1 1.1 christos #! /usr/bin/env perl 2 1.1.1.2 christos # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1.1.2 christos # Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos 10 1.1 christos use strict; 11 1.1 christos use warnings; 12 1.1 christos 13 1.1 christos use File::Spec; 14 1.1.1.2 christos use File::Compare qw/compare_text/; 15 1.1 christos use OpenSSL::Glob; 16 1.1.1.2 christos use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; 17 1.1 christos use OpenSSL::Test::Utils; 18 1.1 christos 19 1.1 christos setup("test_ecparam"); 20 1.1 christos 21 1.1.1.2 christos plan skip_all => "EC or EC2M isn't supported in this build" 22 1.1 christos if disabled("ec") || disabled("ec2m"); 23 1.1 christos 24 1.1 christos my @valid = glob(data_file("valid", "*.pem")); 25 1.1.1.2 christos my @noncanon = glob(data_file("noncanon", "*.pem")); 26 1.1 christos my @invalid = glob(data_file("invalid", "*.pem")); 27 1.1 christos 28 1.1.1.2 christos plan tests => 12; 29 1.1 christos 30 1.1.1.2 christos sub checkload { 31 1.1.1.2 christos my $files = shift; # List of files 32 1.1.1.2 christos my $valid = shift; # Check should pass or fail? 33 1.1.1.2 christos my $app = shift; # Which application 34 1.1.1.2 christos my $opt = shift; # Additional option 35 1.1.1.2 christos 36 1.1.1.2 christos foreach (@$files) { 37 1.1.1.2 christos if ($valid) { 38 1.1.1.2 christos ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 39 1.1.1.2 christos } else { 40 1.1.1.2 christos ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 41 1.1.1.2 christos } 42 1.1.1.2 christos } 43 1.1 christos } 44 1.1 christos 45 1.1.1.2 christos sub checkcompare { 46 1.1.1.2 christos my $files = shift; # List of files 47 1.1.1.2 christos my $app = shift; # Which application 48 1.1.1.2 christos 49 1.1.1.2 christos foreach (@$files) { 50 1.1.1.2 christos my $testout = "$app.tst"; 51 1.1.1.2 christos 52 1.1.1.2 christos ok(run(app(['openssl', $app, '-out', $testout, '-in', $_]))); 53 1.1.1.2 christos ok(!compare_text($_, $testout, sub { 54 1.1.1.2 christos my $in1 = $_[0]; 55 1.1.1.2 christos my $in2 = $_[1]; 56 1.1.1.2 christos $in1 =~ s/\r\n/\n/g; 57 1.1.1.2 christos $in2 =~ s/\r\n/\n/g; 58 1.1.1.2 christos $in1 ne $in2}), "Original file $_ is the same as new one"); 59 1.1.1.2 christos } 60 1.1 christos } 61 1.1.1.2 christos 62 1.1.1.2 christos my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 63 1.1.1.2 christos 64 1.1.1.2 christos subtest "Check loading valid parameters by ecparam with -check" => sub { 65 1.1.1.2 christos plan tests => scalar(@valid); 66 1.1.1.2 christos checkload(\@valid, 1, "ecparam", "-check"); 67 1.1.1.2 christos }; 68 1.1.1.2 christos 69 1.1.1.2 christos subtest "Check loading valid parameters by ecparam with -check_named" => sub { 70 1.1.1.2 christos plan tests => scalar(@valid); 71 1.1.1.2 christos checkload(\@valid, 1, "ecparam", "-check_named"); 72 1.1.1.2 christos }; 73 1.1.1.2 christos 74 1.1.1.2 christos subtest "Check loading valid parameters by pkeyparam with -check" => sub { 75 1.1.1.2 christos plan tests => scalar(@valid); 76 1.1.1.2 christos checkload(\@valid, 1, "pkeyparam", "-check"); 77 1.1.1.2 christos }; 78 1.1.1.2 christos 79 1.1.1.2 christos subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub { 80 1.1.1.2 christos plan tests => scalar(@noncanon); 81 1.1.1.2 christos checkload(\@noncanon, 1, "ecparam", "-check"); 82 1.1.1.2 christos }; 83 1.1.1.2 christos 84 1.1.1.2 christos subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub { 85 1.1.1.2 christos plan tests => scalar(@noncanon); 86 1.1.1.2 christos checkload(\@noncanon, 1, "ecparam", "-check_named"); 87 1.1.1.2 christos }; 88 1.1.1.2 christos 89 1.1.1.2 christos subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub { 90 1.1.1.2 christos plan tests => scalar(@noncanon); 91 1.1.1.2 christos checkload(\@noncanon, 1, "pkeyparam", "-check"); 92 1.1.1.2 christos }; 93 1.1.1.2 christos 94 1.1.1.2 christos subtest "Check loading invalid parameters by ecparam with -check" => sub { 95 1.1.1.2 christos plan tests => scalar(@invalid); 96 