The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
use strict;
use warnings;
-use File::Spec;
+use File::Spec::Functions qw(:DEFAULT abs2rel);
use File::Copy;
use OpenSSL::Glob;
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
"fipsinstall fails when the asymmetric cipher result is corrupted");
}
-$ENV{OPENSSL_CONF_INCLUDE} = ".";
+# 'local' ensures that this change is only done in this file.
+local $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir());
ok(replace_parent_line_file('fips.cnf', 'fips_parent.cnf')
&& run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])),
&& !run(app(['openssl', 'fipsinstall',
'-config', 'fips_parent_bad_module_mac.cnf'])),
"verify load config fail bad module mac");
-
-delete $ENV{OPENSSL_CONF_INCLUDE};
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa");
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
- ($no_fips ? 0 : 3) # FIPS install test + fips related tests
+ ($no_fips ? 0 : 2) # FIPS related tests
+ 11;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
my $provpath = bldtop_dir("providers");
my @prov = ( "-provider-path", $provpath,
"-config", $provconf);
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile,
- '-provider_name', 'fips', '-mac_name', 'HMAC',
- '-section_name', 'fips_sect'])),
- "fipsinstall");
$ENV{OPENSSL_TEST_LIBCTX} = "1";
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
- ($no_fips ? 0 : 2) # FIPS install test + fips related test
+ ($no_fips ? 0 : 1) # Extra FIPS related test
+ 13;
# We want to know that an absurdly small number of bits isn't support
my $provpath = bldtop_dir("providers");
my @prov = ( "-provider-path", $provpath,
"-config", $provconf);
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile,
- '-provider_name', 'fips', '-mac_name', 'HMAC',
- '-section_name', 'fips_sect'])),
- "fipsinstall");
$ENV{OPENSSL_TEST_LIBCTX} = "1";
ok(run(app(['openssl', 'genpkey',
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_check = disabled('fips-securitychecks');
plan tests =>
- ($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test
+ ($no_check ? 0 : 1) # FIPS security check
+ 9;
my @prov = ( );
my $key_file = srctop_file("test", "testrsa2048.pem");
my $small_key_file = srctop_file("test", "testrsa.pem");
-unless ($no_fips) {
+$ENV{OPENSSL_TEST_LIBCTX} = "1";
+
+unless ($no_check) {
@prov = ( "-provider-path", $provpath, "-config", $provconf );
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
- $ENV{OPENSSL_TEST_LIBCTX} = "1";
-
- unless ($no_check) {
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $small_key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-out', $enc1_file])),
- "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
- }
+ ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $small_key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-out', $enc1_file])),
+ "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
}
ok(run(app(['openssl', 'pkeyutl',
use lib bldtop_dir('.');
use platform;
-my $no_check = disabled('fips-securitychecks');
+my $no_check = disabled("fips") || disabled('fips-securitychecks');
plan skip_all => "Test only supported in a fips build with security checks"
- if disabled("fips") || disabled("fips-securitychecks");
-plan tests => 13;
+ if $no_check;
+plan tests => 11;
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
my $fipsconf = srctop_file("test", "fips-and-base.cnf");
my $tbs_data = $fipsmodule;
my $bogus_data = $fipsconf;
-# output a fipsmodule.cnf file containing mac data
-ok(run(app(['openssl', 'fipsinstall', '-out', 'fipsmodule.cnf',
- '-module', $fipsmodule, ])),
- "fipsinstall");
-
-# verify the $fipsconf file
-ok(run(app(['openssl', 'fipsinstall', '-in', 'fipsmodule.cnf', '-module', $fipsmodule,
- '-verify'])),
- "fipsinstall verify");
-
-$ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir());
$ENV{OPENSSL_CONF} = $fipsconf;
ok(run(app(['openssl', 'list', '-public-key-methods', '-verbose'])),
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
-my $infile = bldtop_file('providers', platform->dso('fips'));
-
-plan tests => 2;
-
-ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
+plan tests => 1;
ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])),
"running acvp_test");
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
- ($no_fips ? 1 : 3);
+ ($no_fips ? 1 : 2);
unless ($no_fips) {
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
-
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf"));
ok(run(test(["defltfips_test", "fips"])), "running defltfips_test fips");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
plan tests =>
- ($no_fips ? 0 : 1) # FIPS install test
+ (scalar(@configs) * scalar(@files))
+ scalar(@defltfiles)
+ 3; # error output tests
-unless ($no_fips) {
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
-}
-
foreach (@configs) {
my $conf = srctop_file("test", $_);
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-my $infile = bldtop_file('providers', platform->dso('fips'));
my @types = ( "digest", "cipher" );
-my @setups = ();
my @testdata = (
{ config => srctop_file("test", "default.cnf"),
providers => [ 'default' ],
);
unless ($no_fips) {
- push @setups, {
- cmd => app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile]),
- message => "fipsinstall"
- };
push @testdata, (
{ config => srctop_file("test", "fips.cnf"),
providers => [ 'fips' ],
$testcount += scalar @{$_->{tests}};
}
-plan tests => 1 + scalar @setups + $testcount * scalar(@types);
+plan tests => 1 + $testcount * scalar(@types);
ok(run(test(["evp_fetch_prov_test", "-defaultctx"])),
"running evp_fetch_prov_test using the default libctx");
-foreach my $setup (@setups) {
- ok(run($setup->{cmd}), $setup->{message});
-}
-
foreach my $alg (@types) {
foreach my $testcase (@testdata) {
$ENV{OPENSSL_CONF} = "";
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
-my $infile = bldtop_file('providers', platform->dso('fips'));
