[openssl] OpenSSL_1_1_1-stable update

nic.tuv at gmail.com nic.tuv at gmail.com
Wed Nov 13 15:33:55 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  bd2931bf45bf35f1b3a3eb6ec4b4bb64fcdfdbfa (commit)
      from  9fc977c76d20226d4640a7b9a3f84e4216571184 (commit)


- Log -----------------------------------------------------------------
commit bd2931bf45bf35f1b3a3eb6ec4b4bb64fcdfdbfa
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Oct 31 17:17:31 2019 +0200

    Add more tests for apps/req
    
    https://github.com/openssl/openssl/issues/10224#issuecomment-546593113
    highlighted that existing testing infrastructure is not covering common
    usage patterns of the `req` app.
    
    This commit explicitly adds request generations thorugh the CLI using
    RSA, DSA and ECDSA (P-256) keys.
    
    (cherry picked from commit b2a7310af0dd190712bae2e462a7708483dd4628)
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10369)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/25-test_req.t | 100 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 80 insertions(+), 20 deletions(-)

diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 17a98dc9d1..cb30061fca 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 9;
+plan tests => 12;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -46,24 +46,84 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
+subtest "generating certificate requests with RSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "RSA is not supported by this OpenSSL build", 2
+            if disabled("rsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with DSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "DSA is not supported by this OpenSSL build", 2
+            if disabled("dsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testdsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with ECDSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "ECDSA is not supported by this OpenSSL build", 2
+            if disabled("ec");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testec-p256.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
 subtest "generating certificate requests" => sub {
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-		@req_new, "-out", "testreq.pem"])),
+                @req_new, "-out", "testreq.pem"])),
        "Generating request");
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-		"-verify", "-in", "testreq.pem", "-noout"])),
+                "-verify", "-in", "testreq.pem", "-noout"])),
        "Verifying signature on request");
 };
 
 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 
 run_conversion('req conversions',
-	       "testreq.pem");
+               "testreq.pem");
 run_conversion('req conversions -- testreq2',
-	       srctop_file("test", "testreq2.pem"));
+               srctop_file("test", "testreq2.pem"));
 
 unlink "testkey.pem", "testreq.pem";
 
@@ -72,20 +132,20 @@ sub run_conversion {
     my $reqfile = shift;
 
     subtest $title => sub {
-	run(app(["openssl", @openssl_args,
-		 "-in", $reqfile, "-inform", "p",
-		 "-noout", "-text"],
-		stderr => "req-check.err", stdout => undef));
-	open DATA, "req-check.err";
-      SKIP: {
-	  plan skip_all => "skipping req conversion test for $reqfile"
-	      if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
-
-	  tconversion("req", $reqfile, @openssl_args);
-	}
-	close DATA;
-	unlink "req-check.err";
-
-	done_testing();
+        run(app(["openssl", @openssl_args,
+                 "-in", $reqfile, "-inform", "p",
+                 "-noout", "-text"],
+                stderr => "req-check.err", stdout => undef));
+        open DATA, "req-check.err";
+        SKIP: {
+            plan skip_all => "skipping req conversion test for $reqfile"
+                if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
+
+            tconversion("req", $reqfile, @openssl_args);
+        }
+        close DATA;
+        unlink "req-check.err";
+
+        done_testing();
     };
 }

More information about the openssl-commits mailing list