1.1.1.2 christos checkload(\@invalid, 0, "ecparam", "-check"); 97 1.1.1.2 christos }; 98 1.1.1.2 christos 99 1.1.1.2 christos subtest "Check loading invalid parameters by ecparam with -check_named" => sub { 100 1.1.1.2 christos plan tests => scalar(@invalid); 101 1.1.1.2 christos checkload(\@invalid, 0, "ecparam", "-check_named"); 102 1.1.1.2 christos }; 103 1.1.1.2 christos 104 1.1.1.2 christos subtest "Check loading invalid parameters by pkeyparam with -check" => sub { 105 1.1.1.2 christos plan tests => scalar(@invalid); 106 1.1.1.2 christos checkload(\@invalid, 0, "pkeyparam", "-check"); 107 1.1.1.2 christos }; 108 1.1.1.2 christos 109 1.1.1.2 christos subtest "Check ecparam does not change the parameter file on output" => sub { 110 1.1.1.2 christos plan tests => 2 * scalar(@valid); 111 1.1.1.2 christos checkcompare(\@valid, "ecparam"); 112 1.1.1.2 christos }; 113 1.1.1.2 christos 114 1.1.1.2 christos subtest "Check pkeyparam does not change the parameter file on output" => sub { 115 1.1.1.2 christos plan tests => 2 * scalar(@valid); 116 1.1.1.2 christos checkcompare(\@valid, "pkeyparam"); 117 1.1.1.2 christos }; 118 1.1.1.2 christos 119 1.1.1.2 christos subtest "Check loading of fips and non-fips params" => sub { 120 1.1.1.2 christos plan skip_all => "FIPS is disabled" 121 1.1.1.2 christos if $no_fips; 122 1.1.1.2 christos plan tests => 8; 123 1.1.1.2 christos 124 1.1.1.2 christos my $fipsconf = srctop_file("test", "fips-and-base.cnf"); 125 1.1.1.2 christos my $defaultconf = srctop_file("test", "default.cnf"); 126 1.1.1.2 christos 127 1.1.1.2 christos $ENV{OPENSSL_CONF} = $fipsconf; 128 1.1.1.2 christos 129 1.1.1.2 christos ok(run(app(['openssl', 'ecparam', 130 1.1.1.2 christos '-in', data_file('valid', 'secp384r1-explicit.pem'), 131 1.1.1.2 christos '-check'])), 132 1.1.1.2 christos "Loading explicitly encoded valid curve"); 133 1.1.1.2 christos 134 1.1.1.2 christos ok(run(app(['openssl', 'ecparam', 135 1.1.1.2 christos '-in', data_file('valid', 'secp384r1-named.pem'), 136 1.1.1.2 christos '-check'])), 137 1.1.1.2 christos "Loading named valid curve"); 138 1.1.1.2 christos 139 1.1.1.2 christos ok(!run(app(['openssl', 'ecparam', 140 1.1.1.2 christos '-in', data_file('valid', 'secp112r1-named.pem'), 141 1.1.1.2 christos '-check'])), 142 1.1.1.2 christos "Fail loading named non-fips curve"); 143 1.1.1.2 christos 144 1.1.1.2 christos ok(!run(app(['openssl', 'pkeyparam', 145 1.1.1.2 christos '-in', data_file('valid', 'secp112r1-named.pem'), 146 1.1.1.2 christos '-check'])), 147 1.1.1.2 christos "Fail loading named non-fips curve using pkeyparam"); 148 1.1.1.2 christos 149 1.1.1.2 christos ok(run(app(['openssl', 'ecparam', 150 1.1.1.2 christos '-provider', 'default', 151 1.1.1.2 christos '-propquery', '?fips!=yes', 152 1.1.1.2 christos '-in', data_file('valid', 'secp112r1-named.pem'), 153 1.1.1.2 christos '-check'])), 154 1.1.1.2 christos "Loading named non-fips curve in FIPS mode with non-FIPS property". 155 1.1.1.2 christos " query"); 156 1.1.1.2 christos 157 1.1.1.2 christos ok(run(app(['openssl', 'pkeyparam', 158 1.1.1.2 christos '-provider', 'default', 159 1.1.1.2 christos '-propquery', '?fips!=yes', 160 1.1.1.2 christos '-in', data_file('valid', 'secp112r1-named.pem'), 161 1.1.1.2 christos '-check'])), 162 1.1.1.2 christos "Loading named non-fips curve in FIPS mode with non-FIPS property". 163 1.1.1.2 christos " query using pkeyparam"); 164 1.1.1.2 christos 165 1.1.1.2 christos ok(!run(app(['openssl', 'ecparam', 166 1.1.1.2 christos '-genkey', '-name', 'secp112r1'])), 167 1.1.1.2 christos "Fail generating key for named non-fips curve"); 168 1.1.1.2 christos 169 1.1.1.2 christos ok(run(app(['openssl', 'ecparam', 170 1.1.1.2 christos '-provider', 'default', 171 1.1.1.2 christos '-propquery', '?fips!=yes', 172 1.1.1.2 christos '-genkey', '-name', 'secp112r1'])), 173 1.1.1.2 christos "Generating key for named non-fips curve with non-FIPS property query"); 174 1.1.1.2 christos 175 1.1.1.2 christos $ENV{OPENSSL_CONF} = $defaultconf; 176 1.1.1.2 christos }; 177
Indexes created Sat Feb 28 05:31:39 UTC 2026