2 # Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
9 use OpenSSL
::Test
::Utils
;
10 use OpenSSL
::Test qw
/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
11 use File
::Temp
qw(tempfile);
17 use lib srctop_dir
('Configurations');
18 use lib bldtop_dir
('.');
20 my $no_fips = disabled
('fips') || ($ENV{NO_FIPS
} // 0);
21 my $fipsmodcfg_filename = "fipsmodule.cnf";
22 my $fipsmodcfg = bldtop_file
("test", $fipsmodcfg_filename);
24 my $provconf = srctop_file
("test", "fips-and-base.cnf");
26 # A modified copy of "fipsmodule.cnf"
27 my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf";
28 my $fipsmodcfgnew = bldtop_file
("test", $fipsmodcfgnew_filename);
30 # A modified copy of "fips-and-base.cnf"
31 my $provconfnew = bldtop_file
("test", "temp.cnf");
33 plan skip_all
=> "No TLS/SSL protocols are supported by this OpenSSL build"
34 if alldisabled
(grep { $_ ne "ssl3" } available_protocols
("tls"));
38 (undef, my $tmpfilename) = tempfile
();
40 ok
(run
(test
(["sslapitest", srctop_dir
("test", "certs"),
41 srctop_file
("test", "recipes", "90-test_sslapi_data",
42 "passwd.txt"), $tmpfilename, "default",
43 srctop_file
("test", "default.cnf"),
46 "90-test_sslapi_data",
48 "running sslapitest");
51 skip
"Skipping FIPS tests", 2
54 ok
(run
(test
(["sslapitest", srctop_dir
("test", "certs"),
55 srctop_file
("test", "recipes", "90-test_sslapi_data",
56 "passwd.txt"), $tmpfilename, "fips",
60 "90-test_sslapi_data",
62 "running sslapitest");
64 run
(test
(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
65 capture
=> 1, statusvar
=> \
my $exit);
67 skip
"FIPS provider version is too old for TLS_PRF EMS option test", 1
70 # Read in a text $infile and replace the regular expression in $srch with the
71 # value in $repl and output to a new file $outfile.
72 sub replace_line_file_internal
{
74 my ($infile, $srch, $repl, $outfile) = @_;
77 open(my $in, "<", $infile) or return 0;
78 read($in, $msg, 1024);
81 $msg =~ s/$srch/$repl/;
83 open(my $fh, ">", $outfile) or return 0;
89 # Read in the text input file $infile
90 # and replace a single Key = Value line with a new value in $value.
91 # OR remove the Key = Value line if the passed in $value is empty.
92 # and then output a new file $outfile.
93 # $key is the Key to find
95 my ($infile, $key, $value, $outfile) = @_;
96 my $srch = qr/$key\s*=\s*\S*\n/;
101 $rep = "$key = $value\n";
103 return replace_line_file_internal
($infile, $srch, $rep, $outfile);
106 # Read in the text $input file
107 # and search for the $key and replace with $newkey
108 # and then output a new file $outfile.
109 sub replace_line_file
{
110 my ($infile, $key, $newkey, $outfile) = @_;
113 return replace_line_file_internal
($infile,
114 $srch, $rep, $outfile);
117 # In order to enable the tls1-prf-ems-check=1 in a fips config file
118 # copy the existing fipsmodule.cnf and modify it.
119 # Then copy fips-and-base.cfg to make a file that includes the changed file
120 # NOTE that this just runs test_no_ems() to check that the connection
121 # fails if ems is not used and the fips check is enabled.
122 ok
(replace_kv_file
($fipsmodcfg,
123 'tls1-prf-ems-check', '1',
125 && replace_line_file
($provconf,
126 $fipsmodcfg_filename, $fipsmodcfgnew_filename,
128 && run
(test
(["sslapitest", srctop_dir
("test", "certs"),
129 srctop_file
("test", "recipes", "90-test_sslapi_data",
131 $tmpfilename, "fips",
135 "90-test_sslapi_data",
137 "running sslapitest");
139 unlink $fipsmodcfgnew;
143 ok
(run
(test
(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test");