[openssl] master update
Richard Levitte
levitte at openssl.org
Tue Feb 18 08:51:17 UTC 2020
The branch master has been updated
via eeacf7d065e817b2c0c29ce7d6a9d8047450a293 (commit)
via a60079c76e9b8d9bd9e7da228ff514db8162459f (commit)
via 6c93c56c5271ae3eefbb11bda195e2d55ffe5155 (commit)
via a3f3ed65a34320d229a9fb62e57732e42daf0a39 (commit)
via acf3360cadd959819307192d66269ab648d48a98 (commit)
via 4b3327e70e1e97550a65a5d4aa26e017770e2214 (commit)
via 6469d60e63a8edd1e060be017dc39829e7b4cc8b (commit)
via 35746c7948f657a562d36eba05708fcce8a083f9 (commit)
via 95640f748c2fd4ff362bda2b573d9dc1dc6ef40e (commit)
via 42f7a4897f80d633646f955599037546bfcba519 (commit)
via 11920665518bb5fc0487cf1de82fd89e779f5729 (commit)
via ebcc3e0a4d39bc2c50c75f18a5c47e67ff8d4c98 (commit)
via 1cf959316894ab2a1111806803a2bed30f46bf30 (commit)
via b67d53a52408f626bed5edb4d753cae282399ef7 (commit)
via c0d49f4659ee100c1f9a0c4506f3867667b60c5f (commit)
via 4a7234d2a146d83bd2728ee0491524a8588c6902 (commit)
via f0790d4d2f92373f68f5b3097eb326505c937831 (commit)
from 4e46a7afa843cea44ee81bf7d40d146029358879 (commit)
- Log -----------------------------------------------------------------
commit eeacf7d065e817b2c0c29ce7d6a9d8047450a293
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Feb 15 07:18:57 2020 +0100
TEST: Optionally silence OpenSSL::Test::setup()
test/generate_ssl_tests.pl uses OpenSSL::Test to get to some of its
practical location functions. A recent note in the setup() code made
its result not quite match the original (we do check that), so there's
a need to silence setup(), which we do with a simple optional argument.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit a60079c76e9b8d9bd9e7da228ff514db8162459f
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 08:46:54 2020 +0100
TEST: Modify test/recipes/tconversion.pl to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 6c93c56c5271ae3eefbb11bda195e2d55ffe5155
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 08:43:28 2020 +0100
TEST: Modify test/recipes/80-test_ssl_old.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit a3f3ed65a34320d229a9fb62e57732e42daf0a39
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 08:42:05 2020 +0100
TEST: Modify test/recipes/80-test_ssl_new.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit acf3360cadd959819307192d66269ab648d48a98
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 08:37:32 2020 +0100
TEST: Modify test/recipes/80-test_ocsp.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 4b3327e70e1e97550a65a5d4aa26e017770e2214
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 08:34:40 2020 +0100
TEST: Modify test/recipes/80-test_cms.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 6469d60e63a8edd1e060be017dc39829e7b4cc8b
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 07:16:25 2020 +0100
TEST: Modify test/recipes/80-test_ca.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 35746c7948f657a562d36eba05708fcce8a083f9
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 07:01:15 2020 +0100
TEST: Modify test/recipes/20-test_pkeyutl.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 95640f748c2fd4ff362bda2b573d9dc1dc6ef40e
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Feb 14 06:56:04 2020 +0100
TEST: Modify test/recipes/20-test_enc_more.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 42f7a4897f80d633646f955599037546bfcba519
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 13 00:28:47 2020 +0100
TEST: Modify test/recipes/25-test_x509.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 11920665518bb5fc0487cf1de82fd89e779f5729
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 13 00:28:31 2020 +0100
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit ebcc3e0a4d39bc2c50c75f18a5c47e67ff8d4c98
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 13 00:28:16 2020 +0100
TEST: Modify test/recipes/25-test_crl.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 1cf959316894ab2a1111806803a2bed30f46bf30
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 13 00:28:02 2020 +0100
TEST: Modify test/recipes/20-test_enc.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit b67d53a52408f626bed5edb4d753cae282399ef7
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Feb 12 20:29:33 2020 +0100
TEST: Modify test/recipes/20-test_dgst.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit c0d49f4659ee100c1f9a0c4506f3867667b60c5f
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Feb 12 20:29:20 2020 +0100
TEST: Modify test/recipes/15-test_rsapss.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit 4a7234d2a146d83bd2728ee0491524a8588c6902
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Feb 12 20:29:04 2020 +0100
TEST: Modify test/recipes/15-test_mp_rsa.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
commit f0790d4d2f92373f68f5b3097eb326505c937831
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Feb 12 20:22:42 2020 +0100
TEST: Create test specific output directories
We had all tests run with test/test-runs/ as working directory, and
tests cleaned up after themselves... which is well and good, until
you want to have a look at what went wrong when a complex test fails,
and you have to recreate everything it does manually.
To remedy this, we have OpenSSL::Test create the result directory
dynamically (and cleaning it up first if it's already there) and let
the test recipe have that as working directory.
Test recipes are now encouraged to name their diverse output files
uniquely, and not to clean them up, to allow a developer to have a
look at the files that were produced.
