diff options
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/03-test_fipsinstall.t | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 10a2fcaffa..91bb9a7911 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -24,7 +24,7 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 31; +plan tests => 34; my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; @@ -80,6 +80,22 @@ sub replace_parent_line_file { $srch, $rep, $outfile); } +# Check if the specified pattern occurs in the given file +# Returns 1 if the pattern is found and 0 if not +sub find_line_file { + my ($key, $file) = @_; + + open(my $in, $file) or return -1; + while (my $line = <$in>) { + if ($line =~ /$key/) { + close($in); + return 1; + } + } + close($in); + return 0; +} + # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', @@ -351,3 +367,16 @@ SKIP: { '-ems_check'])), "fipsinstall fails when attempting to run self tests on install"); } + +ok(find_line_file('drbg-no-trunc-md = 0', 'fips.cnf') == 1, + 'fipsinstall defaults to not banning truncated digests with DRBGs'); + +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-no_drbg_truncated_digests'])), + "fipsinstall knows about allowing truncated digests in DRBGs"); + +ok(find_line_file('drbg-no-trunc-md = 1', 'fips.cnf') == 1, + 'fipsinstall will allow option for truncated digests with DRBGs'); + |