root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

TEST: Prefer using precomputed RSA and DH keys for more efficient tests 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
This commit is contained in:
Dr. David von Oheimb 2020-12-12 22:04:05 +01:00 committed by Dr. David von Oheimb
parent 8b893c35da
commit 91f2b15f2e
15 changed files with 104 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/CAtsa.cnf
View File

@ -48,7 +48,6 @@ emailAddress = optional
#---------------------------------------------------------------------- #----------------------------------------------------------------------
[ req ] [ req ]
default_bits = 2048
default_md = sha1 default_md = sha1
distinguished_name = $ENV::TSDNSECT distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no encrypt_rsa_key = no

4
test/ca-and-certs.cnf
View File

@ -3,8 +3,6 @@ CN2 = Brother 2
#################################################################### ####################################################################
[ req ] [ req ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
encrypt_rsa_key = no encrypt_rsa_key = no
default_md = sha1 default_md = sha1
@ -19,8 +17,6 @@ commonName_value = Dodgy CA
#################################################################### ####################################################################
[ userreq ] [ userreq ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = user_dn distinguished_name = user_dn
encrypt_rsa_key = no encrypt_rsa_key = no
default_md = sha256 default_md = sha256

14
test/certs/dhk2048.pem Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PRIVATE KEY-----
MIICKgIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////yQ/aoiFowjTE
xmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP
4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJ
KGZR7ORbPcIAfLihY78FmNpINhxV05ppFj+o/STPX4NlXSPco62WHGLzViCFUrue
1SkHcJaWbWcMNU5KvJgE8XRsCMoYIXwykF5GLjbOO+OedywYDoYDmyeDouwHoo+1
xV3wb0xSyd4ry/aVWBcYOZVJfOqVauUV0iYYmPoFEBVyjlqKrKpo//////////8C
AQICAgf/BIIBBAKCAQBPXxEkDA2EWknARF2EzUo6gc1eFNdKMVwa7aT3e2ClTIkN
B4Y6XsJCS5C4q0vKhHtdH5LswCxUPfTQQAOlKPzcdMcGuOvx8gl90kvaOuxnD0wQ
rpRmC64FbN+h503UJuGuNTFO2AvgLVb6EA637soAcWR6qLtRJ3wDpr1OW/ertIUj
jhzD1i255j+z6UVQBNLy882AUSHfjr1UzWTYfcyn1zpQbZtbIh+0O5cloIl6Ek4N
c3NtCgwAmTROrsKqHGmaW+pw4sOAAtNJByPT0y725s7tq4mAJKJgCc2J8Lbwbx9Z
s+tEoCidGYuBRNouVH6I6POwjIhdpU0kIscdv+w8
-----END PRIVATE KEY-----