With continuous integration that allows this, the result directories
could also be archived and be left as a build artifact.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +-
CHANGES | 5 +
Configurations/descrip.mms.tmpl | 12 -
Configurations/unix-Makefile.tmpl | 13 +-
Configurations/windows-makefile.tmpl | 2 -
test/generate_ssl_tests.pl | 2 +-
test/recipes/15-test_mp_rsa.t | 53 +--
test/recipes/15-test_rsapss.t | 1 -
test/recipes/20-test_dgst.t | 12 +-
test/recipes/20-test_enc.t | 3 -
test/recipes/20-test_enc_more.t | 3 -
test/recipes/20-test_pkeyutl.t | 19 +-
test/recipes/25-test_crl.t | 1 -
test/recipes/25-test_req.t | 30 +-
test/recipes/25-test_x509.t | 14 +-
test/recipes/80-test_ca.t | 4 -
test/recipes/80-test_cms.t | 731 +++++++++++++++++++----------------
test/recipes/80-test_ocsp.t | 7 +-
test/recipes/80-test_ssl_new.t | 13 +-
test/recipes/80-test_ssl_old.t | 38 --
test/recipes/tconversion.pl | 3 -
util/perl/OpenSSL/Test.pm | 50 ++-
22 files changed, 497 insertions(+), 521 deletions(-)
diff --git a/.gitignore b/.gitignore
index 52c845300b..a75914092f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -101,7 +101,7 @@ doc/man1/openssl-x509.pod
/providers/fipsinstall.conf
# Certain files that get created by tests on the fly
-/test/test-runs
+/test-runs
/test/buildtest_*
# Fuzz stuff.
diff --git a/CHANGES b/CHANGES
index 535269d0a8..d0f72970c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
+ *) The test suite is changed to preserve results of each test recipe.
+ A new directory test-runs/ with subdirectories named like the
+ test recipes are created in the build tree for this purpose.
+ [Richard Levitte]
+
*) X509 certificates signed using SHA1 are no longer allowed at security
level 1 and above.
In TLS/SSL the default security level is 1. It can be set either
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index d379a8230b..15fefd2502 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -28,14 +28,6 @@
(my $x = shift) =~ s|\]$|...]|;
$x
}
- sub move {
- my $f = catdir(@_);
- my $b = abs2rel(rel2abs("."),rel2abs($f));
- $sourcedir = catdir($b,$sourcedir)
- if !file_name_is_absolute($sourcedir);
- $builddir = catdir($b,$builddir)
- if !file_name_is_absolute($builddir);
- "";
}
# Because we need to make two computations of these data,
@@ -439,11 +431,8 @@ all : build_sw build_docs
test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep
@ ! {- output_off() if $disabled{tests}; "" -}
- SET DEFAULT [.test]{- move("test") -}
- CREATE/DIR [.test-runs]
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
- DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_MODULES {- builddir("providers") -}
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
@@ -452,7 +441,6 @@ test : tests
DEASSIGN OPENSSL_ENGINES
DEASSIGN BLDTOP
DEASSIGN SRCTOP
- SET DEFAULT [-]{- move("..") -}
@ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
@ ! {- output_on() if !$disabled{tests}; "" -}
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 6777bb8de9..55c1b12573 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -464,16 +464,13 @@ all: build_sw build_docs
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils
@ : {- output_off() if $disabled{tests}; "" -}
- ( cd test; \
- mkdir -p test-runs; \
- SRCTOP=../$(SRCDIR) \
- BLDTOP=../$(BLDDIR) \
- RESULT_D=test-runs \
+ ( SRCTOP=$(SRCDIR) \
+ BLDTOP=$(BLDDIR) \
PERL="$(PERL)" \
EXE_EXT={- platform->binext() -} \
- OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \
- OPENSSL_MODULES=`cd ../$(BLDDIR)/providers 2>/dev/null && pwd` \
- $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
+ OPENSSL_ENGINES=`cd $(BLDDIR)/engines 2>/dev/null && pwd` \
+ OPENSSL_MODULES=`cd $(BLDDIR)/providers 2>/dev/null && pwd` \
+ $(PERL) $(SRCDIR)/test/run_tests.pl $(TESTS) )
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@ : {- output_on() if !$disabled{tests}; "" -}
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 275c93ebc1..074e8f74c5 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -387,10 +387,8 @@ all: build_sw build_docs
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep
@{- output_off() if $disabled{tests}; "" -}
- -mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
- set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_MODULES=$(MAKEDIR)\providers
diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
index 044dff6ad4..8cfc451fbb 100644
--- a/test/generate_ssl_tests.pl
+++ b/test/generate_ssl_tests.pl
@@ -19,7 +19,7 @@ use OpenSSL::Test::Utils;
