1#! /usr/bin/env perl 2# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use File::Compare qw/compare_text/; 15use OpenSSL::Glob; 16use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; 17use OpenSSL::Test::Utils; 18 19setup("test_ecparam"); 20 21plan skip_all => "EC or EC2M isn't supported in this build" 22 if disabled("ec") || disabled("ec2m"); 23 24my @valid = glob(data_file("valid", "*.pem")); 25my @noncanon = glob(data_file("noncanon", "*.pem")); 26my @invalid = glob(data_file("invalid", "*.pem")); 27 28if (disabled("sm2")) { 29 @valid = grep { !/sm2-.*\.pem/} @valid; 30} 31 32plan tests => 12; 33 34sub checkload { 35 my $files = shift; # List of files 36 my $valid = shift; # Check should pass or fail? 37 my $app = shift; # Which application 38 my $opt = shift; # Additional option 39 40 foreach (@$files) { 41 if ($valid) { 42 ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 43 } else { 44 ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_]))); 45 } 46 } 47} 48 49sub checkcompare { 50 my $files = shift; # List of files 51 my $app = shift; # Which application 52 53 foreach (@$files) { 54 my $testout = "$app.tst"; 55 56 ok(run(app(['openssl', $app, '-out', $testout, '-in', $_]))); 57 ok(!compare_text($_, $testout, sub { 58 my $in1 = $_[0]; 59 my $in2 = $_[1]; 60 $in1 =~ s/\r\n/\n/g; 61 $in2 =~ s/\r\n/\n/g; 62 $in1 ne $in2}), "Original file $_ is the same as new one"); 63 } 64} 65 66my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 67 68subtest "Check loading valid parameters by ecparam with -check" => sub { 69 plan tests => scalar(@valid); 70 checkload(\@valid, 1, "ecparam", "-check"); 71}; 72 73subtest "Check loading valid parameters by ecparam with -check_named" => sub { 74 plan tests => scalar(@valid); 75 checkload(\@valid, 1, "ecparam", "-check_named"); 76}; 77 78subtest "Check loading valid parameters by pkeyparam with -check" => sub { 79 plan tests => scalar(@valid); 80 checkload(\@valid, 1, "pkeyparam", "-check"); 81}; 82 83subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub { 84 plan tests => scalar(@noncanon); 85 checkload(\@noncanon, 1, "ecparam", "-check"); 86}; 87 88subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub { 89 plan tests => scalar(@noncanon); 90 checkload(\@noncanon, 1, "ecparam", "-check_named"); 91}; 92 93subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub { 94 plan tests => scalar(@noncanon); 95 checkload(\@noncanon, 1, "pkeyparam", "-check"); 96}; 97 98subtest "Check loading invalid parameters by ecparam with -check" => sub { 99 plan tests => scalar(@invalid); 100 checkload(\@invalid, 0, "ecparam", "-check"); 101}; 102 103subtest "Check loading invalid parameters by ecparam with -check_named" => sub { 104 plan tests => scalar(@invalid); 105 checkload(\@invalid, 0, "ecparam", "-check_named"); 106}; 107 108subtest "Check loading invalid parameters by pkeyparam with -check" => sub { 109 plan tests => scalar(@invalid); 110 checkload(\@invalid, 0, "pkeyparam", "-check"); 111}; 112 113subtest "Check ecparam does not change the parameter file on output" => sub { 114 plan tests => 2 * scalar(@valid); 115 checkcompare(\@valid, "ecparam"); 116}; 117 118subtest "Check pkeyparam does not change the parameter file on output" => sub { 119 plan tests => 2 * scalar(@valid); 120 checkcompare(\@valid, "pkeyparam"); 121}; 122 123subtest "Check loading of fips and non-fips params" => sub { 124 plan skip_all => "FIPS is disabled" 125 if $no_fips; 126 plan tests => 8; 127 128 my $fipsconf = srctop_file("test", "fips-and-base.cnf"); 129 my $defaultconf = srctop_file("test", "default.cnf"); 130 131 $ENV{OPENSSL_CONF} = $fipsconf; 132 133 ok(run(app(['openssl', 'ecparam', 134 '-in', data_file('valid', 'secp384r1-explicit.pem'), 135 '-check'])), 136 "Loading explicitly encoded valid curve"); 137 138 ok(run(app(['openssl', 'ecparam', 139 '-in', data_file('valid', 'secp384r1-named.pem'), 140 '-check'])), 141 "Loading named valid curve"); 142 143 ok(!run(app(['openssl', 'ecparam', 144 '-in', data_file('valid', 'secp112r1-named.pem'), 145 '-check'])), 146 "Fail loading named non-fips curve"); 147 148 ok(!run(app(['openssl', 'pkeyparam', 149 '-in', data_file('valid', 'secp112r1-named.pem'), 150 '-check'])), 151 "Fail loading named non-fips curve using pkeyparam"); 152 153 ok(run(app(['openssl', 'ecparam', 154 '-provider', 'default', 155 '-propquery', '?fips!=yes', 156 '-in', data_file('valid', 'secp112r1-named.pem'), 157 '-check'])), 158 "Loading named non-fips curve in FIPS mode with non-FIPS property". 159 " query"); 160 161 ok(run(app(['openssl', 'pkeyparam', 162 '-provider', 'default', 163 '-propquery', '?fips!=yes', 164 '-in', data_file('valid', 'secp112r1-named.pem'), 165 '-check'])), 166 "Loading named non-fips curve in FIPS mode with non-FIPS property". 167 " query using pkeyparam"); 168 169 ok(!run(app(['openssl', 'ecparam', 170 '-genkey', '-name', 'secp112r1'])), 171 "Fail generating key for named non-fips curve"); 172 173 ok(run(app(['openssl', 'ecparam', 174 '-provider', 'default', 175 '-propquery', '?fips!=yes', 176 '-genkey', '-name', 'secp112r1'])), 177 "Generating key for named non-fips curve with non-FIPS property query"); 178 179 $ENV{OPENSSL_CONF} = $defaultconf; 180}; 181