ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1i

Browse Source
This commit is contained in:
Steve Dower
2021-01-05 19:44:35 +00:00
parent 7f34c3085f
commit ae8aba4cbc
344 changed files with 4257 additions and 4161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/recipes/04-test_pem.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -28,6 +28,8 @@ my %cert_expected = (
"cert-1023line.pem" => 1,
"cert-1024line.pem" => 1,
"cert-1025line.pem" => 1,
"cert-254-chars-at-the-end.pem" => 1,
"cert-254-chars-in-the-middle.pem" => 1,
"cert-255line.pem" => 1,
"cert-256line.pem" => 1,
"cert-257line.pem" => 1,
@@ -42,6 +44,7 @@ my %cert_expected = (
"cert-misalignedpad.pem" => 0,
"cert-onecolumn.pem" => 1,
"cert-oneline.pem" => 1,
"cert-oneline-multiple-of-254.pem" => 1,
"cert-shortandlongline.pem" => 1,
"cert-shortline.pem" => 1,
"cert-threecolumn.pem" => 1,

6
test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem Normal file
View File

@@ -0,0 +1,6 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLf
mipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo
9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjo
Kx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

5
test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT
3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCB
TaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

3
test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

12
test/recipes/05-test_cmac.t Normal file
View File

@@ -0,0 +1,12 @@
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_cmac", "cmactest", "cmac");

56
test/recipes/15-test_ec.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,23 +16,51 @@ use OpenSSL::Test::Utils;
setup("test_ec");
plan tests => 5;
plan tests => 11;
require_ok(srctop_file('test','recipes','tconversion.pl'));
ok(run(test(["ectest"])), "running ectest");
SKIP: {
skip "Skipping ec conversion test", 3
if disabled("ec");
SKIP: {
skip "Skipping EC conversion test", 3
if disabled("ec");
subtest 'ec conversions -- private key' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"));
};
subtest 'ec conversions -- private key PKCS#8' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey");
};
subtest 'ec conversions -- public key' => sub {
tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout");
};
subtest 'EC conversions -- private key' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"));
};
subtest 'EC conversions -- private key PKCS#8' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey");
};
subtest 'EC conversions -- public key' => sub {
tconversion("ec", srctop_file("test","testecpub-p256.pem"),
"ec", "-pubin", "-pubout");
};
}
SKIP: {
skip "Skipping EdDSA conversion test", 6
if disabled("ec");
subtest 'Ed25519 conversions -- private key' => sub {
tconversion("pkey", srctop_file("test","tested25519.pem"));
};
subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
tconversion("pkey", srctop_file("test","tested25519.pem"), "pkey");
};
subtest 'Ed25519 conversions -- public key' => sub {
tconversion("pkey", srctop_file("test","tested25519pub.pem"),
"pkey", "-pubin", "-pubout");
};
subtest 'Ed448 conversions -- private key' => sub {
tconversion("pkey", srctop_file("test","tested448.pem"));
};
subtest 'Ed448 conversions -- private key PKCS#8' => sub {
tconversion("pkey", srctop_file("test","tested448.pem"), "pkey");
};
subtest 'Ed448 conversions -- public key' => sub {
tconversion("pkey", srctop_file("test","tested448pub.pem"),
"pkey", "-pubin", "-pubout");
};
}

306
test/recipes/15-test_genec.t Normal file
View File

@@ -0,0 +1,306 @@
#! /usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;
setup("test_genec");
plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec");
my @prime_curves = qw(
secp112r1
secp112r2
secp128r1
secp128r2
secp160k1
secp160r1
secp160r2
secp192k1
secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
prime192v1
prime192v2
prime192v3
prime239v1
prime239v2
prime239v3
prime256v1
wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid-wtls12
brainpoolP160r1
brainpoolP160t1
brainpoolP192r1
brainpoolP192t1
brainpoolP224r1
brainpoolP224t1
brainpoolP256r1
brainpoolP256t1
brainpoolP320r1
brainpoolP320t1
brainpoolP384r1
brainpoolP384t1
brainpoolP512r1
brainpoolP512t1
);
my @binary_curves = qw(
sect113r1
sect113r2
sect131r1
sect131r2
sect163k1
sect163r1
sect163r2
sect193r1
sect193r2
sect233k1
sect233r1
sect239k1
sect283k1
sect283r1
sect409k1
sect409r1
sect571k1
sect571r1
c2pnb163v1
c2pnb163v2
c2pnb163v3
c2pnb176v1
c2tnb191v1
c2tnb191v2
c2tnb191v3
c2pnb208w1
c2tnb239v1
c2tnb239v2
c2tnb239v3
c2pnb272w1
c2pnb304w1
c2tnb359v1
c2pnb368w1
c2tnb431r1
wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid-wtls11
);
my @explicit_only_curves = ();
push(@explicit_only_curves, qw(
Oakley-EC2N-3
Oakley-EC2N-4
)) if !disabled("ec2m");
my @other_curves = ();
push(@other_curves, 'SM2')
if !disabled("sm2");
my @curve_aliases = qw(
P-192
P-224
P-256
P-384
P-521
);
push(@curve_aliases, qw(
B-163
B-233
B-283
B-409
B-571
K-163
K-233
K-283
K-409
K-571
)) if !disabled("ec2m");
my @curve_list = ();
push(@curve_list, @prime_curves);
push(@curve_list, @binary_curves)
if !disabled("ec2m");
push(@curve_list, @other_curves);
push(@curve_list, @curve_aliases);
my @params_encodings = ('named_curve', 'explicit');
my @output_formats = ('PEM', 'DER');
plan tests => scalar(@curve_list) * scalar(@params_encodings)
* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
* 2 # Test generating parameters and keys
+ 1 # Checking that with no curve it fails
+ 1 # Checking that with unknown curve it fails
+ 1 # Subtest for explicit only curves
;
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC'])),
"genpkey EC with no params should fail");
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
"genpkey EC with unknown curve name should fail");
foreach my $curvename (@curve_list) {
foreach my $paramenc (@params_encodings) {
# --- Test generating parameters ---
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
}
}
subtest "test curves that only support explicit parameters encoding" => sub {
@curve_list = @explicit_only_curves;
plan skip_all => "This test is unsupported under current configuration"
if scalar(@curve_list) <= 0;
plan tests => scalar(@curve_list) * scalar(@params_encodings)
* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
* 2 # Test generating parameters and keys
;
foreach my $curvename (@curve_list) {
my $paramenc = "explicit";
# --- Test generating parameters ---
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
my $paramenc = "named_curve";
# --- Test generating parameters ---
ok(!run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(!run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
}
};

