1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ciuse strict; 10e1051a39Sopenharmony_ciuse warnings; 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ciuse File::Spec::Functions qw(:DEFAULT abs2rel); 13e1051a39Sopenharmony_ciuse File::Copy; 14e1051a39Sopenharmony_ciuse OpenSSL::Glob; 15e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; 16e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_ciBEGIN { 19e1051a39Sopenharmony_ci setup("test_fipsinstall"); 20e1051a39Sopenharmony_ci} 21e1051a39Sopenharmony_ciuse lib srctop_dir('Configurations'); 22e1051a39Sopenharmony_ciuse lib bldtop_dir('.'); 23e1051a39Sopenharmony_ciuse platform; 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ciplan skip_all => "Test only supported in a fips build" if disabled("fips"); 26e1051a39Sopenharmony_ci 27e1051a39Sopenharmony_ciplan tests => 29; 28e1051a39Sopenharmony_ci 29e1051a39Sopenharmony_cimy $infile = bldtop_file('providers', platform->dso('fips')); 30e1051a39Sopenharmony_cimy $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; 31e1051a39Sopenharmony_cimy $provconf = srctop_file("test", "fips-and-base.cnf"); 32e1051a39Sopenharmony_ci 33e1051a39Sopenharmony_ci# Read in a text $infile and replace the regular expression in $srch with the 34e1051a39Sopenharmony_ci# value in $repl and output to a new file $outfile. 35e1051a39Sopenharmony_cisub replace_line_file_internal { 36e1051a39Sopenharmony_ci 37e1051a39Sopenharmony_ci my ($infile, $srch, $repl, $outfile) = @_; 38e1051a39Sopenharmony_ci my $msg; 39e1051a39Sopenharmony_ci 40e1051a39Sopenharmony_ci open(my $in, "<", $infile) or return 0; 41e1051a39Sopenharmony_ci read($in, $msg, 1024); 42e1051a39Sopenharmony_ci close $in; 43e1051a39Sopenharmony_ci 44e1051a39Sopenharmony_ci $msg =~ s/$srch/$repl/; 45e1051a39Sopenharmony_ci 46e1051a39Sopenharmony_ci open(my $fh, ">", $outfile) or return 0; 47e1051a39Sopenharmony_ci print $fh $msg; 48e1051a39Sopenharmony_ci close $fh; 49e1051a39Sopenharmony_ci return 1; 50e1051a39Sopenharmony_ci} 51e1051a39Sopenharmony_ci 52e1051a39Sopenharmony_ci# Read in the text input file 'fips.cnf' 53e1051a39Sopenharmony_ci# and replace a single Key = Value line with a new value in $value. 54e1051a39Sopenharmony_ci# OR remove the Key = Value line if the passed in $value is empty. 55e1051a39Sopenharmony_ci# and then output a new file $outfile. 56e1051a39Sopenharmony_ci# $key is the Key to find 57e1051a39Sopenharmony_cisub replace_line_file { 58e1051a39Sopenharmony_ci my ($key, $value, $outfile) = @_; 59e1051a39Sopenharmony_ci 60e1051a39Sopenharmony_ci my $srch = qr/$key\s*=\s*\S*\n/; 61e1051a39Sopenharmony_ci my $rep; 62e1051a39Sopenharmony_ci if ($value eq "") { 63e1051a39Sopenharmony_ci $rep = ""; 64e1051a39Sopenharmony_ci } else { 65e1051a39Sopenharmony_ci $rep = "$key = $value\n"; 66e1051a39Sopenharmony_ci } 67e1051a39Sopenharmony_ci return replace_line_file_internal('fips.cnf', $srch, $rep, $outfile); 68e1051a39Sopenharmony_ci} 69e1051a39Sopenharmony_ci 70e1051a39Sopenharmony_ci# Read in the text input file 'test/fips.cnf' 71e1051a39Sopenharmony_ci# and replace the .cnf file used in 72e1051a39Sopenharmony_ci# .include fipsmodule.cnf with a new value in $value. 73e1051a39Sopenharmony_ci# and then output a new file $outfile. 74e1051a39Sopenharmony_ci# $key is the Key to find 75e1051a39Sopenharmony_cisub replace_parent_line_file { 76e1051a39Sopenharmony_ci my ($value, $outfile) = @_; 77e1051a39Sopenharmony_ci my $srch = qr/fipsmodule.cnf/; 78e1051a39Sopenharmony_ci my $rep = "$value"; 79e1051a39Sopenharmony_ci return replace_line_file_internal(srctop_file("test", 'fips.cnf'), 80e1051a39Sopenharmony_ci $srch, $rep, $outfile); 81e1051a39Sopenharmony_ci} 82e1051a39Sopenharmony_ci 83e1051a39Sopenharmony_ci# fail if no module name 84e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', 85e1051a39Sopenharmony_ci '-provider_name', 'fips', 86e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 87e1051a39Sopenharmony_ci '-section_name', 'fips_sect'])), 88e1051a39Sopenharmony_ci "fipsinstall fail"); 89e1051a39Sopenharmony_ci 90e1051a39Sopenharmony_ci# fail to verify if the configuration file is missing 91e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, 92e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 93e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 