# This block needs to run before 'use lib srctop_dir' directives.
BEGIN {
- OpenSSL::Test::setup("no_test_here");
+ OpenSSL::Test::setup("no_test_here", quiet => 1);
}
use FindBin;
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index c69f3f31a5..4a4ac3569d 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -55,42 +55,47 @@ sub run_mp_tests {
my $name = ($evp ? "evp" : "") . "${bits}p${primes}";
if ($evp) {
- ok(run(app([ 'openssl', 'genpkey', '-out', 'rsamptest.pem',
- '-algorithm', 'RSA', '-pkeyopt', "rsa_keygen_primes:$primes",
- '-pkeyopt', "rsa_keygen_bits:$bits"])), "genrsa $name");
+ ok(run(app([ 'openssl', 'genpkey', '-out', "rsamptest-$name.pem",
+ '-algorithm', 'RSA',
+ '-pkeyopt', "rsa_keygen_primes:$primes",
+ '-pkeyopt', "rsa_keygen_bits:$bits"])),
+ "genrsa $name");
} else {
- ok(run(app([ 'openssl', 'genrsa', '-out', 'rsamptest.pem',
- '-primes', $primes, $bits])), "genrsa $name");
+ ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem",
+ '-primes', $primes, $bits])),
+ "genrsa $name");
}
- ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'rsamptest.pem',
- '-noout'])), "rsa -check $name");
+ ok(run(app([ 'openssl', 'rsa', '-check', '-in', "rsamptest-$name.pem",
+ '-noout'])),
+ "rsa -check $name");
+
if ($evp) {
- ok(run(app([ 'openssl', 'pkeyutl', '-inkey', 'rsamptest.pem',
+ ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
- '-out', 'rsamptest.enc' ])), "rsa $name encrypt");
- ok(run(app([ 'openssl', 'pkeyutl', '-inkey', 'rsamptest.pem',
- '-decrypt', '-in', 'rsamptest.enc',
- '-out', 'rsamptest.dec' ])), "rsa $name decrypt");
+ '-out', "rsamptest-$name.enc" ])),
+ "rsa $name encrypt");
+ ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+ '-decrypt', '-in', "rsamptest-$name.enc",
+ '-out', "rsamptest-$name.dec" ])),
+ "rsa $name decrypt");
} else {
- ok(run(app([ 'openssl', 'rsautl', '-inkey', 'rsamptest.pem',
+ ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
- '-out', 'rsamptest.enc' ])), "rsa $name encrypt");
- ok(run(app([ 'openssl', 'rsautl', '-inkey', 'rsamptest.pem',
- '-decrypt', '-in', 'rsamptest.enc',
- '-out', 'rsamptest.dec' ])), "rsa $name decrypt");
+ '-out', "rsamptest-$name.enc" ])),
+ "rsa $name encrypt");
+ ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+ '-decrypt', '-in', "rsamptest-$name.enc",
+ '-out', "rsamptest-$name.dec" ])),
+ "rsa $name decrypt");
}
- ok(check_msg(), "rsa $name check result");
-
- # clean up temp files
- unlink 'rsamptest.pem';
- unlink 'rsamptest.enc';
- unlink 'rsamptest.dec';
+ ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
}
}
sub check_msg {
+ my $decrypted = shift;
my $msg;
my $dec;
@@ -98,7 +103,7 @@ sub check_msg {
binmode $fh;
read($fh, $msg, 10240);
close $fh;
- open($fh, "<", "rsamptest.dec") or return 0;
+ open($fh, "<", $decrypted ) or return 0;
binmode $fh;
read($fh, $dec, 10240);
close $fh;
diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index 0288976157..59144cdaee 100644
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -46,4 +46,3 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
'-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
srctop_file('test', 'testrsa.pem')])),
"openssl dgst -prverify");
-unlink 'testrsapss.sig';
diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 1080770f53..a319d08ca2 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -11,6 +11,7 @@ use strict;
use warnings;
use File::Spec;
+use File::Basename;
use OpenSSL::Test qw/:DEFAULT with srctop_file/;
use OpenSSL::Test::Utils;
@@ -26,29 +27,28 @@ sub tsignverify {
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
+ my $sigfile = basename($privkey, '.pem') . '.sig';
plan tests => 4;
ok(run(app(['openssl', 'dgst', '-sign', $privkey,
- '-out', 'testdgst.sig',
+ '-out', $sigfile,
$data_to_sign])),
$testtext.": Generating signature");
ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
- '-signature', 'testdgst.sig',
+ '-signature', $sigfile,
$data_to_sign])),
$testtext.": Verify signature with private key");
ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
- '-signature', 'testdgst.sig',
+ '-signature', $sigfile,
$data_to_sign])),
$testtext.": Verify signature with public key");
ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
- '-signature', 'testdgst.sig',
+ '-signature', $sigfile,
$other_data])),
$testtext.": Expect failure verifying mismatching data");
-
- unlink 'testdgst.sig';
}
SKIP: {
diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t
index 50e7463c06..b4a8e01878 100644
--- a/test/recipes/20-test_enc.t
+++ b/test/recipes/20-test_enc.t
@@ -62,9 +62,6 @@ plan tests => 2 + (scalar @ciphers)*2;
ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
&& run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($test,$clearfile) == 0, $t);
- unlink $cipherfile, $clearfile;
}
}
}
-
-unlink $test;
diff --git a/test/recipes/20-test_enc_more.t b/test/recipes/20-test_enc_more.t
index 8f37bee250..a59663412a 100644
--- a/test/recipes/20-test_enc_more.t
+++ b/test/recipes/20-test_enc_more.t
@@ -54,8 +54,5 @@ SKIP: {
&& run(app([@common, "-d", "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($plaintext, $clearfile) == 0
, $ciphername);
- unlink $cipherfile, $clearfile;
}
}
-
-unlink $plaintext;
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 0f82b1f21a..f923f7cdc8 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -10,6 +10,7 @@ use strict;
use warnings;
use File::Spec;
+use File::Basename;
use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
use OpenSSL::Test::Utils;
@@ -27,13 +28,13 @@ SKIP: {
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.key'),
- '-out', 'signature.dat', '-rawin',
+ '-out', 'sm2.sig', '-rawin',
'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
"Sign a piece of data using SM2");
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.pem'),
- '-sigfile', 'signature.dat', '-rawin',
+ '-sigfile', 'sm2.sig', '-rawin',
'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
"Verify an SM2 signature against a piece of data");
}
@@ -46,29 +47,27 @@ SKIP: {
ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
'-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
- '-out', 'signature.dat', '-rawin']))),
+ '-out', 'Ed25519.sig', '-rawin']))),
"Sign a piece of data using Ed25519");
ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
'-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
- '-sigfile', 'signature.dat', '-rawin']))),