104
test/recipes/20-test_dgst.t Normal file
View File

@@ -0,0 +1,104 @@
#! /usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use OpenSSL::Test qw/:DEFAULT with srctop_file/;
use OpenSSL::Test::Utils;
setup("test_dgst");
plan tests => 5;
sub tsignverify {
my $testtext = shift;
my $privkey = shift;
my $pubkey = shift;
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
plan tests => 4;
ok(run(app(['openssl', 'dgst', '-sign', $privkey,
'-out', 'testdgst.sig',
$data_to_sign])),
$testtext.": Generating signature");
ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with private key");
ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with public key");
ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$other_data])),
$testtext.": Expect failure verifying mismatching data");
unlink 'testdgst.sig';
}
SKIP: {
skip "RSA is not supported by this OpenSSL build", 1
if disabled("rsa");
subtest "RSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("RSA",
srctop_file("test","testrsa.pem"),
srctop_file("test","testrsapub.pem"));
};
}
SKIP: {
skip "DSA is not supported by this OpenSSL build", 1
if disabled("dsa");
subtest "DSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("DSA",
srctop_file("test","testdsa.pem"),
srctop_file("test","testdsapub.pem"));
};
}
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 1
if disabled("ec");
subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("ECDSA",
srctop_file("test","testec-p256.pem"),
srctop_file("test","testecpub-p256.pem"));
};
}
SKIP: {
skip "EdDSA is not supported by this OpenSSL build", 2
if disabled("ec");
skip "EdDSA is not supported with `dgst` CLI", 2;
subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed25519",
srctop_file("test","tested25519.pem"),
srctop_file("test","tested25519pub.pem"));
};
subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed448",
srctop_file("test","tested448.pem"),
srctop_file("test","tested448pub.pem"));
};
}

44
test/recipes/25-test_req.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
plan tests => 12;
plan tests => 14;
require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -106,6 +106,46 @@ subtest "generating certificate requests with ECDSA" => sub {
}
};
subtest "generating certificate requests with Ed25519" => sub {
plan tests => 2;
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "tested25519.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests with Ed448" => sub {
plan tests => 2;
SKIP: {
skip "Ed448 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "tested448.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests" => sub {
plan tests => 2;

30
test/recipes/25-test_verify.t
View File

@@ -27,7 +27,7 @@ sub verify {
run(app([@args]));
}
plan tests => 137;
plan tests => 145;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -132,6 +132,10 @@ ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
"fail untrusted partial chain");
ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
"accept trusted partial chain");
ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"),
"reject expired trusted partial chain"); # this check is beyond RFC 5280
ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]),
"reject expired trusted root"); # this check is beyond RFC 5280
ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
"accept partial chain with server purpose");
ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
@@ -280,6 +284,27 @@ ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level",
ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
"reject md5 leaf at auth level 1");
# Explicit vs named curve tests
SKIP: {
skip "EC is not supported by this OpenSSL build", 5
if disabled("ec");
ok(verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-named"]),
"accept explicit curve leaf with named curve intermediate without strict");
ok(verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-explicit"]),
"accept named curve leaf with explicit curve intermediate without strict");
ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-named"], "-x509_strict"),
"reject explicit curve leaf with named curve intermediate with strict");
ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-explicit"], "-x509_strict"),
"reject named curve leaf with explicit curve intermediate with strict");
ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"],
["ca-cert-ec-named"], "-x509_strict"),
"accept named curve leaf with named curve intermediate with strict");
}
# Depth tests, note the depth limit bounds the number of CA certificates
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
# chain, depth = 1 is sufficient, but depth == 0 is not.
@@ -368,6 +393,9 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
"Public Key Algorithm rsa instead of rsaEncryption");
ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
"accept trusted self-signed EE cert excluding key usage keyCertSign");
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 1
if disabled("ec");