1#! /usr/bin/env perl 2# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); 14use OpenSSL::Test::Utils; 15 16BEGIN { 17 setup("test_evp"); 18} 19 20use lib srctop_dir('Configurations'); 21use lib bldtop_dir('.'); 22 23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); 25my $no_des = disabled("des"); 26my $no_dh = disabled("dh"); 27my $no_slh_dsa = disabled("slh-dsa"); 28my $no_dsa = disabled("dsa"); 29my $no_ec = disabled("ec"); 30my $no_ecx = disabled("ecx"); 31my $no_ec2m = disabled("ec2m"); 32my $no_sm2 = disabled("sm2"); 33my $no_siv = disabled("siv"); 34my $no_argon2 = disabled("argon2"); 35my $no_ml_dsa = disabled("ml-dsa"); 36my $no_ml_kem = disabled("ml-kem"); 37 38# Default config depends on if the legacy module is built or not 39my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; 40 41my @configs = ( $defaultcnf ); 42# Only add the FIPS config if the FIPS module has been built 43push @configs, 'fips-and-base.cnf' unless $no_fips; 44 45# A list of tests that run with both the default and fips provider. 46my @files = qw( 47 evpciph_aes_ccm_cavs.txt 48 evpciph_aes_common.txt 49 evpciph_aes_cts.txt 50 evpciph_aes_wrap.txt 51 evpciph_aes_stitched.txt 52 evpciph_des3_common.txt 53 evpkdf_hkdf.txt 54 evpkdf_kbkdf_counter.txt 55 evpkdf_kbkdf_kmac.txt 56 evpkdf_pbkdf1.txt 57 evpkdf_pbkdf2.txt 58 evpkdf_ss.txt 59 evpkdf_ssh.txt 60 evpkdf_tls12_prf.txt 61 evpkdf_tls13_kdf.txt 62 evpkdf_x942.txt 63 evpkdf_x963.txt 64 evpmac_common.txt 65 evpmd_sha.txt 66 evppbe_pbkdf2.txt 67 evppkey_kdf_hkdf.txt 68 evppkey_rsa.txt 69 evppkey_rsa_common.txt 70 evppkey_rsa_kem.txt 71 evppkey_rsa_sigalg.txt 72 evprand.txt 73 ); 74push @files, qw( 75 evppkey_ffdhe.txt 76 evppkey_dh.txt 77 ) unless $no_dh; 78push @files, qw( 79 evpkdf_x942_des.txt 80 evpmac_cmac_des.txt 81 ) unless $no_des; 82push @files, qw( 83 evppkey_slh_dsa_siggen.txt 84 evppkey_slh_dsa_sigver.txt 85 ) unless $no_slh_dsa; 86push @files, qw( 87 evppkey_dsa.txt 88 evppkey_dsa_sigalg.txt 89 ) unless $no_dsa; 90push @files, qw( 91 evppkey_ecx.txt 92 evppkey_ecx_sigalg.txt 93 evppkey_mismatch_ecx.txt 94 ) unless $no_ecx; 95push @files, qw( 96 evppkey_ecc.txt 97 evppkey_ecdh.txt 98 evppkey_ecdsa.txt 99 evppkey_ecdsa_sigalg.txt 100 evppkey_kas.txt 101 evppkey_mismatch.txt 102 ) unless $no_ec; 103push @files, qw( 104 evppkey_ml_dsa_keygen.txt 105 evppkey_ml_dsa_siggen.txt 106 evppkey_ml_dsa_sigver.txt 107 evppkey_ml_dsa_44_wycheproof_sign.txt 108 evppkey_ml_dsa_44_wycheproof_verify.txt 109 evppkey_ml_dsa_65_wycheproof_sign.txt 110 evppkey_ml_dsa_65_wycheproof_verify.txt 111 evppkey_ml_dsa_87_wycheproof_sign.txt 112 evppkey_ml_dsa_87_wycheproof_verify.txt 113 ) unless $no_ml_dsa; 114push @files, qw( 115 evppkey_ml_kem_512_keygen.txt 116 evppkey_ml_kem_512_encap.txt 117 evppkey_ml_kem_512_decap.txt 118 evppkey_ml_kem_768_keygen.txt 119 evppkey_ml_kem_768_encap.txt 120 evppkey_ml_kem_768_decap.txt 121 evppkey_ml_kem_1024_keygen.txt 122 evppkey_ml_kem_1024_encap.txt 123 evppkey_ml_kem_1024_decap.txt 124 evppkey_ml_kem_keygen.txt 125 evppkey_ml_kem_encap_decap.txt 126 ) unless $no_ml_kem; 127 128# A list of tests that only run with the default provider 129# (i.e. The algorithms are not present in the fips provider) 130my @defltfiles = qw( 131 evpciph_aes_ocb.txt 132 evpciph_aria.txt 133 evpciph_bf.txt 134 evpciph_camellia.txt 135 evpciph_camellia_cts.txt 136 evpciph_cast5.txt 137 evpciph_chacha.txt 