test/recipes/30-test_evp.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
  14 use OpenSSL::Test::Utils;
  15
  16 BEGIN {
  17     setup("test_evp");
  18 }
  19
  20 use lib srctop_dir('Configurations');
  21 use lib bldtop_dir('.');
  22
  23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  24 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
  25 my $no_des = disabled("des");
  26 my $no_dh = disabled("dh");
  27 my $no_dsa = disabled("dsa");
  28 my $no_ec = disabled("ec");
  29 my $no_ecx = disabled("ecx");
  30 my $no_ec2m = disabled("ec2m");
  31 my $no_sm2 = disabled("sm2");
  32 my $no_siv = disabled("siv");
  33 my $no_argon2 = disabled("argon2");
  34
  35 # Default config depends on if the legacy module is built or not
  36 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
  37
  38 my @configs = ( $defaultcnf );
  39 # Only add the FIPS config if the FIPS module has been built
  40 push @configs, 'fips-and-base.cnf' unless $no_fips;
  41
  42 # A list of tests that run with both the default and fips provider.
  43 my @files = qw(
  44                 evpciph_aes_ccm_cavs.txt
  45                 evpciph_aes_common.txt
  46                 evpciph_aes_cts.txt
  47                 evpciph_aes_wrap.txt
  48                 evpciph_aes_stitched.txt
  49                 evpciph_des3_common.txt
  50                 evpkdf_hkdf.txt
  51                 evpkdf_kbkdf_counter.txt
  52                 evpkdf_kbkdf_kmac.txt
  53                 evpkdf_pbkdf1.txt
  54                 evpkdf_pbkdf2.txt
  55                 evpkdf_ss.txt
  56                 evpkdf_ssh.txt
  57                 evpkdf_tls12_prf.txt
  58                 evpkdf_tls13_kdf.txt
  59                 evpkdf_x942.txt
  60                 evpkdf_x963.txt
  61                 evpmac_common.txt
  62                 evpmd_sha.txt
  63                 evppbe_pbkdf2.txt
  64                 evppkey_kdf_hkdf.txt
  65                 evppkey_rsa_common.txt
  66                 evprand.txt
  67               );
  68 push @files, qw(
  69                 evppkey_ffdhe.txt
  70                 evppkey_dh.txt
  71                ) unless $no_dh;
  72 push @files, qw(
  73                 evpkdf_x942_des.txt
  74                 evpmac_cmac_des.txt
  75                ) unless $no_des;
  76 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
  77 push @files, qw(
  78                 evppkey_ecx.txt
  79                 evppkey_mismatch_ecx.txt
  80                ) unless $no_ecx;
  81 push @files, qw(
  82                 evppkey_ecc.txt
  83                 evppkey_ecdh.txt
  84                 evppkey_ecdsa.txt
  85                 evppkey_kas.txt
  86                 evppkey_mismatch.txt
  87                ) unless $no_ec;
  88
  89 # A list of tests that only run with the default provider
  90 # (i.e. The algorithms are not present in the fips provider)
  91 my @defltfiles = qw(
  92                      evpciph_aes_ocb.txt
  93                      evpciph_aria.txt
  94                      evpciph_bf.txt
  95                      evpciph_camellia.txt
  96                      evpciph_camellia_cts.txt
  97                      evpciph_cast5.txt
  98                      evpciph_chacha.txt
  99                      evpciph_des.txt
 100                      evpciph_idea.txt
 101                      evpciph_rc2.txt
 102                      evpciph_rc4.txt
 103                      evpciph_rc4_stitched.txt
 104                      evpciph_rc5.txt
 105                      evpciph_seed.txt
 106                      evpciph_sm4.txt
 107                      evpencod.txt
 108                      evpkdf_krb5.txt
 109                      evpkdf_scrypt.txt
 110                      evpkdf_tls11_prf.txt
 111                      evpkdf_hmac_drbg.txt
 112                      evpmac_blake.txt
 113                      evpmac_poly1305.txt
 114                      evpmac_siphash.txt
 115                      evpmac_sm3.txt
 116                      evpmd_blake.txt
 117                      evpmd_md.txt
 118                      evpmd_mdc2.txt
 119                      evpmd_ripemd.txt
 120                      evpmd_sm3.txt
 121                      evpmd_whirlpool.txt
 122                      evppbe_scrypt.txt
 123                      evppbe_pkcs12.txt
 124                      evppkey_kdf_scrypt.txt
 125                      evppkey_kdf_tls1_prf.txt
 126                      evppkey_rsa.txt
 127                     );
 128 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
 129 push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
 130 push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
 131 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
 132 push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
 133 push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
 134 push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
 135
 136 plan tests =>
 137     + (scalar(@configs) * scalar(@files))
 138     + scalar(@defltfiles)
 139     + 3; # error output tests
 140
 141 foreach (@configs) {
 142     my $conf = srctop_file("test", $_);
 143
 144     foreach my $f ( @files ) {
 145         ok(run(test(["evp_test",
 146                      "-config", $conf,
 147                      data_file("$f")])),
 148            "running evp_test -config $conf $f");
 149     }
 150 }
 151
 152 my $conf = srctop_file("test", $defaultcnf);
 153 foreach my $f ( @defltfiles ) {
 154     ok(run(test(["evp_test",
 155                  "-config", $conf,
 156                  data_file("$f")])),
 157        "running evp_test -config $conf $f");
 158 }
 159
 160 # test_errors OPTIONS
 161 #
 162 # OPTIONS may include:
 163 #
 164 # key      => "filename"        # expected to be found in $SRCDIR/test/certs
 165 # out      => "filename"        # file to write error strings to
 166 # args     => [ ... extra openssl pkey args ... ]
 167 # expected => regexps to match error lines against
 168 sub test_errors { # actually tests diagnostics of OSSL_STORE
 169     my %opts = @_;
 170     my $infile = srctop_file('test', 'certs', $opts{key});
 171     my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
 172     my $res = !run(app([@args], stderr => $opts{out}));
 173     my $found = !exists $opts{expected};
 174     open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
 175     while(my $errline = <$in>) {
 176         print $errline; # this may help debugging
 177
 178         # output must not include ASN.1 parse errors
 179         $res &&= $errline !~ m/asn1 encoding/;
 180         # output must include what is expressed in $opts{$expected}
 181         $found = 1
 182             if exists $opts{expected} && $errline =~ m/$opts{expected}/;
 183     }
 184     close $in;
 185     # $tmpfile is kept to help with investigation in case of failure
 186     return $res && $found;
 187 }
 188
 189 SKIP: {
 190     skip "DSA not disabled or ERR disabled", 2
 191         if !disabled("dsa") || disabled("err");
 192
 193     ok(test_errors(key => 'server-dsa-key.pem',
 194                    out => 'server-dsa-key.err'),
 195        "expected error loading unsupported dsa private key");
 196     ok(test_errors(key => 'server-dsa-pubkey.pem',
 197                    out => 'server-dsa-pubkey.err',
 198                    args => [ '-pubin' ],
 199                    expected => 'unsupported'),
 200        "expected error loading unsupported dsa public key");
 201 }
 202
 203 SKIP: {
 204     skip "SM2 not disabled", 1 if !disabled("sm2");
 205
 206     ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
 207        "expected error loading unsupported sm2 private key");
 208 }