[openssl] master update
dev at ddvo.net
dev at ddvo.net
Wed Jun 2 12:50:34 UTC 2021
The branch master has been updated
via 4388417157ce77974888089ec133d26d7bb0f465 (commit)
via 07e84e67a6238d16f995fd1e1a3a6dba47299d00 (commit)
from 5bcbdee621fbf05df7431b8fbb0ea7de7054e1f0 (commit)
- Log -----------------------------------------------------------------
commit 4388417157ce77974888089ec133d26d7bb0f465
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Thu May 27 15:11:31 2021 +0200
80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499)
commit 07e84e67a6238d16f995fd1e1a3a6dba47299d00
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Thu May 27 14:10:58 2021 +0200
ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499)
-----------------------------------------------------------------------
Summary of changes:
test/certs/ee-self-signed.pem | 33 ++++----
test/recipes/25-test_verify.t | 2 +-
test/recipes/80-test_cms.t | 174 ++++++++++++++++++++----------------------
3 files changed, 99 insertions(+), 110 deletions(-)
diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem
index e854c9ad27..ad1e37ba0e 100644
--- a/test/certs/ee-self-signed.pem
+++ b/test/certs/ee-self-signed.pem
@@ -1,19 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL
-BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP
-MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg
-K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7
-iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c
-QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS
-luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj
-1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB
-o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU
-55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
-B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm
-WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO
-h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG
-G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf
-vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o
-ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM=
+MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN
+MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU
+fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC
+76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz
+BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl
+V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv
+0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP
+MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO
+lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G
+d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI
+ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5
+CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK
+wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2
+WHoc
-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 03a5e1fbdd..b1f4fd6827 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -402,7 +402,7 @@ ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ),
ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"),
"Public Key Algorithm rsa instead of rsaEncryption");
-ok(verify("ee-self-signed", "", ["ee-self-signed"], []),
+ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"),
"accept trusted self-signed EE cert excluding key usage keyCertSign");
SKIP: {
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 1264726047..48a92f735d 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -64,22 +64,24 @@ my @prov = ("-provider-path", $provpath,
@config,
"-provider", $provname);
+my $smrsa1 = catfile($smdir, "smrsa1.pem");
+my $smroot = catfile($smdir, "smroot.pem");
+
my @smime_pkcs7_tests = (
[ "signed content DER format, RSA key",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed detached content DER format, RSA key",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-CAfile", $smroot, "-out", "{output}.txt",
"-content", $smcont ],
\&final_compare
],
@@ -87,9 +89,9 @@ my @smime_pkcs7_tests = (
[ "signed content test streaming BER format, RSA",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
"-stream",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -97,7 +99,7 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -105,7 +107,7 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-CAfile", $smroot, "-out", "{output}.txt",
"-content", $smcont ],
\&final_compare
],
@@ -114,9 +116,9 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ],
+ "-signer", $smrsa1, "-out", "{output}2.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
+ "-CAfile", $smroot, "-out", "{output}.txt",
"-content", $smcont ],
\&final_compare
],
@@ -126,85 +128,84 @@ my @smime_pkcs7_tests = (
"-nodetach", "-stream",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-stream",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-noattr", "-nodetach", "-stream",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content S/MIME format, RSA key SHA1",
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-certfile", $smroot,
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed zero-length content S/MIME format, RSA key SHA1",
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&zero_compare
],
[ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
[ "{cmd1}", @prov, "-sign", "-in", $smcont,
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
- catfile($smdir, "smrsa1.pem"),
+ $smrsa1,
catfile($smdir, "smrsa2.pem"),
catfile($smdir, "smrsa3.pem") ],
- [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1,
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
@@ -212,7 +213,7 @@ my @smime_pkcs7_tests = (
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
- catfile($smdir, "smrsa1.pem"),
+ $smrsa1,
catfile($smdir, "smrsa2.pem"),
catfile($smdir, "smrsa3.pem") ],
[ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
@@ -223,7 +224,7 @@ my @smime_pkcs7_tests = (
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
- catfile($smdir, "smrsa1.pem"),
+ $smrsa1,
catfile($smdir, "smrsa2.pem"),
catfile($smdir, "smrsa3.pem") ],
[ "{cmd2}", @defaultprov, "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
@@ -234,10 +235,10 @@ my @smime_pkcs7_tests = (
[ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
- catfile($smdir, "smrsa1.pem"),
+ $smrsa1,
catfile($smdir, "smrsa2.pem"),
catfile($smdir, "smrsa3.pem") ],
- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ [ "{cmd2}", @prov, "-decrypt", "-recip", $smrsa1,
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
@@ -249,56 +250,56 @@ my @smime_cms_tests = (
[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-keyid",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
"-signer", catfile($smdir, "smdsa1.pem"),
"-signer", catfile($smdir, "smdsa2.pem"),
"-stream", "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content MIME format, RSA key, signed receipt request",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed receipt MIME format, RSA key",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
"-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-sign_receipt", "-in", "{output}.cms",
"-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ],
[ "{cmd2}", @prov, "-verify_receipt", "{output}2.cms", "-in", "{output}.cms",
- "-CAfile", catfile($smdir, "smroot.pem") ]
+ "-CAfile", $smroot ]
],
[ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms", "-keyid",
- catfile($smdir, "smrsa1.pem"),
+ $smrsa1,
catfile($smdir, "smrsa2.pem"),
catfile($smdir, "smrsa3.pem") ],
- [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1,
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
@@ -397,56 +398,52 @@ my @smime_cms_cades_tests = (
[ "signed content DER format, RSA key, CAdES-BES compatible",
[ "{cmd1}", @prov, "-sign", "-cades", "-in", $smcont, "-outform", "DER",
"-nodetach",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible",
[ "{cmd1}", @prov, "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform",
- "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "DER", "-nodetach", "-certfile", $smroot,
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content DER format, RSA key, SHA512 md, CAdES-BES compatible",
[ "{cmd1}", @prov, "-sign", "-cades", "-md", "sha512", "-in", $smcont, "-outform",
- "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "DER", "-nodetach", "-certfile", $smroot,
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible",
[ "{cmd1}", @prov, "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256",
"-in", $smcont, "-outform", "DER",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-certfile", $smroot, "-signer", $smrsa1,
"-outform", "DER", "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "resigned content DER format, RSA key, SHA256 md, CAdES-BES compatible",
[ "{cmd1}", @prov, "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256",
"-in", $smcont, "-outform", "DER",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-certfile", $smroot, "-signer", $smrsa1,
"-outform", "DER", "-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-resign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256",
"-inform", "DER", "-in", "{output}.cms",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa2.pem"),
+ "-certfile", $smroot, "-signer", catfile($smdir, "smrsa2.pem"),
"-outform", "DER", "-out", "{output}2.cms" ],
[ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}2.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
);
@@ -454,11 +451,10 @@ my @smime_cms_cades_tests = (
my @smime_cms_cades_ko_tests = (
[ "sign content DER format, RSA key, not CAdES-BES compatible",
[ @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-certfile", catfile($smdir, "smroot.pem"),
- "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
"fail to verify token since requiring CAdES-BES compatibility",
[ @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
]
);
@@ -489,51 +485,50 @@ my @smime_cms_comp_tests = (
my @smime_cms_param_tests = (
[ "signed content test streaming PEM format, RSA keys, PSS signature",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss",
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max",
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-noattr",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-noattr", "-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss",
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", catfile($smdir, "smrsa1.pem"),
+ "-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384",
"-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
[ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
- "-recip", catfile($smdir, "smrsa1.pem"),
+ "-recip", $smrsa1,
"-keyopt", "rsa_padding_mode:oaep" ],
- [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1,
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
@@ -541,10 +536,10 @@ my @smime_cms_param_tests = (
[ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
- "-recip", catfile($smdir, "smrsa1.pem"),
+ "-recip", $smrsa1,
"-keyopt", "rsa_padding_mode:oaep",
"-keyopt", "rsa_oaep_md:sha256" ],
- [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1,
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
@@ -619,8 +614,7 @@ my @smime_cms_param_tests = (
my @contenttype_cms_test = (
[ "signed content test - check that content type is added to additional signerinfo, RSA keys",
[ "{cmd1}", @prov, "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont,
- "-outform", "DER",
- "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
+ "-outform", "DER", "-signer", $smrsa1, "-md", "SHA256",
"-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-resign", "-binary", "-nodetach", "-in", "{output}.cms",
"-inform", "DER", "-outform", "DER",
@@ -628,7 +622,7 @@ my @contenttype_cms_test = (
"-out", "{output}2.cms" ],
sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; },
[ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER",
- "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ]
+ "-CAfile", $smroot, "-out", "{output}.txt" ]
],
);
@@ -761,7 +755,7 @@ subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
ok(!run(app(["openssl", "cms", @prov, "-verify", "-in",
catfile($datadir, $name), "-inform", "DER", "-CAfile",
- catfile($smdir, "smroot.pem"), "-out", $out ])),
+ $smroot, "-out", $out ])),
$name);
}
};
@@ -817,42 +811,38 @@ subtest "CMS binary input tests\n" => sub {
my $input = srctop_file("test", "smcont.bin");
my $signed = "smcont.signed";
my $verified = "smcont.verified";
- my $cert = srctop_file("test", "certs", "ee-self-signed.pem");
- my $key = srctop_file("test", "certs", "ee-key.pem");
plan tests => 11;
- ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
- "-signer", $cert, "-inkey", $key,
+ ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1,
"-binary", "-in", $input, "-out", $signed])),
"sign binary input with -binary");
- ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+ ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot,
"-binary", "-in", $signed, "-out", $verified])),
"verify binary input with -binary");
is(compare($input, $verified), 0, "binary input retained with -binary");
- ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
- "-signer", $cert, "-inkey", $key,
+ ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1,
"-in", $input, "-out", $signed.".nobin"])),
"sign binary input without -binary");
- ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+ ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot,
"-in", $signed.".nobin", "-out", $verified.".nobin"])),
"verify binary input without -binary");
is(compare($input, $verified.".nobin"), 1, "binary input not retained without -binary");
- ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
+ ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-crlfeol",
"-binary", "-in", $signed, "-out", $verified.".crlfeol"])),
"verify binary input wrong crlfeol");
- ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-crlfeol",
- "-signer", $cert, "-inkey", $key,
+ ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1,
+ "-crlfeol",
"-binary", "-in", $input, "-out", $signed.".crlf"])),
"sign binary input with -binary -crlfeol");
- ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
+ ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-crlfeol",
"-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
"verify binary input with -binary -crlfeol");
is(compare($input, $verified.".crlf"), 0,
"binary input retained with -binary -crlfeol");
- ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+ ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $smroot,
"-binary", "-in", $signed.".crlf", "-out", $verified.".crlf2"])),
"verify binary input with -binary missing -crlfeol");
};
More information about the openssl-commits
mailing list