138 evpciph_des.txt 139 evpciph_idea.txt 140 evpciph_rc2.txt 141 evpciph_rc4.txt 142 evpciph_rc4_stitched.txt 143 evpciph_rc5.txt 144 evpciph_seed.txt 145 evpciph_sm4.txt 146 evpencod.txt 147 evpkdf_krb5.txt 148 evpkdf_scrypt.txt 149 evpkdf_tls11_prf.txt 150 evpkdf_hmac_drbg.txt 151 evpmac_blake.txt 152 evpmac_poly1305.txt 153 evpmac_siphash.txt 154 evpmac_sm3.txt 155 evpmd_blake.txt 156 evpmd_md.txt 157 evpmd_mdc2.txt 158 evpmd_ripemd.txt 159 evpmd_sm3.txt 160 evpmd_whirlpool.txt 161 evppbe_scrypt.txt 162 evppbe_pkcs12.txt 163 evppkey_kdf_scrypt.txt 164 evppkey_kdf_tls1_prf.txt 165 ); 166push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; 167push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; 168push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx; 169push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; 170push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; 171push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; 172push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; 173push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2; 174 175plan tests => 176 + (scalar(@configs) * scalar(@files)) 177 + scalar(@defltfiles) 178 + 3; # error output tests 179 180foreach (@configs) { 181 my $conf = srctop_file("test", $_); 182 183 foreach my $f ( @files ) { 184 ok(run(test(["evp_test", 185 "-config", $conf, 186 data_file("$f")])), 187 "running evp_test -config $conf $f"); 188 } 189} 190 191my $conf = srctop_file("test", $defaultcnf); 192foreach my $f ( @defltfiles ) { 193 ok(run(test(["evp_test", 194 "-config", $conf, 195 data_file("$f")])), 196 "running evp_test -config $conf $f"); 197} 198 199# test_errors OPTIONS 200# 201# OPTIONS may include: 202# 203# key => "filename" # expected to be found in $SRCDIR/test/certs 204# out => "filename" # file to write error strings to 205# args => [ ... extra openssl pkey args ... ] 206# expected => regexps to match error lines against 207sub test_errors { # actually tests diagnostics of OSSL_STORE 208 my %opts = @_; 209 my $infile = srctop_file('test', 'certs', $opts{key}); 210 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} ); 211 my $res = !run(app([@args], stderr => $opts{out})); 212 my $found = !exists $opts{expected}; 213 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}"; 214 while(my $errline = <$in>) { 215 print $errline; # this may help debugging 216 217 # output must not include ASN.1 parse errors 218 $res &&= $errline !~ m/asn1 encoding/; 219 # output must include what is expressed in $opts{$expected} 220 $found = 1 221 if exists $opts{expected} && $errline =~ m/$opts{expected}/; 222 } 223 close $in; 224 # $tmpfile is kept to help with investigation in case of failure 225 return $res && $found; 226} 227 228SKIP: { 229 skip "DSA not disabled or ERR disabled", 2 230 if !disabled("dsa") || disabled("err"); 231 232 ok(test_errors(key => 'server-dsa-key.pem', 233 out => 'server-dsa-key.err'), 234 "expected error loading unsupported dsa private key"); 235 ok(test_errors(key => 'server-dsa-pubkey.pem', 236 out => 'server-dsa-pubkey.err', 237 args => [ '-pubin' ], 238 expected => 'unsupported'), 239 "expected error loading unsupported dsa public key"); 240} 241 242SKIP: { 243 skip "SM2 not disabled", 1 if !disabled("sm2"); 244 245 ok(test_errors(key => 'sm2.key', out => 'sm2.err'), 246 "expected error loading unsupported sm2 private key"); 247} 248