34
test/endecode_test.c
View File

@ -88,6 +88,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
} }
#endif #endif
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
OSSL_PARAM *genparams) OSSL_PARAM *genparams)
{ {
@ -109,6 +110,7 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
return pkey; return pkey;
} }
#endif
/* Main test driver */ /* Main test driver */
@ -1182,6 +1184,9 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
# endif /* OPENSSL_NO_EC2M */ # endif /* OPENSSL_NO_EC2M */
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#define USAGE "rsa-key.pem rsa-pss-key.pem\n"
OPT_TEST_DECLARE_USAGE(USAGE)
int setup_tests(void) int setup_tests(void)
{ {
# ifndef OPENSSL_NO_RC4 # ifndef OPENSSL_NO_RC4
@ -1207,12 +1212,14 @@ int setup_tests(void)
}; };
#endif #endif
/* 7 is the default magic number */ if (!test_skip_common_options()) {
static unsigned int rsapss_min_saltlen = 7; TEST_error("Error parsing test options\n");
OSSL_PARAM RSA_PSS_params[] = { return 0;
OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen), }
OSSL_PARAM_END if (test_get_argument_count() != 2) {
}; TEST_error("usage: endecode_test %s", USAGE);
return 0;
}
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL)) if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
@ -1237,15 +1244,16 @@ int setup_tests(void)
TEST_info("Generating keys..."); TEST_info("Generating keys...");
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
TEST_info("Generating DH keys...");
MAKE_DOMAIN_KEYS(DH, "DH", NULL); MAKE_DOMAIN_KEYS(DH, "DH", NULL);
MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
TEST_info("Generating keys...DH done");
#endif #endif
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
TEST_info("Generating DSA keys...");
MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params); MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
TEST_info("Generating keys...DSA done");
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
@ -1257,12 +1265,12 @@ int setup_tests(void)
MAKE_KEYS(ED448, "ED448", NULL); MAKE_KEYS(ED448, "ED448", NULL);
MAKE_KEYS(X25519, "X25519", NULL); MAKE_KEYS(X25519, "X25519", NULL);
MAKE_KEYS(X448, "X448", NULL); MAKE_KEYS(X448, "X448", NULL);
TEST_info("Generating keys...EC done");
#endif #endif
MAKE_KEYS(RSA, "RSA", NULL); TEST_info("Loading RSA key...");
TEST_info("Generating keys...RSA done"); ok = ok && TEST_ptr(key_RSA = load_pkey_pem(test_get_argument(0), NULL));
MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params); TEST_info("Loading RSA_PSS key...");
TEST_info("Generating keys...RSA_PSS done"); ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(test_get_argument(1), NULL));
TEST_info("Generating keys done");
if (ok) { if (ok) {
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH

31
test/endecoder_legacy_test.c
View File

@ -674,19 +674,48 @@ static int test_key(int idx)
return ok; return ok;
} }
#define USAGE "rsa-key.pem dh-key.pem\n"
OPT_TEST_DECLARE_USAGE(USAGE)
int setup_tests(void) int setup_tests(void)
{ {
size_t i; size_t i;
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
if (test_get_argument_count() != 2) {
TEST_error("usage: endecoder_legacy_test %s", USAGE);
return 0;
}
TEST_info("Generating keys..."); TEST_info("Generating keys...");
for (i = 0; i < OSSL_NELEM(keys); i++) { for (i = 0; i < OSSL_NELEM(keys); i++) {
#ifndef OPENSSL_NO_DH
if (strcmp(keys[i].keytype, "DH") == 0) {
if (!TEST_ptr(keys[i].key =
load_pkey_pem(test_get_argument(1), NULL)))
return 0;
continue;
}
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (strcmp(keys[i].keytype, "RSA") == 0) {
if (!TEST_ptr(keys[i].key =
load_pkey_pem(test_get_argument(0), NULL)))
return 0;
continue;
}
#endif
TEST_info("Generating %s key...", keys[i].keytype);
if (!TEST_ptr(keys[i].key = if (!TEST_ptr(keys[i].key =
make_key(keys[i].keytype, keys[i].template_params))) make_key(keys[i].keytype, keys[i].template_params)))
return 0; return 0;
} }
TEST_info("Generating key... done"); TEST_info("Generating keys done");
ADD_ALL_TESTS(test_key, OSSL_NELEM(test_stanzas)); ADD_ALL_TESTS(test_key, OSSL_NELEM(test_stanzas));
return 1; return 1;

5
test/evp_libctx_test.c
View File

@ -530,15 +530,16 @@ static int kem_rsa_gen_recover(void)
unsigned char ct[256] = { 0, }; unsigned char ct[256] = { 0, };
unsigned char unwrap[256] = { 0, }; unsigned char unwrap[256] = { 0, };
size_t ctlen = 0, unwraplen = 0, secretlen = 0; size_t ctlen = 0, unwraplen = 0, secretlen = 0;
int bits = 2048;
ret = TEST_true(rsa_keygen(2048, &pub, &priv)) ret = TEST_true(rsa_keygen(bits, &pub, &priv))
&& TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
&& TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
&& TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL, && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
&secretlen), 1) &secretlen), 1)
&& TEST_int_eq(ctlen, secretlen) && TEST_int_eq(ctlen, secretlen)
&& TEST_int_eq(ctlen, 2048 / 8) && TEST_int_eq(ctlen, bits / 8)
&& TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret, && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
&secretlen), 1) &secretlen), 1)
&& TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))

