]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/80-test_ssl_new.t
projects / thirdparty / openssl.git / blob
? search:


e2b9349d04d0b870d094acf91346d62c12b19ab8
[thirdparty/openssl.git] / test / recipes / 80-test_ssl_new.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use File::Basename;
14 use File::Compare qw/compare_text/;
15 use OpenSSL::Glob;
16 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_file bldtop_dir/;
17 use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
18
19 BEGIN {
20 setup("test_ssl_new");
21 }
22
23 use lib srctop_dir('Configurations');
24 use lib bldtop_dir('.');
25 use platform;
26
27 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
28 my $infile = bldtop_file('providers', platform->dso('fips'));
29
30 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
31
32 my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
33 map { s/;.*// } @conf_srcs if $^O eq "VMS";
34 my @conf_files = map { basename($_, ".in") } @conf_srcs;
35 map { s/\^// } @conf_files if $^O eq "VMS";
36
37 # We hard-code the number of tests to double-check that the globbing above
38 # finds all files as expected.
39 plan tests => 30 # = scalar @conf_srcs
40 + ($no_fips ? 0 : 1); # fipsinstall
41
42 # Some test results depend on the configuration of enabled protocols. We only
43 # verify generated sources in the default configuration.
44 my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
45 !disabled("tls1_1") && !disabled("tls1_2") &&
46 !disabled("tls1_3"));
47
48 my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
49
50 my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2");
51 my $no_tls = alldisabled(available_protocols("tls"));
52 my $no_tls_below1_3 = $no_tls || (disabled("tls1_2") && !disabled("tls1_3"));
53 my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3);
54 my $no_dtls = alldisabled(available_protocols("dtls"));
55 my $no_npn = disabled("nextprotoneg");
56 my $no_ct = disabled("ct");
57 my $no_ec = disabled("ec");
58 my $no_dh = disabled("dh");
59 my $no_dsa = disabled("dsa");
60 my $no_ec2m = disabled("ec2m");
61 my $no_ocsp = disabled("ocsp");
62
63 # Add your test here if the test conf.in generates test cases and/or
64 # expectations dynamically based on the OpenSSL compile-time config.
65 my %conf_dependent_tests = (
66 "02-protocol-version.cnf" => !$is_default_tls,
67 "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
68 || !disabled("sctp"),
69 "05-sni.cnf" => disabled("tls1_1"),
70 "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
71 "10-resumption.cnf" => !$is_default_tls || $no_ec,
72 "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
73 "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
74 "17-renegotiate.cnf" => disabled("tls1_2"),
75 "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
76 "19-mac-then-encrypt.cnf" => !$is_default_tls,
77 "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
78 "22-compression.cnf" => !$is_default_tls,
79 "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
80 "27-ticket-appdata.cnf" => !$is_default_tls,
81 "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
82 "30-extended-master-secret.cnf" => disabled("tls1_2"),
83 );
84
85 # Add your test here if it should be skipped for some compile-time
86 # configurations. Default is $no_tls but some tests have different skip
87 # conditions.
88 my %skip = (
89 "06-sni-ticket.cnf" => $no_tls_below1_3,
90 "07-dtls-protocol-version.cnf" => $no_dtls,
91 "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
92 && disabled("tls1_2")) || $no_npn,
93 "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
94 "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
95 "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
96 # We could run some of these tests without TLS 1.2 if we had a per-test
97 # disable instruction but that's a bizarre configuration not worth
98 # special-casing for.
99 # TODO(TLS 1.3): We should review this once we have TLS 1.3.
100 "13-fragmentation.cnf" => disabled("tls1_2"),
101 "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
102 "15-certstatus.cnf" => $no_tls || $no_ocsp,
103 "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
104 "17-renegotiate.cnf" => $no_tls_below1_3,
105 "18-dtls-renegotiate.cnf" => $no_dtls,
106 "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
107 "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
108 "21-key-update.cnf" => disabled("tls1_3"),
109 "22-compression.cnf" => disabled("zlib") || $no_tls,
110 "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
111 && disabled("tls1_2")) || disabled("srp"),
112 "24-padding.cnf" => disabled("tls1_3"),
113 "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
114 "26-tls13_client_auth.cnf" => disabled("tls1_3"),
115 "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
116 );
117
118 unless ($no_fips) {
119 ok(run(app(['openssl', 'fipsinstall',
120 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
121 '-module', $infile])),
122 "fipsinstall");
123 }
124
125 foreach my $conf (@conf_files) {
126 subtest "Test configuration $conf" => sub {
127 plan tests => 6 + ($no_fips ? 0 : 3);
128 test_conf($conf,
129 $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
130 defined($skip{$conf}) ? $skip{$conf} : $no_tls,
131 "none");
132 test_conf($conf,
133 0,
134 defined($skip{$conf}) ? $skip{$conf} : $no_tls,
135 "default");
136 test_conf($conf,
137 0,
138 defined($skip{$conf}) ? $skip{$conf} : $no_tls,
139 "fips") unless $no_fips;
140 }
141 }
142
143 sub test_conf {
144 my ($conf, $check_source, $skip, $provider) = @_;
145
146 my $conf_file = srctop_file("test", "ssl-tests", $conf);
147 my $input_file = $conf_file . ".in";
148 my $output_file = $conf . "." . $provider;
149 my $run_test = 1;
150
151 SKIP: {
152 # "Test" 1. Generate the source.
153 skip 'failure', 2 unless
154 ok(run(perltest(["generate_ssl_tests.pl", $input_file, $provider],
155 interpreter_args => [ "-I", srctop_dir("util", "perl")],
156 stdout => $output_file)),
157 "Getting output from generate_ssl_tests.pl.");
158
159 SKIP: {
160 # Test 2. Compare against existing output in test/ssl_tests.cnf.
161 skip "Skipping generated source test for $conf", 1
162 if !$check_source;
163
164 $run_test = is(cmp_text($output_file, $conf_file), 0,
165 "Comparing generated sources.");
166 }
167
168 # Test 3. Run the test.
169 skip "No tests available; skipping tests", 1 if $skip;
170 skip "Stale sources; skipping tests", 1 if !$run_test;
171
172 if ($provider eq "fips") {
173 ok(run(test(["ssl_test", $output_file, $provider,
174 srctop_file("test", "fips-and-base.cnf")])),
175 "running ssl_test $conf");
176 } else {
177 ok(run(test(["ssl_test", $output_file, $provider])),
178 "running ssl_test $conf");
179 }
180 }
181 }
182
183 sub cmp_text {
184 return compare_text(@_, sub {
185 $_[0] =~ s/\R//g;
186 $_[1] =~ s/\R//g;
187 return $_[0] ne $_[1];
188 });
189 }
A mirror of the official openssl repository