Add more tests for apps/req
authorNicola Tuveri <nic.tuv@gmail.com>
Thu, 31 Oct 2019 15:17:31 +0000 (17:17 +0200)
committerNicola Tuveri <nic.tuv@gmail.com>
Wed, 13 Nov 2019 14:58:37 +0000 (16:58 +0200)
https://github.com/openssl/openssl/issues/10224#issuecomment-546593113
highlighted that existing testing infrastructure is not covering common
usage patterns of the `req` app.

This commit explicitly adds request generations thorugh the CLI using
RSA, DSA and ECDSA (P-256) keys.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/pr-10312)

test/recipes/25-test_req.t

index 7dae692482306ee9c8d2b608e97ce814dcdbbd17..6da8e897f5e9a80a88f959521c184ede39e78833 100644 (file)
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 10;
+plan tests => 13;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -46,15 +46,75 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
+subtest "generating certificate requests with RSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "RSA is not supported by this OpenSSL build", 2
+            if disabled("rsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with DSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "DSA is not supported by this OpenSSL build", 2
+            if disabled("dsa");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testdsa.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
+subtest "generating certificate requests with ECDSA" => sub {
+    plan tests => 2;
+
+    SKIP: {
+        skip "ECDSA is not supported by this OpenSSL build", 2
+            if disabled("ec");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq.pem", "-utf8",
+                    "-key", srctop_file("test", "testec-p256.pem")])),
+           "Generating request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout"])),
+           "Verifying signature on request");
+    }
+};
+
 subtest "generating certificate requests" => sub {
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-               @req_new, "-out", "testreq.pem"])),
+                @req_new, "-out", "testreq.pem"])),
        "Generating request");
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-               "-verify", "-in", "testreq.pem", "-noout"])),
+                "-verify", "-in", "testreq.pem", "-noout"])),
        "Verifying signature on request");
 };
 
@@ -64,24 +124,28 @@ subtest "generating SM2 certificate requests" => sub {
     SKIP: {
         skip "SM2 is not supported by this OpenSSL build", 4
         if disabled("sm2");
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "sm2_id:1234567812345678",
                     "-out", "testreq.pem", "-sm3"])),
            "Generating SM2 certificate request");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-id", "1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "sm2_hex_id:DEADBEEF",
                     "-out", "testreq.pem", "-sm3"])),
            "Generating SM2 certificate request with hex id");
 
-        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-hex-id", "DEADBEEF", "-sm3"])),
            "Verifying signature on SM2 certificate request");
@@ -91,9 +155,9 @@ subtest "generating SM2 certificate requests" => sub {
 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 
 run_conversion('req conversions',
-              "testreq.pem");
+               "testreq.pem");
 run_conversion('req conversions -- testreq2',
-              srctop_file("test", "testreq2.pem"));
+               srctop_file("test", "testreq2.pem"));
 
 unlink "testkey.pem", "testreq.pem";
 
@@ -102,20 +166,20 @@ sub run_conversion {
     my $reqfile = shift;
 
     subtest $title => sub {
-       run(app(["openssl", @openssl_args,
-                "-in", $reqfile, "-inform", "p",
-                "-noout", "-text"],
-               stderr => "req-check.err", stdout => undef));
-       open DATA, "req-check.err";
-      SKIP: {
-         plan skip_all => "skipping req conversion test for $reqfile"
-             if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
-
-         tconversion("req", $reqfile, @openssl_args);
-       }
-       close DATA;
-       unlink "req-check.err";
-
-       done_testing();
+        run(app(["openssl", @openssl_args,
+                 "-in", $reqfile, "-inform", "p",
+                 "-noout", "-text"],
+                stderr => "req-check.err", stdout => undef));
+        open DATA, "req-check.err";
+        SKIP: {
+            plan skip_all => "skipping req conversion test for $reqfile"
+                if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
+
+            tconversion("req", $reqfile, @openssl_args);
+        }
+        close DATA;
+        unlink "req-check.err";
+
+        done_testing();
     };
 }