2 # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
14 use File::Compare qw/compare_text/;
16 use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
17 use OpenSSL::Test::Utils;
19 setup("test_ecparam");
21 plan skip_all => "EC or EC2M isn't supported in this build"
22 if disabled("ec") || disabled("ec2m");
24 my @valid = glob(data_file("valid", "*.pem"));
25 my @noncanon = glob(data_file("noncanon", "*.pem"));
26 my @invalid = glob(data_file("invalid", "*.pem"));
28 if (disabled("sm2")) {
29 @valid = grep { !/sm2-.*\.pem/} @valid;
35 my $files = shift; # List of files
36 my $valid = shift; # Check should pass or fail?
37 my $app = shift; # Which application
38 my $opt = shift; # Additional option
42 ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
44 ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
50 my $files = shift; # List of files
51 my $app = shift; # Which application
54 my $testout = "$app.tst";
56 ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
57 ok(!compare_text($_, $testout, sub {
62 $in1 ne $in2}), "Original file $_ is the same as new one");
66 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
68 subtest "Check loading valid parameters by ecparam with -check" => sub {
69 plan tests => scalar(@valid);
70 checkload(\@valid, 1, "ecparam", "-check");
73 subtest "Check loading valid parameters by ecparam with -check_named" => sub {
74 plan tests => scalar(@valid);
75 checkload(\@valid, 1, "ecparam", "-check_named");
78 subtest "Check loading valid parameters by pkeyparam with -check" => sub {
79 plan tests => scalar(@valid);
80 checkload(\@valid, 1, "pkeyparam", "-check");
83 subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
84 plan tests => scalar(@noncanon);
85 checkload(\@noncanon, 1, "ecparam", "-check");
88 subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
89 plan tests => scalar(@noncanon);
90 checkload(\@noncanon, 1, "ecparam", "-check_named");
93 subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
94 plan tests => scalar(@noncanon);
95 checkload(\@noncanon, 1, "pkeyparam", "-check");
98 subtest "Check loading invalid parameters by ecparam with -check" => sub {
99 plan tests => scalar(@invalid);
100 checkload(\@invalid, 0, "ecparam", "-check");
103 subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
104 plan tests => scalar(@invalid);
105 checkload(\@invalid, 0, "ecparam", "-check_named");
108 subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
109 plan tests => scalar(@invalid);
110 checkload(\@invalid, 0, "pkeyparam", "-check");
113 subtest "Check ecparam does not change the parameter file on output" => sub {
114 plan tests => 2 * scalar(@valid);
115 checkcompare(\@valid, "ecparam");
118 subtest "Check pkeyparam does not change the parameter file on output" => sub {
119 plan tests => 2 * scalar(@valid);
120 checkcompare(\@valid, "pkeyparam");
123 subtest "Check loading of fips and non-fips params" => sub {
124 plan skip_all => "FIPS is disabled"
128 my $fipsconf = srctop_file("test", "fips-and-base.cnf");
129 my $defaultconf = srctop_file("test", "default.cnf");
131 $ENV{OPENSSL_CONF} = $fipsconf;
133 ok(run(app(['openssl', 'ecparam',
134 '-in', data_file('valid', 'secp384r1-explicit.pem'),
136 "Loading explicitly encoded valid curve");
138 ok(run(app(['openssl', 'ecparam',
139 '-in', data_file('valid', 'secp384r1-named.pem'),
141 "Loading named valid curve");
143 ok(!run(app(['openssl', 'ecparam',
144 '-in', data_file('valid', 'secp112r1-named.pem'),
146 "Fail loading named non-fips curve");
148 ok(!run(app(['openssl', 'pkeyparam',
149 '-in', data_file('valid', 'secp112r1-named.pem'),
151 "Fail loading named non-fips curve using pkeyparam");
153 ok(run(app(['openssl', 'ecparam',
154 '-provider', 'default',
155 '-propquery', '?fips!=yes',
156 '-in', data_file('valid', 'secp112r1-named.pem'),
158 "Loading named non-fips curve in FIPS mode with non-FIPS property".
161 ok(run(app(['openssl', 'pkeyparam',
162 '-provider', 'default',
163 '-propquery', '?fips!=yes',
164 '-in', data_file('valid', 'secp112r1-named.pem'),
166 "Loading named non-fips curve in FIPS mode with non-FIPS property".
167 " query using pkeyparam");
169 ok(!run(app(['openssl', 'ecparam',
170 '-genkey', '-name', 'secp112r1'])),
171 "Fail generating key for named non-fips curve");
173 ok(run(app(['openssl', 'ecparam',
174 '-provider', 'default',
175 '-propquery', '?fips!=yes',
176 '-genkey', '-name', 'secp112r1'])),
177 "Generating key for named non-fips curve with non-FIPS property query");
179 $ENV{OPENSSL_CONF} = $defaultconf;