diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-07-23 17:34:26 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-09-03 17:48:32 +0200 |
| commit | 7620d89c3f2f420ea951fb5b48f976079bfc7429 (patch) | |
| tree | a5e17343faf4e0a9d7ecd9847a7a3ba43940609d | |
| parent | a1447076beee138cab1cc4b277aae189defffdf4 (diff) | |
| download | openssl-7620d89c3f2f420ea951fb5b48f976079bfc7429.zip openssl-7620d89c3f2f420ea951fb5b48f976079bfc7429.tar.gz openssl-7620d89c3f2f420ea951fb5b48f976079bfc7429.tar.bz2 | |
TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders
We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE implementation works as advertised.
OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way
that they look for internal / engine implementations first, and only
failing that, they will try to fetch a provider implementation. This
ensures that when we do specify an engine, it gets exceptional priority.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
| -rw-r--r-- | test/recipes/90-test_store.t | 321 |
1 files changed, 174 insertions, 147 deletions
diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 57c2e6e..05e4b34 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -86,13 +86,27 @@ my @noexist_file_files = ( "file:blahdiblah.pem", "file:test/blahdibleh.der" ); -my $n = (3 * scalar @noexist_files) - + (6 * scalar @src_files) - + (4 * scalar @generated_files) - + (scalar keys %generated_file_files) - + (scalar @noexist_file_files) - + 3 - + 11; +# There is more than one method to get a 'file:' loader. +# The default is a built-in provider implementation. +# However, there is also an engine, specially for testing purposes. +# +# @methods is a collection of extra 'openssl storeutl' arguments used to +# try the different methods. +my @methods; +push @methods, [qw(-provider default -provider legacy)]; +push @methods, [qw(-engine loader_attic)] + unless disabled('dynamic-engine') || disabled('deprecated-3.0'); + +my $n = scalar @methods + * ( (3 * scalar @noexist_files) + + (6 * scalar @src_files) + + (4 * scalar @generated_files) + + (scalar keys %generated_file_files) + + (scalar @noexist_file_files) + + 3 + + 11 ); + +plan skip_all => "No plan" if $n == 0; plan tests => $n; @@ -103,132 +117,134 @@ indir "store_$$" => sub { my $rehash = init_rehash(); - foreach (@noexist_files) { - my $file = srctop_file($_); + foreach my $method (@methods) { + my @storeutl = ( qw(openssl storeutl), @$method ); - ok(!run(app(["openssl", "storeutl", "-noout", $file]))); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file($file)]))); - { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + foreach (@noexist_files) { + my $file = srctop_file($_); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file)]))); - } - } - foreach (@src_files) { - my $file = srctop_file($_); + ok(!run(app([@storeutl, "-noout", $file]))); + ok(!run(app([@storeutl, "-noout", to_abs_file($file)]))); + { + local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; - ok(run(app(["openssl", "storeutl", "-noout", $file]))); - ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)]))); - SKIP: - { - skip "file: tests disabled on MingW", 4 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file)]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "")]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "localhost")]))); - ok(!run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($file, 0, "dummy")]))); + ok(!run(app([@storeutl, "-noout", + to_abs_file_uri($file)]))); + } } - } - foreach (@generated_files) { - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", $_]))); - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_abs_file($_)]))); - - SKIP: - { - skip "file: tests disabled on MingW", 2 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_abs_file_uri($_)]))); - ok(!run(app(["openssl", "storeutl", "-noout", "-passin", - "pass:password", to_file_uri($_)]))); + foreach (@src_files) { + my $file = srctop_file($_); + + ok(run(app([@storeutl, "-noout", $file]))); + ok(run(app([@storeutl, "-noout", to_abs_file($file)]))); + SKIP: + { + skip "file: tests disabled on MingW", 4 if $mingw; + + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file)]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "")]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "localhost")]))); + ok(!run(app([@storeutl, "-noout", + to_abs_file_uri($file, 0, "dummy")]))); + } } - } - foreach (values %generated_file_files) { - SKIP: - { - skip "file: tests disabled on MingW", 1 if $mingw; - - ok(run(app(["openssl", "storeutl", "-noout", $_]))); + foreach (@generated_files) { + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", $_]))); + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", to_abs_file($_)]))); + + SKIP: + { + skip "file: tests disabled on MingW", 2 if $mingw; + + ok(run(app([@storeutl, "-noout", "-passin", + "pass:password", to_abs_file_uri($_)]))); + ok(!run(app([@storeutl, "-noout", "-passin", + "pass:password", to_file_uri($_)]))); + } } - } - foreach (@noexist_file_files) { - SKIP: - { - skip "file: tests disabled on MingW", 1 if $mingw; + foreach (values %generated_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(!run(app(["openssl", "storeutl", "-noout", $_]))); + ok(run(app([@storeutl, "-noout", $_]))); + } } - } - { - my $dir = srctop_dir("test", "certs"); + foreach (@noexist_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(run(app(["openssl", "storeutl", "-noout", $dir]))); - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file($dir, 1)]))); - SKIP: + ok(!run(app([@storeutl, "-noout", $_]))); + } + } { - skip "file: tests disabled on MingW", 1 if $mingw; + my $dir = srctop_dir("test", "certs"); + + ok(run(app([@storeutl, "-noout", $dir]))); + ok(run(app([@storeutl, "-noout", to_abs_file($dir, 