diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-05-03 14:40:06 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-05-06 12:43:32 +0200 |
| commit | d105a24c8987dde38595a2fa336057b141e5ddf3 (patch) | |
| tree | 3abe623ae043c4755895d0d2ac8e6c2cd10f41f4 | |
| parent | Document the behavior of the -inform and related options (diff) | |
| download | openssl-d105a24c8987dde38595a2fa336057b141e5ddf3.tar.xz openssl-d105a24c8987dde38595a2fa336057b141e5ddf3.zip | |
Add some tests for -inform/keyform enforcement
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
| -rw-r--r-- | test/recipes/20-test_pkeyutl.t | 12 | ||||
| -rw-r--r-- | test/recipes/25-test_crl.t | 8 | ||||
| -rw-r--r-- | test/recipes/25-test_req.t | 12 | ||||
| -rw-r--r-- | test/recipes/25-test_x509.t | 16 |
4 files changed, 40 insertions, 8 deletions
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 7f2ff029ba..5492baa551 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -80,7 +80,7 @@ sub tsignverify { my $sigfile = basename($privkey, '.pem') . '.sig'; my @args = (); - plan tests => 4; + plan tests => 5; @args = ('openssl', 'pkeyutl', '-sign', '-inkey', $privkey, @@ -90,6 +90,15 @@ sub tsignverify { ok(run(app([@args])), $testtext.": Generating signature"); + @args = ('openssl', 'pkeyutl', '-sign', + '-inkey', $privkey, + '-keyform', 'DER', + '-out', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(!run(app([@args])), + $testtext.": Checking that mismatching keyform fails"); + @args = ('openssl', 'pkeyutl', '-verify', '-inkey', $privkey, '-sigfile', $sigfile, @@ -99,6 +108,7 @@ sub tsignverify { $testtext.": Verify signature with private key"); @args = ('openssl', 'pkeyutl', '-verify', + '-keyform', 'PEM', '-inkey', $pubkey, '-pubin', '-sigfile', $sigfile, '-in', $data_to_sign); diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t index 1d6200e6d4..c789da6aa6 100644 --- a/test/recipes/25-test_crl.t +++ b/test/recipes/25-test_crl.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_crl"); -plan tests => 9; +plan tests => 10; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -44,8 +44,10 @@ ok(compare1stline_stdin([qw{openssl crl -hash -noout}], '106cd822'), "crl piped input test"); -ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out, - "-nameopt", "utf8"]))); +ok(!run(app(["openssl", "crl", "-text", "-in", $pem, "-inform", "DER", + "-out", $out, "-nameopt", "utf8"]))); +ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-inform", "PEM", + "-out", $out, "-nameopt", "utf8"]))); is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")), 0, 'Comparing utf8 output'); diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index ab6c6e681b..30c1c43a7f 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -73,16 +73,24 @@ subtest "generating alt certificate requests with RSA" => sub { subtest "generating certificate requests with RSA" => sub { - plan tests => 2; + plan tests => 3; SKIP: { skip "RSA is not supported by this OpenSSL build", 2 if disabled("rsa"); + ok(!run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq-rsa.pem", "-utf8", + "-key", srctop_file("test", "testrsa.pem"), + "-keyform", "DER"])), + "Checking that mismatching keyform fails"); + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-rsa.pem", "-utf8", - "-key", srctop_file("test", "testrsa.pem")])), + "-key", srctop_file("test", "testrsa.pem"), + "-keyform", "PEM"])), "Generating request"); ok(run(app(["openssl", "req", diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index ae934bf420..1324f754e9 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 15; +plan tests => 18; require_ok(srctop_file("test", "recipes", "tconversion.pl")); @@ -24,6 +24,8 @@ my @certs = qw(test certs); my $pem = srctop_file(@certs, "cyrillic.pem"); my $out_msb = "out-cyrillic.msb"; my $out_utf8 = "out-cyrillic.utf8"; +my $der = "cyrillic.der"; +my $der2 = "cyrillic.der"; my $msb = srctop_file(@certs, "cyrillic.msb"); my $utf = srctop_file(@certs, "cyrillic.utf8"); @@ -36,7 +38,7 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, is(cmp_text($out_utf8, $utf), 0, 'Comparing utf8 output with cyrillic.utf8'); - SKIP: { +SKIP: { skip "DES disabled", 1 if disabled("des"); my $p12 = srctop_file("test", "shibboleth.pfx"); @@ -47,6 +49,16 @@ is(cmp_text($out_utf8, $utf), # not unlinking $out_pem } +ok(!run(app(["openssl", "x509", "-in", $pem, "-inform", "DER", + "-out", $der, "-outform", "DER"])), + "Checking failure of mismatching -inform DER"); +ok(run(app(["openssl", "x509", "-in", $pem, "-inform", "PEM", + "-out", $der, "-outform", "DER"])), + "Conversion to DER"); +ok(!run(app(["openssl", "x509", "-in", $der, "-inform", "PEM", + "-out", $der2, "-outform", "DER"])), + "Checking failure of mismatching -inform PEM"); + # producing and checking self-issued (but not self-signed) cert my $subj = "/CN=CA"; # using same DN as in issuer of ee-cert.pem my $extfile = srctop_file("test", "v3_ca_exts.cnf"); |