mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
b527564884
openssl/test/recipes/25-test_req.t

248 lines
8.5 KiB
Perl
Raw Normal View History

Unified copyright for test recipes Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 19:21:51 +08:00
#! /usr/bin/env perl
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 20:55:52 +08:00
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Unified copyright for test recipes Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 19:21:51 +08:00
#
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
2018-12-06 20:05:25 +08:00
# Licensed under the Apache License 2.0 (the "License"). You may not use
Unified copyright for test recipes Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-22 19:21:51 +08:00
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
use strict;
use warnings;
Make 25-test_gen.t and 25-test_req.t into one Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 07:05:06 +08:00
use OpenSSL::Test::Utils;
unified build scheme: adjust test framework for out of source build tree To be able to run tests when we've built in a directory other than the source tree, the testing framework needs a few adjustments. test/testlib/OpenSSL/Test.pm needs to know where it can find shlib_wrap.sh, and a number of other tests need to be told a different place to find engines than what they may be able to figure out on their own. Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be used as an alternative. As part of this change, top_file and top_dir are removed and srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place. Reviewed-by: Ben Laurie <ben@openssl.org>
2016-01-30 08:05:33 +08:00
use OpenSSL::Test qw/:DEFAULT srctop_file/;
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
setup("test_req");
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249)
2020-03-05 03:41:53 +08:00
plan tests => 16;
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
unified build scheme: adjust test framework for out of source build tree To be able to run tests when we've built in a directory other than the source tree, the testing framework needs a few adjustments. test/testlib/OpenSSL/Test.pm needs to know where it can find shlib_wrap.sh, and a number of other tests need to be told a different place to find engines than what they may be able to figure out on their own. Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be used as an alternative. As part of this change, top_file and top_dir are removed and srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place. Reviewed-by: Ben Laurie <ben@openssl.org>
2016-01-30 08:05:33 +08:00
require_ok(srctop_file('test','recipes','tconversion.pl'));
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
Add tests for the "req" command, -addext flag Also fixed a memory leak found by the test. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6681)
2018-07-10 02:55:17 +08:00
# What type of key to generate?
my @req_new;
if (disabled("rsa")) {
@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
} else {
@req_new = ("-new");
note("There should be a 2 sequences of .'s and some +'s.");
note("There should not be more that at most 80 per line");
}
# Check for duplicate -addext parameters, and one "working" case.
my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
"-config", srctop_file("test", "test.cnf"), @req_new );
Reject duplicate -addext parameters Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6636)
2018-07-06 07:57:22 +08:00
my $val = "subjectAltName=DNS:example.com";
my $val2 = " " . $val;
my $val3 = $val;
$val3 =~ s/=/ =/;
Add tests for the "req" command, -addext flag Also fixed a memory leak found by the test. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6681)
2018-07-10 02:55:17 +08:00
ok( run(app([@addext_args, "-addext", $val])));
ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
Reject duplicate -addext parameters Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6636)
2018-07-06 07:57:22 +08:00
Add -section option to 'req' command This removes "req" as the hardwired section for the req command. Doing this will let us merge some test configs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11249)
2020-03-05 03:41:53 +08:00
subtest "generating alt certificate requests with RSA" => sub {
plan tests => 3;
SKIP: {
skip "RSA is not supported by this OpenSSL build", 2
if disabled("rsa");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-section", "altreq",
"-new", "-out", "testreq-rsa.pem", "-utf8",
"-key", srctop_file("test", "testrsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-rsa.pem", "-noout"])),
"Verifying signature on request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-section", "altreq",
"-verify", "-in", "testreq-rsa.pem", "-noout"])),
"Verifying signature on request");
}
};
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
subtest "generating certificate requests with RSA" => sub {
plan tests => 2;
SKIP: {
skip "RSA is not supported by this OpenSSL build", 2
if disabled("rsa");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-new", "-out", "testreq-rsa.pem", "-utf8",
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"-key", srctop_file("test", "testrsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-rsa.pem", "-noout"])),
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"Verifying signature on request");
}
};
subtest "generating certificate requests with DSA" => sub {
plan tests => 2;
SKIP: {
skip "DSA is not supported by this OpenSSL build", 2
if disabled("dsa");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-new", "-out", "testreq-dsa.pem", "-utf8",
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"-key", srctop_file("test", "testdsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-dsa.pem", "-noout"])),
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"Verifying signature on request");
}
};
subtest "generating certificate requests with ECDSA" => sub {
plan tests => 2;
