summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/build.info24
-rw-r--r--test/recipes/15-test_genrsa.t62
-rw-r--r--test/recipes/15-test_mp_rsa.t34
-rw-r--r--test/recipes/15-test_rsa.t56
-rw-r--r--test/rsa_mp_test.c6
-rw-r--r--test/rsa_test.c6
6 files changed, 124 insertions, 64 deletions
diff --git a/test/build.info b/test/build.info
index f964dec4ba..84229bdd2d 100644
--- a/test/build.info
+++ b/test/build.info
@@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}]
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
- ssltest_old exptest rsa_test \
+ ssltest_old exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}]
recordlentest drbgtest sslbuffertest \
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
- servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
+ servername_test ocspapitest fatalerrtest tls13ccstest \
sysdefaulttest errtest ssl_ctx_test gosttest \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test
@@ -125,14 +125,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
- SOURCE[rsa_test]=rsa_test.c
- INCLUDE[rsa_test]=../include ../apps/include
- DEPEND[rsa_test]=../libcrypto libtestutil.a
-
- SOURCE[rsa_mp_test]=rsa_mp_test.c
- INCLUDE[rsa_mp_test]=../include ../apps/include
- DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a
-
SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c
INCLUDE[fatalerrtest]=../include ../apps/include
DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a
@@ -495,12 +487,11 @@ IF[{- !$disabled{tests} -}]
IF[1]
PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \
tls13encryptiontest wpackettest ctype_internal_test \
- rdrand_sanitytest property_test ideatest \
- rsa_sp800_56b_test bn_internal_test ecdsatest \
+ rdrand_sanitytest property_test ideatest rsa_mp_test \
+ rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \
rc2test rc4test rc5test hmactest ffc_internal_test \
asn1_dsa_internal_test dsatest dsa_no_digest_size_test
-
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
ENDIF
@@ -540,6 +531,13 @@ IF[{- !$disabled{tests} -}]
INCLUDE[x509_internal_test]=.. ../include ../apps/include
DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a
+ SOURCE[rsa_test]=rsa_test.c
+ INCLUDE[rsa_test]=../include ../apps/include
+ DEPEND[rsa_test]=../libcrypto.a libtestutil.a
+
+ SOURCE[rsa_mp_test]=rsa_mp_test.c
+ INCLUDE[rsa_mp_test]=../include ../apps/include
+ DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a
SOURCE[ecdsatest]=ecdsatest.c
INCLUDE[ecdsatest]=../include ../apps/include
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index d7d146a1d9..0ec0e65f18 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -16,10 +16,18 @@ use OpenSSL::Test::Utils;
setup("test_genrsa");
-plan tests => 5;
+plan tests => 9;
# We want to know that an absurdly small number of bits isn't support
-is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+if (disabled("deprecated-3.0")) {
+ is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
+ '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+ 0, "genrsa -3 8");
+} else {
+ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
+ 0, "genrsa -3 8");
+}
# Depending on the shared library, we might have different lower limits.
# Let's find it! This is a simple binary search
@@ -29,10 +37,21 @@ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "ge
note "Looking for lowest amount of bits";
my $bad = 3; # Log2 of number of bits (2 << 3 == 8)
my $good = 11; # Log2 of number of bits (2 << 11 == 2048)
+my $fin;
while ($good > $bad + 1) {
my $checked = int(($good + $bad + 1) / 2);
- if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
- 2 ** $checked ], stderr => undef))) {
+ my $bits = 2 ** $checked;
+ if (disabled("deprecated-3.0")) {
+ $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:3',
+ '-pkeyopt', "rsa_keygen_bits:$bits",
+ ], stderr => undef));
+ } else {
+ $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
+ $bits
+ ], stderr => undef));
+ }
+ if ($fin) {
note 2 ** $checked, " bits is good";
$good = $checked;
} else {
@@ -44,11 +63,30 @@ $good++ if $good == $bad;
$good = 2 ** $good;
note "Found lowest allowed amount of bits to be $good";
-ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
- "genrsa -3 $good");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
- "rsa -check");
-ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
- "genrsa -f4 $good");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
- "rsa -check");
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
+ '-pkeyopt', 'rsa_keygen_pubexp:3',
+ '-pkeyopt', "rsa_keygen_bits:$good",
+ '-out', 'genrsatest.pem' ])),
+ "genpkey -3 $good");
+ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "pkey -check");
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
+ '-pkeyopt', 'rsa_keygen_pubexp:65537',