# If no fips then run the test with no extra arguments.
my @test_args = ( );
plan tests =>
- ($no_fips ? 0 : 2) # FIPS install test
+ ($no_fips ? 0 : 1) # FIPS install test
+ 1;
unless ($no_fips) {
@test_args = ("-config", srctop_file("test","fips-and-base.cnf"),
"-provider", "fips");
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
ok(run(test(["evp_libctx_test", @test_args])), "running fips evp_libctx_test");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "provider_status is not supported by this test"
if $no_fips;
-plan tests => 2;
-
-my $infile = bldtop_file('providers', platform->dso('fips'));
-
-ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
+plan tests => 1;
ok(run(test(["provider_status_test", "-config", srctop_file("test","fips.cnf"),
"-provider_name", "fips"])),
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-cmp or no-ec build"
if disabled("cmp") || disabled("ec");
-plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+plan tests => 2 + ($no_fips ? 0 : 1); # fips test
my @basic_cmd = ("cmp_client_test",
data_file("server.key"),
ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")])));
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-cmp build"
if disabled("cmp");
-plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+plan tests => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_msg_test",
data_file("new.key"),
ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test([@basic_cmd,
"fips", srctop_file("test", "fips-and-base.cnf")])));
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a shared library build on Windows"
if $^O eq 'MSWin32' && !disabled("shared");
-plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+plan tests => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_protect_test",
data_file("server.pem"),
ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test([@basic_cmd,
"fips", srctop_file("test", "fips-and-base.cnf")])));
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec");
-plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+plan tests => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_server_test", data_file("CR_protected_PBM_1234.der"));
ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec");
-plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+plan tests => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"),
ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
}
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
+
plan skip_all => "These tests are not supported in a fuzz build"
if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/;
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
$no_rc2 = 1 if disabled("legacy");
plan tests =>
- ($no_fips ? 0 : 1) # FIPS install test
+ 10;
unless ($no_fips) {
- my $infile = bldtop_file('providers', platform->dso('fips'));
-
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
@config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
$provname = 'fips';
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-my $infile = bldtop_file('providers', platform->dso('fips'));
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 30 # = scalar @conf_srcs
- + ($no_fips ? 0 : 1); # fipsinstall
+plan tests => 30;
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
"29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
);
-unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
-}
-
foreach my $conf (@conf_files) {
subtest "Test configuration $conf" => sub {
plan tests => 6 + ($no_fips ? 0 : 3);
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-my $infile = bldtop_file('providers', platform->dso('fips'));
-
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
$no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
# If you're adding tests here, you probably want to convert them to the
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
plan tests =>
- ($no_fips ? 0 : 1 + 5) # For fipsinstall + testssl with fips provider
+ ($no_fips ? 0 : 5) # testssl with fips provider
+ 1 # For testss
+ 5 # For the testssl with default provider
;
-unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
-}
-
subtest 'test_ss' => sub {
if (testss()) {
open OUT, ">", "intP1.ss";
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
+
plan skip_all => "These tests are not supported in a fuzz build"
if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/;
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
plan tests =>
- ($no_fips ? 0 : 2) # FIPS install test + sslapitest with fips
+ ($no_fips ? 0 : 1) # sslapitest with fips
+ 1; # sslapitest with default provider
(undef, my $tmpfilename) = tempfile();
"running sslapitest");
unless ($no_fips) {
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips'))])),
- "fipsinstall");
-
ok(run(test(["sslapitest", srctop_dir("test", "certs"),
srctop_file("test", "recipes", "90-test_sslapi_data",
"passwd.txt"), $tmpfilename, "fips",
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-
-plan tests => 1 + ($no_fips ? 0 : 1);
-
-if (!$no_fips) {
- my $infile = bldtop_file('providers', platform->dso('fips'));
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
-}
+plan tests => 1;
if ($no_fips) {
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));