94e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 95e1051a39Sopenharmony_ci "fipsinstall verify fail"); 96e1051a39Sopenharmony_ci 97e1051a39Sopenharmony_ci 98e1051a39Sopenharmony_ci# output a fips.cnf file containing mac data 99e1051a39Sopenharmony_ciok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 100e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 101e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 102e1051a39Sopenharmony_ci '-section_name', 'fips_sect'])), 103e1051a39Sopenharmony_ci "fipsinstall"); 104e1051a39Sopenharmony_ci 105e1051a39Sopenharmony_ci# verify the fips.cnf file 106e1051a39Sopenharmony_ciok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 107e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 108e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 109e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 110e1051a39Sopenharmony_ci "fipsinstall verify"); 111e1051a39Sopenharmony_ci 112e1051a39Sopenharmony_ciok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf') 113e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 114e1051a39Sopenharmony_ci '-in', 'fips_no_module_mac.cnf', 115e1051a39Sopenharmony_ci '-module', $infile, 116e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 117e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 118e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 119e1051a39Sopenharmony_ci "fipsinstall verify fail no module mac"); 120e1051a39Sopenharmony_ci 121e1051a39Sopenharmony_ciok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf') 122e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 123e1051a39Sopenharmony_ci '-in', 'fips_no_install_mac.cnf', 124e1051a39Sopenharmony_ci '-module', $infile, 125e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 126e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 127e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 128e1051a39Sopenharmony_ci "fipsinstall verify fail no install indicator mac"); 129e1051a39Sopenharmony_ci 130e1051a39Sopenharmony_ciok(replace_line_file('module-mac', '00:00:00:00:00:00', 131e1051a39Sopenharmony_ci 'fips_bad_module_mac.cnf') 132e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 133e1051a39Sopenharmony_ci '-in', 'fips_bad_module_mac.cnf', 134e1051a39Sopenharmony_ci '-module', $infile, 135e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 136e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 137e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 138e1051a39Sopenharmony_ci "fipsinstall verify fail if invalid module integrity value"); 139e1051a39Sopenharmony_ci 140e1051a39Sopenharmony_ciok(replace_line_file('install-mac', '00:00:00:00:00:00', 141e1051a39Sopenharmony_ci 'fips_bad_install_mac.cnf') 142e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 143e1051a39Sopenharmony_ci '-in', 'fips_bad_install_mac.cnf', 144e1051a39Sopenharmony_ci '-module', $infile, 145e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 146e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 147e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 148e1051a39Sopenharmony_ci "fipsinstall verify fail if invalid install indicator integrity value"); 149e1051a39Sopenharmony_ci 150e1051a39Sopenharmony_ciok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING', 151e1051a39Sopenharmony_ci 'fips_bad_indicator.cnf') 152e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 153e1051a39Sopenharmony_ci '-in', 'fips_bad_indicator.cnf', 154e1051a39Sopenharmony_ci '-module', $infile, 155e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 156e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 157e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 158e1051a39Sopenharmony_ci "fipsinstall verify fail if invalid install indicator status"); 159e1051a39Sopenharmony_ci 160e1051a39Sopenharmony_ci# fail to verify the fips.cnf file if a different key is used 161e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 162e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 163e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", 164e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 165e1051a39Sopenharmony_ci "fipsinstall verify fail bad key"); 166e1051a39Sopenharmony_ci 167e1051a39Sopenharmony_ci# fail to verify the fips.cnf file if a different mac