summaryrefslogtreecommitdiff
path: root/test/recipes
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2019-09-15 19:55:10 +1000
committerShane Lontis <shane.lontis@oracle.com>2019-09-15 19:55:10 +1000
commit7bb82f92d94375e7673fe02cb8186595b2c539f2 (patch)
tree9ad368205615d359374430b91906e4c704135fae /test/recipes
parentdd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (diff)
downloadopenssl-new-7bb82f92d94375e7673fe02cb8186595b2c539f2.tar.gz
Add fips module integrity check
Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9769)
Diffstat (limited to 'test/recipes')
-rw-r--r--test/recipes/30-test_evp.t20
-rw-r--r--test/recipes/30-test_evp_fetch_prov.t79
2 files changed, 97 insertions, 2 deletions
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 7e0be81b1e..e99299ffc4 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -10,10 +10,16 @@
use strict;
use warnings;
-use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file);
+use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
use OpenSSL::Test::Utils;
+BEGIN {
setup("test_evp");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
# Default config depends on if the legacy module is built or not
my $defaultcnf = disabled('legacy') ? 'default.cnf' : 'default-and-legacy.cnf';
@@ -27,7 +33,17 @@ my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
evppbe.txt evppkey.txt evppkey_ecc.txt evpcase.txt evpaessiv.txt
evpccmcavs.txt );
-plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles);
+plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
+
+my $infile = bldtop_file('providers', platform->dso('fips'));
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
+
+ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsinstall.conf'),
+ '-module', $infile,
+ '-provider_name', 'fips', '-mac_name', 'HMAC',
+ '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+ '-section_name', 'fips_sect'])), "fipinstall");
foreach (@configs) {
$ENV{OPENSSL_CONF} = srctop_file("test", $_);
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
new file mode 100644
index 0000000000..4aa1a1019d
--- /dev/null
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -0,0 +1,79 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir bldtop_file);
+use OpenSSL::Test::Utils;
+
+BEGIN {
+setup("test_evp_fetch_prov");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my @types = ( "digest", "cipher" );
+
+plan tests => 2 + 16 * scalar(@types);
+
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
+
+my $infile = bldtop_file('providers', platform->dso('fips'));
+ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsinstall.conf'),
+ '-module', $infile,
+ '-provider_name', 'fips', '-mac_name', 'HMAC',
+ '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+ '-section_name', 'fips_sect'])), "fipinstall");
+
+# Do implicit fetch using the default context
+ok(run(test(["evp_fetch_prov_test", "-defaultctx"])),
+ "running evp_fetch_prov_test using implicit fetch using the default libctx");
+
+foreach my $alg(@types) {
+ $ENV{OPENSSL_CONF} = srctop_file("test", "default.cnf");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg"])),
+ "running evp_fetch_prov_test using implicit fetch using a created libctx");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "default"])),
+ "running evp_fetch_prov_test with implicit fetch using default provider loaded");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "default"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=yes' using default provider loaded");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "default"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=no' using default provider loaded");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "-fetchfail", "default"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=no' using default provider loaded should fail");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "-fetchfail", "default"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=yes' using default provider loaded should fail");
+
+ $ENV{OPENSSL_CONF} = srctop_file("test", "fips.cnf");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch '' using loaded fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=yes' using loaded fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=no' using loaded fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "-fetchfail", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=yes' using loaded fips provider should fail");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "-fetchfail", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=no' using loaded fips provider should fail");
+
+ $ENV{OPENSSL_CONF} = srctop_file("test", "default-and-fips.cnf");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "", "default", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch '' using loaded default & fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "default", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=no' using loaded default & fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "default", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'default=yes' using loaded default & fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "default", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=no' using loaded default & fips provider");
+ ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "default", "fips"])),
+ "running evp_fetch_prov_test with $alg fetch 'fips=yes' using loaded default & fips provider");
+} \ No newline at end of file