test/recipes/15-test_rsapss.t: Add test with unrestricted signature

[openssl.git] / test / recipes / 15-test_rsapss.t

diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index 59144cdaeee18073b8fb6675409bc81f334cac3d..5c8340259f04db08478cda955fa6d895cccb510a 100644 (file)
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,14 +16,22 @@ use OpenSSL::Test::Utils;
 
 setup("test_rsapss");
 
-plan tests => 5;
+plan tests => 7;
 
 #using test/testrsa.pem which happens to be a 512 bit RSA
 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
-            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
-            '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-sigopt', 'rsa_pss_saltlen:max',
+            '-sigopt', 'rsa_mgf1_md:sha512',
+            '-out', 'testrsapss-restricted.sig',
             srctop_file('test', 'testrsa.pem')])),
-   "openssl dgst -sign");
+   "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
+
+ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-out', 'testrsapss-unrestricted.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
 
 with({ exit_checker => sub { return shift == 1; } },
      sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
@@ -41,8 +49,18 @@ with({ exit_checker => sub { return shift == 1; } },
               "openssl dgst -prverify, expect to fail gracefully");
          });
 
-ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
-            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
-            '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
+            '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-sigopt', 'rsa_pss_saltlen:max',
+            '-sigopt', 'rsa_mgf1_md:sha512',
+            '-signature', 'testrsapss-restricted.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
+
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
+            '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-signature', 'testrsapss-unrestricted.sig',
             srctop_file('test', 'testrsa.pem')])),
-   "openssl dgst -prverify");
+   "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");