]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/15-test_ecparam.t
2 # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
14 use File
::Compare qw
/compare_text/;
16 use OpenSSL
::Test qw
/:DEFAULT data_file srctop_file bldtop_dir/;
17 use OpenSSL
::Test
::Utils
;
19 setup
("test_ecparam");
21 plan skip_all
=> "EC or EC2M isn't supported in this build"
22 if disabled
("ec") || disabled
("ec2m");
24 my @valid = glob(data_file
("valid", "*.pem"));
25 my @noncanon = glob(data_file
("noncanon", "*.pem"));
26 my @invalid = glob(data_file
("invalid", "*.pem"));
28 if (disabled
("sm2")) {
29 @valid = grep { !/sm2-.*\.pem/} @valid;
35 my $files = shift; # List of files
36 my $valid = shift; # Check should pass or fail?
37 my $app = shift; # Which application
38 my $opt = shift; # Additional option
42 ok
(run
(app
(['openssl', $app, '-noout', $opt, '-in', $_])));
44 ok
(!run
(app
(['openssl', $app, '-noout', $opt, '-in', $_])));
50 my $files = shift; # List of files
51 my $app = shift; # Which application
54 my $testout = "$app.tst";
56 ok
(run
(app
(['openssl', $app, '-out', $testout, '-in', $_])));
57 ok
(!compare_text
($_, $testout, sub {
62 $in1 ne $in2}), "Original file $_ is the same as new one");
66 my $no_fips = disabled
('fips') || ($ENV{NO_FIPS
} // 0);
68 subtest
"Check loading valid parameters by ecparam with -check" => sub {
69 plan tests
=> scalar(@valid);
70 checkload
(\
@valid, 1, "ecparam", "-check");
73 subtest
"Check loading valid parameters by ecparam with -check_named" => sub {
74 plan tests
=> scalar(@valid);
75 checkload
(\
@valid, 1, "ecparam", "-check_named");
78 subtest
"Check loading valid parameters by pkeyparam with -check" => sub {
79 plan tests
=> scalar(@valid);
80 checkload
(\
@valid, 1, "pkeyparam", "-check");
83 subtest
"Check loading non-canonically encoded parameters by ecparam with -check" => sub {
84 plan tests
=> scalar(@noncanon);
85 checkload
(\
@noncanon, 1, "ecparam", "-check");
88 subtest
"Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
89 plan tests
=> scalar(@noncanon);
90 checkload
(\
@noncanon, 1, "ecparam", "-check_named");
93 subtest
"Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
94 plan tests
=> scalar(@noncanon);
95 checkload
(\
@noncanon, 1, "pkeyparam", "-check");
98 subtest
"Check loading invalid parameters by ecparam with -check" => sub {
99 plan tests
=> scalar(@invalid);
100 checkload
(\
@invalid, 0, "ecparam", "-check");
103 subtest
"Check loading invalid parameters by ecparam with -check_named" => sub {
104 plan tests
=> scalar(@invalid);
105 checkload
(\
@invalid, 0, "ecparam", "-check_named");
108 subtest
"Check loading invalid parameters by pkeyparam with -check" => sub {
109 plan tests
=> scalar(@invalid);
110 checkload
(\
@invalid, 0, "pkeyparam", "-check");
113 subtest
"Check ecparam does not change the parameter file on output" => sub {
114 plan tests
=> 2 * scalar(@valid);
115 checkcompare
(\
@valid, "ecparam");
118 subtest
"Check pkeyparam does not change the parameter file on output" => sub {
119 plan tests
=> 2 * scalar(@valid);
120 checkcompare
(\
@valid, "pkeyparam");
123 subtest
"Check loading of fips and non-fips params" => sub {
124 plan skip_all
=> "FIPS is disabled"
128 my $fipsconf = srctop_file
("test", "fips-and-base.cnf");
129 my $defaultconf = srctop_file
("test", "default.cnf");
131 $ENV{OPENSSL_CONF
} = $fipsconf;
133 ok
(run
(app
(['openssl', 'ecparam',
134 '-in', data_file
('valid', 'secp384r1-explicit.pem'),
136 "Loading explicitly encoded valid curve");
138 ok
(run
(app
(['openssl', 'ecparam',
139 '-in', data_file
('valid', 'secp384r1-named.pem'),
141 "Loading named valid curve");
143 ok
(!run
(app
(['openssl', 'ecparam',
144 '-in', data_file
('valid', 'secp112r1-named.pem'),
146 "Fail loading named non-fips curve");
148 ok
(!run
(app
(['openssl', 'pkeyparam',
149 '-in', data_file
('valid', 'secp112r1-named.pem'),
151 "Fail loading named non-fips curve using pkeyparam");
153 ok
(run
(app
(['openssl', 'ecparam',
154 '-provider', 'default',
155 '-propquery', '?fips!=yes',
156 '-in', data_file
('valid', 'secp112r1-named.pem'),
158 "Loading named non-fips curve in FIPS mode with non-FIPS property".
161 ok
(run
(app
(['openssl', 'pkeyparam',
162 '-provider', 'default',
163 '-propquery', '?fips!=yes',
164 '-in', data_file
('valid', 'secp112r1-named.pem'),
166 "Loading named non-fips curve in FIPS mode with non-FIPS property".
167 " query using pkeyparam");
169 ok
(!run
(app
(['openssl', 'ecparam',
170 '-genkey', '-name', 'secp112r1'])),
171 "Fail generating key for named non-fips curve");
173 ok
(run
(app
(['openssl', 'ecparam',
174 '-provider', 'default',
175 '-propquery', '?fips!=yes',
176 '-genkey', '-name', 'secp112r1'])),
177 "Generating key for named non-fips curve with non-FIPS property query");
179 $ENV{OPENSSL_CONF
} = $defaultconf;