4
test/proxy.cnf
View File

@ -2,8 +2,6 @@
## Config file for proxy certificate testing. ## Config file for proxy certificate testing.
[ req ] [ req ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name_p1 distinguished_name = req_distinguished_name_p1
encrypt_rsa_key = no encrypt_rsa_key = no
default_md = sha256 default_md = sha256
@ -29,8 +27,6 @@ proxyCertInfo = critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
#################################################################### ####################################################################
[ proxy2_req ] [ proxy2_req ]
default_bits = 2048
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name_p2 distinguished_name = req_distinguished_name_p2
encrypt_rsa_key = no encrypt_rsa_key = no
default_md = sha256 default_md = sha256

5
test/recipes/04-test_encoder_decoder.t
View File

@ -20,4 +20,7 @@ plan tests => 1;
$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf")); $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
ok(run(test(["endecode_test"]))); my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem");
ok(run(test(["endecode_test", $rsa_key, $pss_key])));

6
test/recipes/04-test_encoder_decoder_legacy.t
View File

@ -20,8 +20,10 @@ plan skip_all => "Not available in a no-deprecated build"
if disabled("deprecated"); if disabled("deprecated");
plan tests => 1; plan tests => 1;
$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf")); $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));
ok(run(test(["endecoder_legacy_test"]))); my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
my $dh_key = srctop_file("test", "certs", "dhk2048.pem");
ok(run(test(["endecoder_legacy_test", $rsa_key, $dh_key])));

2
test/recipes/25-test_req.t
View File

@ -33,6 +33,7 @@ if (disabled("rsa")) {
# Check for duplicate -addext parameters, and one "working" case. # Check for duplicate -addext parameters, and one "working" case.
my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
"-key", srctop_file("test", "certs", "ee-key.pem"),
"-config", srctop_file("test", "test.cnf"), @req_new ); "-config", srctop_file("test", "test.cnf"), @req_new );
my $val = "subjectAltName=DNS:example.com"; my $val = "subjectAltName=DNS:example.com";
my $val2 = " " . $val; my $val2 = " " . $val;
@ -288,6 +289,7 @@ subtest "generating certificate requests" => sub {
plan tests => 2; plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
"-key", srctop_file("test", "certs", "ee-key.pem"),
@req_new, "-out", "testreq.pem"])), @req_new, "-out", "testreq.pem"])),
"Generating request"); "Generating request");

4
test/recipes/25-test_verify_store.t
View File

@ -17,6 +17,8 @@ setup("test_verify_store");
plan tests => 10; plan tests => 10;
my $dummycnf = srctop_file("apps", "openssl.cnf"); my $dummycnf = srctop_file("apps", "openssl.cnf");
my $cakey = srctop_file("test", "certs", "ca-key.pem");
my $ukey = srctop_file("test", "certs", "ee-key.pem");
my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss"; my $CAkey = "keyCA.ss";
@ -33,6 +35,7 @@ SKIP: {
qw(-new -section userreq), qw(-new -section userreq),
-config => $cnf, -config => $cnf,
-out => $CAreq, -out => $CAreq,
-key => $cakey,
-keyout => $CAkey ); -keyout => $CAkey );
skip 'failure', 8 unless skip 'failure', 8 unless
@ -73,6 +76,7 @@ SKIP: {
qw(-new -section userreq), qw(-new -section userreq),
-config => $cnf, -config => $cnf,
-out => $Ureq, -out => $Ureq,
-key => $ukey,
-keyout => $Ukey ); -keyout => $Ukey );
skip 'failure', 2 unless skip 'failure', 2 unless