+ '-sigfile', 'Ed25519.sig', '-rawin']))),
"Verify an Ed25519 signature against a piece of data");
# Ed448
ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
srctop_file('test', 'certs', 'server-ed448-cert.pem'),
'-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
- '-out', 'signature.dat', '-rawin']))),
+ '-out', 'Ed448.sig', '-rawin']))),
"Sign a piece of data using Ed448");
ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
srctop_file('test', 'certs', 'server-ed448-cert.pem'),
'-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
- '-sigfile', 'signature.dat', '-rawin']))),
+ '-sigfile', 'Ed448.sig', '-rawin']))),
"Verify an Ed448 signature against a piece of data");
}
-unlink 'signature.dat';
-
sub tsignverify {
my $testtext = shift;
my $privkey = shift;
@@ -77,7 +76,7 @@ sub tsignverify {
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
- my $sigfile = 'testpkeyutl.sig';
+ my $sigfile = basename($privkey, '.pem') . '.sig';
my @args = ();
plan tests => 4;
@@ -113,8 +112,6 @@ sub tsignverify {
push(@args, @extraopts);
ok(!run(app([@args])),
$testtext.": Expect failure verifying mismatching data");
-
- unlink $sigfile;
}
SKIP: {
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index 50833d79fc..2dda361962 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -40,7 +40,6 @@ ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out,
"-nameopt", "utf8"])));
is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")),
0, 'Comparing utf8 output');
-unlink $out;
sub compare1stline {
my ($cmdarray, $str) = @_;
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 075c09db6d..1a6efa8be2 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -51,13 +51,13 @@ subtest "generating certificate requests with RSA" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-new", "-out", "testreq.pem", "-utf8",
+ "-new", "-out", "testreq-rsa.pem", "-utf8",
"-key", srctop_file("test", "testrsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout"])),
+ "-verify", "-in", "testreq-rsa.pem", "-noout"])),
"Verifying signature on request");
}
};
@@ -71,13 +71,13 @@ subtest "generating certificate requests with DSA" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-new", "-out", "testreq.pem", "-utf8",
+ "-new", "-out", "testreq-dsa.pem", "-utf8",
"-key", srctop_file("test", "testdsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout"])),
+ "-verify", "-in", "testreq-dsa.pem", "-noout"])),
"Verifying signature on request");
}
};
@@ -91,13 +91,13 @@ subtest "generating certificate requests with ECDSA" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-new", "-out", "testreq.pem", "-utf8",
+ "-new", "-out", "testreq-ec.pem", "-utf8",
"-key", srctop_file("test", "testec-p256.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout"])),
+ "-verify", "-in", "testreq-ec.pem", "-noout"])),
"Verifying signature on request");
}
};
@@ -111,13 +111,13 @@ subtest "generating certificate requests with Ed25519" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-new", "-out", "testreq.pem", "-utf8",
+ "-new", "-out", "testreq-ed25519.pem", "-utf8",
"-key", srctop_file("test", "tested25519.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout"])),
+ "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
"Verifying signature on request");
}
};
@@ -131,13 +131,13 @@ subtest "generating certificate requests with Ed448" => sub {
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-new", "-out", "testreq.pem", "-utf8",
+ "-new", "-out", "testreq-ed448.pem", "-utf8",
"-key", srctop_file("test", "tested448.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout"])),
+ "-verify", "-in", "testreq-ed448.pem", "-noout"])),
"Verifying signature on request");
}
};
@@ -164,12 +164,12 @@ subtest "generating SM2 certificate requests" => sub {
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "sm2_id:1234567812345678",
- "-out", "testreq.pem", "-sm3"])),
+ "-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout",
+ "-verify", "-in", "testreq-sm2.pem", "-noout",
"-sm2-id", "1234567812345678", "-sm3"])),
"Verifying signature on SM2 certificate request");
@@ -177,12 +177,12 @@ subtest "generating SM2 certificate requests" => sub {
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "sm2_hex_id:DEADBEEF",
- "-out", "testreq.pem", "-sm3"])),
+ "-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request with hex id");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
- "-verify", "-in", "testreq.pem", "-noout",
+ "-verify", "-in", "testreq-sm2.pem", "-noout",
"-sm2-hex-id", "DEADBEEF", "-sm3"])),
"Verifying signature on SM2 certificate request");
}
@@ -195,8 +195,6 @@ run_conversion('req conversions',
run_conversion('req conversions -- testreq2',
srctop_file("test", "testreq2.pem"));
-unlink "testkey.pem", "testreq.pem";
-
sub run_conversion {
my $title = shift;
my $reqfile = shift;
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 4780247ea0..7ecdc02742 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -21,19 +21,19 @@ plan tests => 10;
require_ok(srctop_file('test','recipes','tconversion.pl'));
my $pem = srctop_file("test/certs", "cyrillic.pem");
-my $out = "cyrillic.out";
+my $out_msb = "out-cyrillic.msb";
+my $out_utf8 = "out-cyrillic.utf8";
my $msb = srctop_file("test/certs", "cyrillic.msb");
my $utf = srctop_file("test/certs", "cyrillic.utf8");
-ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out,
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_msb,
"-nameopt", "esc_msb"])));
-is(cmp_text($out, srctop_file("test/certs", "cyrillic.msb")),
+is(cmp_text($out_msb, srctop_file("test/certs", "cyrillic.msb")),
0, 'Comparing esc_msb output');
-ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out,
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
"-nameopt", "utf8"])));
-is(cmp_text($out, srctop_file("test/certs", "cyrillic.utf8")),
+is(cmp_text($out_utf8, srctop_file("test/certs", "cyrillic.utf8")),
0, 'Comparing utf8 output');
-unlink $out;
SKIP: {
skip "EC disabled", 1 if disabled("ec");
@@ -54,8 +54,6 @@ SKIP: {
&&
run(app(["openssl", "verify", "-no_check_time",
"-trusted", $selfout, $testcert])));
- unlink $pubkey;
- unlink $selfout;
}
subtest 'x509 -- x.509 v1 certificate' => sub {
diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 483b1f5ec6..c01bc389fa 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -68,10 +68,6 @@ SKIP: {
