Lines Matching +full:non +full:- +full:default
2 # Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
16 use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data_file/;
26 my $no_check = disabled("fips") || disabled('fips-securitychecks');
31 my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
32 my $fipsconf = srctop_file("test", "fips-and-base.cnf");
33 my $defaultconf = srctop_file("test", "default.cnf");
39 ok(run(app(['openssl', 'list', '-public-key-methods', '-verbose'])),
41 ok(run(app(['openssl', 'list', '-public-key-algorithms', '-verbose'])),
43 ok(run(app(['openssl', 'list', '-key-managers', '-verbose'])),
45 ok(run(app(['openssl', 'list', '-key-exchange-algorithms', '-verbose'])),
47 ok(run(app(['openssl', 'list', '-kem-algorithms', '-verbose'])),
49 ok(run(app(['openssl', 'list', '-signature-algorithms', '-verbose'])),
51 ok(run(app(['openssl', 'list', '-asymcipher-algorithms', '-verbose'])),
53 ok(run(app(['openssl', 'list', '-key-managers', '-verbose', '-select', 'DSA' ])),
63 '-in', $key,
64 '-pubout',
65 '-out', $pub_key])),
87 ok(run(app(['openssl', 'dgst', '-sha256',
88 '-sign', $fips_key,
89 '-out', $sigfile,
95 ok(run(app(['openssl', 'dgst', '-sha256',
96 '-verify', $fips_pub_key,
97 '-signature', $sigfile,
104 ok(!run(app(['openssl', 'dgst', '-sha256',
105 '-verify', $fips_pub_key,
106 '-signature', $sigfile,
118 'Sign something with a non-FIPS key'.
119 ' with the default provider';
120 ok(run(app(['openssl', 'dgst', '-sha256',
121 '-sign', $nonfips_key,
122 '-out', $sigfile,
127 'Verify something with a non-FIPS key'.
128 ' with the default provider';
129 ok(run(app(['openssl', 'dgst', '-sha256',
130 '-verify', $nonfips_pub_key,
131 '-signature', $sigfile,
138 'Sign something with a non-FIPS key'.
140 ok(!run(app(['openssl', 'dgst', '-sha256',
141 '-sign', $nonfips_key,
142 '-out', $prefix.'.nonfips.fail.sig',
147 'Verify something with a non-FIPS key'.
149 ok(!run(app(['openssl', 'dgst', '-sha256',
150 '-verify', $nonfips_pub_key,
151 '-signature', $sigfile,
156 'Verify something with a non-FIPS key'.
157 ' in FIPS mode but with a non-FIPS property query';
159 '-provider', 'default',
160 '-propquery', '?fips!=yes',
161 '-sha256',
162 '-verify', $nonfips_pub_key,
163 '-signature', $sigfile,
168 'Verify a valid signature against the wrong data with a non-FIPS key'.
170 ok(!run(app(['openssl', 'dgst', '-sha256',
171 '-verify', $nonfips_pub_key,
172 '-signature', $sigfile,
198 'Generate a key with a non-FIPS algorithm with the default provider';
199 ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
200 '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
201 '-out', $nonfips_key])),
204 pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
211 ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
212 '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
213 '-out', $fips_key])),
220 'Generate a key with a non-FIPS algorithm'.
222 ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC',
223 '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
224 '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])),
248 'Generate a key with a non-FIPS algorithm with the default provider';
249 ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA',
250 '-pkeyopt', 'rsa_keygen_bits:512',
251 '-out', $nonfips_key])),
254 pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
260 ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA',
261 '-pkeyopt', 'rsa_keygen_bits:2048',
262 '-out', $fips_key])),
268 'Generate a key with a non-FIPS algorithm'.
270 ok(!run(app(['openssl', 'genpkey', '-algorithm', 'RSA',
271 '-pkeyopt', 'rsa_keygen_bits:512',
272 '-out', $testtext_prefix.'.fail.priv.pem'])),
300 'Generate non-FIPS params with the default provider';
301 ok(run(app(['openssl', 'genpkey', '-genparam',
302 '-algorithm', 'DSA',
303 '-pkeyopt', 'type:fips186_2',
304 '-pkeyopt', 'dsa_paramgen_bits:512',
305 '-out', $nonfips_param])),
312 ok(run(app(['openssl', 'genpkey', '-genparam',
313 '-algorithm', 'DSA',
314 '-pkeyopt', 'dsa_paramgen_bits:2048',
315 '-out', $fips_param])),
319 'Generate non-FIPS params'.
321 ok(!run(app(['openssl', 'genpkey', '-genparam',
322 '-algorithm', 'DSA',
323 '-pkeyopt', 'dsa_paramgen_bits:512',
324 '-out', $testtext_prefix.'.fail.param.pem'])),
328 'Generate non-FIPS params using non-FIPS property query'.
330 ok(run(app(['openssl', 'dsaparam', '-provider', 'default',
331 '-propquery', '?fips!=yes',
332 '-out', $shortnonfips_param, '1024'])),
336 'Generate non-FIPS params using non-FIPS property query'.
338 ok(run(app(['openssl', 'genpkey', '-provider', 'default',
339 '-propquery', '?fips!=yes',
340 '-genparam', '-algorithm', 'DSA',
341 '-pkeyopt', 'dsa_paramgen_bits:512'])),
347 'Generate a key with non-FIPS params with the default provider';
349 '-paramfile', $nonfips_param,
350 '-pkeyopt', 'type:fips186_2',
351 '-out', $nonfips_key])),
354 pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
361 '-paramfile', $fips_param,
362 '-pkeyopt', 'type:fips186_4',
363 '-out', $fips_key])),
369 'Generate a key with non-FIPS parameters'.
372 '-paramfile', $nonfips_param,
373 '-pkeyopt', 'type:fips186_2',
374 '-out', $testtext_prefix.'.fail.priv.pem'])),
378 'Generate a key with non-FIPS parameters using non-FIPS property'.
380 ok(run(app(['openssl', 'dsaparam', '-provider', 'default',
381 '-propquery', '?fips!=yes',
382 '-noout', '-genkey', '1024'])),
386 'Generate a key with non-FIPS parameters using non-FIPS property'.
388 ok(run(app(['openssl', 'gendsa', '-provider', 'default',
389 '-propquery', '?fips!=yes',
394 'Generate a key with non-FIPS parameters using non-FIPS property'.
396 ok(run(app(['openssl', 'genpkey', '-provider', 'default',
397 '-propquery', '?fips!=yes',
398 '-paramfile', $nonfips_param,
399 '-pkeyopt', 'type:fips186_2',
400 '-out', $testtext_prefix.'.fail.priv.pem'])),