diff options
| author | Dr. David von Oheimb <dev@ddvo.net> | 2024-11-07 21:55:53 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-11-09 11:43:59 +0100 |
| commit | fe07cbf9c324a63f8141cfa6ef7f14a42bce4ef4 (patch) | |
| tree | 4c4ce3ed6e800eb36311d1471dc20351cfe65673 | |
| parent | Add a test for setting TLSv1.2 ciphersuites on a QUIC object (diff) | |
| download | openssl-fe07cbf9c324a63f8141cfa6ef7f14a42bce4ef4.tar.xz openssl-fe07cbf9c324a63f8141cfa6ef7f14a42bce4ef4.zip | |
APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input
Fixed #25898
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)
| -rw-r--r-- | apps/pkeyutl.c | 3 | ||||
| -rw-r--r-- | test/recipes/20-test_pkeyutl.t | 14 |
2 files changed, 11 insertions, 6 deletions
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index ca2575bc17..64c5d5871a 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -490,8 +490,7 @@ int pkeyutl_main(int argc, char **argv) /* Sanity check the input if the input is not raw */ if (!rawin - && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY - || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) { + && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) { if (buf_inlen > EVP_MAX_MD_SIZE) { BIO_printf(bio_err, "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n", diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index d78e74d38a..abdbac7541 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -17,7 +17,7 @@ use File::Compare qw/compare_text compare/; setup("test_pkeyutl"); -plan tests => 23; +plan tests => 24; # For the tests below we use the cert itself as the TBS file @@ -92,6 +92,7 @@ SKIP: { "Verify an Ed448 signature against a piece of data, no -rawin"); } +my $sigfile; sub tsignverify { my $testtext = shift; my $privkey = shift; @@ -100,7 +101,7 @@ sub tsignverify { my $data_to_sign = srctop_file('test', 'data.bin'); my $other_data = srctop_file('test', 'data2.bin'); - my $sigfile = basename($privkey, '.pem') . '.sig'; + $sigfile = basename($privkey, '.pem') . '.sig'; my @args = (); plan tests => 5; @@ -149,7 +150,7 @@ sub tsignverify { } SKIP: { - skip "RSA is not supported by this OpenSSL build", 1 + skip "RSA is not supported by this OpenSSL build", 3 if disabled("rsa"); subtest "RSA CLI signature generation and verification" => sub { @@ -159,6 +160,10 @@ SKIP: { "-rawin", "-digest", "sha256"); }; + ok(run(app((['openssl', 'pkeyutl', '-verifyrecover', '-in', $sigfile, + '-pubin', '-inkey', srctop_file('test', 'testrsapub.pem')]))), + "RSA: Verify signature with -verifyrecover"); + subtest "RSA CLI signature and verification with pkeyopt" => sub { tsignverify("RSA", srctop_file("test","testrsa.pem"), @@ -166,6 +171,7 @@ SKIP: { "-rawin", "-digest", "sha256", "-pkeyopt", "rsa_padding_mode:pss"); }; + } SKIP: { @@ -228,7 +234,7 @@ SKIP: { # openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin # decap_out is equal to secret SKIP: { - skip "RSA is not supported by this OpenSSL build", 3 + skip "RSA is not supported by this OpenSSL build", 5 if disabled("rsa"); # Self-compat |