#----------------------------------------------------------------------
[ req ]
-default_bits = 2048
default_md = sha1
distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no
####################################################################
[ req ]
-default_bits = 2048
-default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_md = sha1
####################################################################
[ userreq ]
-default_bits = 2048
-default_keyfile = keySS.pem
distinguished_name = user_dn
encrypt_rsa_key = no
default_md = sha256
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICKgIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////yQ/aoiFowjTE
+xmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP
+4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJ
+KGZR7ORbPcIAfLihY78FmNpINhxV05ppFj+o/STPX4NlXSPco62WHGLzViCFUrue
+1SkHcJaWbWcMNU5KvJgE8XRsCMoYIXwykF5GLjbOO+OedywYDoYDmyeDouwHoo+1
+xV3wb0xSyd4ry/aVWBcYOZVJfOqVauUV0iYYmPoFEBVyjlqKrKpo//////////8C
+AQICAgf/BIIBBAKCAQBPXxEkDA2EWknARF2EzUo6gc1eFNdKMVwa7aT3e2ClTIkN
+B4Y6XsJCS5C4q0vKhHtdH5LswCxUPfTQQAOlKPzcdMcGuOvx8gl90kvaOuxnD0wQ
+rpRmC64FbN+h503UJuGuNTFO2AvgLVb6EA637soAcWR6qLtRJ3wDpr1OW/ertIUj
+jhzD1i255j+z6UVQBNLy882AUSHfjr1UzWTYfcyn1zpQbZtbIh+0O5cloIl6Ek4N
+c3NtCgwAmTROrsKqHGmaW+pw4sOAAtNJByPT0y725s7tq4mAJKJgCc2J8Lbwbx9Z
+s+tEoCidGYuBRNouVH6I6POwjIhdpU0kIscdv+w8
+-----END PRIVATE KEY-----
}
#endif
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
OSSL_PARAM *genparams)
{
EVP_PKEY_CTX_free(ctx);
return pkey;
}
+#endif
/* Main test driver */
# endif /* OPENSSL_NO_EC2M */
#endif /* OPENSSL_NO_EC */
+#define USAGE "rsa-key.pem rsa-pss-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
int setup_tests(void)
{
# ifndef OPENSSL_NO_RC4
};
#endif
- /* 7 is the default magic number */
- static unsigned int rsapss_min_saltlen = 7;
- OSSL_PARAM RSA_PSS_params[] = {
- OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
- OSSL_PARAM_END
- };
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+ if (test_get_argument_count() != 2) {
+ TEST_error("usage: endecode_test %s", USAGE);
+ return 0;
+ }
#ifndef OPENSSL_NO_EC
if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
TEST_info("Generating keys...");
#ifndef OPENSSL_NO_DH
+ TEST_info("Generating DH keys...");
MAKE_DOMAIN_KEYS(DH, "DH", NULL);
MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
- TEST_info("Generating keys...DH done");
#endif
#ifndef OPENSSL_NO_DSA
+ TEST_info("Generating DSA keys...");
MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
- TEST_info("Generating keys...DSA done");
#endif
#ifndef OPENSSL_NO_EC
+ TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
MAKE_KEYS(ED448, "ED448", NULL);
MAKE_KEYS(X25519, "X25519", NULL);
MAKE_KEYS(X448, "X448", NULL);
- TEST_info("Generating keys...EC done");
#endif
- MAKE_KEYS(RSA, "RSA", NULL);
- TEST_info("Generating keys...RSA done");
- MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
- TEST_info("Generating keys...RSA_PSS done");
+ TEST_info("Loading RSA key...");
+ ok = ok && TEST_ptr(key_RSA = load_pkey_pem(test_get_argument(0), NULL));
+ TEST_info("Loading RSA_PSS key...");
+ ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(test_get_argument(1), NULL));
+ TEST_info("Generating keys done");
if (ok) {
#ifndef OPENSSL_NO_DH
return ok;
}
+#define USAGE "rsa-key.pem dh-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
int setup_tests(void)
{
size_t i;
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+ if (test_get_argument_count() != 2) {
+ TEST_error("usage: endecoder_legacy_test %s", USAGE);
+ return 0;
+ }
+
TEST_info("Generating keys...");
for (i = 0; i < OSSL_NELEM(keys); i++) {
+#ifndef OPENSSL_NO_DH
+ if (strcmp(keys[i].keytype, "DH") == 0) {
+ if (!TEST_ptr(keys[i].key =
+ load_pkey_pem(test_get_argument(1), NULL)))
+ return 0;
+ continue;
