diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/build.info | 24 | ||||
-rw-r--r-- | test/recipes/15-test_genrsa.t | 62 | ||||
-rw-r--r-- | test/recipes/15-test_mp_rsa.t | 34 | ||||
-rw-r--r-- | test/recipes/15-test_rsa.t | 56 | ||||
-rw-r--r-- | test/rsa_mp_test.c | 6 | ||||
-rw-r--r-- | test/rsa_test.c | 6 |
6 files changed, 124 insertions, 64 deletions
diff --git a/test/build.info b/test/build.info index f964dec4ba..84229bdd2d 100644 --- a/test/build.info +++ b/test/build.info @@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}] ectest ecstresstest gmdifftest pbelutest \ destest mdc2test \ dhtest enginetest \ - ssltest_old exptest rsa_test \ + ssltest_old exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \ v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ @@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}] recordlentest drbgtest sslbuffertest \ recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ - servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ + servername_test ocspapitest fatalerrtest tls13ccstest \ sysdefaulttest errtest ssl_ctx_test gosttest \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test @@ -125,14 +125,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[exptest]=../include ../apps/include DEPEND[exptest]=../libcrypto libtestutil.a - SOURCE[rsa_test]=rsa_test.c - INCLUDE[rsa_test]=../include ../apps/include - DEPEND[rsa_test]=../libcrypto libtestutil.a - - SOURCE[rsa_mp_test]=rsa_mp_test.c - INCLUDE[rsa_mp_test]=../include ../apps/include - DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a - SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c INCLUDE[fatalerrtest]=../include ../apps/include DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a @@ -495,12 +487,11 @@ IF[{- !$disabled{tests} -}] IF[1] PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \ tls13encryptiontest wpackettest ctype_internal_test \ - rdrand_sanitytest property_test ideatest \ - rsa_sp800_56b_test bn_internal_test ecdsatest \ + rdrand_sanitytest property_test ideatest rsa_mp_test \ + rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \ rc2test rc4test rc5test hmactest ffc_internal_test \ asn1_dsa_internal_test dsatest dsa_no_digest_size_test - IF[{- !$disabled{poly1305} -}] PROGRAMS{noinst}=poly1305_internal_test ENDIF @@ -540,6 +531,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_internal_test]=.. ../include ../apps/include DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a + SOURCE[rsa_test]=rsa_test.c + INCLUDE[rsa_test]=../include ../apps/include + DEPEND[rsa_test]=../libcrypto.a libtestutil.a + + SOURCE[rsa_mp_test]=rsa_mp_test.c + INCLUDE[rsa_mp_test]=../include ../apps/include + DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a SOURCE[ecdsatest]=ecdsatest.c INCLUDE[ecdsatest]=../include ../apps/include diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index d7d146a1d9..0ec0e65f18 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -16,10 +16,18 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 5; +plan tests => 9; # We want to know that an absurdly small number of bits isn't support -is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); +if (disabled("deprecated-3.0")) { + is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', + '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8', + '-pkeyopt', 'rsa_keygen_pubexp:3'])), + 0, "genrsa -3 8"); +} else { + is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), + 0, "genrsa -3 8"); +} # Depending on the shared library, we might have different lower limits. # Let's find it! This is a simple binary search @@ -29,10 +37,21 @@ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "ge note "Looking for lowest amount of bits"; my $bad = 3; # Log2 of number of bits (2 << 3 == 8) my $good = 11; # Log2 of number of bits (2 << 11 == 2048) +my $fin; while ($good > $bad + 1) { my $checked = int(($good + $bad + 1) / 2); - if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', - 2 ** $checked ], stderr => undef))) { + my $bits = 2 ** $checked; + if (disabled("deprecated-3.0")) { + $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', + '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:3', + '-pkeyopt', "rsa_keygen_bits:$bits", + ], stderr => undef)); + } else { + $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', + $bits + ], stderr => undef)); + } + if ($fin) { note 2 ** $checked, " bits is good"; $good = $checked; } else { @@ -44,11 +63,30 @@ $good++ if $good == $bad; $good = 2 ** $good; note "Found lowest allowed amount of bits to be $good"; -ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), - "genrsa -3 $good"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), - "rsa -check"); -ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), - "genrsa -f4 $good"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), - "rsa -check"); +ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'rsa_keygen_pubexp:3', + '-pkeyopt', "rsa_keygen_bits:$good", + '-out', 'genrsatest.pem' ])), + "genpkey -3 $good"); +ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "pkey -check"); +ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'rsa_keygen_pubexp:65537', + '-pkeyopt', "rsa_keygen_bits:$good", + '-out', 'genrsatest.pem' ])), + "genpkey -f4 $good"); +ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "pkey -check"); + + SKIP: { + skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0"); + + ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), + "genrsa -3 $good"); + ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "rsa -check"); + ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), + "genrsa -f4 $good"); + ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "rsa -check"); +} diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t index 4a4ac3569d..6ecf80c4e2 100644 --- a/test/recipes/15-test_mp_rsa.t +++ b/test/recipes/15-test_mp_rsa.t @@ -17,12 +17,6 @@ use OpenSSL::Test::Utils; setup("test_mp_rsa"); -plan tests => 31; - -ok(run(test(["rsa_mp_test"])), "running rsa multi prime test"); - -my $cleartext = data_file("plain_text"); - my @test_param = ( # 3 primes, 2048-bit { @@ -41,8 +35,14 @@ my @test_param = ( }, ); +plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2); + +ok(run(test(["rsa_mp_test"])), "running rsa multi prime test"); + +my $cleartext = data_file("plain_text"); + # genrsa -run_mp_tests(0); +run_mp_tests(0) if !disabled('deprecated-3.0'); # evp run_mp_tests(1); @@ -60,17 +60,9 @@ sub run_mp_tests { '-pkeyopt', "rsa_keygen_primes:$primes", '-pkeyopt', "rsa_keygen_bits:$bits"])), "genrsa $name"); - } else { - ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem", - '-primes', $primes, $bits])), - "genrsa $name"); - } - - ok(run(app([ 'openssl', 'rsa', '-check', '-in', "rsamptest-$name.pem", - '-noout'])), - "rsa -check $name"); - - if ($evp) { + ok(run(app([ 'openssl', 'pkey', '-check', + '-in', "rsamptest-$name.pem", '-noout'])), + "rsa -check $name"); ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem", '-encrypt', '-in', $cleartext, '-out', "rsamptest-$name.enc" ])), @@ -80,6 +72,11 @@ sub run_mp_tests { '-out', "rsamptest-$name.dec" ])), "rsa $name decrypt"); } else { + ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem", + '-primes', $primes, $bits])), "genrsa $name"); + ok(run(app([ 'openssl', 'rsa', '-check', + '-in', "rsamptest-$name.pem", '-noout'])), + "rsa -check $name"); ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem", '-encrypt', '-in', $cleartext, '-out', "rsamptest-$name.enc" ])), @@ -89,7 +86,6 @@ sub run_mp_tests { '-out', "rsamptest-$name.dec" ])), "rsa $name decrypt"); } - ok(check_msg("rsamptest-$name.dec"), "rsa $name check result"); } } diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t index 3b1a0fcd5d..2e8afa8213 100644 --- a/test/recipes/15-test_rsa.t +++ b/test/recipes/15-test_rsa.t @@ -16,32 +16,48 @@ use OpenSSL::Test::Utils; setup("test_rsa"); -plan tests => 6; +#plan skip_all => "RSA command line tool not built" +# if disabled("deprecated-3.0"); -require_ok(srctop_file('test','recipes','tconversion.pl')); +plan tests => 10; + +require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); ok(run(test(["rsa_test"])), "running rsatest"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check"); +run_rsa_tests("pkey"); SKIP: { - skip "Skipping rsa conversion test", 3 - if disabled("rsa"); - - subtest 'rsa conversions -- private key' => sub { - tconversion("rsa", srctop_file("test","testrsa.pem")); - }; - subtest 'rsa conversions -- private key PKCS#8' => sub { - tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey"); - }; -} + skip "Skipping rsa command line tests", 4 if disabled('deprecated-3.0'); - SKIP: { - skip "Skipping msblob conversion test", 1 - if disabled("rsa") || disabled("dsa"); + run_rsa_tests("rsa"); +} - subtest 'rsa conversions -- public key' => sub { - tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa", - "-pubin", "-pubout"); - }; +sub run_rsa_tests { + my $cmd = shift; + + ok(run(app([ 'openssl', $cmd, '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), + "$cmd -check" ); + + SKIP: { + skip "Skipping $cmd conversion test", 3 + if disabled("rsa"); + + subtest "$cmd conversions -- private key" => sub { + tconversion($cmd, srctop_file("test", "testrsa.pem")); + }; + subtest "$cmd conversions -- private key PKCS#8" => sub { + tconversion($cmd, srctop_file("test", "testrsa.pem"), "pkey"); + }; + } + + SKIP: { + skip "Skipping msblob conversion test", 1 + if disabled($cmd) || disabled("dsa") || $cmd == 'pkey'; + + subtest "$cmd conversions -- public key" => sub { + tconversion("msb", srctop_file("test", "testrsapub.pem"), "rsa", + "-pubin", "-pubout"); + }; + } } diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c index baa9dd2272..53e2966997 100644 --- a/test/rsa_mp_test.c +++ b/test/rsa_mp_test.c @@ -10,6 +10,12 @@ /* This aims to test the setting functions, including internal ones */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <string.h> diff --git a/test/rsa_test.c b/test/rsa_test.c index 084f533ac1..1fbfe821cb 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -9,6 +9,12 @@ /* test vectors from p1ovect1.txt */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <string.h> |