[openssl] master update

Wed Nov 13 15:16:34 UTC 2019

The branch master has been updated
       via  b2a7310af0dd190712bae2e462a7708483dd4628 (commit)
      from  eb389a75c0e893a3a9951ddc804459713dbf5d3d (commit)


- Log -----------------------------------------------------------------
commit b2a7310af0dd190712bae2e462a7708483dd4628
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Oct 31 17:17:31 2019 +0200

    Add more tests for apps/req
    
    https://github.com/openssl/openssl/issues/10224#issuecomment-546593113
    highlighted that existing testing infrastructure is not covering common
    usage patterns of the `req` app.
    
    This commit explicitly adds request generations thorugh the CLI using
    RSA, DSA and ECDSA (P-256) keys.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/pr-10312)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/25-test_req.t | 112 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 88 insertions(+), 24 deletions(-)

diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 7dae692482..6da8e897f5 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 10;
+plan tests => 13;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -46,15 +46,75 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
+subtest "generating certificate requests with RSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "RSA is not supported by this OpenSSL build", 2
+            if disabled("rsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with DSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "DSA is not supported by this OpenSSL build", 2
+            if disabled("dsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testdsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with ECDSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "ECDSA is not supported by this OpenSSL build", 2
+            if disabled("ec");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testec-p256.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
 subtest "generating certificate requests" => sub {
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-		@req_new, "-out", "testreq.pem"])),
+                @req_new, "-out", "testreq.pem"])),
        "Generating request");
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-		"-verify", "-in", "testreq.pem", "-noout"])),
+                "-verify", "-in", "testreq.pem", "-noout"])),
        "Verifying signature on request");
 };
 
@@ -64,24 +124,28 @@ subtest "generating SM2 certificate requests" => sub {
     SKIP: {
         skip "SM2 is not supported by this OpenSSL build", 4
         if disabled("sm2");
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "sm2_id:1234567812345678",
                     "-out", "testreq.pem", "-sm3"])),
            "Generating SM2 certificate request");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-id", "1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "sm2_hex_id:DEADBEEF",
                     "-out", "testreq.pem", "-sm3"])),
            "Generating SM2 certificate request with hex id");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-hex-id", "DEADBEEF", "-sm3"])),
            "Verifying signature on SM2 certificate request");
@@ -91,9 +155,9 @@ subtest "generating SM2 certificate requests" => sub {
 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 
 run_conversion('req conversions',
-	       "testreq.pem");
+               "testreq.pem");
 run_conversion('req conversions -- testreq2',
-	       srctop_file("test", "testreq2.pem"));
+               srctop_file("test", "testreq2.pem"));
 
 unlink "testkey.pem", "testreq.pem";
 
@@ -102,20 +166,20 @@ sub run_conversion {
     my $reqfile = shift;
 
     subtest $title => sub {
-	run(app(["openssl", @openssl_args,
-		 "-in", $reqfile, "-inform", "p",
-		 "-noout", "-text"],
-		stderr => "req-check.err", stdout => undef));
-	open DATA, "req-check.err";
-      SKIP: {
-	  plan skip_all => "skipping req conversion test for $reqfile"
-	      if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
-
-	  tconversion("req", $reqfile, @openssl_args);
-	}
-	close DATA;
-	unlink "req-check.err";
-
-	done_testing();
+        run(app(["openssl", @openssl_args,
+                 "-in", $reqfile, "-inform", "p",
+                 "-noout", "-text"],
+                stderr => "req-check.err", stdout => undef));
+        open DATA, "req-check.err";
+        SKIP: {
+            plan skip_all => "skipping req conversion test for $reqfile"
+                if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
+
+            tconversion("req", $reqfile, @openssl_args);
+        }
+        close DATA;
+        unlink "req-check.err";
+
+        done_testing();
     };
 }
