xref: /freebsd/crypto/openssl/test/recipes/30-test_evp.t (revision a90b9d0159070121c221b966469c3e36d912bf82)
1#! /usr/bin/env perl
2# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
14use OpenSSL::Test::Utils;
15
16BEGIN {
17    setup("test_evp");
18}
19
20use lib srctop_dir('Configurations');
21use lib bldtop_dir('.');
22
23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
25my $no_des = disabled("des");
26my $no_dh = disabled("dh");
27my $no_dsa = disabled("dsa");
28my $no_ec = disabled("ec");
29my $no_sm2 = disabled("sm2");
30
31# Default config depends on if the legacy module is built or not
32my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
33
34my @configs = ( $defaultcnf );
35# Only add the FIPS config if the FIPS module has been built
36push @configs, 'fips-and-base.cnf' unless $no_fips;
37
38# A list of tests that run with both the default and fips provider.
39my @files = qw(
40                evpciph_aes_ccm_cavs.txt
41                evpciph_aes_common.txt
42                evpciph_aes_cts.txt
43                evpciph_aes_wrap.txt
44                evpciph_aes_stitched.txt
45                evpciph_des3_common.txt
46                evpkdf_hkdf.txt
47                evpkdf_pbkdf1.txt
48                evpkdf_pbkdf2.txt
49                evpkdf_ss.txt
50                evpkdf_ssh.txt
51                evpkdf_tls12_prf.txt
52                evpkdf_tls13_kdf.txt
53                evpkdf_x942.txt
54                evpkdf_x963.txt
55                evpmac_common.txt
56                evpmd_sha.txt
57                evppbe_pbkdf2.txt
58                evppkey_kdf_hkdf.txt
59                evppkey_rsa_common.txt
60                evprand.txt
61              );
62push @files, qw(
63                evppkey_ffdhe.txt
64                evppkey_dh.txt
65               ) unless $no_dh;
66push @files, qw(
67                evpkdf_x942_des.txt
68                evpmac_cmac_des.txt
69               ) unless $no_des;
70push @files, qw(evppkey_dsa.txt) unless $no_dsa;
71push @files, qw(evppkey_ecx.txt) unless $no_ec;
72push @files, qw(
73                evppkey_ecc.txt
74                evppkey_ecdh.txt
75                evppkey_ecdsa.txt
76                evppkey_kas.txt
77                evppkey_mismatch.txt
78               ) unless $no_ec;
79
80# A list of tests that only run with the default provider
81# (i.e. The algorithms are not present in the fips provider)
82my @defltfiles = qw(
83                     evpciph_aes_ocb.txt
84                     evpciph_aes_siv.txt
85                     evpciph_aria.txt
86                     evpciph_bf.txt
87                     evpciph_camellia.txt
88                     evpciph_camellia_cts.txt
89                     evpciph_cast5.txt
90                     evpciph_chacha.txt
91                     evpciph_des.txt
92                     evpciph_idea.txt
93                     evpciph_rc2.txt
94                     evpciph_rc4.txt
95                     evpciph_rc4_stitched.txt
96                     evpciph_rc5.txt
97                     evpciph_seed.txt
98                     evpciph_sm4.txt
99                     evpencod.txt
100                     evpkdf_krb5.txt
101                     evpkdf_scrypt.txt
102                     evpkdf_tls11_prf.txt
103                     evpmac_blake.txt
104                     evpmac_poly1305.txt
105                     evpmac_siphash.txt
106                     evpmac_sm3.txt
107                     evpmd_blake.txt
108                     evpmd_md.txt
109                     evpmd_mdc2.txt
110                     evpmd_ripemd.txt
111                     evpmd_sm3.txt
112                     evpmd_whirlpool.txt
113                     evppbe_scrypt.txt
114                     evppbe_pkcs12.txt
115                     evppkey_kdf_scrypt.txt
116                     evppkey_kdf_tls1_prf.txt
117                     evppkey_rsa.txt
118                    );
119push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
120push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
121
122plan tests =>
123    + (scalar(@configs) * scalar(@files))
124    + scalar(@defltfiles)
125    + 3; # error output tests
126
127foreach (@configs) {
128    my $conf = srctop_file("test", $_);
129
130    foreach my $f ( @files ) {
131        ok(run(test(["evp_test",
132                     "-config", $conf,
133                     data_file("$f")])),
134           "running evp_test -config $conf $f");
135    }
136}
137
138my $conf = srctop_file("test", $defaultcnf);
139foreach my $f ( @defltfiles ) {
140    ok(run(test(["evp_test",
141                 "-config", $conf,
142                 data_file("$f")])),
143       "running evp_test -config $conf $f");
144}
145
146# test_errors OPTIONS
147#
148# OPTIONS may include:
149#
150# key      => "filename"        # expected to be found in $SRCDIR/test/certs
151# out      => "filename"        # file to write error strings to
152# args     => [ ... extra openssl pkey args ... ]
153# expected => regexps to match error lines against
154sub test_errors { # actually tests diagnostics of OSSL_STORE
155    my %opts = @_;
156    my $infile = srctop_file('test', 'certs', $opts{key});
157    my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
158    my $res = !run(app([@args], stderr => $opts{out}));
159    my $found = !exists $opts{expected};
160    open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
161    while(my $errline = <$in>) {
162        print $errline; # this may help debugging
163
164        # output must not include ASN.1 parse errors
165        $res &&= $errline !~ m/asn1 encoding/;
166        # output must include what is expressed in $opts{$expected}
167        $found = 1
168            if exists $opts{expected} && $errline =~ m/$opts{expected}/;
169    }
170    close $in;
171    # $tmpfile is kept to help with investigation in case of failure
172    return $res && $found;
173}
174
175SKIP: {
176    skip "DSA not disabled or ERR disabled", 2
177        if !disabled("dsa") || disabled("err");
178
179    ok(test_errors(key => 'server-dsa-key.pem',
180                   out => 'server-dsa-key.err'),
181       "expected error loading unsupported dsa private key");
182    ok(test_errors(key => 'server-dsa-pubkey.pem',
183                   out => 'server-dsa-pubkey.err',
184                   args => [ '-pubin' ],
185                   expected => 'unsupported'),
186       "expected error loading unsupported dsa public key");
187}
188
189SKIP: {
190    skip "SM2 not disabled", 1 if !disabled("sm2");
191
192    ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
193       "expected error loading unsupported sm2 private key");
194}
195