]>
Commit | Line | Data |
---|---|---|
8f09ba47 | 1 | #! /usr/bin/env perl |
50ea5cdc | 2 | # Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
8f09ba47 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
8f09ba47 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
8f09ba47 | 9 | use OpenSSL::Test::Utils; |
d2af5e4c | 10 | use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file result_dir result_file/; |
76fd7a1d | 11 | use File::Temp qw(tempfile); |
8f09ba47 | 12 | |
5e30f2fd | 13 | BEGIN { |
2cb4b5f6 | 14 | setup("test_sslapi"); |
5e30f2fd MC |
15 | } |
16 | ||
4f6c7044 | 17 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
50ea5cdc | 18 | my $fipsmodcfg_filename = "fipsmodule.cnf"; |
bc5d9502 | 19 | my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); |
50ea5cdc | 20 | |
21 | my $provconf = srctop_file("test", "fips-and-base.cnf"); | |
22 | ||
23 | # A modified copy of "fipsmodule.cnf" | |
24 | my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; | |
d2af5e4c | 25 | my $fipsmodcfgnew = result_file($fipsmodcfgnew_filename); |
50ea5cdc | 26 | |
27 | # A modified copy of "fips-and-base.cnf" | |
d2af5e4c | 28 | my $provconfnew = result_file("fips-and-base-temp.cnf"); |
8f09ba47 MC |
29 | |
30 | plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" | |
31 | if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); | |
32 | ||
cee0628e | 33 | plan tests => 4; |
8f09ba47 | 34 | |
76fd7a1d MC |
35 | (undef, my $tmpfilename) = tempfile(); |
36 | ||
1a2a3a42 | 37 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
76fd7a1d | 38 | srctop_file("test", "recipes", "90-test_sslapi_data", |
5e30f2fd | 39 | "passwd.txt"), $tmpfilename, "default", |
b2b8d188 DF |
40 | srctop_file("test", "default.cnf"), |
41 | srctop_file("test", | |
42 | "recipes", | |
43 | "90-test_sslapi_data", | |
44 | "dhparams.pem")])), | |
76fd7a1d MC |
45 | "running sslapitest"); |
46 | ||
50ea5cdc | 47 | SKIP: { |
48 | skip "Skipping FIPS tests", 2 | |
49 | if $no_fips; | |
50 | ||
d2af5e4c TM |
51 | # NOTE that because by default we setup fips provider in pedantic mode, |
52 | # with >= 3.1.0 this just runs test_no_ems() to check that the connection | |
53 | # fails if ems is not used and the fips check is enabled. | |
4f6c7044 MC |
54 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
55 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
56 | "passwd.txt"), $tmpfilename, "fips", | |
50ea5cdc | 57 | $provconf, |
b2b8d188 DF |
58 | srctop_file("test", |
59 | "recipes", | |
60 | "90-test_sslapi_data", | |
61 | "dhparams.pem")])), | |
d2af5e4c | 62 | "running sslapitest with default fips config"); |
50ea5cdc | 63 | |
64 | run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), | |
65 | capture => 1, statusvar => \my $exit); | |
66 | ||
67 | skip "FIPS provider version is too old for TLS_PRF EMS option test", 1 | |
68 | if !$exit; | |
69 | ||
70 | # Read in a text $infile and replace the regular expression in $srch with the | |
71 | # value in $repl and output to a new file $outfile. | |
72 | sub replace_line_file_internal { | |
d2af5e4c | 73 | |
50ea5cdc | 74 | my ($infile, $srch, $repl, $outfile) = @_; |
75 | my $msg; | |
76 | ||
77 | open(my $in, "<", $infile) or return 0; | |
78 | read($in, $msg, 1024); | |
79 | close $in; | |
80 | ||
81 | $msg =~ s/$srch/$repl/; | |
82 | ||
83 | open(my $fh, ">", $outfile) or return 0; | |
84 | print $fh $msg; | |
85 | close $fh; | |
86 | return 1; | |
87 | } | |
d2af5e4c | 88 | |
50ea5cdc | 89 | # Read in the text input file $infile |
90 | # and replace a single Key = Value line with a new value in $value. | |
91 | # OR remove the Key = Value line if the passed in $value is empty. | |
92 | # and then output a new file $outfile. | |
93 | # $key is the Key to find | |
94 | sub replace_kv_file { | |
95 | my ($infile, $key, $value, $outfile) = @_; | |
96 | my $srch = qr/$key\s*=\s*\S*\n/; | |
97 | my $rep; | |
98 | if ($value eq "") { | |
99 | $rep = ""; | |
100 | } else { | |
101 | $rep = "$key = $value\n"; | |
102 | } | |
103 | return replace_line_file_internal($infile, $srch, $rep, $outfile); | |
104 | } | |
d2af5e4c | 105 | |
50ea5cdc | 106 | # Read in the text $input file |
107 | # and search for the $key and replace with $newkey | |
108 | # and then output a new file $outfile. | |
109 | sub replace_line_file { | |
110 | my ($infile, $key, $newkey, $outfile) = @_; | |
111 | my $srch = qr/$key/; | |
112 | my $rep = "$newkey"; | |
113 | return replace_line_file_internal($infile, | |
114 | $srch, $rep, $outfile); | |
115 | } | |
116 | ||
d2af5e4c TM |
117 | # The default fipsmodule.cnf in tests is set with -pedantic. |
118 | # In order to enable the tls1-prf-ems-check=0 in a fips config file | |
50ea5cdc | 119 | # copy the existing fipsmodule.cnf and modify it. |
120 | # Then copy fips-and-base.cfg to make a file that includes the changed file | |
d2af5e4c | 121 | $ENV{OPENSSL_CONF_INCLUDE} = result_dir(); |
50ea5cdc | 122 | ok(replace_kv_file($fipsmodcfg, |
d2af5e4c | 123 | 'tls1-prf-ems-check', '0', |
50ea5cdc | 124 | $fipsmodcfgnew) |
125 | && replace_line_file($provconf, | |
126 | $fipsmodcfg_filename, $fipsmodcfgnew_filename, | |
127 | $provconfnew) | |
128 | && run(test(["sslapitest", srctop_dir("test", "certs"), | |
129 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
130 | "passwd.txt"), | |
131 | $tmpfilename, "fips", | |
132 | $provconfnew, | |
133 | srctop_file("test", | |
134 | "recipes", | |
135 | "90-test_sslapi_data", | |
136 | "dhparams.pem")])), | |
d2af5e4c | 137 | "running sslapitest with modified fips config"); |
4f6c7044 MC |
138 | } |
139 | ||
cee0628e JC |
140 | ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); |
141 | ||
76fd7a1d | 142 | unlink $tmpfilename; |