]>
Commit | Line | Data |
---|---|---|
691e302b | 1 | #! /usr/bin/env perl |
fecb3aae | 2 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. |
691e302b | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
691e302b RL |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use File::Spec; | |
7b0f64b1 | 14 | use File::Compare qw/compare_text/; |
8d2214c0 | 15 | use OpenSSL::Glob; |
269c349a | 16 | use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; |
691e302b RL |
17 | use OpenSSL::Test::Utils; |
18 | ||
19 | setup("test_ecparam"); | |
20 | ||
7b0f64b1 | 21 | plan skip_all => "EC or EC2M isn't supported in this build" |
a4750ce5 | 22 | if disabled("ec") || disabled("ec2m"); |
691e302b RL |
23 | |
24 | my @valid = glob(data_file("valid", "*.pem")); | |
7b0f64b1 | 25 | my @noncanon = glob(data_file("noncanon", "*.pem")); |
691e302b RL |
26 | my @invalid = glob(data_file("invalid", "*.pem")); |
27 | ||
269c349a | 28 | plan tests => 12; |
691e302b | 29 | |
7b0f64b1 TM |
30 | sub checkload { |
31 | my $files = shift; # List of files | |
32 | my $valid = shift; # Check should pass or fail? | |
33 | my $app = shift; # Which application | |
34 | my $opt = shift; # Additional option | |
691e302b | 35 | |
7b0f64b1 TM |
36 | foreach (@$files) { |
37 | if ($valid) { | |
38 | ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); | |
39 | } else { | |
40 | ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); | |
41 | } | |
d1eec097 | 42 | } |
7b0f64b1 | 43 | } |
d1eec097 | 44 | |
7b0f64b1 TM |
45 | sub checkcompare { |
46 | my $files = shift; # List of files | |
47 | my $app = shift; # Which application | |
d1eec097 | 48 | |
7b0f64b1 TM |
49 | foreach (@$files) { |
50 | my $testout = "$app.tst"; | |
d1eec097 | 51 | |
7b0f64b1 | 52 | ok(run(app(['openssl', $app, '-out', $testout, '-in', $_]))); |
53d0d01f MC |
53 | ok(!compare_text($_, $testout, sub { |
54 | my $in1 = $_[0]; | |
55 | my $in2 = $_[1]; | |
56 | $in1 =~ s/\r\n/\n/g; | |
57 | $in2 =~ s/\r\n/\n/g; | |
58 | $in1 ne $in2}), "Original file $_ is the same as new one"); | |
d1eec097 | 59 | } |
8402cd5f SL |
60 | } |
61 | ||
269c349a TM |
62 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
63 | ||
7b0f64b1 TM |
64 | subtest "Check loading valid parameters by ecparam with -check" => sub { |
65 | plan tests => scalar(@valid); | |
66 | checkload(\@valid, 1, "ecparam", "-check"); | |
67 | }; | |
8402cd5f | 68 | |
7b0f64b1 TM |
69 | subtest "Check loading valid parameters by ecparam with -check_named" => sub { |
70 | plan tests => scalar(@valid); | |
71 | checkload(\@valid, 1, "ecparam", "-check_named"); | |
72 | }; | |
73 | ||
74 | subtest "Check loading valid parameters by pkeyparam with -check" => sub { | |
75 | plan tests => scalar(@valid); | |
76 | checkload(\@valid, 1, "pkeyparam", "-check"); | |
77 | }; | |
78 | ||
79 | subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub { | |
80 | plan tests => scalar(@noncanon); | |
81 | checkload(\@noncanon, 1, "ecparam", "-check"); | |
82 | }; | |
83 | ||
84 | subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub { | |
85 | plan tests => scalar(@noncanon); | |
86 | checkload(\@noncanon, 1, "ecparam", "-check_named"); | |
87 | }; | |
88 | ||
89 | subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub { | |
90 | plan tests => scalar(@noncanon); | |
91 | checkload(\@noncanon, 1, "pkeyparam", "-check"); | |
92 | }; | |
93 | ||
94 | subtest "Check loading invalid parameters by ecparam with -check" => sub { | |
95 | plan tests => scalar(@invalid); | |
96 | checkload(\@invalid, 0, "ecparam", "-check"); | |
97 | }; | |
98 | ||
99 | subtest "Check loading invalid parameters by ecparam with -check_named" => sub { | |
100 | plan tests => scalar(@invalid); | |
101 | checkload(\@invalid, 0, "ecparam", "-check_named"); | |
102 | }; | |
103 | ||
104 | subtest "Check loading invalid parameters by pkeyparam with -check" => sub { | |
105 | plan tests => scalar(@invalid); | |
106 | checkload(\@invalid, 0, "pkeyparam", "-check"); | |
107 | }; | |
108 | ||
109 | subtest "Check ecparam does not change the parameter file on output" => sub { | |
110 | plan tests => 2 * scalar(@valid); | |
111 | checkcompare(\@valid, "ecparam"); | |
112 | }; | |
113 | ||
114 | subtest "Check pkeyparam does not change the parameter file on output" => sub { | |
115 | plan tests => 2 * scalar(@valid); | |
116 | checkcompare(\@valid, "pkeyparam"); | |
117 | }; | |
269c349a TM |
118 | |
119 | subtest "Check loading of fips and non-fips params" => sub { | |
120 | plan skip_all => "FIPS is disabled" | |
121 | if $no_fips; | |
122 | plan tests => 3; | |
123 | ||
124 | my $fipsconf = srctop_file("test", "fips-and-base.cnf"); | |
125 | my $defaultconf = srctop_file("test", "default.cnf"); | |
126 | ||
127 | $ENV{OPENSSL_CONF} = $fipsconf; | |
128 | ||
129 | ok(run(app(['openssl', 'ecparam', | |
130 | '-in', data_file('valid', 'secp384r1-explicit.pem'), | |
131 | '-check'])), | |
132 | "Loading explicitly encoded valid curve"); | |
133 | ||
134 | ok(run(app(['openssl', 'ecparam', | |
135 | '-in', data_file('valid', 'secp384r1-named.pem'), | |
136 | '-check'])), | |
137 | "Loading named valid curve"); | |
138 | ||
139 | ok(!run(app(['openssl', 'ecparam', | |
140 | '-in', data_file('valid', 'secp112r1-named.pem'), | |
141 | '-check'])), | |
142 | "Fail loading named non-fips curve"); | |
143 | ||
144 | $ENV{OPENSSL_CONF} = $defaultconf; | |
145 | }; |