Add fips module integrity check

Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9769)
author: Shane Lontis <shane.lontis@oracle.com> 2019-09-15 19:55:10 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2019-09-15 19:55:10 +1000
commit: 7bb82f92d94375e7673fe02cb8186595b2c539f2 (patch)
tree: 9ad368205615d359374430b91906e4c704135fae /test/recipes
parent: dd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (diff)
download: openssl-new-7bb82f92d94375e7673fe02cb8186595b2c539f2.tar.gz
2 files changed, 97 insertions, 2 deletions
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 7e0be81b1e..e99299ffc4 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -10,10 +10,16 @@
 use strict;
 use warnings;
 
-use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file);
+use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
 use OpenSSL::Test::Utils;
 
+BEGIN {
 setup("test_evp");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
 
 # Default config depends on if the legacy module is built or not
 my $defaultcnf = disabled('legacy') ? 'default.cnf' : 'default-and-legacy.cnf';
@@ -27,7 +33,17 @@ my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
     evppbe.txt evppkey.txt evppkey_ecc.txt evpcase.txt evpaessiv.txt
     evpccmcavs.txt );
 
-plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles);
+plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
+
+my $infile = bldtop_file('providers', platform->dso('fips'));
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
+
+ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsinstall.conf'),
+            '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_sect'])), "fipinstall");
 
 foreach (@configs) {
     $ENV{OPENSSL_CONF} = srctop_file("test", $_);
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
new file mode 100644
index 0000000000..4aa1a1019d
--- /dev/null
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -0,0 +1,79 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir bldtop_file);
+use OpenSSL::Test::Utils;
+
+BEGIN {
+setup("test_evp_fetch_prov");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my @types = ( "digest", "cipher" );
+
+plan tests => 2 + 16 * scalar(@types);
+
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
+
+my $infile = bldtop_file('providers', platform->dso('fips'));
+ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsinstall.conf'),
+            '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_sect'])), "fipinstall");
+
+# Do implicit fetch using the default context
+ok(run(test(["evp_fetch_prov_test", "-defaultctx"])),
+    "running evp_fetch_prov_test using implicit fetch using the default libctx");
+
+foreach my $alg(@types) {
+   $ENV{OPENSSL_CONF} = srctop_file("test", "default.cnf");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg"])),
+       "running evp_fetch_prov_test using implicit fetch using a created libctx");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "default"])),
+       "running evp_fetch_prov_test with implicit fetch using default provider loaded");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "default"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=yes' using default provider loaded");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "default"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=no' using default provider loaded");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "-fetchfail", "default"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=no' using default provider loaded should fail");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "-fetchfail", "default"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=yes' using default provider loaded should fail");
+
+   $ENV{OPENSSL_CONF} = srctop_file("test", "fips.cnf");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch '' using loaded fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=yes' using loaded fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=no' using loaded fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "-fetchfail", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=yes' using loaded fips provider should fail");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "-fetchfail", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=no' using loaded fips provider should fail");
+
+   $ENV{OPENSSL_CONF} = srctop_file("test", "default-and-fips.cnf");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "", "default", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch '' using loaded default & fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=no", "default", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=no' using loaded default & fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "default=yes", "default", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'default=yes' using loaded default & fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=no", "default", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=no' using loaded default & fips provider");
+   ok(run(test(["evp_fetch_prov_test", "-type", "$alg", "-property", "fips=yes", "default", "fips"])),
+       "running evp_fetch_prov_test with $alg fetch 'fips=yes' using loaded default & fips provider");
+}
+\ No newline at end of file
author	Shane Lontis <shane.lontis@oracle.com>	2019-09-15 19:55:10 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2019-09-15 19:55:10 +1000
commit	7bb82f92d94375e7673fe02cb8186595b2c539f2 (patch)
tree	9ad368205615d359374430b91906e4c704135fae /test/recipes
parent	dd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (diff)
download	openssl-new-7bb82f92d94375e7673fe02cb8186595b2c539f2.tar.gz