1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ciuse strict; 11e1051a39Sopenharmony_ciuse warnings; 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ciuse OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); 14e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ciBEGIN { 17e1051a39Sopenharmony_ci setup("test_evp"); 18e1051a39Sopenharmony_ci} 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ciuse lib srctop_dir('Configurations'); 21e1051a39Sopenharmony_ciuse lib bldtop_dir('.'); 22e1051a39Sopenharmony_ci 23e1051a39Sopenharmony_cimy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24e1051a39Sopenharmony_cimy $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); 25e1051a39Sopenharmony_cimy $no_des = disabled("des"); 26e1051a39Sopenharmony_cimy $no_dh = disabled("dh"); 27e1051a39Sopenharmony_cimy $no_dsa = disabled("dsa"); 28e1051a39Sopenharmony_cimy $no_ec = disabled("ec"); 29e1051a39Sopenharmony_cimy $no_sm2 = disabled("sm2"); 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_ci# Default config depends on if the legacy module is built or not 32e1051a39Sopenharmony_cimy $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; 33e1051a39Sopenharmony_ci 34e1051a39Sopenharmony_cimy @configs = ( $defaultcnf ); 35e1051a39Sopenharmony_ci# Only add the FIPS config if the FIPS module has been built 36e1051a39Sopenharmony_cipush @configs, 'fips-and-base.cnf' unless $no_fips; 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_ci# A list of tests that run with both the default and fips provider. 39e1051a39Sopenharmony_cimy @files = qw( 40e1051a39Sopenharmony_ci evpciph_aes_ccm_cavs.txt 41e1051a39Sopenharmony_ci evpciph_aes_common.txt 42e1051a39Sopenharmony_ci evpciph_aes_cts.txt 43e1051a39Sopenharmony_ci evpciph_aes_wrap.txt 44e1051a39Sopenharmony_ci evpciph_aes_stitched.txt 45e1051a39Sopenharmony_ci evpciph_des3_common.txt 46e1051a39Sopenharmony_ci evpkdf_hkdf.txt 47e1051a39Sopenharmony_ci evpkdf_pbkdf1.txt 48e1051a39Sopenharmony_ci evpkdf_pbkdf2.txt 49e1051a39Sopenharmony_ci evpkdf_ss.txt 50e1051a39Sopenharmony_ci evpkdf_ssh.txt 51e1051a39Sopenharmony_ci evpkdf_tls12_prf.txt 52e1051a39Sopenharmony_ci evpkdf_tls13_kdf.txt 53e1051a39Sopenharmony_ci evpkdf_x942.txt 54e1051a39Sopenharmony_ci evpkdf_x963.txt 55e1051a39Sopenharmony_ci evpmac_common.txt 56e1051a39Sopenharmony_ci evpmd_sha.txt 57e1051a39Sopenharmony_ci evppbe_pbkdf2.txt 58e1051a39Sopenharmony_ci evppkey_kdf_hkdf.txt 59e1051a39Sopenharmony_ci evppkey_rsa_common.txt 60e1051a39Sopenharmony_ci evprand.txt 61e1051a39Sopenharmony_ci ); 62e1051a39Sopenharmony_cipush @files, qw( 63e1051a39Sopenharmony_ci evppkey_ffdhe.txt 64e1051a39Sopenharmony_ci evppkey_dh.txt 65e1051a39Sopenharmony_ci ) unless $no_dh; 66e1051a39Sopenharmony_cipush @files, qw( 67e1051a39Sopenharmony_ci evpkdf_x942_des.txt 68e1051a39Sopenharmony_ci evpmac_cmac_des.txt 69e1051a39Sopenharmony_ci ) unless $no_des; 70e1051a39Sopenharmony_cipush @files, qw(evppkey_dsa.txt) unless $no_dsa; 71e1051a39Sopenharmony_cipush @files, qw(evppkey_ecx.txt) unless $no_ec; 72e1051a39Sopenharmony_cipush @files, qw( 