diff options
author | Pauli <pauli@openssl.org> | 2023-03-20 10:49:40 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-29 09:25:58 +1100 |
commit | 78bcbc1ea440feac3e9a3292dba4b055b81ca29e (patch) | |
tree | 6f33478c3910b4473cbc6574fc6a9f6f6bac9dde /test/recipes | |
parent | b345dbed28701f8aab06b0271603186127499928 (diff) | |
download | openssl-new-78bcbc1ea440feac3e9a3292dba4b055b81ca29e.tar.gz |
test: test -drbg_allow_truncated_digests option
Verify that the option produces the correct output in the FIPS configuration
file and that the default is as expected.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/03-test_fipsinstall.t | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 10a2fcaffa..91bb9a7911 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -24,7 +24,7 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 31; +plan tests => 34; my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; @@ -80,6 +80,22 @@ sub replace_parent_line_file { $srch, $rep, $outfile); } +# Check if the specified pattern occurs in the given file +# Returns 1 if the pattern is found and 0 if not +sub find_line_file { + my ($key, $file) = @_; + + open(my $in, $file) or return -1; + while (my $line = <$in>) { + if ($line =~ /$key/) { + close($in); + return 1; + } + } + close($in); + return 0; +} + # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', @@ -351,3 +367,16 @@ SKIP: { '-ems_check'])), "fipsinstall fails when attempting to run self tests on install"); } + +ok(find_line_file('drbg-no-trunc-md = 0', 'fips.cnf') == 1, + 'fipsinstall defaults to not banning truncated digests with DRBGs'); + +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-no_drbg_truncated_digests'])), + "fipsinstall knows about allowing truncated digests in DRBGs"); + +ok(find_line_file('drbg-no-trunc-md = 1', 'fips.cnf') == 1, + 'fipsinstall will allow option for truncated digests with DRBGs'); + |