Check that the ecparam and pkeyparam do not mangle the parameters
authorTomas Mraz <tomas@openssl.org>
Fri, 22 Jan 2021 14:52:07 +0000 (15:52 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 26 Jan 2021 14:26:49 +0000 (15:26 +0100)
Just comparison of the original parameter file with the -out output.

Some test files have non-canonical encoding, so they are moved
to a different directory.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

31 files changed:
test/recipes/15-test_ecparam.t
test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem with 100% similarity]
test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem [moved from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem with 100% similarity]

index 4294a00..93b2aa4 100644 (file)
@@ -11,46 +11,100 @@ use strict;
 use warnings;
 
 use File::Spec;
+use File::Compare qw/compare_text/;
 use OpenSSL::Glob;
 use OpenSSL::Test qw/:DEFAULT data_file/;
 use OpenSSL::Test::Utils;
 
 setup("test_ecparam");
 
-plan skip_all => "EC isn't supported in this build"
+plan skip_all => "EC or EC2M isn't supported in this build"
     if disabled("ec") || disabled("ec2m");
 
 my @valid = glob(data_file("valid", "*.pem"));
+my @noncanon = glob(data_file("noncanon", "*.pem"));
 my @invalid = glob(data_file("invalid", "*.pem"));
 
-my $num_tests = scalar @valid + scalar @invalid;
-plan tests => 3 * $num_tests;
+plan tests => 11;
 
- SKIP: {
-    skip "Skipping EC tests", 2 * $num_tests
-        if disabled('deprecated-3.0');
+sub checkload {
+    my $files = shift; # List of files
+    my $valid = shift; # Check should pass or fail?
+    my $app = shift;   # Which application
+    my $opt = shift;   # Additional option
 
-    foreach (@valid) {
-        ok(run(app([qw{openssl ecparam -noout -check -in}, $_])));
+    foreach (@$files) {
+        if ($valid) {
+            ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+        } else {
+            ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+        }
     }
+}
 
-    foreach (@valid) {
-        ok(run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
-    }
+sub checkcompare {
+    my $files = shift; # List of files
+    my $app = shift;   # Which application
 
-    foreach (@invalid) {
-        ok(!run(app([qw{openssl ecparam -noout -check -in}, $_])));
-    }
+    foreach (@$files) {
+        my $testout = "$app.tst";
 
-    foreach (@invalid) {
-        ok(!run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
+        ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
+        ok(!compare_text($_, $testout), "Original file $_ is the same as new one");
     }
 }
 
-foreach (@valid) {
-    ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "ecparam", "-check");
+};
 
-foreach (@invalid) {
-    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading valid parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "ecparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "ecparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "ecparam", "-check_named");
+};
+
+subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "pkeyparam", "-check");
+};
+
+subtest "Check ecparam does not change the parameter file on output" => sub {
+    plan tests => 2 * scalar(@valid);
+    checkcompare(\@valid, "ecparam");
+};
+
+subtest "Check pkeyparam does not change the parameter file on output" => sub {
+    plan tests => 2 * scalar(@valid);
+    checkcompare(\@valid, "pkeyparam");
+};