultcnf);
+foreach my $f ( @defltfiles ) {
+ ok(run(test(["evp_test",
+ "-config", $conf,
+ data_file("$f")])),
+ "running evp_test -config $conf $f");
+}
+
+# test_errors OPTIONS
+#
+# OPTIONS may include:
+#
+# key => "filename" # expected to be found in $SRCDIR/test/certs
+# out => "filename" # file to write error strings to
+# args => [ ... extra openssl pkey args ... ]
+# expected => regexps to match error lines against
+sub test_errors { # actually tests diagnostics of OSSL_STORE
+ my %opts = @_;
+ my $infile = srctop_file('test', 'certs', $opts{key});
+ my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
+ my $res = !run(app([@args], stderr => $opts{out}));
+ my $found = !exists $opts{expected};
+ open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
+ while(my $errline = <$in>) {
+ print $errline; # this may help debugging
+
+ # output must not include ASN.1 parse errors
+ $res &&= $errline !~ m/asn1 encoding/;
+ # output must include what is expressed in $opts{$expected}
+ $found = 1
+ if exists $opts{expected} && $errline =~ m/$opts{expected}/;
}
+ close $in;
+ # $tmpfile is kept to help with investigation in case of failure
+ return $res && $found;
}
-#TODO(3.0): As more operations are converted to providers we can move more of
-# these tests to the loop above
+SKIP: {
+ skip "DSA not disabled", 2 if !disabled("dsa");
+
+ ok(test_errors(key => 'server-dsa-key.pem',
+ out => 'server-dsa-key.err'),
+ "expected error loading unsupported dsa private key");
+ ok(test_errors(key => 'server-dsa-pubkey.pem',
+ out => 'server-dsa-pubkey.err',
+ args => [ '-pubin' ],
+ expected => 'unsupported'),
+ "expected error loading unsupported dsa public key");
+}
-$ENV{OPENSSL_CONF} = srctop_file("test", $defaultcnf);
+SKIP: {
+ skip "SM2 not disabled", 1 if !disabled("sm2");
-foreach my $f ( @defltfiles ) {
- ok(run(test(["evp_test", data_file("$f")])),
- "running evp_test $f");
+ ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
+ "expected error loading unsupported sm2 private key");
}