1#! /usr/bin/env perl 2# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); 14use OpenSSL::Test::Utils; 15 16BEGIN { 17 setup("test_evp"); 18} 19 20use lib srctop_dir('Configurations'); 21use lib bldtop_dir('.'); 22 23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); 25my $no_des = disabled("des"); 26my $no_dh = disabled("dh"); 27my $no_dsa = disabled("dsa"); 28my $no_ec = disabled("ec"); 29my $no_sm2 = disabled("sm2"); 30 31# Default config depends on if the legacy module is built or not 32my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; 33 34my @configs = ( $defaultcnf ); 35# Only add the FIPS config if the FIPS module has been built 36push @configs, 'fips-and-base.cnf' unless $no_fips; 37 38# A list of tests that run with both the default and fips provider. 39my @files = qw( 40 evpciph_aes_ccm_cavs.txt 41 evpciph_aes_common.txt 42 evpciph_aes_cts.txt 43 evpciph_aes_wrap.txt 44 evpciph_aes_stitched.txt 45 evpciph_des3_common.txt 46 evpkdf_hkdf.txt 47 evpkdf_pbkdf1.txt 48 evpkdf_pbkdf2.txt 49 evpkdf_ss.txt 50 evpkdf_ssh.txt 51 evpkdf_tls12_prf.txt 52 evpkdf_tls13_kdf.txt 53 evpkdf_x942.txt 54 evpkdf_x963.txt 55 evpmac_common.txt 56 evpmd_sha.txt 57 evppbe_pbkdf2.txt 58 evppkey_kdf_hkdf.txt 59 evppkey_rsa_common.txt 60 evprand.txt 61 ); 62push @files, qw( 63 evppkey_ffdhe.txt 64 evppkey_dh.txt 65 ) unless $no_dh; 66push @files, qw( 67 evpkdf_x942_des.txt 68 evpmac_cmac_des.txt 69 ) unless $no_des; 70push @files, qw(evppkey_dsa.txt) unless $no_dsa; 71push @files, qw(evppkey_ecx.txt) unless $no_ec; 72push @files, qw( 73 evppkey_ecc.txt 74 evppkey_ecdh.txt 75 evppkey_ecdsa.txt 76 evppkey_kas.txt 77 evppkey_mismatch.txt 78 ) unless $no_ec; 79 80# A list of tests that only run with the default provider 81# (i.e. The algorithms are not present in the fips provider) 82my @defltfiles = qw( 83 evpciph_aes_ocb.txt 84 evpciph_aes_siv.txt 85 evpciph_aria.txt 86 evpciph_bf.txt 87 evpciph_camellia.txt 88 evpciph_camellia_cts.txt 89 evpciph_cast5.txt 90 evpciph_chacha.txt 91 evpciph_des.txt 92 evpciph_idea.txt 93 evpciph_rc2.txt 94 evpciph_rc4.txt 95 evpciph_rc4_stitched.txt 96 evpciph_rc5.txt 97 evpciph_seed.txt 98 evpciph_sm4.txt 99 evpencod.txt 100 evpkdf_krb5.txt 101 evpkdf_scrypt.txt 102 evpkdf_tls11_prf.txt 103 evpmac_blake.txt 104 evpmac_poly1305.txt 105 evpmac_siphash.txt 106 evpmac_sm3.txt 107 evpmd_blake.txt 108 evpmd_md.txt 109 evpmd_mdc2.txt 110 evpmd_ripemd.txt 111 evpmd_sm3.txt 112 evpmd_whirlpool.txt 113 evppbe_scrypt.txt 114 evppbe_pkcs12.txt 115 evppkey_kdf_scrypt.txt 116 evppkey_kdf_tls1_prf.txt 117 evppkey_rsa.txt 118 ); 119push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; 120push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; 121 122plan tests => 123 + (scalar(@configs) * scalar(@files)) 124 + scalar(@defltfiles) 125 + 3; # error output tests 126 127foreach (@configs) { 128 my $conf = srctop_file("test", $_); 129 130 foreach my $f ( @files ) { 131 ok(run(test(["evp_test", 132 "-config", $conf, 133 data_file("$f")])), 134 "running evp_test -config $conf $f"); 135 } 136} 137 138my $conf = srctop_file("test", $defaultcnf); 139foreach my $f ( @defltfiles ) { 140 ok(run(test(["evp_test", 141 "-config", $conf, 142 data_file("$f")])), 143 "running evp_test -config $conf $f"); 144} 145 146# test_errors OPTIONS 147# 148# OPTIONS may include: 149# 150# key => "filename" # expected to be found in $SRCDIR/test/certs 151# out => "filename" # file to write error strings to 152# args => [ ... extra openssl pkey args ... ] 153# expected => regexps to match error lines against 154sub test_errors { # actually tests diagnostics of OSSL_STORE 155 my %opts = @_; 156 my $infile = srctop_file('test', 'certs', $opts{key}); 157 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} ); 158 my $res = !run(app([@args], stderr => $opts{out})); 159 my $found = !exists $opts{expected}; 160 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}"; 161 while(my $errline = <$in>) { 162 print $errline; # this may help debugging 163 164 # output must not include ASN.1 parse errors 165 $res &&= $errline !~ m/asn1 encoding/; 166 # output must include what is expressed in $opts{$expected} 167 $found = 1 168 if exists $opts{expected} && $errline =~ m/$opts{expected}/; 169 } 170 close $in; 171 # $tmpfile is kept to help with investigation in case of failure 172 return $res && $found; 173} 174 175SKIP: { 176 skip "DSA not disabled or ERR disabled", 2 177 if !disabled("dsa") || disabled("err"); 178 179 ok(test_errors(key => 'server-dsa-key.pem', 180 out => 'server-dsa-key.err'), 181 "expected error loading unsupported dsa private key"); 182 ok(test_errors(key => 'server-dsa-pubkey.pem', 183 out => 'server-dsa-pubkey.err', 184 args => [ '-pubin' ], 185 expected => 'unsupported'), 186 "expected error loading unsupported dsa public key"); 187} 188 189SKIP: { 190 skip "SM2 not disabled", 1 if !disabled("sm2"); 191 192 ok(test_errors(key => 'sm2.key', out => 'sm2.err'), 193 "expected error loading unsupported sm2 private key"); 194} 195