diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-12 22:04:05 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-05-27 11:06:01 +0200 |
| commit | 91f2b15f2ecd9dd92b6ed2563b10c1a126db2643 (patch) | |
| tree | c51d88b816f7995a4a8d82663422fa8a2df49890 /test/recipes | |
| parent | APPS req: Extend the -keyout option to be respected also with -key (diff) | |
| download | openssl-91f2b15f2ecd9dd92b6ed2563b10c1a126db2643.tar.xz openssl-91f2b15f2ecd9dd92b6ed2563b10c1a126db2643.zip | |
TEST: Prefer using precomputed RSA and DH keys for more efficient tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
Diffstat (limited to 'test/recipes')
| -rw-r--r-- | test/recipes/04-test_encoder_decoder.t | 5 | ||||
| -rw-r--r-- | test/recipes/04-test_encoder_decoder_legacy.t | 6 | ||||
| -rw-r--r-- | test/recipes/25-test_req.t | 2 | ||||
| -rw-r--r-- | test/recipes/25-test_verify_store.t | 4 | ||||
| -rw-r--r-- | test/recipes/80-test_ca.t | 10 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_old.t | 20 | ||||
| -rw-r--r-- | test/recipes/80-test_tsa.t | 7 |
7 files changed, 36 insertions, 18 deletions
diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t index 2041eb1fb9..0152519716 100644 --- a/test/recipes/04-test_encoder_decoder.t +++ b/test/recipes/04-test_encoder_decoder.t @@ -20,4 +20,7 @@ plan tests => 1; $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf")); -ok(run(test(["endecode_test"]))); +my $rsa_key = srctop_file("test", "certs", "ee-key.pem"); +my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem"); + +ok(run(test(["endecode_test", $rsa_key, $pss_key]))); diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t index d6671b2215..f278e17e48 100644 --- a/test/recipes/04-test_encoder_decoder_legacy.t +++ b/test/recipes/04-test_encoder_decoder_legacy.t @@ -20,8 +20,10 @@ plan skip_all => "Not available in a no-deprecated build" if disabled("deprecated"); plan tests => 1; - $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf")); -ok(run(test(["endecoder_legacy_test"]))); +my $rsa_key = srctop_file("test", "certs", "ee-key.pem"); +my $dh_key = srctop_file("test", "certs", "dhk2048.pem"); + +ok(run(test(["endecoder_legacy_test", $rsa_key, $dh_key]))); diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 0fcb56a46a..9783fe3960 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -33,6 +33,7 @@ if (disabled("rsa")) { # Check for duplicate -addext parameters, and one "working" case. my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", + "-key", srctop_file("test", "certs", "ee-key.pem"), "-config", srctop_file("test", "test.cnf"), @req_new ); my $val = "subjectAltName=DNS:example.com"; my $val2 = " " . $val; @@ -288,6 +289,7 @@ subtest "generating certificate requests" => sub { plan tests => 2; ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + "-key", srctop_file("test", "certs", "ee-key.pem"), @req_new, "-out", "testreq.pem"])), "Generating request"); diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t index 920b608a37..a2268c59e4 100644 --- a/test/recipes/25-test_verify_store.t +++ b/test/recipes/25-test_verify_store.t @@ -17,6 +17,8 @@ setup("test_verify_store"); plan tests => 10; my $dummycnf = srctop_file("apps", "openssl.cnf"); +my $cakey = srctop_file("test", "certs", "ca-key.pem"); +my $ukey = srctop_file("test", "certs", "ee-key.pem"); my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $CAkey = "keyCA.ss"; @@ -33,6 +35,7 @@ SKIP: { qw(-new -section userreq), -config => $cnf, -out => $CAreq, + -key => $cakey, -keyout => $CAkey ); skip 'failure', 8 unless @@ -73,6 +76,7 @@ SKIP: { qw(-new -section userreq), -config => $cnf, -out => $Ureq, + -key => $ukey, -keyout => $Ukey ); skip 'failure', 2 unless diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index 4b145264ad..59a09ee917 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -29,15 +29,18 @@ rmtree("demoCA", { safe => 0 }); plan tests => 15; SKIP: { + my $cakey = srctop_file("test", "certs", "ca-key.pem"); $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating CA structure", 4 - if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), + if !ok(run(perlapp(["CA.pl","-newca", + "-extra-req", "-key $cakey"], stdin => undef)), 'creating CA structure'); + my $eekey = srctop_file("test", "certs", "ee-key.pem"); $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq", - '-extra-req', '-outform DER -section userreq'])), + '-extra-req', "-outform DER -section userreq -key $eekey"])), 'creating certificate request'); $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf; skip "failed to sign certificate request", 2 @@ -50,8 +53,9 @@ plan tests => 15; skip "CT not configured, can't use -precert", 1 if disabled("ct"); + my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem"); $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; - ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)), + ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)), 'creating new pre-certificate'); } diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index d01b2b72a8..59f364d7f7 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -46,12 +46,12 @@ my @genpkeycmd = ("openssl", "genpkey"); my $dummycnf = srctop_file("apps", "openssl.cnf"); my $cnf = srctop_file("test", "ca-and-certs.cnf"); -my $CAkey = "keyCA.ss"; +my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss" my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; my $CAreq2="req2CA.ss"; # temp -my $Ukey="keyU.ss"; +my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; my $Dkey="keyD.ss"; @@ -62,11 +62,11 @@ my $Ereq="reqE.ss"; my $Ecert="certE.ss"; my $proxycnf=srctop_file("test", "proxy.cnf"); -my $P1key="keyP1.ss"; +my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss"; my $P1req="reqP1.ss"; my $P1cert="certP1.ss"; my $P1intermediate="tmp_intP1.ss"; -my $P2key="keyP2.ss"; +my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss"; my $P2req="reqP2.ss"; my $P2cert="certP2.ss"; my $P2intermediate="tmp_intP2.ss"; @@ -125,7 +125,7 @@ sub testss { SKIP: { skip 'failure', 16 unless ok(run(app([@reqcmd, "-config", $cnf, - "-out", $CAreq, "-keyout", $CAkey, + "-out", $CAreq, "-key", $CAkey, @req_new])), 'make cert request'); @@ -159,7 +159,7 @@ sub testss { skip 'failure', 10 unless ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", - "-out", $Ureq, "-keyout", $Ukey, @req_new], + "-out", $Ureq, "-key", $Ukey, @req_new], stdout => "err.ss")), 'make a user cert request'); @@ -271,7 +271,7 @@ sub testss { skip 'failure', 5 unless ok(run(app([@reqcmd, "-config", $proxycnf, - "-out", $P1req, "-keyout", $P1key, @req_new], + "-out", $P1req, "-key", $P1key, @req_new], stdout => "err.ss")), 'make a proxy cert request'); @@ -294,7 +294,7 @@ sub testss { skip 'failure', 2 unless ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", - "-out", $P2req, "-keyout", $P2key, + "-out", $P2req, "-key", $P2key, @req_new], stdout => "err.ss")), 'make another proxy cert request'); @@ -427,11 +427,11 @@ sub testssl { my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; if (!$no_dsa) { - push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; + push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; } if (!$no_ec) { - push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss"; + push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey; } my @protocols = (); diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t index 6fa005aebc..a76d4a9d05 100644 --- a/test/recipes/80-test_tsa.t +++ b/test/recipes/80-test_tsa.t @@ -25,6 +25,7 @@ plan skip_all => "TS is not supported by this OpenSSL build" # here, however, to be available in all subroutines. my $openssl_conf; my $testtsa; +my $tsacakey; my $CAtsa; my @QUERY = ("openssl", "ts", "-query"); my @REPLY; @@ -38,12 +39,13 @@ sub create_tsa_cert { ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new", "-out", "tsa_req${INDEX}.pem", + "-key", srctop_file("test", "certs", "alt${INDEX}-key.pem"), "-keyout", "tsa_key${INDEX}.pem"]))); note "using extension $EXT"; ok(run(app(["openssl", "x509", "-req", "-in", "tsa_req${INDEX}.pem", "-out", "tsa_cert${INDEX}.pem", - "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem", + "-CA", "tsaca.pem", "-CAkey", $tsacakey, "-CAcreateserial", "-extfile", $openssl_conf, "-extensions", $EXT]))); } @@ -90,6 +92,7 @@ indir "tsa" => sub { $openssl_conf = srctop_file("test", "CAtsa.cnf"); $testtsa = srctop_file("test", "recipes", "80-test_tsa.t"); + $tsacakey = srctop_file("test", "certs", "ca-key.pem"); $CAtsa = srctop_file("test", "CAtsa.cnf"); @REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply"); @@ -102,7 +105,7 @@ indir "tsa" => sub skip "failed", 19 unless ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new", "-x509", "-noenc", - "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), + "-out", "tsaca.pem", "-key", $tsacakey])), 'creating a new CA for the TSA tests'); skip "failed", 18 |