"Signing SM2 certificate request");
}
-rmtree("demoCA", { safe => 0 });
-unlink "newcert.pem", "newreq.pem", "newkey.pem", "sm2-test.crt";
-
-
sub yes {
my $cntr = 10;
open(PIPE, "|-", join(" ", at _));
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 868affc545..ee227f3cdb 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -32,150 +32,170 @@ plan tests => 6;
my @smime_pkcs7_tests = (
[ "signed content DER format, RSA key",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed detached content DER format, RSA key",
- [ "-sign", "-in", $smcont, "-outform", "DER",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
- "-content", $smcont ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-content", $smcont ],
+ \&final_compare
],
[ "signed content test streaming BER format, RSA",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-stream",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+ "-stream",
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content DER format, DSA key",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed detached content DER format, DSA key",
- [ "-sign", "-in", $smcont, "-outform", "DER",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
- "-content", $smcont ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-content", $smcont ],
+ \&final_compare
],
[ "signed detached content DER format, add RSA signer (with DSA existing)",
- [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
- [ "-verify", "-in", "test2.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
- "-content", $smcont ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd1}", "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-content", $smcont ],
+ \&final_compare
],
[ "signed content test streaming BER format, DSA key",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-stream",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-noattr", "-nodetach", "-stream",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content S/MIME format, RSA key SHA1",
- [ "-sign", "-in", $smcont, "-md", "sha1",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-md", "sha1",
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
- [ "-sign", "-in", $smcont, "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
- [ "-sign", "-in", $smcont,
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont,
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- catfile($smdir, "smrsa1.pem"),
- catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ catfile($smdir, "smrsa1.pem"),
+ catfile($smdir, "smrsa2.pem"),
+ catfile($smdir, "smrsa3.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- catfile($smdir, "smrsa1.pem"),
- catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ catfile($smdir, "smrsa1.pem"),
+ catfile($smdir, "smrsa2.pem"),
+ catfile($smdir, "smrsa3.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- catfile($smdir, "smrsa1.pem"),
- catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ catfile($smdir, "smrsa1.pem"),
+ catfile($smdir, "smrsa2.pem"),
+ catfile($smdir, "smrsa3.pem") ],
+ [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
- [ "-encrypt", "-in", $smcont,
- "-aes256", "-stream", "-out", "test.cms",
- catfile($smdir, "smrsa1.pem"),
- catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-aes256", "-stream", "-out", "{output}.cms",
+ catfile($smdir, "smrsa1.pem"),
+ catfile($smdir, "smrsa2.pem"),
+ catfile($smdir, "smrsa3.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
);
@@ -183,125 +203,154 @@ my @smime_pkcs7_tests = (
my @smime_cms_tests = (
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
- [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-keyid",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
- [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-signer", catfile($smdir, "smdsa1.pem"),
- "-signer", catfile($smdir, "smdsa2.pem"),
- "-stream", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", catfile($smdir, "smrsa2.pem"),
+ "-signer", catfile($smdir, "smdsa1.pem"),
+ "-signer", catfile($smdir, "smdsa2.pem"),
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content MIME format, RSA key, signed receipt request",
- [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
- "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
- "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed receipt MIME format, RSA key",
- [ "-sign_receipt", "-in", "test.cms",
- "-signer", catfile($smdir, "smrsa2.pem"),
- "-out", "test2.cms" ],
- [ "-verify_receipt", "test2.cms", "-in", "test.cms",
- "-CAfile", catfile($smdir, "smroot.pem") ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
+ "-out", "{output}.cms" ],
+ [ "{cmd1}", "-sign_receipt", "-in", "{output}.cms",
+ "-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ],
+ [ "{cmd2}", "-verify_receipt", "{output}2.cms", "-in", "{output}.cms",
+ "-CAfile", catfile($smdir, "smroot.pem") ]
],
[ "signed content DER format, RSA key, CAdES-BES compatible",
- [ "-sign", "-cades", "-in", $smcont, "-outform", "DER", "-nodetach",
+ [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER",
+ "-nodetach",
"-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible",
- [ "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform",
- "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont,
+ "-outform", "DER", "-nodetach",
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms", "-keyid",
- catfile($smdir, "smrsa1.pem"),
- catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms", "-keyid",
+ catfile($smdir, "smrsa1.pem"),
+ catfile($smdir, "smrsa2.pem"),
+ catfile($smdir, "smrsa3.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming PEM format, KEK",
- [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
- "-stream", "-out", "test.cms",
- "-secretkey", "000102030405060708090A0B0C0D0E0F",
- "-secretkeyid", "C0FEE0" ],
- [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
- "-secretkey", "000102030405060708090A0B0C0D0E0F",
- "-secretkeyid", "C0FEE0" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
+ "-stream", "-out", "{output}.cms",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-secretkeyid", "C0FEE0" ],
+ [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt",
+ "-inform", "PEM",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-secretkeyid", "C0FEE0" ],
+ \&final_compare
],
[ "enveloped content test streaming PEM format, KEK, key only",
- [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