+ }
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ if (strcmp(keys[i].keytype, "RSA") == 0) {
+ if (!TEST_ptr(keys[i].key =
+ load_pkey_pem(test_get_argument(0), NULL)))
+ return 0;
+ continue;
+ }
+#endif
+ TEST_info("Generating %s key...", keys[i].keytype);
if (!TEST_ptr(keys[i].key =
make_key(keys[i].keytype, keys[i].template_params)))
return 0;
}
- TEST_info("Generating key... done");
+ TEST_info("Generating keys done");
ADD_ALL_TESTS(test_key, OSSL_NELEM(test_stanzas));
return 1;
unsigned char ct[256] = { 0, };
unsigned char unwrap[256] = { 0, };
size_t ctlen = 0, unwraplen = 0, secretlen = 0;
+ int bits = 2048;
- ret = TEST_true(rsa_keygen(2048, &pub, &priv))
+ ret = TEST_true(rsa_keygen(bits, &pub, &priv))
&& TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
&& TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
&& TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
&secretlen), 1)
&& TEST_int_eq(ctlen, secretlen)
- && TEST_int_eq(ctlen, 2048 / 8)
+ && TEST_int_eq(ctlen, bits / 8)
&& TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
&secretlen), 1)
&& TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
## Config file for proxy certificate testing.
[ req ]
-default_bits = 2048
-default_keyfile = keySS.pem
distinguished_name = req_distinguished_name_p1
encrypt_rsa_key = no
default_md = sha256
####################################################################
[ proxy2_req ]
-default_bits = 2048
-default_keyfile = keySS.pem
distinguished_name = req_distinguished_name_p2
encrypt_rsa_key = no
default_md = sha256
$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
-ok(run(test(["endecode_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem");
+
+ok(run(test(["endecode_test", $rsa_key, $pss_key])));
if disabled("deprecated");
plan tests => 1;
-
$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));
-ok(run(test(["endecoder_legacy_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $dh_key = srctop_file("test", "certs", "dhk2048.pem");
+
+ok(run(test(["endecoder_legacy_test", $rsa_key, $dh_key])));
# Check for duplicate -addext parameters, and one "working" case.
my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+ "-key", srctop_file("test", "certs", "ee-key.pem"),
"-config", srctop_file("test", "test.cnf"), @req_new );
my $val = "subjectAltName=DNS:example.com";
my $val2 = " " . $val;
plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+ "-key", srctop_file("test", "certs", "ee-key.pem"),
@req_new, "-out", "testreq.pem"])),
"Generating request");
plan tests => 10;
my $dummycnf = srctop_file("apps", "openssl.cnf");
+my $cakey = srctop_file("test", "certs", "ca-key.pem");
+my $ukey = srctop_file("test", "certs", "ee-key.pem");
my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss";
qw(-new -section userreq),
-config => $cnf,
-out => $CAreq,
+ -key => $cakey,
-keyout => $CAkey );
skip 'failure', 8 unless
qw(-new -section userreq),
-config => $cnf,
-out => $Ureq,
+ -key => $ukey,
-keyout => $Ukey );
skip 'failure', 2 unless
plan tests => 15;
SKIP: {
+ my $cakey = srctop_file("test", "certs", "ca-key.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
skip "failed creating CA structure", 4
- if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
+ if !ok(run(perlapp(["CA.pl","-newca",
+ "-extra-req", "-key $cakey"], stdin => undef)),
'creating CA structure');
+ my $eekey = srctop_file("test", "certs", "ee-key.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
skip "failed creating new certificate request", 3
if !ok(run(perlapp(["CA.pl","-newreq",
- '-extra-req', '-outform DER -section userreq'])),
+ '-extra-req', "-outform DER -section userreq -key $eekey"])),
'creating certificate request');
$ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf;
skip "failed to sign certificate request", 2