73e1051a39Sopenharmony_ci evppkey_ecc.txt 74e1051a39Sopenharmony_ci evppkey_ecdh.txt 75e1051a39Sopenharmony_ci evppkey_ecdsa.txt 76e1051a39Sopenharmony_ci evppkey_kas.txt 77e1051a39Sopenharmony_ci evppkey_mismatch.txt 78e1051a39Sopenharmony_ci ) unless $no_ec; 79e1051a39Sopenharmony_ci 80e1051a39Sopenharmony_ci# A list of tests that only run with the default provider 81e1051a39Sopenharmony_ci# (i.e. The algorithms are not present in the fips provider) 82e1051a39Sopenharmony_cimy @defltfiles = qw( 83e1051a39Sopenharmony_ci evpciph_aes_ocb.txt 84e1051a39Sopenharmony_ci evpciph_aes_siv.txt 85e1051a39Sopenharmony_ci evpciph_aria.txt 86e1051a39Sopenharmony_ci evpciph_bf.txt 87e1051a39Sopenharmony_ci evpciph_camellia.txt 88e1051a39Sopenharmony_ci evpciph_camellia_cts.txt 89e1051a39Sopenharmony_ci evpciph_cast5.txt 90e1051a39Sopenharmony_ci evpciph_chacha.txt 91e1051a39Sopenharmony_ci evpciph_des.txt 92e1051a39Sopenharmony_ci evpciph_idea.txt 93e1051a39Sopenharmony_ci evpciph_rc2.txt 94e1051a39Sopenharmony_ci evpciph_rc4.txt 95e1051a39Sopenharmony_ci evpciph_rc4_stitched.txt 96e1051a39Sopenharmony_ci evpciph_rc5.txt 97e1051a39Sopenharmony_ci evpciph_seed.txt 98e1051a39Sopenharmony_ci evpciph_sm4.txt 99e1051a39Sopenharmony_ci evpencod.txt 100e1051a39Sopenharmony_ci evpkdf_krb5.txt 101e1051a39Sopenharmony_ci evpkdf_scrypt.txt 102e1051a39Sopenharmony_ci evpkdf_tls11_prf.txt 103e1051a39Sopenharmony_ci evpmac_blake.txt 104e1051a39Sopenharmony_ci evpmac_poly1305.txt 105e1051a39Sopenharmony_ci evpmac_siphash.txt 106e1051a39Sopenharmony_ci evpmac_sm3.txt 107e1051a39Sopenharmony_ci evpmd_blake.txt 108e1051a39Sopenharmony_ci evpmd_md.txt 109e1051a39Sopenharmony_ci evpmd_mdc2.txt 110e1051a39Sopenharmony_ci evpmd_ripemd.txt 111e1051a39Sopenharmony_ci evpmd_sm3.txt 112e1051a39Sopenharmony_ci evpmd_whirlpool.txt 113e1051a39Sopenharmony_ci evppbe_scrypt.txt 114e1051a39Sopenharmony_ci evppbe_pkcs12.txt 115e1051a39Sopenharmony_ci evppkey_kdf_scrypt.txt 116e1051a39Sopenharmony_ci evppkey_kdf_tls1_prf.txt 117e1051a39Sopenharmony_ci evppkey_rsa.txt 118e1051a39Sopenharmony_ci ); 119e1051a39Sopenharmony_cipush @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; 120e1051a39Sopenharmony_cipush @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; 121e1051a39Sopenharmony_ci 122e1051a39Sopenharmony_ciplan tests => 123e1051a39Sopenharmony_ci + (scalar(@configs) * scalar(@files)) 124e1051a39Sopenharmony_ci + scalar(@defltfiles) 125e1051a39Sopenharmony_ci + 3; # error output tests 126e1051a39Sopenharmony_ci 127e1051a39Sopenharmony_ciforeach (@configs) { 128e1051a39Sopenharmony_ci my $conf = srctop_file("test", $_); 129e1051a39Sopenharmony_ci 130e1051a39Sopenharmony_ci foreach my $f ( @files ) { 131e1051a39Sopenharmony_ci ok(run(test(["evp_test", 132e1051a39Sopenharmony_ci "-config", $conf, 133e1051a39Sopenharmony_ci data_file("$f")])), 134e1051a39Sopenharmony_ci "running evp_test -config $conf $f"); 135e1051a39Sopenharmony_ci } 136e1051a39Sopenharmony_ci} 137e1051a39Sopenharmony_ci 138e1051a39Sopenharmony_cimy $conf = srctop_file("test", $defaultcnf); 139e1051a39Sopenharmony_ciforeach my $f ( @defltfiles ) { 140e1051a39Sopenharmony_ci ok(run(test(["evp_test", 141e1051a39Sopenharmony_ci "-config", $conf, 142e1051a39Sopenharmony_ci data_file("$f")])), 143e1051a39Sopenharmony_ci "running evp_test -config $conf $f"); 144e1051a39Sopenharmony_ci} 145e1051a39Sopenharmony_ci 146e1051a39Sopenharmony_ci# test_errors OPTIONS 147e1051a39Sopenharmony_ci# 148e1051a39Sopenharmony_ci# OPTIONS may include: 149e1051a39Sopenharmony_ci# 150e1051a39Sopenharmony_ci# key => "filename" # expected to be found in $SRCDIR/test/certs 151e1051a39Sopenharmony_ci# out => "filename" # file to write error strings to 152e1051a39Sopenharmony_ci# args => [ ... extra openssl pkey args ... ] 153e1051a39Sopenharmony_ci# expected => regexps to match error lines against 154e1051a39Sopenharmony_cisub test_errors { # actually tests diagnostics of OSSL_STORE 155e1051a39Sopenharmony_ci my %opts = @_; 156e1051a39Sopenharmony_ci my $infile = srctop_file('test', 'certs', $opts{key}); 157e1051a39Sopenharmony_ci my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} ); 158e1051a39Sopenharmony_ci my $res = !run(app([@args], stderr => $opts{out})); 159e1051a39Sopenharmony_ci my $found = !exists $opts{expected}; 160e1051a39Sopenharmony_ci open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}"; 161e1051a39Sopenharmony_ci while(my $errline = <$in>) { 162e1051a39Sopenharmony_ci print $errline; # this may help debugging 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ci # output must not include ASN.1 parse errors 165e1051a39Sopenharmony_ci $res &&= $errline !~ m/asn1 encoding/; 166e1051a39Sopenharmony_ci # output must include what is expressed in $opts{$expected} 167e1051a39Sopenharmony_ci $found = 1 168e1051a39Sopenharmony_ci if exists $opts{expected} && $errline =~ m/$opts{expected}/; 169e1051a39Sopenharmony_ci } 170e1051a39Sopenharmony_ci close $in; 171e1051a39Sopenharmony_ci # $tmpfile is kept to help with investigation in case of failure 172e1051a39Sopenharmony_ci return $res && $found; 173e1051a39Sopenharmony_ci} 174e1051a39Sopenharmony_ci 175e1051a39Sopenharmony_ciSKIP: { 176e1051a39Sopenharmony_ci skip "DSA not disabled", 2 if !disabled("dsa"); 177e1051a39Sopenharmony_ci 178e1051a39Sopenharmony_ci ok(test_errors(key => 'server-dsa-key.pem', 179e1051a39Sopenharmony_ci out => 'server-dsa-key.err'), 180e1051a39Sopenharmony_ci "expected error loading unsupported dsa private key"); 181e1051a39Sopenharmony_ci ok(test_errors(key => 'server-dsa-pubkey.pem', 182e1051a39Sopenharmony_ci out => 'server-dsa-pubkey.err', 183e1051a39Sopenharmony_ci args => [ '-pubin' ], 184e1051a39Sopenharmony_ci expected => 'unsupported'), 185e1051a39Sopenharmony_ci "expected error loading unsupported dsa public key"); 186e1051a39Sopenharmony_ci} 187e1051a39Sopenharmony_ci 188e1051a39Sopenharmony_ciSKIP: { 189e1051a39Sopenharmony_ci skip "SM2 not disabled", 1 if !disabled("sm2"); 190e1051a39Sopenharmony_ci 191e1051a39Sopenharmony_ci ok(test_errors(key => 'sm2.key', out => 'sm2.err'), 192e1051a39Sopenharmony_ci "expected error loading unsupported sm2 private key"); 193e1051a39Sopenharmony_ci} 194