digest is used 168e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, 169e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 170e1051a39Sopenharmony_ci '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey", 171e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-verify'])), 172e1051a39Sopenharmony_ci "fipsinstall verify fail incorrect digest"); 173e1051a39Sopenharmony_ci 174e1051a39Sopenharmony_ci# corrupt the module hmac 175e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 176e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 177e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 178e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])), 179e1051a39Sopenharmony_ci "fipsinstall fails when the module integrity is corrupted"); 180e1051a39Sopenharmony_ci 181e1051a39Sopenharmony_ci# corrupt the first digest 182e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 183e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 184e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 185e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'SHA1'])), 186e1051a39Sopenharmony_ci "fipsinstall fails when the digest result is corrupted"); 187e1051a39Sopenharmony_ci 188e1051a39Sopenharmony_ci# corrupt another digest 189e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 190e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 191e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 192e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])), 193e1051a39Sopenharmony_ci "fipsinstall fails when the digest result is corrupted"); 194e1051a39Sopenharmony_ci 195e1051a39Sopenharmony_ci# corrupt cipher encrypt test 196e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 197e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 198e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 199e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])), 200e1051a39Sopenharmony_ci "fipsinstall fails when the AES_GCM result is corrupted"); 201e1051a39Sopenharmony_ci 202e1051a39Sopenharmony_ci# corrupt cipher decrypt test 203e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 204e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 205e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 206e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'AES_ECB_Decrypt'])), 207e1051a39Sopenharmony_ci "fipsinstall fails when the AES_ECB result is corrupted"); 208e1051a39Sopenharmony_ci 209e1051a39Sopenharmony_ci# corrupt DRBG 210e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, 211e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 212e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 213e1051a39Sopenharmony_ci '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])), 214e1051a39Sopenharmony_ci "fipsinstall fails when the DRBG CTR result is corrupted"); 215e1051a39Sopenharmony_ci 216e1051a39Sopenharmony_ci# corrupt a KAS test 217e1051a39Sopenharmony_ciSKIP: { 218e1051a39Sopenharmony_ci skip "Skipping KAS DH corruption test because of no dh in this build", 1 219e1051a39Sopenharmony_ci if disabled("dh"); 220e1051a39Sopenharmony_ci 221e1051a39Sopenharmony_ci ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 222e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 223e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 224e1051a39Sopenharmony_ci '-section_name', 'fips_sect', 225e1051a39Sopenharmony_ci '-corrupt_desc', 'DH', 226e1051a39Sopenharmony_ci '-corrupt_type', 'KAT_KA'])), 227e1051a39Sopenharmony_ci "fipsinstall fails when the kas result is corrupted"); 228e1051a39Sopenharmony_ci} 229e1051a39Sopenharmony_ci 230e1051a39Sopenharmony_ci# corrupt a Signature test 231e1051a39Sopenharmony_ciSKIP: { 232e1051a39Sopenharmony_ci skip "Skipping Signature DSA corruption test because of no dsa in this build", 1 233e1051a39Sopenharmony_ci if disabled("dsa"); 234e1051a39Sopenharmony_ci 235e1051a39Sopenharmony_ci run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), 236e1051a39Sopenharmony_ci capture => 1, statusvar => \my $exit); 237e1051a39Sopenharmony_ci skip "FIPS provider version is too new for PCT DSA signature test", 1 238e1051a39Sopenharmony_ci if !