skip "CT not configured, can't use -precert", 1
if disabled("ct");
+ my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem");
$ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
- ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)),
+ ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
'creating new pre-certificate');
}
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $cnf = srctop_file("test", "ca-and-certs.cnf");
-my $CAkey = "keyCA.ss";
+my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss"
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
my $CAreq2="req2CA.ss"; # temp
-my $Ukey="keyU.ss";
+my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";
my $Dkey="keyD.ss";
my $Ecert="certE.ss";
my $proxycnf=srctop_file("test", "proxy.cnf");
-my $P1key="keyP1.ss";
+my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss";
my $P1req="reqP1.ss";
my $P1cert="certP1.ss";
my $P1intermediate="tmp_intP1.ss";
-my $P2key="keyP2.ss";
+my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss";
my $P2req="reqP2.ss";
my $P2cert="certP2.ss";
my $P2intermediate="tmp_intP2.ss";
SKIP: {
skip 'failure', 16 unless
ok(run(app([@reqcmd, "-config", $cnf,
- "-out", $CAreq, "-keyout", $CAkey,
+ "-out", $CAreq, "-key", $CAkey,
@req_new])),
'make cert request');
skip 'failure', 10 unless
ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq",
- "-out", $Ureq, "-keyout", $Ukey, @req_new],
+ "-out", $Ureq, "-key", $Ukey, @req_new],
stdout => "err.ss")),
'make a user cert request');
skip 'failure', 5 unless
ok(run(app([@reqcmd, "-config", $proxycnf,
- "-out", $P1req, "-keyout", $P1key, @req_new],
+ "-out", $P1req, "-key", $P1key, @req_new],
stdout => "err.ss")),
'make a proxy cert request');
skip 'failure', 2 unless
ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req",
- "-out", $P2req, "-keyout", $P2key,
+ "-out", $P2req, "-key", $P2key,
@req_new],
stdout => "err.ss")),
'make another proxy cert request');
my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
if (!$no_dsa) {
- push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
+ push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
}
if (!$no_ec) {
- push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
+ push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey;
}
my @protocols = ();
# here, however, to be available in all subroutines.
my $openssl_conf;
my $testtsa;
+my $tsacakey;
my $CAtsa;
my @QUERY = ("openssl", "ts", "-query");
my @REPLY;
ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
"-out", "tsa_req${INDEX}.pem",
+ "-key", srctop_file("test", "certs", "alt${INDEX}-key.pem"),
"-keyout", "tsa_key${INDEX}.pem"])));
note "using extension $EXT";
ok(run(app(["openssl", "x509", "-req",
"-in", "tsa_req${INDEX}.pem",
"-out", "tsa_cert${INDEX}.pem",
- "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
+ "-CA", "tsaca.pem", "-CAkey", $tsacakey,
"-CAcreateserial",
"-extfile", $openssl_conf, "-extensions", $EXT])));
}
{
$openssl_conf = srctop_file("test", "CAtsa.cnf");
$testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
+ $tsacakey = srctop_file("test", "certs", "ca-key.pem");
$CAtsa = srctop_file("test", "CAtsa.cnf");
@REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply");
skip "failed", 19
unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
"-new", "-x509", "-noenc",
- "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+ "-out", "tsaca.pem", "-key", $tsacakey])),
'creating a new CA for the TSA tests');
skip "failed", 18
####################################################################
[ req ]
-default_bits = 2048
-default_keyfile = testkey.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
# Make altreq be identical to req
[ altreq ]
-default_bits = 2048
-default_keyfile = testkey.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
projects / openssl.git / commitdiff