test/recipes/30-test_evp.t - third_party/openssl - Git at Google

 #! /usr/bin/env perl
 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html


 use strict;
 use warnings;

 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
 use OpenSSL::Test::Utils;

 BEGIN {
     setup("test_evp");
 }

 use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');
 use platform;

 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
 my $no_dh = disabled("dh");
 my $no_dsa = disabled("dsa");
 my $no_ec = disabled("ec");
 my $no_gost = disabled("gost");
 my $no_sm2 = disabled("sm2");

 # Default config depends on if the legacy module is built or not
 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';

 my @configs = ( $defaultcnf );
 # Only add the FIPS config if the FIPS module has been built
 push @configs, 'fips-and-base.cnf' unless $no_fips;

 # A list of tests that run with both the default and fips provider.
 my @files = qw(
                 evpciph_aes_ccm_cavs.txt
                 evpciph_aes_common.txt
                 evpciph_aes_cts1.txt
                 evpciph_aes_wrap.txt
                 evpciph_des3_common.txt
                 evpkdf_hkdf.txt
                 evpkdf_pbkdf2.txt
                 evpkdf_ss.txt
                 evpkdf_ssh.txt
                 evpkdf_tls12_prf.txt
                 evpkdf_x963.txt
                 evpmac_common.txt
                 evpmd_sha.txt
                 evppbe_pbkdf2.txt
                 evppkey_kdf_hkdf.txt
                 evppkey_rsa_common.txt
                 evprand.txt
               );
 push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
 push @files, qw(evppkey_ecx.txt) unless $no_ec;
 push @files, qw(
                 evppkey_ecc.txt
                 evppkey_ecdh.txt
                 evppkey_ecdsa.txt
                 evppkey_kas.txt
                 evppkey_mismatch.txt
               ) unless $no_ec || $no_gost;

 # A list of tests that only run with the default provider
 # (i.e. The algorithms are not present in the fips provider)
 my @defltfiles = qw(
                      evpciph_aes_cts23.txt
                      evpciph_aes_ocb.txt
                      evpciph_aes_siv.txt
                      evpciph_aria.txt
                      evpciph_bf.txt
                      evpciph_camellia.txt
                      evpciph_cast5.txt
                      evpciph_chacha.txt
                      evpciph_des.txt
                      evpciph_idea.txt
                      evpciph_rc2.txt
                      evpciph_rc4.txt
                      evpciph_rc5.txt
                      evpciph_seed.txt
                      evpciph_sm4.txt
                      evpencod.txt
                      evpkdf_krb5.txt
                      evpkdf_scrypt.txt
                      evpkdf_tls11_prf.txt
                      evpkdf_x942.txt
                      evpmac_blake.txt
                      evpmac_poly1305.txt
                      evpmac_siphash.txt
                      evpmd_blake.txt
                      evpmd_md.txt
                      evpmd_mdc2.txt
                      evpmd_ripemd.txt
                      evpmd_sm3.txt
                      evpmd_whirlpool.txt
                      evppbe_scrypt.txt
                      evppbe_pkcs12.txt
                      evppkey_kdf_scrypt.txt
                      evppkey_kdf_tls1_prf.txt
                      evppkey_rsa.txt
                     );
 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;

 plan tests =>
     ($no_fips ? 0 : 1)          # FIPS install test
     + (scalar(@configs) * scalar(@files))
     + scalar(@defltfiles)
     + 3; # error output tests

 unless ($no_fips) {
     my $infile = bldtop_file('providers', platform->dso('fips'));

     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
                 '-module', $infile])),
        "fipsinstall");
 }

 foreach (@configs) {
     my $conf = srctop_file("test", $_);

     foreach my $f ( @files ) {
         ok(run(test(["evp_test",
                      "-config", $conf,
                      data_file("$f")])),
            "running evp_test -config $conf $f");
     }
 }

 my $conf = srctop_file("test", $defaultcnf);
 foreach my $f ( @defltfiles ) {
     ok(run(test(["evp_test",
                  "-config", $conf,
                  data_file("$f")])),
        "running evp_test -config $conf $f");
 }

 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $key, @opts) = @_;
     my $infile = srctop_file('test', 'certs', $key);
     my @args = qw(openssl pkey -in);
     push(@args, $infile, @opts);
     my $tmpfile = 'out.txt';
     my $res = !run(app([@args], stderr => $tmpfile));
     my $found = 0;
     open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
     while(<$in>) {
         print; # this may help debugging
         $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
         $found = 1 if m/$expected/; # output must include $expected
     }
     close $in;
     # $tmpfile is kept to help with investigation in case of failure
     return $res && $found;
 }

 SKIP: {
     skip "DSA not disabled", 2 if !disabled("dsa");

     ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
        "error loading unsupported dsa private key");
     ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
        "error loading unsupported dsa public key");
 }

 SKIP: {
     skip "sm2 not disabled", 1 if !disabled("sm2");

     ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
        "error loading unsupported sm2 private key");
 }
	#! /usr/bin/env perl
	# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
	#
	# Licensed under the Apache License 2.0 (the "License"). You may not use
	# this file except in compliance with the License. You can obtain a copy
	# in the file LICENSE in the source distribution or at
	# https://www.openssl.org/source/license.html


	use strict;
	use warnings;

	use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
	use OpenSSL::Test::Utils;

