]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/15-test_ecparam.t
2 # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
14 use File
::Compare qw
/compare_text/;
16 use OpenSSL
::Test qw
/:DEFAULT data_file srctop_file bldtop_dir/;
17 use OpenSSL
::Test
::Utils
;
19 setup
("test_ecparam");
21 plan skip_all
=> "EC or EC2M isn't supported in this build"
22 if disabled
("ec") || disabled
("ec2m");
24 my @valid = glob(data_file
("valid", "*.pem"));
25 my @noncanon = glob(data_file
("noncanon", "*.pem"));
26 my @invalid = glob(data_file
("invalid", "*.pem"));
31 my $files = shift; # List of files
32 my $valid = shift; # Check should pass or fail?
33 my $app = shift; # Which application
34 my $opt = shift; # Additional option
38 ok
(run
(app
(['openssl', $app, '-noout', $opt, '-in', $_])));
40 ok
(!run
(app
(['openssl', $app, '-noout', $opt, '-in', $_])));
46 my $files = shift; # List of files
47 my $app = shift; # Which application
50 my $testout = "$app.tst";
52 ok
(run
(app
(['openssl', $app, '-out', $testout, '-in', $_])));
53 ok
(!compare_text
($_, $testout, sub {
58 $in1 ne $in2}), "Original file $_ is the same as new one");
62 my $no_fips = disabled
('fips') || ($ENV{NO_FIPS
} // 0);
64 subtest
"Check loading valid parameters by ecparam with -check" => sub {
65 plan tests
=> scalar(@valid);
66 checkload
(\
@valid, 1, "ecparam", "-check");
69 subtest
"Check loading valid parameters by ecparam with -check_named" => sub {
70 plan tests
=> scalar(@valid);
71 checkload
(\
@valid, 1, "ecparam", "-check_named");
74 subtest
"Check loading valid parameters by pkeyparam with -check" => sub {
75 plan tests
=> scalar(@valid);
76 checkload
(\
@valid, 1, "pkeyparam", "-check");
79 subtest
"Check loading non-canonically encoded parameters by ecparam with -check" => sub {
80 plan tests
=> scalar(@noncanon);
81 checkload
(\
@noncanon, 1, "ecparam", "-check");
84 subtest
"Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
85 plan tests
=> scalar(@noncanon);
86 checkload
(\
@noncanon, 1, "ecparam", "-check_named");
89 subtest
"Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
90 plan tests
=> scalar(@noncanon);
91 checkload
(\
@noncanon, 1, "pkeyparam", "-check");
94 subtest
"Check loading invalid parameters by ecparam with -check" => sub {
95 plan tests
=> scalar(@invalid);
96 checkload
(\
@invalid, 0, "ecparam", "-check");
99 subtest
"Check loading invalid parameters by ecparam with -check_named" => sub {
100 plan tests
=> scalar(@invalid);
101 checkload
(\
@invalid, 0, "ecparam", "-check_named");
104 subtest
"Check loading invalid parameters by pkeyparam with -check" => sub {
105 plan tests
=> scalar(@invalid);
106 checkload
(\
@invalid, 0, "pkeyparam", "-check");
109 subtest
"Check ecparam does not change the parameter file on output" => sub {
110 plan tests
=> 2 * scalar(@valid);
111 checkcompare
(\
@valid, "ecparam");
114 subtest
"Check pkeyparam does not change the parameter file on output" => sub {
115 plan tests
=> 2 * scalar(@valid);
116 checkcompare
(\
@valid, "pkeyparam");
119 subtest
"Check loading of fips and non-fips params" => sub {
120 plan skip_all
=> "FIPS is disabled"
124 my $fipsconf = srctop_file
("test", "fips-and-base.cnf");
125 my $defaultconf = srctop_file
("test", "default.cnf");
127 $ENV{OPENSSL_CONF
} = $fipsconf;
129 ok
(run
(app
(['openssl', 'ecparam',
130 '-in', data_file
('valid', 'secp384r1-explicit.pem'),
132 "Loading explicitly encoded valid curve");
134 ok
(run
(app
(['openssl', 'ecparam',
135 '-in', data_file
('valid', 'secp384r1-named.pem'),
137 "Loading named valid curve");
139 ok
(!run
(app
(['openssl', 'ecparam',
140 '-in', data_file
('valid', 'secp112r1-named.pem'),
142 "Fail loading named non-fips curve");
144 ok
(!run
(app
(['openssl', 'pkeyparam',
145 '-in', data_file
('valid', 'secp112r1-named.pem'),
147 "Fail loading named non-fips curve using pkeyparam");
149 ok
(run
(app
(['openssl', 'ecparam',
150 '-provider', 'default',
151 '-propquery', '?fips!=yes',
152 '-in', data_file
('valid', 'secp112r1-named.pem'),
154 "Loading named non-fips curve in FIPS mode with non-FIPS property".
157 ok
(run
(app
(['openssl', 'pkeyparam',
158 '-provider', 'default',
159 '-propquery', '?fips!=yes',
160 '-in', data_file
('valid', 'secp112r1-named.pem'),
162 "Loading named non-fips curve in FIPS mode with non-FIPS property".
163 " query using pkeyparam");
165 ok
(!run
(app
(['openssl', 'ecparam',
166 '-genkey', '-name', 'secp112r1'])),
167 "Fail generating key for named non-fips curve");
169 ok
(run
(app
(['openssl', 'ecparam',
170 '-provider', 'default',
171 '-propquery', '?fips!=yes',
172 '-genkey', '-name', 'secp112r1'])),
173 "Generating key for named non-fips curve with non-FIPS property query");
175 $ENV{OPENSSL_CONF
} = $defaultconf;