$exit; 239e1051a39Sopenharmony_ci 240e1051a39Sopenharmony_ci ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 241e1051a39Sopenharmony_ci '-provider_name', 'fips', '-mac_name', 'HMAC', 242e1051a39Sopenharmony_ci '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 243e1051a39Sopenharmony_ci '-section_name', 'fips_sect', 244e1051a39Sopenharmony_ci '-corrupt_desc', 'DSA', 245e1051a39Sopenharmony_ci '-corrupt_type', 'PCT_Signature'])), 246e1051a39Sopenharmony_ci "fipsinstall fails when the signature result is corrupted"); 247e1051a39Sopenharmony_ci} 248e1051a39Sopenharmony_ci 249e1051a39Sopenharmony_ci# corrupt an Asymmetric cipher test 250e1051a39Sopenharmony_ciSKIP: { 251e1051a39Sopenharmony_ci skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 252e1051a39Sopenharmony_ci if disabled("rsa"); 253e1051a39Sopenharmony_ci ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, 254e1051a39Sopenharmony_ci '-corrupt_desc', 'RSA_Encrypt', 255e1051a39Sopenharmony_ci '-corrupt_type', 'KAT_AsymmetricCipher'])), 256e1051a39Sopenharmony_ci "fipsinstall fails when the asymmetric cipher result is corrupted"); 257e1051a39Sopenharmony_ci} 258e1051a39Sopenharmony_ci 259e1051a39Sopenharmony_ci# 'local' ensures that this change is only done in this file. 260e1051a39Sopenharmony_cilocal $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); 261e1051a39Sopenharmony_ci 262e1051a39Sopenharmony_ciok(replace_parent_line_file('fips.cnf', 'fips_parent.cnf') 263e1051a39Sopenharmony_ci && run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])), 264e1051a39Sopenharmony_ci "verify fips provider loads from a configuration file"); 265e1051a39Sopenharmony_ci 266e1051a39Sopenharmony_ciok(replace_parent_line_file('fips_no_module_mac.cnf', 267e1051a39Sopenharmony_ci 'fips_parent_no_module_mac.cnf') 268e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 269e1051a39Sopenharmony_ci '-config', 'fips_parent_no_module_mac.cnf'])), 270e1051a39Sopenharmony_ci "verify load config fail no module mac"); 271e1051a39Sopenharmony_ci 272e1051a39Sopenharmony_ciok(replace_parent_line_file('fips_no_install_mac.cnf', 273e1051a39Sopenharmony_ci 'fips_parent_no_install_mac.cnf') 274e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 275e1051a39Sopenharmony_ci '-config', 'fips_parent_no_install_mac.cnf'])), 276e1051a39Sopenharmony_ci "verify load config fail no install mac"); 277e1051a39Sopenharmony_ci 278e1051a39Sopenharmony_ciok(replace_parent_line_file('fips_bad_indicator.cnf', 279e1051a39Sopenharmony_ci 'fips_parent_bad_indicator.cnf') 280e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 281e1051a39Sopenharmony_ci '-config', 'fips_parent_bad_indicator.cnf'])), 282e1051a39Sopenharmony_ci "verify load config fail bad indicator"); 283e1051a39Sopenharmony_ci 284e1051a39Sopenharmony_ci 285e1051a39Sopenharmony_ciok(replace_parent_line_file('fips_bad_install_mac.cnf', 286e1051a39Sopenharmony_ci 'fips_parent_bad_install_mac.cnf') 287e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 288e1051a39Sopenharmony_ci '-config', 'fips_parent_bad_install_mac.cnf'])), 289e1051a39Sopenharmony_ci "verify load config fail bad install mac"); 290e1051a39Sopenharmony_ci 291e1051a39Sopenharmony_ciok(replace_parent_line_file('fips_bad_module_mac.cnf', 292e1051a39Sopenharmony_ci 'fips_parent_bad_module_mac.cnf') 293e1051a39Sopenharmony_ci && !run(app(['openssl', 'fipsinstall', 294e1051a39Sopenharmony_ci '-config', 'fips_parent_bad_module_mac.cnf'])), 295e1051a39Sopenharmony_ci "verify load config fail bad module mac"); 296e1051a39Sopenharmony_ci 297e1051a39Sopenharmony_ci 298e1051a39Sopenharmony_cimy $stconf = "fipsmodule_selftest.cnf"; 299e1051a39Sopenharmony_ci 300e1051a39Sopenharmony_ciok(run(app(['openssl', 'fipsinstall', '-out', $stconf, 301e1051a39Sopenharmony_ci '-module', $infile, '-self_test_onload'])), 302e1051a39Sopenharmony_ci "fipsinstall config saved without self test indicator"); 303e1051a39Sopenharmony_ci 304e1051a39Sopenharmony_ciok(!run(app(['openssl', 'fipsinstall', '-in', $stconf, 305e1051a39Sopenharmony_ci '-module', $infile, '-verify'])), 306e1051a39Sopenharmony_ci "fipsinstall config verify fails without self test indicator"); 307e1051a39Sopenharmony_ci 308e1051a39Sopenharmony_ciok(run(app(['openssl', 'fipsinstall', '-in', $stconf, 309e1051a39Sopenharmony_ci '-module', $infile, '-self_test_onload', '-verify'])), 310e1051a39Sopenharmony_ci "fipsinstall config verify passes when self test indicator is not present"); 311