projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 8f09ba47 | 1 | #! /usr/bin/env perl |
| 50ea5cdc | 2 | # Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
| 8f09ba47 | 3 | # |
| 909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
| 8f09ba47 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
| 6 | # in the file LICENSE in the source distribution or at | |
| 7 | # https://www.openssl.org/source/license.html | |
| 8 | ||
| 8f09ba47 | 9 | use OpenSSL::Test::Utils; |
| 5e30f2fd | 10 | use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; |
| 76fd7a1d | 11 | use File::Temp qw(tempfile); |
| 8f09ba47 | 12 | |
| 5e30f2fd | 13 | BEGIN { |
| 2cb4b5f6 | 14 | setup("test_sslapi"); |
| 5e30f2fd MC |
15 | } |
| 16 | ||
| 17 | use lib srctop_dir('Configurations'); | |
| 18 | use lib bldtop_dir('.'); | |
| 5e30f2fd | 19 | |
| 4f6c7044 | 20 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
| 50ea5cdc | 21 | my $fipsmodcfg_filename = "fipsmodule.cnf"; |
| bc5d9502 | 22 | my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); |
| 50ea5cdc | 23 | |
| 24 | my $provconf = srctop_file("test", "fips-and-base.cnf"); | |
| 25 | ||
| 26 | # A modified copy of "fipsmodule.cnf" | |
| 27 | my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; | |
| 28 | my $fipsmodcfgnew = bldtop_file("test", $fipsmodcfgnew_filename); | |
| 29 | ||
| 30 | # A modified copy of "fips-and-base.cnf" | |
| 31 | my $provconfnew = bldtop_file("test", "temp.cnf"); | |
| 8f09ba47 MC |
32 | |
| 33 | plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" | |
| 34 | if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); | |
| 35 | ||
| cee0628e | 36 | plan tests => 4; |
| 8f09ba47 | 37 | |
| 76fd7a1d MC |
38 | (undef, my $tmpfilename) = tempfile(); |
| 39 | ||
| 1a2a3a42 | 40 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
| 76fd7a1d | 41 | srctop_file("test", "recipes", "90-test_sslapi_data", |
| 5e30f2fd | 42 | "passwd.txt"), $tmpfilename, "default", |
| b2b8d188 DF |
43 | srctop_file("test", "default.cnf"), |
| 44 | srctop_file("test", | |
| 45 | "recipes", | |
| 46 | "90-test_sslapi_data", | |
| 47 | "dhparams.pem")])), | |
| 76fd7a1d MC |
48 | "running sslapitest"); |
| 49 | ||
| 50ea5cdc | 50 | SKIP: { |
| 51 | skip "Skipping FIPS tests", 2 | |
| 52 | if $no_fips; | |
| 53 | ||
| 4f6c7044 MC |
54 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
| 55 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
| 56 | "passwd.txt"), $tmpfilename, "fips", | |
| 50ea5cdc | 57 | $provconf, |
| b2b8d188 DF |
58 | srctop_file("test", |
| 59 | "recipes", | |
| 60 | "90-test_sslapi_data", | |
| 61 | "dhparams.pem")])), | |
| 4f6c7044 | 62 | "running sslapitest"); |
| 50ea5cdc | 63 | |
| 64 | run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), | |
| 65 | capture => 1, statusvar => \my $exit); | |
| 66 | ||
| 67 | skip "FIPS provider version is too old for TLS_PRF EMS option test", 1 | |
| 68 | if !$exit; | |
| 69 | ||
| 70 | # Read in a text $infile and replace the regular expression in $srch with the | |
| 71 | # value in $repl and output to a new file $outfile. | |
| 72 | sub replace_line_file_internal { | |
| 73 | ||
| 74 | my ($infile, $srch, $repl, $outfile) = @_; | |
| 75 | my $msg; | |
| 76 | ||
| 77 | open(my $in, "<", $infile) or return 0; | |
| 78 | read($in, $msg, 1024); | |
| 79 | close $in; | |
| 80 | ||
| 81 | $msg =~ s/$srch/$repl/; | |
| 82 | ||
| 83 | open(my $fh, ">", $outfile) or return 0; | |
| 84 | print $fh $msg; | |
| 85 | close $fh; | |
| 86 | return 1; | |
| 87 | } | |
| 88 | ||
| 89 | # Read in the text input file $infile | |
| 90 | # and replace a single Key = Value line with a new value in $value. | |
| 91 | # OR remove the Key = Value line if the passed in $value is empty. | |
| 92 | # and then output a new file $outfile. | |
| 93 | # $key is the Key to find | |
| 94 | sub replace_kv_file { | |
| 95 | my ($infile, $key, $value, $outfile) = @_; | |
| 96 | my $srch = qr/$key\s*=\s*\S*\n/; | |
| 97 | my $rep; | |
| 98 | if ($value eq "") { | |
| 99 | $rep = ""; | |
| 100 | } else { | |
| 101 | $rep = "$key = $value\n"; | |
| 102 | } | |
| 103 | return replace_line_file_internal($infile, $srch, $rep, $outfile); | |
| 104 | } | |
| 105 | ||
| 106 | # Read in the text $input file | |
| 107 | # and search for the $key and replace with $newkey | |
| 108 | # and then output a new file $outfile. | |
| 109 | sub replace_line_file { | |
| 110 | my ($infile, $key, $newkey, $outfile) = @_; | |
| 111 | my $srch = qr/$key/; | |
| 112 | my $rep = "$newkey"; | |
| 113 | return replace_line_file_internal($infile, | |
| 114 | $srch, $rep, $outfile); | |
| 115 | } | |
| 116 | ||
| 117 | # In order to enable the tls1-prf-ems-check=1 in a fips config file | |
| 118 | # copy the existing fipsmodule.cnf and modify it. | |
| 119 | # Then copy fips-and-base.cfg to make a file that includes the changed file | |
| 120 | # NOTE that this just runs test_no_ems() to check that the connection | |
| 121 | # fails if ems is not used and the fips check is enabled. | |
| 122 | ok(replace_kv_file($fipsmodcfg, | |
| 123 | 'tls1-prf-ems-check', '1', | |
| 124 | $fipsmodcfgnew) | |
| 125 | && replace_line_file($provconf, | |
| 126 | $fipsmodcfg_filename, $fipsmodcfgnew_filename, | |
| 127 | $provconfnew) | |
| 128 | && run(test(["sslapitest", srctop_dir("test", "certs"), | |
| 129 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
| 130 | "passwd.txt"), | |
| 131 | $tmpfilename, "fips", | |
| 132 | $provconfnew, | |
| 133 | srctop_file("test", | |
| 134 | "recipes", | |
| 135 | "90-test_sslapi_data", | |
| 136 | "dhparams.pem")])), | |
| 137 | "running sslapitest"); | |
| 138 | ||
| 139 | unlink $fipsmodcfgnew; | |
| 140 | unlink $provconfnew; | |
| 4f6c7044 MC |
141 | } |
| 142 | ||
| cee0628e JC |
143 | ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); |
| 144 | ||
| 76fd7a1d | 145 | unlink $tmpfilename; |