test/recipes/15-test_rsapss.t: Add test with unrestricted signature

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index 0d7e7bf2e342777585c607c5b7d123928aafb1a7..5c8340259f04db08478cda955fa6d895cccb510a 100644 (file)
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -16,14 +16,22 @@ use OpenSSL::Test::Utils;
 
 setup("test_rsapss");
 
 
 setup("test_rsapss");
 

-plan tests => 5;
+plan tests => 7;

 
 #using test/testrsa.pem which happens to be a 512 bit RSA
 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
 
 #using test/testrsa.pem which happens to be a 512 bit RSA
 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',

-            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
-            '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-sigopt', 'rsa_pss_saltlen:max',
+            '-sigopt', 'rsa_mgf1_md:sha512',
+            '-out', 'testrsapss-restricted.sig',

             srctop_file('test', 'testrsa.pem')])),
             srctop_file('test', 'testrsa.pem')])),

-   "openssl dgst -sign");
+   "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
+
+ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-out', 'testrsapss-unrestricted.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");

 
 with({ exit_checker => sub { return shift == 1; } },
      sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
 
 with({ exit_checker => sub { return shift == 1; } },
      sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',


@@ -41,8 +49,18 @@ with({ exit_checker => sub { return shift == 1; } },
               "openssl dgst -prverify, expect to fail gracefully");
          });
 
               "openssl dgst -prverify, expect to fail gracefully");
          });
 

-ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
-            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
-            '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
+            '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-sigopt', 'rsa_pss_saltlen:max',
+            '-sigopt', 'rsa_mgf1_md:sha512',
+            '-signature', 'testrsapss-restricted.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
+
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
+            '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss',
+            '-signature', 'testrsapss-unrestricted.sig',

             srctop_file('test', 'testrsa.pem')])),
             srctop_file('test', 'testrsa.pem')])),

-   "openssl dgst -prverify");
+   "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");