	BEGIN {
	setup("test_evp");
	}

	use lib srctop_dir('Configurations');
	use lib bldtop_dir('.');
	use platform;

	my $no_fips = disabled('fips') \|\| ($ENV{NO_FIPS} // 0);
	my $no_legacy = disabled('legacy') \|\| ($ENV{NO_LEGACY} // 0);
	my $no_dh = disabled("dh");
	my $no_dsa = disabled("dsa");
	my $no_ec = disabled("ec");
	my $no_gost = disabled("gost");
	my $no_sm2 = disabled("sm2");

	# Default config depends on if the legacy module is built or not
	my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';

	my @configs = ( $defaultcnf );
	# Only add the FIPS config if the FIPS module has been built
	push @configs, 'fips-and-base.cnf' unless $no_fips;

	# A list of tests that run with both the default and fips provider.
	my @files = qw(
	evpciph_aes_ccm_cavs.txt
	evpciph_aes_common.txt
	evpciph_aes_cts1.txt
	evpciph_aes_wrap.txt
	evpciph_des3_common.txt
	evpkdf_hkdf.txt
	evpkdf_pbkdf2.txt
	evpkdf_ss.txt
	evpkdf_ssh.txt
	evpkdf_tls12_prf.txt
	evpkdf_x963.txt
	evpmac_common.txt
	evpmd_sha.txt
	evppbe_pbkdf2.txt
	evppkey_kdf_hkdf.txt
	evppkey_rsa_common.txt
	evprand.txt
	);
	push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
	push @files, qw(evppkey_dsa.txt) unless $no_dsa;
	push @files, qw(evppkey_ecx.txt) unless $no_ec;
	push @files, qw(
	evppkey_ecc.txt
	evppkey_ecdh.txt
	evppkey_ecdsa.txt
	evppkey_kas.txt
	evppkey_mismatch.txt
	) unless $no_ec \|\| $no_gost;

	# A list of tests that only run with the default provider
	# (i.e. The algorithms are not present in the fips provider)
	my @defltfiles = qw(
	evpciph_aes_cts23.txt
	evpciph_aes_ocb.txt
	evpciph_aes_siv.txt
	evpciph_aria.txt
	evpciph_bf.txt
	evpciph_camellia.txt
	evpciph_cast5.txt
	evpciph_chacha.txt
	evpciph_des.txt
	evpciph_idea.txt
	evpciph_rc2.txt
	evpciph_rc4.txt
	evpciph_rc5.txt
	evpciph_seed.txt
	evpciph_sm4.txt
	evpencod.txt
	evpkdf_krb5.txt
	evpkdf_scrypt.txt
	evpkdf_tls11_prf.txt
	evpkdf_x942.txt
	evpmac_blake.txt
	evpmac_poly1305.txt
	evpmac_siphash.txt
	evpmd_blake.txt
	evpmd_md.txt
	evpmd_mdc2.txt
	evpmd_ripemd.txt
	evpmd_sm3.txt
	evpmd_whirlpool.txt
	evppbe_scrypt.txt
	evppbe_pkcs12.txt
	evppkey_kdf_scrypt.txt
	evppkey_kdf_tls1_prf.txt
	evppkey_rsa.txt
	);
	push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
	push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;

	plan tests =>
	($no_fips ? 0 : 1) # FIPS install test
	+ (scalar(@configs) * scalar(@files))
	+ scalar(@defltfiles)
	+ 3; # error output tests

	unless ($no_fips) {
	my $infile = bldtop_file('providers', platform->dso('fips'));

	ok(run(app(['openssl', 'fipsinstall',
	'-out', bldtop_file('providers', 'fipsmodule.cnf'),
	'-module', $infile])),
	"fipsinstall");
	}

	foreach (@configs) {
	my $conf = srctop_file("test", $_);

	foreach my $f ( @files ) {
	ok(run(test(["evp_test",
	"-config", $conf,
	data_file("$f")])),
	"running evp_test -config $conf $f");
	}
	}

	my $conf = srctop_file("test", $defaultcnf);
	foreach my $f ( @defltfiles ) {
	ok(run(test(["evp_test",
	"-config", $conf,
	data_file("$f")])),
	"running evp_test -config $conf $f");
	}

	sub test_errors { # actually tests diagnostics of OSSL_STORE
	my ($expected, $key, @opts) = @_;
	my $infile = srctop_file('test', 'certs', $key);
	my @args = qw(openssl pkey -in);
	push(@args, $infile, @opts);
	my $tmpfile = 'out.txt';
	my $res = !run(app([@args], stderr => $tmpfile));
	my $found = 0;
	open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
	while(<$in>) {
	print; # this may help debugging
	$res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
	$found = 1 if m/$expected/; # output must include $expected
	}
	close $in;
	# $tmpfile is kept to help with investigation in case of failure
	return $res && $found;
	}

	SKIP: {
	skip "DSA not disabled", 2 if !disabled("dsa");

	ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
	"error loading unsupported dsa private key");
	ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
	"error loading unsupported dsa public key");
	}

	SKIP: {
	skip "sm2 not disabled", 1 if !disabled("sm2");

	ok(test_errors("unknown group\|unsupported algorithm", "sm2.key"),
	"error loading unsupported sm2 private key");
	}