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-new", "-out", "testreq-ec.pem", "-utf8",
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"-key", srctop_file("test", "testec-p256.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-ec.pem", "-noout"])),
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"Verifying signature on request");
}
};
More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10410)
2019-11-11 18:13:10 +08:00
subtest "generating certificate requests with Ed25519" => sub {
plan tests => 2;
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-new", "-out", "testreq-ed25519.pem", "-utf8",
More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10410)
2019-11-11 18:13:10 +08:00
"-key", srctop_file("test", "tested25519.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-ed25519.pem", "-noout"])),
More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10410)
2019-11-11 18:13:10 +08:00
"Verifying signature on request");
}
};
subtest "generating certificate requests with Ed448" => sub {
plan tests => 2;
SKIP: {
skip "Ed448 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-new", "-out", "testreq-ed448.pem", "-utf8",
More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10410)
2019-11-11 18:13:10 +08:00
"-key", srctop_file("test", "tested448.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-ed448.pem", "-noout"])),
More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10410)
2019-11-11 18:13:10 +08:00
"Verifying signature on request");
}
};
Make 25-test_gen.t and 25-test_req.t into one Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 07:05:06 +08:00
subtest "generating certificate requests" => sub {
plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
@req_new, "-out", "testreq.pem"])),
Make 25-test_gen.t and 25-test_req.t into one Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 07:05:06 +08:00
"Generating request");
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"-verify", "-in", "testreq.pem", "-noout"])),
Make 25-test_gen.t and 25-test_req.t into one Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 07:05:06 +08:00
"Verifying signature on request");
};
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
subtest "generating SM2 certificate requests" => sub {
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
plan tests => 4;
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
SKIP: {
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
skip "SM2 is not supported by this OpenSSL build", 4
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
if disabled("sm2");
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
2020-03-11 06:10:29 +08:00
"-sigopt", "distid:1234567812345678",
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-out", "testreq-sm2.pem", "-sm3"])),
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
"Generating SM2 certificate request");
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-sm2.pem", "-noout",
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
2020-03-11 06:10:29 +08:00
"-vfyopt", "distid:1234567812345678", "-sm3"])),
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
"Verifying signature on SM2 certificate request");
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
2020-03-11 06:10:29 +08:00
"-sigopt", "hexdistid:DEADBEEF",
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-out", "testreq-sm2.pem", "-sm3"])),
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
"Generating SM2 certificate request with hex id");
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11080)
2020-02-13 07:28:31 +08:00
"-verify", "-in", "testreq-sm2.pem", "-noout",
TEST: Adapt all applicable tests to the new distinguishing ID Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
2020-03-11 06:10:29 +08:00
"-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584)
2019-07-30 23:05:44 +08:00
"Verifying signature on SM2 certificate request");
Support SM2 certificate signing SM2 certificate signing request can be created and signed by OpenSSL now, both in library and apps. Documentation and test cases are added. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-05 14:46:48 +08:00
}
};
unified build scheme: adjust test framework for out of source build tree To be able to run tests when we've built in a directory other than the source tree, the testing framework needs a few adjustments. test/testlib/OpenSSL/Test.pm needs to know where it can find shlib_wrap.sh, and a number of other tests need to be told a different place to find engines than what they may be able to figure out on their own. Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be used as an alternative. As part of this change, top_file and top_dir are removed and srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place. Reviewed-by: Ben Laurie <ben@openssl.org>
2016-01-30 08:05:33 +08:00
my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
run_conversion('req conversions',
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
"testreq.pem");
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
run_conversion('req conversions -- testreq2',
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
srctop_file("test", "testreq2.pem"));
Make 25-test_gen.t and 25-test_req.t into one Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 07:05:06 +08:00
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
sub run_conversion {
my $title = shift;
my $reqfile = shift;
subtest $title => sub {
Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr-10312)
2019-10-31 23:17:31 +08:00
run(app(["openssl", @openssl_args,
"-in", $reqfile, "-inform", "p",
"-noout", "-text"],
stderr => "req-check.err", stdout => undef));
open DATA, "req-check.err";
SKIP: {
plan skip_all => "skipping req conversion test for $reqfile"
if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
tconversion("req", $reqfile, @openssl_args);
}
close DATA;
unlink "req-check.err";
done_testing();
Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-18 02:15:22 +08:00
};
}
Reference in New Issue Copy Permalink