10
test/recipes/80-test_ca.t
View File

@ -29,15 +29,18 @@ rmtree("demoCA", { safe => 0 });
plan tests => 15; plan tests => 15;
SKIP: { SKIP: {
my $cakey = srctop_file("test", "certs", "ca-key.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf; $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
skip "failed creating CA structure", 4 skip "failed creating CA structure", 4
if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), if !ok(run(perlapp(["CA.pl","-newca",
"-extra-req", "-key $cakey"], stdin => undef)),
'creating CA structure'); 'creating CA structure');
my $eekey = srctop_file("test", "certs", "ee-key.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf; $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
skip "failed creating new certificate request", 3 skip "failed creating new certificate request", 3
if !ok(run(perlapp(["CA.pl","-newreq", if !ok(run(perlapp(["CA.pl","-newreq",
'-extra-req', '-outform DER -section userreq'])), '-extra-req', "-outform DER -section userreq -key $eekey"])),
'creating certificate request'); 'creating certificate request');
$ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf; $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf;
skip "failed to sign certificate request", 2 skip "failed to sign certificate request", 2
@ -50,8 +53,9 @@ plan tests => 15;
skip "CT not configured, can't use -precert", 1 skip "CT not configured, can't use -precert", 1
if disabled("ct"); if disabled("ct");
my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf; $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)), ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
'creating new pre-certificate'); 'creating new pre-certificate');
} }

20
test/recipes/80-test_ssl_old.t
View File

@ -46,12 +46,12 @@ my @genpkeycmd = ("openssl", "genpkey");
my $dummycnf = srctop_file("apps", "openssl.cnf"); my $dummycnf = srctop_file("apps", "openssl.cnf");
my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss"; my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss"
my $CAcert="certCA.ss"; my $CAcert="certCA.ss";
my $CAserial="certCA.srl"; my $CAserial="certCA.srl";
my $CAreq="reqCA.ss"; my $CAreq="reqCA.ss";
my $CAreq2="req2CA.ss"; # temp my $CAreq2="req2CA.ss"; # temp
my $Ukey="keyU.ss"; my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss";
my $Ureq="reqU.ss"; my $Ureq="reqU.ss";
my $Ucert="certU.ss"; my $Ucert="certU.ss";
my $Dkey="keyD.ss"; my $Dkey="keyD.ss";
@ -62,11 +62,11 @@ my $Ereq="reqE.ss";
my $Ecert="certE.ss"; my $Ecert="certE.ss";
my $proxycnf=srctop_file("test", "proxy.cnf"); my $proxycnf=srctop_file("test", "proxy.cnf");
my $P1key="keyP1.ss"; my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss";
my $P1req="reqP1.ss"; my $P1req="reqP1.ss";
my $P1cert="certP1.ss"; my $P1cert="certP1.ss";
my $P1intermediate="tmp_intP1.ss"; my $P1intermediate="tmp_intP1.ss";
my $P2key="keyP2.ss"; my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss";
my $P2req="reqP2.ss"; my $P2req="reqP2.ss";
my $P2cert="certP2.ss"; my $P2cert="certP2.ss";
my $P2intermediate="tmp_intP2.ss"; my $P2intermediate="tmp_intP2.ss";
@ -125,7 +125,7 @@ sub testss {
SKIP: { SKIP: {
skip 'failure', 16 unless skip 'failure', 16 unless
ok(run(app([@reqcmd, "-config", $cnf, ok(run(app([@reqcmd, "-config", $cnf,
"-out", $CAreq, "-keyout", $CAkey, "-out", $CAreq, "-key", $CAkey,
@req_new])), @req_new])),
'make cert request'); 'make cert request');
@ -159,7 +159,7 @@ sub testss {
skip 'failure', 10 unless skip 'failure', 10 unless
ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq",
"-out", $Ureq, "-keyout", $Ukey, @req_new], "-out", $Ureq, "-key", $Ukey, @req_new],
stdout => "err.ss")), stdout => "err.ss")),
'make a user cert request'); 'make a user cert request');
@ -271,7 +271,7 @@ sub testss {
skip 'failure', 5 unless skip 'failure', 5 unless
ok(run(app([@reqcmd, "-config", $proxycnf, ok(run(app([@reqcmd, "-config", $proxycnf,
"-out", $P1req, "-keyout", $P1key, @req_new], "-out", $P1req, "-key", $P1key, @req_new],
stdout => "err.ss")), stdout => "err.ss")),
'make a proxy cert request'); 'make a proxy cert request');
@ -294,7 +294,7 @@ sub testss {
skip 'failure', 2 unless skip 'failure', 2 unless
ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req",
"-out", $P2req, "-keyout", $P2key, "-out", $P2req, "-key", $P2key,
@req_new], @req_new],
stdout => "err.ss")), stdout => "err.ss")),
'make another proxy cert request'); 'make another proxy cert request');
@ -427,11 +427,11 @@ sub testssl {
my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
if (!$no_dsa) { if (!$no_dsa) {
push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
} }
if (!$no_ec) { if (!$no_ec) {
push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss"; push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey;
} }
my @protocols = (); my @protocols = ();

