]>
Commit | Line | Data |
---|---|---|
1 | #! /usr/bin/env perl | |
2 | # Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use OpenSSL::Test::Utils; | |
10 | use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; | |
11 | use File::Temp qw(tempfile); | |
12 | ||
13 | BEGIN { | |
14 | setup("test_sslapi"); | |
15 | } | |
16 | ||
17 | use lib srctop_dir('Configurations'); | |
18 | use lib bldtop_dir('.'); | |
19 | ||
20 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); | |
21 | my $fipsmodcfg_filename = "fipsmodule.cnf"; | |
22 | my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); | |
23 | ||
24 | my $provconf = srctop_file("test", "fips-and-base.cnf"); | |
25 | ||
26 | # A modified copy of "fipsmodule.cnf" | |
27 | my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; | |
28 | my $fipsmodcfgnew = bldtop_file("test", $fipsmodcfgnew_filename); | |
29 | ||
30 | # A modified copy of "fips-and-base.cnf" | |
31 | my $provconfnew = bldtop_file("test", "temp.cnf"); | |
32 | ||
33 | plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" | |
34 | if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); | |
35 | ||
36 | plan tests => 4; | |
37 | ||
38 | (undef, my $tmpfilename) = tempfile(); | |
39 | ||
40 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), | |
41 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
42 | "passwd.txt"), $tmpfilename, "default", | |
43 | srctop_file("test", "default.cnf"), | |
44 | srctop_file("test", | |
45 | "recipes", | |
46 | "90-test_sslapi_data", | |
47 | "dhparams.pem")])), | |
48 | "running sslapitest"); | |
49 | ||
50 | SKIP: { | |
51 | skip "Skipping FIPS tests", 2 | |
52 | if $no_fips; | |
53 | ||
54 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), | |
55 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
56 | "passwd.txt"), $tmpfilename, "fips", | |
57 | $provconf, | |
58 | srctop_file("test", | |
59 | "recipes", | |
60 | "90-test_sslapi_data", | |
61 | "dhparams.pem")])), | |
62 | "running sslapitest"); | |
63 | ||
64 | run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), | |
65 | capture => 1, statusvar => \my $exit); | |
66 | ||
67 | skip "FIPS provider version is too old for TLS_PRF EMS option test", 1 | |
68 | if !$exit; | |
69 | ||
70 | # Read in a text $infile and replace the regular expression in $srch with the | |
71 | # value in $repl and output to a new file $outfile. | |
72 | sub replace_line_file_internal { | |
73 | ||
74 | my ($infile, $srch, $repl, $outfile) = @_; | |
75 | my $msg; | |
76 | ||
77 | open(my $in, "<", $infile) or return 0; | |
78 | read($in, $msg, 1024); | |
79 | close $in; | |
80 | ||
81 | $msg =~ s/$srch/$repl/; | |
82 | ||
83 | open(my $fh, ">", $outfile) or return 0; | |
84 | print $fh $msg; | |
85 | close $fh; | |
86 | return 1; | |
87 | } | |
88 | ||
89 | # Read in the text input file $infile | |
90 | # and replace a single Key = Value line with a new value in $value. | |
91 | # OR remove the Key = Value line if the passed in $value is empty. | |
92 | # and then output a new file $outfile. | |
93 | # $key is the Key to find | |
94 | sub replace_kv_file { | |
95 | my ($infile, $key, $value, $outfile) = @_; | |
96 | my $srch = qr/$key\s*=\s*\S*\n/; | |
97 | my $rep; | |
98 | if ($value eq "") { | |
99 | $rep = ""; | |
100 | } else { | |
101 | $rep = "$key = $value\n"; | |
102 | } | |
103 | return replace_line_file_internal($infile, $srch, $rep, $outfile); | |
104 | } | |
105 | ||
106 | # Read in the text $input file | |
107 | # and search for the $key and replace with $newkey | |
108 | # and then output a new file $outfile. | |
109 | sub replace_line_file { | |
110 | my ($infile, $key, $newkey, $outfile) = @_; | |
111 | my $srch = qr/$key/; | |
112 | my $rep = "$newkey"; | |
113 | return replace_line_file_internal($infile, | |
114 | $srch, $rep, $outfile); | |
115 | } | |
116 | ||
117 | # In order to enable the tls1-prf-ems-check=1 in a fips config file | |
118 | # copy the existing fipsmodule.cnf and modify it. | |
119 | # Then copy fips-and-base.cfg to make a file that includes the changed file | |
120 | # NOTE that this just runs test_no_ems() to check that the connection | |
121 | # fails if ems is not used and the fips check is enabled. | |
122 | ok(replace_kv_file($fipsmodcfg, | |
123 | 'tls1-prf-ems-check', '1', | |
124 | $fipsmodcfgnew) | |
125 | && replace_line_file($provconf, | |
126 | $fipsmodcfg_filename, $fipsmodcfgnew_filename, | |
127 | $provconfnew) | |
128 | && run(test(["sslapitest", srctop_dir("test", "certs"), | |
129 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
130 | "passwd.txt"), | |
131 | $tmpfilename, "fips", | |
132 | $provconfnew, | |
133 | srctop_file("test", | |
134 | "recipes", | |
135 | "90-test_sslapi_data", | |
136 | "dhparams.pem")])), | |
137 | "running sslapitest"); | |
138 | ||
139 | unlink $fipsmodcfgnew; | |
140 | unlink $provconfnew; | |
141 | } | |
142 | ||
143 | ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); | |
144 | ||
145 | unlink $tmpfilename; |