1#! /usr/bin/env perl 2# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use File::Compare qw/compare_text/; 15use OpenSSL::Glob; 16use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; 17use OpenSSL::Test::Utils; 18 19setup("test_ecparam"); 20 21plan skip_all => "EC or EC2M isn't supported in this build" 22 if disabled("ec") || disabled("ec2m"); 23 24my @valid = glob(data_file("valid", "*.pem")); 25my @noncanon = glob(data_file("noncanon", "*.pem")); 26my @invalid = glob(data_file("invalid", "*.pem")); 27 28plan tests => 12; 29 30sub checkload { 31 my $files = shift; # List of files 32 my $valid = shift; # Check should pass or fail? 33 my $app = shift; # Which application 34 my $opt = shift; # Additional option 35 36 foreach (@$files) { 37 if ($valid) { 38 ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 39 } else { 40 ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 41 } 42 } 43} 44 45sub checkcompare { 46 my $files = shift; # List of files 47 my $app = shift; # Which application 48 49 foreach (@$files) { 50 my $testout = "$app.tst"; 51 52 ok(run(app(['openssl', $app, '-out', $testout, '-in', $_]))); 53 ok(!compare_text($_, $testout, sub { 54 my $in1 = $_[0]; 55 my $in2 = $_[1]; 56 $in1 =~ s/\r\n/\n/g; 57 $in2 =~ s/\r\n/\n/g; 58 $in1 ne $in2}), "Original file $_ is the same as new one"); 59 } 60} 61 62my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 63 64subtest "Check loading valid parameters by ecparam with -check" => sub { 65 plan tests => scalar(@valid); 66 checkload(\@valid, 1, "ecparam", "-check"); 67}; 68 69subtest "Check loading valid parameters by ecparam with -check_named" => sub { 70 plan tests => scalar(@valid); 71 checkload(\@valid, 1, "ecparam", "-check_named"); 72}; 73 74subtest "Check loading valid parameters by pkeyparam with -check" => sub { 75 plan tests => scalar(@valid); 76 checkload(\@valid, 1, "pkeyparam", "-check"); 77}; 78 79subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub { 80 plan tests => scalar(@noncanon); 81 checkload(\@noncanon, 1, "ecparam", "-check"); 82}; 83 84subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub { 85 plan tests => scalar(@noncanon); 86 checkload(\@noncanon, 1, "ecparam", "-check_named"); 87}; 88 89subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub { 90 plan tests => scalar(@noncanon); 91 checkload(\@noncanon, 1, "pkeyparam", "-check"); 92}; 93 94subtest "Check loading invalid parameters by ecparam with -check" => sub { 95 plan tests => scalar(@invalid); 96 checkload(\@invalid, 0, "ecparam", "-check"); 97}; 98 99subtest "Check loading invalid parameters by ecparam with -check_named" => sub { 100 plan tests => scalar(@invalid); 101 checkload(\@invalid, 0, "ecparam", "-check_named"); 102}; 103 104subtest "Check loading invalid parameters by pkeyparam with -check" => sub { 105 plan tests => scalar(@invalid); 106 checkload(\@invalid, 0, "pkeyparam", "-check"); 107}; 108 109subtest "Check ecparam does not change the parameter file on output" => sub { 110 plan tests => 2 * scalar(@valid); 111 checkcompare(\@valid, "ecparam"); 112}; 113 114subtest "Check pkeyparam does not change the parameter file on output" => sub { 115 plan tests => 2 * scalar(@valid); 116 checkcompare(\@valid, "pkeyparam"); 117}; 118 119subtest "Check loading of fips and non-fips params" => sub { 120 plan skip_all => "FIPS is disabled" 121 if $no_fips; 122 plan tests => 8; 123 124 my $fipsconf = srctop_file("test", "fips-and-base.cnf"); 125 my $defaultconf = srctop_file("test", "default.cnf"); 126 127 $ENV{OPENSSL_CONF} = $fipsconf; 128 129 ok(run(app(['openssl', 'ecparam', 130 '-in', data_file('valid', 'secp384r1-explicit.pem'), 131 '-check'])), 132 "Loading explicitly encoded valid curve"); 133 134 ok(run(app(['openssl', 'ecparam', 135 '-in', data_file('valid', 'secp384r1-named.pem'), 136 '-check'])), 137 "Loading named valid curve"); 138 139 ok(!run(app(['openssl', 'ecparam', 140 '-in', data_file('valid', 'secp112r1-named.pem'), 141 '-check'])), 142 "Fail loading named non-fips curve"); 143 144 ok(!run(app(['openssl', 'pkeyparam', 145 '-in', data_file('valid', 'secp112r1-named.pem'), 146 '-check'])), 147 "Fail loading named non-fips curve using pkeyparam"); 148 149 ok(run(app(['openssl', 'ecparam', 150 '-provider', 'default', 151 '-propquery', '?fips!=yes', 152 '-in', data_file('valid', 'secp112r1-named.pem'), 153 '-check'])), 154 "Loading named non-fips curve in FIPS mode with non-FIPS property". 155 " query"); 156 157 ok(run(app(['openssl', 'pkeyparam', 158 '-provider', 'default', 159 '-propquery', '?fips!=yes', 160 '-in', data_file('valid', 'secp112r1-named.pem'), 161 '-check'])), 162 "Loading named non-fips curve in FIPS mode with non-FIPS property". 163 " query using pkeyparam"); 164 165 ok(!run(app(['openssl', 'ecparam', 166 '-genkey', '-name', 'secp112r1'])), 167 "Fail generating key for named non-fips curve"); 168 169 ok(run(app(['openssl', 'ecparam', 170 '-provider', 'default', 171 '-propquery', '?fips!=yes', 172 '-genkey', '-name', 'secp112r1'])), 173 "Generating key for named non-fips curve with non-FIPS property query"); 174 175 $ENV{OPENSSL_CONF} = $defaultconf; 176}; 177