From b2a7310af0dd190712bae2e462a7708483dd4628 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Thu, 31 Oct 2019 17:17:31 +0200 Subject: [PATCH] Add more tests for apps/req https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 highlighted that existing testing infrastructure is not covering common usage patterns of the `req` app. This commit explicitly adds request generations thorugh the CLI using RSA, DSA and ECDSA (P-256) keys. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/pr-10312) --- test/recipes/25-test_req.t | 108 +++++++++++++++++++++++++++++-------- 1 file changed, 86 insertions(+), 22 deletions(-) diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 7dae692482..6da8e897f5 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 10; +plan tests => 13; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -46,15 +46,75 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); +subtest "generating certificate requests with RSA" => sub { + plan tests => 2; + + SKIP: { + skip "RSA is not supported by this OpenSSL build", 2 + if disabled("rsa"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "testrsa.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + +subtest "generating certificate requests with DSA" => sub { + plan tests => 2; + + SKIP: { + skip "DSA is not supported by this OpenSSL build", 2 + if disabled("dsa"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "testdsa.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + +subtest "generating certificate requests with ECDSA" => sub { + plan tests => 2; + + SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "testec-p256.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + subtest "generating certificate requests" => sub { plan tests => 2; ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - @req_new, "-out", "testreq.pem"])), + @req_new, "-out", "testreq.pem"])), "Generating request"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - "-verify", "-in", "testreq.pem", "-noout"])), + "-verify", "-in", "testreq.pem", "-noout"])), "Verifying signature on request"); }; @@ -64,24 +124,28 @@ subtest "generating SM2 certificate requests" => sub { SKIP: { skip "SM2 is not supported by this OpenSSL build", 4 if disabled("sm2"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "sm2_id:1234567812345678", "-out", "testreq.pem", "-sm3"])), "Generating SM2 certificate request"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq.pem", "-noout", "-sm2-id", "1234567812345678", "-sm3"])), "Verifying signature on SM2 certificate request"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "sm2_hex_id:DEADBEEF", "-out", "testreq.pem", "-sm3"])), "Generating SM2 certificate request with hex id"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq.pem", "-noout", "-sm2-hex-id", "DEADBEEF", "-sm3"])), "Verifying signature on SM2 certificate request"); @@ -91,9 +155,9 @@ subtest "generating SM2 certificate requests" => sub { my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); run_conversion('req conversions', - "testreq.pem"); + "testreq.pem"); run_conversion('req conversions -- testreq2', - srctop_file("test", "testreq2.pem")); + srctop_file("test", "testreq2.pem")); unlink "testkey.pem", "testreq.pem"; @@ -102,20 +166,20 @@ sub run_conversion { my $reqfile = shift; subtest $title => sub { - run(app(["openssl", @openssl_args, - "-in", $reqfile, "-inform", "p", - "-noout", "-text"], - stderr => "req-check.err", stdout => undef)); - open DATA, "req-check.err"; - SKIP: { - plan skip_all => "skipping req conversion test for $reqfile" - if grep /Unknown Public Key/, map { s/\R//; } ; + run(app(["openssl", @openssl_args, + "-in", $reqfile, "-inform", "p", + "-noout", "-text"], + stderr => "req-check.err", stdout => undef)); + open DATA, "req-check.err"; + SKIP: { + plan skip_all => "skipping req conversion test for $reqfile" + if grep /Unknown Public Key/, map { s/\R//; } ; - tconversion("req", $reqfile, @openssl_args); - } - close DATA; - unlink "req-check.err"; + tconversion("req", $reqfile, @openssl_args); + } + close DATA; + unlink "req-check.err"; - done_testing(); + done_testing(); }; }