- "-stream", "-out", "test.cms",
- "-secretkey", "000102030405060708090A0B0C0D0E0F",
- "-secretkeyid", "C0FEE0" ],
- [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
- "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
+ "-stream", "-out", "{output}.cms",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-secretkeyid", "C0FEE0" ],
+ [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt",
+ "-inform", "PEM",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F" ],
+ \&final_compare
],
[ "data content test streaming PEM format",
- [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-stream", "-out", "test.cms" ],
- [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-data_create", "-in", $smcont, "-outform", "PEM",
+ "-nodetach", "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-data_out", "-in", "{output}.cms", "-inform", "PEM",
+ "-out", "{output}.txt" ],
+ \&final_compare
],
[ "encrypted content test streaming PEM format, 128 bit RC2 key",
- [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
- "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
- "-stream", "-out", "test.cms" ],
- [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
- "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ "-inform", "PEM",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-out", "{output}.txt" ],
+ \&final_compare
],
[ "encrypted content test streaming PEM format, 40 bit RC2 key",
- [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
- "-rc2", "-secretkey", "0001020304",
- "-stream", "-out", "test.cms" ],
- [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
- "-secretkey", "0001020304", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-rc2", "-secretkey", "0001020304",
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ "-inform", "PEM",
+ "-secretkey", "0001020304", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "encrypted content test streaming PEM format, triple DES key",
- [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
- "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
- "-stream", "-out", "test.cms" ],
- [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
- "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
- "-out", "smtst.txt" ]
+ [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ "-inform", "PEM",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "-out", "{output}.txt" ],
+ \&final_compare
],
[ "encrypted content test streaming PEM format, 128 bit AES key",
- [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
- "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
- "-stream", "-out", "test.cms" ],
- [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
- "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ "-inform", "PEM",
+ "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-out", "{output}.txt" ],
+ \&final_compare
],
);
@@ -309,124 +358,149 @@ my @smime_cms_tests = (
my @smime_cms_comp_tests = (
[ "compressed content test streaming PEM format",
- [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-stream", "-out", "test.cms" ],
- [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-stream", "-out", "{output}.cms" ],
+ [ "{cmd2}", "-uncompress", "-in", "{output}.cms", "-inform", "PEM",
+ "-out", "{output}.txt" ],
+ \&final_compare
]
);
my @smime_cms_param_tests = (
[ "signed content test streaming PEM format, RSA keys, PSS signature",
- [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
- "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:pss",
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max",
- [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
- "-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max",
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
- [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
- "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
- "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-noattr",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:pss",
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
- [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
- "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
- [ "-verify", "-in", "test.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384",
+ "-out", "{output}.cms" ],
+ [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:oaep" ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
- "-keyopt", "rsa_oaep_md:sha256" ],
- [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smrsa1.pem"),
+ "-keyopt", "rsa_padding_mode:oaep",
+ "-keyopt", "rsa_oaep_md:sha256" ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, ECDH",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smec1.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smec1.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- catfile($smdir, "smec1.pem"),
- catfile($smdir, "smec3.pem") ],
- [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ catfile($smdir, "smec1.pem"),
+ catfile($smdir, "smec3.pem") ],
+ [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
- [ "-encrypt", "-keyid", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smec1.pem") ],
- [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-keyid", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smec1.pem") ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
- [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smec1.pem"), "-aes128",
+ "-keyopt", "ecdh_kdf_md:sha256" ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smec2.pem"), "-aes128",
- "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
- [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smec2.pem"), "-aes128",
+ "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
],
[ "enveloped content test streaming S/MIME format, X9.42 DH",
- [ "-encrypt", "-in", $smcont,
- "-stream", "-out", "test.cms",
- "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
- [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
- "-in", "test.cms", "-out", "smtst.txt" ]
+ [ "{cmd1}", "-encrypt", "-in", $smcont,
+ "-stream", "-out", "{output}.cms",
+ "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
+ [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+ "-in", "{output}.cms", "-out", "{output}.txt" ],
+ \&final_compare
]
);
my @contenttype_cms_test = (
[ "signed content test - check that content type is added to additional signerinfo, RSA keys",
