]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/30-test_evp.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
TEST: Clarify and adjust test/recipes/30-test_evp.t
[thirdparty/openssl.git] / test / recipes / 30-test_evp.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
14 use OpenSSL::Test::Utils;
15
16 BEGIN {
17 setup("test_evp");
18 }
19
20 use lib srctop_dir('Configurations');
21 use lib bldtop_dir('.');
22
23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
25 my $no_dh = disabled("dh");
26 my $no_dsa = disabled("dsa");
27 my $no_ec = disabled("ec");
28 my $no_gost = disabled("gost");
29 my $no_sm2 = disabled("sm2");
30
31 # Default config depends on if the legacy module is built or not
32 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
33
34 my @configs = ( $defaultcnf );
35 # Only add the FIPS config if the FIPS module has been built
36 push @configs, 'fips-and-base.cnf' unless $no_fips;
37
38 # A list of tests that run with both the default and fips provider.
39 my @files = qw(
40 evpciph_aes_ccm_cavs.txt
41 evpciph_aes_common.txt
42 evpciph_aes_cts.txt
43 evpciph_aes_wrap.txt
44 evpciph_des3_common.txt
45 evpkdf_hkdf.txt
46 evpkdf_pbkdf2.txt
47 evpkdf_ss.txt
48 evpkdf_ssh.txt
49 evpkdf_tls12_prf.txt
50 evpkdf_x942.txt
51 evpkdf_x963.txt
52 evpmac_common.txt
53 evpmd_sha.txt
54 evppbe_pbkdf2.txt
55 evppkey_kdf_hkdf.txt
56 evppkey_rsa_common.txt
57 evprand.txt
58 );
59 push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
60 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
61 push @files, qw(evppkey_ecx.txt) unless $no_ec;
62 push @files, qw(
63 evppkey_ecc.txt
64 evppkey_ecdh.txt
65 evppkey_ecdsa.txt
66 evppkey_kas.txt
67 evppkey_mismatch.txt
68 ) unless $no_ec || $no_gost;
69
70 # A list of tests that only run with the default provider
71 # (i.e. The algorithms are not present in the fips provider)
72 my @defltfiles = qw(
73 evpciph_aes_ocb.txt
74 evpciph_aes_siv.txt
75 evpciph_aria.txt
76 evpciph_bf.txt
77 evpciph_camellia.txt
78 evpciph_cast5.txt
79 evpciph_chacha.txt
80 evpciph_des.txt
81 evpciph_idea.txt
82 evpciph_rc2.txt
83 evpciph_rc4.txt
84 evpciph_rc5.txt
85 evpciph_seed.txt
86 evpciph_sm4.txt
87 evpencod.txt
88 evpkdf_krb5.txt
89 evpkdf_scrypt.txt
90 evpkdf_tls11_prf.txt
91 evpmac_blake.txt
92 evpmac_poly1305.txt
93 evpmac_siphash.txt
94 evpmd_blake.txt
95 evpmd_md.txt
96 evpmd_mdc2.txt
97 evpmd_ripemd.txt
98 evpmd_sm3.txt
99 evpmd_whirlpool.txt
100 evppbe_scrypt.txt
101 evppbe_pkcs12.txt
102 evppkey_kdf_scrypt.txt
103 evppkey_kdf_tls1_prf.txt
104 evppkey_rsa.txt
105 );
106 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
107 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
108
109 plan tests =>
110 + (scalar(@configs) * scalar(@files))
111 + scalar(@defltfiles)
112 + 3; # error output tests
113
114 foreach (@configs) {
115 my $conf = srctop_file("test", $_);
116
117 foreach my $f ( @files ) {
118 ok(run(test(["evp_test",
119 "-config", $conf,
120 data_file("$f")])),
121 "running evp_test -config $conf $f");
122 }
123 }
124
125 my $conf = srctop_file("test", $defaultcnf);
126 foreach my $f ( @defltfiles ) {
127 ok(run(test(["evp_test",
128 "-config", $conf,
129 data_file("$f")])),
130 "running evp_test -config $conf $f");
131 }
132
133 # test_errors OPTIONS
134 #
135 # OPTIONS may include:
136 #
137 # key => "filename" # expected to be found in $SRCDIR/test/certs
138 # out => "filename" # file to write error strings to
139 # args => [ ... extra openssl pkey args ... ]
140 # expected => regexps to match error lines against
141 sub test_errors { # actually tests diagnostics of OSSL_STORE
142 my %opts = @_;
143 my $infile = srctop_file('test', 'certs', $opts{key});
144 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
145 my $res = !run(app([@args], stderr => $opts{out}));
146 my $found = !exists $opts{expected};
147 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
148 while(my $errline = <$in>) {
149 print $errline; # this may help debugging
150
151 # output must not include ASN.1 parse errors
152 $res &&= $errline !~ m/asn1 encoding/;
153 # output must include what is expressed in $opts{$expected}
154 $found = 1
155 if exists $opts{expected} && $errline =~ m/$opts{expected}/;
156 }
157 close $in;
158 # $tmpfile is kept to help with investigation in case of failure
159 return $res && $found;
160 }
161
162 SKIP: {
163 skip "DSA not disabled", 2 if !disabled("dsa");
164
165 ok(test_errors(key => 'server-dsa-key.pem',
166 out => 'server-dsa-key.err'),
167 "expected error loading unsupported dsa private key");
168 ok(test_errors(key => 'server-dsa-pubkey.pem',
169 out => 'server-dsa-pubkey.err',
170 args => [ '-pubin' ],
171 expected => 'unsupported algorithm'),
172 "expected error loading unsupported dsa public key");
173 }
174
175 SKIP: {
176 skip "SM2 not disabled", 1 if !disabled("sm2");
177
178 ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
179 "expected error loading unsupported sm2 private key");
180 }
A mirror of the official openssl repository