7
test/recipes/80-test_tsa.t
View File

@ -25,6 +25,7 @@ plan skip_all => "TS is not supported by this OpenSSL build"
# here, however, to be available in all subroutines. # here, however, to be available in all subroutines.
my $openssl_conf; my $openssl_conf;
my $testtsa; my $testtsa;
my $tsacakey;
my $CAtsa; my $CAtsa;
my @QUERY = ("openssl", "ts", "-query"); my @QUERY = ("openssl", "ts", "-query");
my @REPLY; my @REPLY;
@ -38,12 +39,13 @@ sub create_tsa_cert {
ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new", ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
"-out", "tsa_req${INDEX}.pem", "-out", "tsa_req${INDEX}.pem",
"-key", srctop_file("test", "certs", "alt${INDEX}-key.pem"),
"-keyout", "tsa_key${INDEX}.pem"]))); "-keyout", "tsa_key${INDEX}.pem"])));
note "using extension $EXT"; note "using extension $EXT";
ok(run(app(["openssl", "x509", "-req", ok(run(app(["openssl", "x509", "-req",
"-in", "tsa_req${INDEX}.pem", "-in", "tsa_req${INDEX}.pem",
"-out", "tsa_cert${INDEX}.pem", "-out", "tsa_cert${INDEX}.pem",
"-CA", "tsaca.pem", "-CAkey", "tsacakey.pem", "-CA", "tsaca.pem", "-CAkey", $tsacakey,
"-CAcreateserial", "-CAcreateserial",
"-extfile", $openssl_conf, "-extensions", $EXT]))); "-extfile", $openssl_conf, "-extensions", $EXT])));
} }
@ -90,6 +92,7 @@ indir "tsa" => sub
{ {
$openssl_conf = srctop_file("test", "CAtsa.cnf"); $openssl_conf = srctop_file("test", "CAtsa.cnf");
$testtsa = srctop_file("test", "recipes", "80-test_tsa.t"); $testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
$tsacakey = srctop_file("test", "certs", "ca-key.pem");
$CAtsa = srctop_file("test", "CAtsa.cnf"); $CAtsa = srctop_file("test", "CAtsa.cnf");
@REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply"); @REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply");
@ -102,7 +105,7 @@ indir "tsa" => sub
skip "failed", 19 skip "failed", 19
unless ok(run(app(["openssl", "req", "-config", $openssl_conf, unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
"-new", "-x509", "-noenc", "-new", "-x509", "-noenc",
"-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), "-out", "tsaca.pem", "-key", $tsacakey])),
'creating a new CA for the TSA tests'); 'creating a new CA for the TSA tests');
skip "failed", 18 skip "failed", 18

4
test/test.cnf
View File

@ -49,15 +49,11 @@ emailAddress = optional
#################################################################### ####################################################################
[ req ] [ req ]
default_bits = 2048
default_keyfile = testkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
encrypt_rsa_key = no encrypt_rsa_key = no
# Make altreq be identical to req # Make altreq be identical to req
[ altreq ] [ altreq ]
default_bits = 2048
default_keyfile = testkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
encrypt_rsa_key = no encrypt_rsa_key = no