2 # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
13 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
14 use OpenSSL::Test::Utils;
20 use lib srctop_dir('Configurations');
21 use lib bldtop_dir('.');
23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
25 my $no_des = disabled("des");
26 my $no_dh = disabled("dh");
27 my $no_dsa = disabled("dsa");
28 my $no_ec = disabled("ec");
29 my $no_ecx = disabled("ecx");
30 my $no_ec2m = disabled("ec2m");
31 my $no_sm2 = disabled("sm2");
32 my $no_siv = disabled("siv");
33 my $no_argon2 = disabled("argon2");
35 # Default config depends on if the legacy module is built or not
36 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
38 my @configs = ( $defaultcnf );
39 # Only add the FIPS config if the FIPS module has been built
40 push @configs, 'fips-and-base.cnf' unless $no_fips;
42 # A list of tests that run with both the default and fips provider.
44 evpciph_aes_ccm_cavs.txt
45 evpciph_aes_common.txt
48 evpciph_aes_stitched.txt
49 evpciph_des3_common.txt
51 evpkdf_kbkdf_counter.txt
65 evppkey_rsa_common.txt
76 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
79 evppkey_mismatch_ecx.txt
89 # A list of tests that only run with the default provider
90 # (i.e. The algorithms are not present in the fips provider)
96 evpciph_camellia_cts.txt
103 evpciph_rc4_stitched.txt
124 evppkey_kdf_scrypt.txt
125 evppkey_kdf_tls1_prf.txt
128 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
129 push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
130 push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
131 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
132 push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
133 push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
134 push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
137 + (scalar(@configs) * scalar(@files))
138 + scalar(@defltfiles)
139 + 3; # error output tests
142 my $conf = srctop_file("test", $_);
144 foreach my $f ( @files ) {
145 ok(run(test(["evp_test",
148 "running evp_test -config $conf $f");
152 my $conf = srctop_file("test", $defaultcnf);
153 foreach my $f ( @defltfiles ) {
154 ok(run(test(["evp_test",
157 "running evp_test -config $conf $f");
160 # test_errors OPTIONS
162 # OPTIONS may include:
164 # key => "filename" # expected to be found in $SRCDIR/test/certs
165 # out => "filename" # file to write error strings to
166 # args => [ ... extra openssl pkey args ... ]
167 # expected => regexps to match error lines against
168 sub test_errors { # actually tests diagnostics of OSSL_STORE
170 my $infile = srctop_file('test', 'certs', $opts{key});
171 my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
172 my $res = !run(app([@args], stderr => $opts{out}));
173 my $found = !exists $opts{expected};
174 open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
175 while(my $errline = <$in>) {
176 print $errline; # this may help debugging
178 # output must not include ASN.1 parse errors
179 $res &&= $errline !~ m/asn1 encoding/;
180 # output must include what is expressed in $opts{$expected}
182 if exists $opts{expected} && $errline =~ m/$opts{expected}/;
185 # $tmpfile is kept to help with investigation in case of failure
186 return $res && $found;
190 skip "DSA not disabled or ERR disabled", 2
191 if !disabled("dsa") || disabled("err");
193 ok(test_errors(key => 'server-dsa-key.pem',
194 out => 'server-dsa-key.err'),
195 "expected error loading unsupported dsa private key");
196 ok(test_errors(key => 'server-dsa-pubkey.pem',
197 out => 'server-dsa-pubkey.err',
198 args => [ '-pubin' ],
199 expected => 'unsupported'),
200 "expected error loading unsupported dsa public key");
204 skip "SM2 not disabled", 1 if !disabled("sm2");
206 ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
207 "expected error loading unsupported sm2 private key");