+ '-pkeyopt', "rsa_keygen_bits:$good",
+ '-out', 'genrsatest.pem' ])),
+ "genpkey -f4 $good");
+ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "pkey -check");
+
+ SKIP: {
+ skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
+
+ ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -3 $good");
+ ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
+ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -f4 $good");
+ ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
+}
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index 4a4ac3569d..6ecf80c4e2 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -17,12 +17,6 @@ use OpenSSL::Test::Utils;
setup("test_mp_rsa");
-plan tests => 31;
-
-ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
-
-my $cleartext = data_file("plain_text");
-
my @test_param = (
# 3 primes, 2048-bit
{
@@ -41,8 +35,14 @@ my @test_param = (
},
);
+plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2);
+
+ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
+
+my $cleartext = data_file("plain_text");
+
# genrsa
-run_mp_tests(0);
+run_mp_tests(0) if !disabled('deprecated-3.0');
# evp
run_mp_tests(1);
@@ -60,17 +60,9 @@ sub run_mp_tests {
'-pkeyopt', "rsa_keygen_primes:$primes",
'-pkeyopt', "rsa_keygen_bits:$bits"])),
"genrsa $name");
- } else {
- ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem",
- '-primes', $primes, $bits])),
- "genrsa $name");
- }
-
- ok(run(app([ 'openssl', 'rsa', '-check', '-in', "rsamptest-$name.pem",
- '-noout'])),
- "rsa -check $name");
-
- if ($evp) {
+ ok(run(app([ 'openssl', 'pkey', '-check',
+ '-in', "rsamptest-$name.pem", '-noout'])),
+ "rsa -check $name");
ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
'-out', "rsamptest-$name.enc" ])),
@@ -80,6 +72,11 @@ sub run_mp_tests {
'-out', "rsamptest-$name.dec" ])),
"rsa $name decrypt");
} else {
+ ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem",
+ '-primes', $primes, $bits])), "genrsa $name");
+ ok(run(app([ 'openssl', 'rsa', '-check',
+ '-in', "rsamptest-$name.pem", '-noout'])),
+ "rsa -check $name");
ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
'-out', "rsamptest-$name.enc" ])),
@@ -89,7 +86,6 @@ sub run_mp_tests {
'-out', "rsamptest-$name.dec" ])),
"rsa $name decrypt");
}
-
ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
}
}
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
index 3b1a0fcd5d..2e8afa8213 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -16,32 +16,48 @@ use OpenSSL::Test::Utils;
setup("test_rsa");
-plan tests => 6;
+#plan skip_all => "RSA command line tool not built"
+# if disabled("deprecated-3.0");
-require_ok(srctop_file('test','recipes','tconversion.pl'));
+plan tests => 10;
+
+require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
ok(run(test(["rsa_test"])), "running rsatest");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check");
+run_rsa_tests("pkey");
SKIP: {
- skip "Skipping rsa conversion test", 3
- if disabled("rsa");
-
- subtest 'rsa conversions -- private key' => sub {
- tconversion("rsa", srctop_file("test","testrsa.pem"));
- };
- subtest 'rsa conversions -- private key PKCS#8' => sub {
- tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey");
- };
-}
+ skip "Skipping rsa command line tests", 4 if disabled('deprecated-3.0');
- SKIP: {
- skip "Skipping msblob conversion test", 1
- if disabled("rsa") || disabled("dsa");
+ run_rsa_tests("rsa");
+}
- subtest 'rsa conversions -- public key' => sub {
- tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa",
- "-pubin", "-pubout");
- };
+sub run_rsa_tests {
+ my $cmd = shift;
+
+ ok(run(app([ 'openssl', $cmd, '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])),
+ "$cmd -check" );
+
+ SKIP: {
+ skip "Skipping $cmd conversion test", 3
+ if disabled("rsa");
+
+ subtest "$cmd conversions -- private key" => sub {
+ tconversion($cmd, srctop_file("test", "testrsa.pem"));
+ };
+ subtest "$cmd conversions -- private key PKCS#8" => sub {
+ tconversion($cmd, srctop_file("test", "testrsa.pem"), "pkey");
+ };
+ }
+
+ SKIP: {
+ skip "Skipping msblob conversion test", 1
+ if disabled($cmd) || disabled("dsa") || $cmd == 'pkey';
+
+ subtest "$cmd conversions -- public key" => sub {
+ tconversion("msb", srctop_file("test", "testrsapub.pem"), "rsa",
+ "-pubin", "-pubout");
+ };
+ }
}
diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c
index baa9dd2272..53e2966997 100644
--- a/test/rsa_mp_test.c
+++ b/test/rsa_mp_test.c
@@ -10,6 +10,12 @@
/* This aims to test the setting functions, including internal ones */
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
diff --git a/test/rsa_test.c b/test/rsa_test.c
index 084f533ac1..1fbfe821cb 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -9,6 +9,12 @@
/* test vectors from p1ovect1.txt */
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 15:33:32 +0000