- [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER",
+ [ "{cmd1}", "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont,
+ "-outform", "DER",
"-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
- "-out", "test.cms" ],
- [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER",
+ "-out", "{output}.cms" ],
+ [ "{cmd1}", "-resign", "-binary", "-nodetach", "-in", "{output}.cms",
+ "-inform", "DER", "-outform", "DER",
"-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256",
- "-out", "test2.cms" ],
- [ "-verify", "-in", "test2.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ "-out", "{output}2.cms" ],
+ sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; },
+ [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ]
],
);
@@ -437,96 +511,85 @@ my @incorrect_attribute_cms_test = (
"ct_multiple_attr.cms"
);
-subtest "CMS => PKCS#7 compatibility tests\n" => sub {
- plan tests => scalar @smime_pkcs7_tests;
+# Runs a standard loop on the input array
+sub runner_loop {
+ my %opts = ( @_ );
+ my $cnt1 = 0;
- foreach (@smime_pkcs7_tests) {
+ foreach (@{$opts{tests}}) {
+ $cnt1++;
+ $opts{output} = "$opts{prefix}-$cnt1";
SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "smime", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
+ my $skip_reason = check_availability($$_[0]);
+ skip $skip_reason, 1 if $skip_reason;
+ my $ok = 1;
+ 1 while unlink "$opts{output}.txt";
+
+ foreach (@$_[1..$#$_]) {
+ if (ref $_ eq 'CODE') {
+ $ok &&= $_->(%opts);
+ } else {
+ my @cmd = map {
+ my $x = $_;
+ while ($x =~ /\{([^\}]+)\}/) {
+ $x = $`.$opts{$1}.$' if exists $opts{$1};
+ }
+ $x;
+ } @$_;
+
+ diag "CMD: openssl", join(" ", @cmd);
+ $ok &&= run(app(["openssl", @cmd]));
+ $opts{input} = $opts{output};
+ }
+ }
+
+ ok($ok, $$_[0]);
+ }
}
+}
+
+sub final_compare {
+ my %opts = @_;
+
+ diag "Comparing $smcont with $opts{output}.txt";
+ return compare_text($smcont, "$opts{output}.txt") == 0;
+}
+
+subtest "CMS => PKCS#7 compatibility tests\n" => sub {
+ plan tests => scalar @smime_pkcs7_tests;
+
+ runner_loop(prefix => 'cms2pkcs7', cmd1 => 'cms', cmd2 => 'smime',
+ tests => [ @smime_pkcs7_tests ]);
};
subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
plan tests => scalar @smime_pkcs7_tests;
- foreach (@smime_pkcs7_tests) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "smime", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
- }
+ runner_loop(prefix => 'pkcs72cms', cmd1 => 'smime', cmd2 => 'cms',
+ tests => [ @smime_pkcs7_tests ]);
};
subtest "CMS <=> CMS consistency tests\n" => sub {
plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
- foreach (@smime_pkcs7_tests) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
- }
- foreach (@smime_cms_tests) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
- }
+ runner_loop(prefix => 'cms2cms-1', cmd1 => 'cms', cmd2 => 'cms',
+ tests => [ @smime_pkcs7_tests ]);
+ runner_loop(prefix => 'cms2cms-2', cmd1 => 'cms', cmd2 => 'cms',
+ tests => [ @smime_cms_tests ]);
};
subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
plan tests =>
- (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
-
- foreach (@smime_cms_param_tests) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
- }
+ (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
+ runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms',
+ tests => [ @smime_cms_param_tests ]);
SKIP: {
skip("Zlib not supported: compression tests skipped",
- scalar @smime_cms_comp_tests)
- if $no_zlib;
-
- foreach (@smime_cms_comp_tests) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && compare_text($smcont, "smtst.txt") == 0,
- $$_[0]);
- }
- }
+ scalar @smime_cms_comp_tests)
+ if $no_zlib;
+
+ runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms',
+ tests => [ @smime_cms_comp_tests ]);
}
};
@@ -547,39 +610,27 @@ sub contentType_matches {
}
subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
- plan tests =>
- (scalar @contenttype_cms_test);
+ plan tests => (scalar @contenttype_cms_test);
- foreach (@contenttype_cms_test) {
- SKIP: {
- my $skip_reason = check_availability($$_[0]);
- skip $skip_reason, 1 if $skip_reason;
-
- ok(run(app(["openssl", "cms", @{$$_[1]}]))
- && run(app(["openssl", "cms", @{$$_[2]}]))
- && contentType_matches("test2.cms") == 2
- && run(app(["openssl", "cms", @{$$_[3]}])),
- $$_[0]);
- }
- }
+ runner_loop(prefix => 'cms2cms-added', cmd1 => 'cms', cmd2 => 'cms',
+ tests => [ @contenttype_cms_test ]);
};
subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
plan tests =>
(scalar @incorrect_attribute_cms_test);
+ my $cnt = 0;
foreach my $name (@incorrect_attribute_cms_test) {
+ my $out = "incorrect-$cnt.txt";
+
ok(!run(app(["openssl", "cms", "-verify", "-in",
catfile($datadir, $name), "-inform", "DER", "-CAfile",
- catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])),
+ catfile($smdir, "smroot.pem"), "-out", $out ])),
$name);
}
};
-unlink "test.cms";
-unlink "test2.cms";
-unlink "smtst.txt";
-
sub check_availability {
my $tnam = shift;
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
index 5ca069801b..74ef7e3662 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -12,6 +12,7 @@ use warnings;
use POSIX;
use File::Spec::Functions qw/devnull catfile/;
+use File::Basename;
use File::Copy;
use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir data_file/;
use OpenSSL::Test::Utils;
@@ -34,18 +35,18 @@ sub test_ocsp {
$untrusted = $CAfile;
}
my $expected_exit = shift;
+ my $outputfile = basename($inputfile, '.ors') . '.dat';
run(app(["openssl", "base64", "-d",
"-in", catfile($ocspdir,$inputfile),
- "-out", "ocsp-resp-fff.dat"]));
+ "-out", $outputfile]));
with({ exit_checker => sub { return shift == $expected_exit; } },
- sub { ok(run(app(["openssl", "ocsp", "-respin", "ocsp-resp-fff.dat",
+ sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile,
"-partial_chain", @check_time,
"-CAfile", catfile($ocspdir, $CAfile),
"-verify_other", catfile($ocspdir, $untrusted),
"-no-CApath"])),
$title); });
- unlink "ocsp-resp-fff.dat";
}
plan tests => 11;
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 04a0c13394..01a49173d6 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -120,17 +120,16 @@ sub test_conf {
my ($conf, $check_source, $skip) = @_;
my $conf_file = srctop_file("test", "ssl-tests", $conf);
- my $tmp_file = "${conf}.$$.tmp";
+ my $input_file = $conf_file . ".in";
+ my $output_file = $conf;
my $run_test = 1;
