Lines Matching +full:test +full:- +full:config
2 # Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
15 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
16 use OpenSSL::Test::Utils;
25 plan skip_all => "Test only supported in a fips build" if disabled("fips");
29 my $infile = bldtop_file('providers', platform->dso('fips'));
30 my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00';
31 my $provconf = srctop_file("test", "fips-and-base.cnf");
33 run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]),
73 # Read in the text input file 'test/fips.cnf'
82 return replace_line_file_internal(srctop_file("test", 'fips.cnf'),
87 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
88 '-provider_name', 'fips',
89 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
90 '-section_name', 'fips_sect'])),
94 ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
95 '-provider_name', 'fips', '-mac_name', 'HMAC',
96 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
97 '-section_name', 'fips_sect', '-verify'])),
102 ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
103 '-provider_name', 'fips', '-mac_name', 'HMAC',
104 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
105 '-section_name', 'fips_sect'])),
109 ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
110 '-provider_name', 'fips', '-mac_name', 'HMAC',
111 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
112 '-section_name', 'fips_sect', '-verify'])),
115 ok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf')
117 '-in', 'fips_no_module_mac.cnf',
118 '-module', $infile,
119 '-provider_name', 'fips', '-mac_name', 'HMAC',
120 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
121 '-section_name', 'fips_sect', '-verify'])),
124 ok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf')
126 '-in', 'fips_no_install_mac.cnf',
127 '-module', $infile,
128 '-provider_name', 'fips', '-mac_name', 'HMAC',
129 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
130 '-section_name', 'fips_sect', '-verify'])),
133 ok(replace_line_file('module-mac', '00:00:00:00:00:00',
136 '-in', 'fips_bad_module_mac.cnf',
137 '-module', $infile,
138 '-provider_name', 'fips', '-mac_name', 'HMAC',
139 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
140 '-section_name', 'fips_sect', '-verify'])),
143 ok(replace_line_file('install-mac', '00:00:00:00:00:00',
146 '-in', 'fips_bad_install_mac.cnf',
147 '-module', $infile,
148 '-provider_name', 'fips', '-mac_name', 'HMAC',
149 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
150 '-section_name', 'fips_sect', '-verify'])),
153 ok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING',
156 '-in', 'fips_bad_indicator.cnf',
157 '-module', $infile,
158 '-provider_name', 'fips', '-mac_name', 'HMAC',
159 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
160 '-section_name', 'fips_sect', '-verify'])),
164 ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
165 '-provider_name', 'fips', '-mac_name', 'HMAC',
166 '-macopt', 'digest:SHA256', '-macopt', "hexkey:01",
167 '-section_name', 'fips_sect', '-verify'])),
171 ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
172 '-provider_name', 'fips', '-mac_name', 'HMAC',
173 '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey",
174 '-section_name', 'fips_sect', '-verify'])),
178 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
179 '-provider_name', 'fips', '-mac_name', 'HMAC',
180 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
181 '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])),
185 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
186 '-provider_name', 'fips', '-mac_name', 'HMAC',
187 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
188 '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])),
192 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
193 '-provider_name', 'fips', '-mac_name', 'HMAC',
194 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
195 '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])),
198 # corrupt cipher encrypt test
199 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
200 '-provider_name', 'fips', '-mac_name', 'HMAC',
201 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
202 '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])),
205 # corrupt cipher decrypt test
206 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
207 '-provider_name', 'fips', '-mac_name', 'HMAC',
208 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
209 '-section_name', 'fips_sect', '-corrupt_desc', 'AES_ECB_Decrypt'])),
213 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
214 '-provider_name', 'fips', '-mac_name', 'HMAC',
215 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
216 '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])),
219 # corrupt a KAS test
221 skip "Skipping KAS DH corruption test because of no dh in this build", 1
224 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
225 '-provider_name', 'fips', '-mac_name', 'HMAC',
226 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
227 '-section_name', 'fips_sect',
228 '-corrupt_desc', 'DH',
229 '-corrupt_type', 'KAT_KA'])),
233 # corrupt a Signature test
235 skip "Skipping Signature DSA corruption test because of no dsa in this build", 1
238 run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]),
240 skip "FIPS provider version is too new for PCT DSA signature test", 1
243 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
244 '-provider_name', 'fips', '-mac_name', 'HMAC',
245 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
246 '-section_name', 'fips_sect',
247 '-corrupt_desc', 'DSA',
248 '-corrupt_type', 'PCT_Signature'])),
252 # corrupt an Asymmetric cipher test
254 skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1
256 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
257 '-corrupt_desc', 'RSA_Encrypt',
258 '-corrupt_type', 'KAT_AsymmetricCipher'])),
266 && run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])),
272 '-config', 'fips_parent_no_module_mac.cnf'])),
273 "verify load config fail no module mac");
283 '-config', 'fips_parent_no_install_mac.cnf'])),
284 "verify load config fail no install mac");
288 '-config', 'fips_parent_bad_indicator.cnf'])),
289 "verify load config fail bad indicator");
293 '-config', 'fips_parent_bad_install_mac.cnf'])),
294 "verify load config fail bad install mac");
300 '-config', 'fips_parent_bad_module_mac.cnf'])),
301 "verify load config fail bad module mac");
306 ok(run(app(['openssl', 'fipsinstall', '-out', $stconf,
307 '-module', $infile, '-self_test_onload'])),
308 "fipsinstall config saved without self test indicator");
310 ok(!run(app(['openssl', 'fipsinstall', '-in', $stconf,
311 '-module', $infile, '-verify'])),
312 "fipsinstall config verify fails without self test indicator");
314 ok(run(app(['openssl', 'fipsinstall', '-in', $stconf,
315 '-module', $infile, '-self_test_onload', '-verify'])),
316 "fipsinstall config verify passes when self test indicator is not present");