From d49be019d257149d61b9061be83602ec51fa9812 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 11 May 2020 18:27:04 +0200 Subject: [PATCH] test/recipes/15-test_rsapss.t: Add test with unrestricted signature Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11710) --- test/recipes/15-test_rsapss.t | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t index 0d7e7bf2e3..5c8340259f 100644 --- a/test/recipes/15-test_rsapss.t +++ b/test/recipes/15-test_rsapss.t @@ -16,14 +16,22 @@ use OpenSSL::Test::Utils; setup("test_rsapss"); -plan tests => 5; +plan tests => 7; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', + '-out', 'testrsapss-restricted.sig', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -sign"); + "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]"); + +ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-out', 'testrsapss-unrestricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); with({ exit_checker => sub { return shift == 1; } }, sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', @@ -41,8 +49,18 @@ with({ exit_checker => sub { return shift == 1; } }, "openssl dgst -prverify, expect to fail gracefully"); }); -ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', + '-signature', 'testrsapss-restricted.sig', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -prverify"); + "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]"); + +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-signature', 'testrsapss-unrestricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");