diff options
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/20-test_pkeyutl.t | 11 | ||||
-rw-r--r-- | test/recipes/25-test_req.t | 30 |
2 files changed, 28 insertions, 13 deletions
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 543038cab9..3c135630f7 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -24,14 +24,21 @@ SKIP: { skip "Skipping tests that require EC, SM2 or SM3", 2 if disabled("ec") || disabled("sm2") || disabled("sm3"); + # TODO(3.0) Remove this when we have a SM2 keymgmt and decoder + my @tmp_sm2_hack = qw(-engine loader_attic) + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + skip "Skipping tests that require dynamic enginess (temporary meaasure)", 2 + unless @tmp_sm2_hack; + # SM2 - ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', + ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, '-sign', '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.key'), '-out', 'sm2.sig', '-rawin', '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), "Sign a piece of data using SM2"); - ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', + ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, + '-verify', '-certin', '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.pem'), '-sigfile', 'sm2.sig', '-rawin', diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 8d26be2bf0..544d32963c 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -29,6 +29,14 @@ if (disabled("rsa")) { note("There should not be more that at most 80 per line"); } +# TODO(3.0) This should be removed as soon as missing support is added +# Identified problems: +# - SM2 lacks provider-native keymgmt and decoder +# - ED25519, ED448, X25519 and X448 signature implementations do not +# respond to the "algorithm-id" parameter request. +my @tmp_loader_hack = qw(-engine loader_attic) + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + # Check for duplicate -addext parameters, and one "working" case. my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", "-config", srctop_file("test", "test.cnf"), @req_new ); @@ -135,15 +143,15 @@ subtest "generating certificate requests with Ed25519" => sub { SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ec") || !@tmp_loader_hack; - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-ed25519.pem", "-utf8", "-key", srctop_file("test", "tested25519.pem")])), "Generating request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-ed25519.pem", "-noout"])), "Verifying signature on request"); @@ -155,15 +163,15 @@ subtest "generating certificate requests with Ed448" => sub { SKIP: { skip "Ed448 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ec") || !@tmp_loader_hack; - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-ed448.pem", "-utf8", "-key", srctop_file("test", "tested448.pem")])), "Generating request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-ed448.pem", "-noout"])), "Verifying signature on request"); @@ -187,28 +195,28 @@ subtest "generating SM2 certificate requests" => sub { SKIP: { skip "SM2 is not supported by this OpenSSL build", 4 - if disabled("sm2"); - ok(run(app(["openssl", "req", + if disabled("sm2") || !@tmp_loader_hack; + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "distid:1234567812345678", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", "-vfyopt", "distid:1234567812345678", "-sm3"])), "Verifying signature on SM2 certificate request"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), "-sigopt", "hexdistid:DEADBEEF", "-out", "testreq-sm2.pem", "-sm3"])), "Generating SM2 certificate request with hex id"); - ok(run(app(["openssl", "req", + ok(run(app(["openssl", "req", @tmp_loader_hack, "-config", srctop_file("test", "test.cnf"), "-verify", "-in", "testreq-sm2.pem", "-noout", "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])), |