SKIP: {
# "Test" 1. Generate the source.
- my $input_file = $conf_file . ".in";
-
skip 'failure', 2 unless
ok(run(perltest(["generate_ssl_tests.pl", $input_file],
interpreter_args => [ "-I", srctop_dir("util", "perl")],
- stdout => $tmp_file)),
+ stdout => $output_file)),
"Getting output from generate_ssl_tests.pl.");
SKIP: {
@@ -138,7 +137,7 @@ sub test_conf {
skip "Skipping generated source test for $conf", 1
if !$check_source;
- $run_test = is(cmp_text($tmp_file, $conf_file), 0,
+ $run_test = is(cmp_text($output_file, $conf_file), 0,
"Comparing generated sources.");
}
@@ -146,10 +145,8 @@ sub test_conf {
skip "No tests available; skipping tests", 1 if $skip;
skip "Stale sources; skipping tests", 1 if !$run_test;
- ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
+ ok(run(test(["ssl_test", $output_file])), "running ssl_test $conf");
}
-
- unlink glob $tmp_file;
}
sub cmp_text {
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index d6e638d2f1..41eeb46a29 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -546,41 +546,3 @@ sub testssl {
}
};
}
-
-unlink $CAkey;
-unlink $CAcert;
-unlink $CAserial;
-unlink $CAreq;
-unlink $CAreq2;
-
-unlink $Ukey;
-unlink $Ureq;
-unlink $Ucert;
-unlink basename($Ucert, '.ss').'.srl';
-
-unlink $Dkey;
-unlink $Dreq;
-unlink $Dcert;
-
-unlink $Ekey;
-unlink $Ereq;
-unlink $Ecert;
-
-unlink $P1key;
-unlink $P1req;
-unlink $P1cert;
-unlink basename($P1cert, '.ss').'.srl';
-unlink $P1intermediate;
-unlink "intP1.ss";
-
-unlink $P2key;
-unlink $P2req;
-unlink $P2cert;
-unlink $P2intermediate;
-unlink "intP2.ss";
-
-unlink "ecp.ss";
-unlink "err.ss";
-
-unlink $server_sess;
-unlink $client_sess;
diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl
index a7db10d24c..2cecb9fc23 100644
--- a/test/recipes/tconversion.pl
+++ b/test/recipes/tconversion.pl
@@ -89,9 +89,6 @@ sub tconversion {
}
}
}
- unlink glob "$testtype-f.*";
- unlink glob "$testtype-ff.*";
- unlink glob "$testtype-fff.*";
}
sub cmp_text {
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index 78e13523c8..4297106392 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -132,6 +132,7 @@ is defined).
sub setup {
my $old_test_name = $test_name;
$test_name = shift;
+ my %opts = @_;
BAIL_OUT("setup() must receive a name") unless $test_name;
warn "setup() detected test name change. Innocuous, so we continue...\n"
@@ -149,6 +150,9 @@ sub setup {
BAIL_OUT("setup() expects the file Configure in the source top directory")
unless -f srctop_file("Configure");
+ note "The results of this test will end up in $directories{RESULTS}"
+ unless $opts{quiet};
+
__cwd($directories{RESULTS});
}
@@ -170,12 +174,6 @@ When set to 1 (or any value that perl perceives as true), the subdirectory
will be created if it doesn't already exist. This happens before BLOCK
is executed.
-=item B<cleanup =E<gt> 0|1>
-
-When set to 1 (or any value that perl perceives as true), the subdirectory
-will be cleaned out and removed. This happens both before and after BLOCK
-is executed.
-
=back
An example:
@@ -188,7 +186,7 @@ An example:
is($line, qr/^OpenSSL 1\./,
"check that we're using OpenSSL 1.x.x");
}
- }, create => 1, cleanup => 1;
+ }, create => 1;
=back
@@ -206,10 +204,6 @@ sub indir {
$codeblock->();
__cwd($reverse);
-
- if ($opts{cleanup}) {
- rmtree($subdir, { safe => 0 });
- }
}
=over 4
@@ -943,17 +937,22 @@ i.e. Some tests may only work in non FIPS mode.
sub __env {
(my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
- $directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP});
- $directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP});
- $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
- $directories{SRCAPPS} = __srctop_dir("apps");
- $directories{BLDFUZZ} = __bldtop_dir("fuzz");
- $directories{SRCFUZZ} = __srctop_dir("fuzz");
- $directories{BLDTEST} = $ENV{TEST_D} || __bldtop_dir("test");
- $directories{SRCTEST} = __srctop_dir("test");
- $directories{SRCDATA} = __srctop_dir("test", "recipes",
- $recipe_datadir);
- $directories{RESULTS} = $ENV{RESULT_D} || $directories{BLDTEST};
+ $directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP});
+ $directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP});
+ $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
+ $directories{SRCAPPS} = __srctop_dir("apps");
+ $directories{BLDFUZZ} = __bldtop_dir("fuzz");
+ $directories{SRCFUZZ} = __srctop_dir("fuzz");
+ $directories{BLDTEST} = $ENV{TEST_D} || __bldtop_dir("test");
+ $directories{SRCTEST} = __srctop_dir("test");
+ $directories{SRCDATA} = __srctop_dir("test", "recipes",
+ $recipe_datadir);
+ $directories{RESULTTOP} = $ENV{RESULT_D} || __bldtop_dir("test-runs");
+ $directories{RESULTS} = catdir($directories{RESULTTOP}, $test_name);
+
+ # Create result directory dynamically
+ rmtree($directories{RESULTS}, { safe => 0, keep_root => 1 });
+ mkpath($directories{RESULTS});
push @direnv, "TOP" if $ENV{TOP};
push @direnv, "SRCTOP" if $ENV{SRCTOP};
@@ -962,7 +961,7 @@ sub __env {
push @direnv, "TEST_D" if $ENV{TEST_D};
push @direnv, "RESULT_D" if $ENV{RESULT_D};
- $end_with_bailout = $ENV{STOPTEST} ? 1 : 0;
+ $end_with_bailout = $ENV{STOPTEST} ? 1 : 0;
};
# __srctop_file and __srctop_dir are helpers to build file and directory
@@ -1079,7 +1078,6 @@ sub __results_file {
# hash style arguments to alter __cwd's behavior:
#
# create = 0|1 The directory we move to is created if 1, not if 0.
-# cleanup = 0|1 The directory we move from is removed if 1, not if 0.
sub __cwd {
my $dir = catdir(shift);
@@ -1137,10 +1135,6 @@ sub __cwd {
# Should we just bail out here as well? I'm unsure.
return undef unless chdir($dir);
- if ($opts{cleanup}) {
- rmtree(".", { safe => 0, keep_root => 1 });
- }
-
# We put back new values carefully. Doing the obvious
# %directories = ( %tmp_directories )
# will clear out any value that happens to be an absolute path
More information about the openssl-commits
mailing list