1)]))); + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(run(app(["openssl", "storeutl", "-noout", - to_abs_file_uri($dir, 1)]))); + ok(run(app([@storeutl, "-noout", + to_abs_file_uri($dir, 1)]))); + } } - } - ok(!run(app(['openssl', 'storeutl', '-noout', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - srctop_file('test', 'testx509.pem')])), - "Checking that -subject can't be used with a single file"); - - ok(run(app(['openssl', 'storeutl', '-certs', '-noout', - srctop_file('test', 'testx509.pem')])), - "Checking that -certs returns 1 object on a certificate file"); - ok(run(app(['openssl', 'storeutl', '-certs', '-noout', - srctop_file('test', 'testcrl.pem')])), - "Checking that -certs returns 0 objects on a CRL file"); - - ok(run(app(['openssl', 'storeutl', '-crls', '-noout', - srctop_file('test', 'testx509.pem')])), - "Checking that -crls returns 0 objects on a certificate file"); - ok(run(app(['openssl', 'storeutl', '-crls', '-noout', - srctop_file('test', 'testcrl.pem')])), - "Checking that -crls returns 1 object on a CRL file"); - - SKIP: { - skip "failed rehash initialisation", 6 unless $rehash; - - # subject from testx509.pem: - # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' - # issuer from testcrl.pem: - # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' - ok(run(app(['openssl', 'storeutl', '-noout', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-certs', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-crls', - '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-certs', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); - ok(run(app(['openssl', 'storeutl', '-noout', '-crls', - '-subject', - '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', - catdir(curdir(), 'rehash')]))); + ok(!run(app([@storeutl, '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + srctop_file('test', 'testx509.pem')])), + "Checking that -subject can't be used with a single file"); + + ok(run(app([@storeutl, '-certs', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -certs returns 1 object on a certificate file"); + ok(run(app([@storeutl, '-certs', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -certs returns 0 objects on a CRL file"); + + ok(run(app([@storeutl, '-crls', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -crls returns 0 objects on a certificate file"); + ok(run(app([@storeutl, '-crls', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -crls returns 1 object on a CRL file"); + + SKIP: { + skip "failed rehash initialisation", 6 unless $rehash; + + # subject from testx509.pem: + # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' + # issuer from testcrl.pem: + # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' + ok(run(app([@storeutl, '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-certs', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-crls', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-certs', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app([@storeutl, '-noout', '-crls', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + } } } }, create => 1, cleanup => 1; @@ -236,39 +252,47 @@ indir "store_$$" => sub { sub init { my $cnf = srctop_file('test', 'ca-and-certs.cnf'); my $cakey = srctop_file('test', 'certs', 'ca-key.pem'); + my @std_args = qw(-provider default -provider legacy); return ( # rsa-key-pkcs1.pem - run(app(["openssl", "pkey", + run(app(["openssl", "pkey", @std_args, "-in", data_file("rsa-key-2432.pem"), "-out", "rsa-key-pkcs1.pem"])) # rsa-key-pkcs1-aes128.pem - && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128", + && run(app(["openssl", "rsa", @std_args, + "-passout", "pass:password", "-aes128", "-in", "rsa-key-pkcs1.pem", "-out", "rsa-key-pkcs1-aes128.pem"])) # dsa-key-pkcs1.pem - && (!$use_dsa || run(app(["openssl", "gendsa", - "-out", "dsa-key-pkcs1.pem", - data_file("dsaparam.pem")]))) + && (!$use_dsa + || run(app(["openssl", "gendsa", @std_args, + "-out", "dsa-key-pkcs1.pem", + data_file("dsaparam.pem")]))) # dsa-key-pkcs1-aes128.pem - && (!$use_dsa || run(app(["openssl", "dsa", - "-passout", "pass:password", "-aes128", - "-in", "dsa-key-pkcs1.pem", - "-out", "dsa-key-pkcs1-aes128.pem"]))) + && (!$use_dsa + || run(app(["openssl", "dsa", @std_args, + "-passout", "pass:password", "-aes128", + "-in", "dsa-key-pkcs1.pem", + "-out", "dsa-key-pkcs1-aes128.pem"]))) # ec-key-pkcs1.pem (one might think that 'genec' would be practical) - && (!$use_ecc || run(app(["openssl", "ecparam", "-genkey", - "-name", "prime256v1", - "-out", "ec-key-pkcs1.pem"]))) + && (!$use_ecc + || run(app(["openssl", "ecparam", @std_args, + "-genkey", + "-name", "prime256v1", + "-out", "ec-key-pkcs1.pem"]))) # ec-key-pkcs1-aes128.pem - && (!$use_ecc || run(app(["openssl", "ec", - "-passout", "pass:password", "-aes128", - "-in", "ec-key-pkcs1.pem", - "-out", "ec-key-pkcs1-aes128.pem"]))) + && (!$use_ecc + || run(app(["openssl", "ec", @std_args, + "-passout", "pass:password", "-aes128", + "-in", "ec-key-pkcs1.pem", + "-out", "ec-key-pkcs1-aes128.pem"]))) # *-key-pkcs8.pem && runall(sub { my $dstfile = shift; (my $srcfile = $dstfile) =~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i; - run(app(["openssl", "pkcs8", "-topk8", "-nocrypt", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-nocrypt", "-in", $srcfile, "-out", $dstfile])); }, grep(/-key-pkcs8\.pem$/, @generated_files)) # *-key-pkcs8-pbes1-sha1-3des.pem @@ -277,7 +301,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes1-sha1-3des\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", "-in", $srcfile, "-out", $dstfile])); @@ -288,7 +313,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes1-md5-des\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", "-in", $srcfile, "-out", $dstfile])); @@ -299,7 +325,8 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes2-sha1\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v2", "aes256", "-v2prf", "hmacWithSHA1", "-in", $srcfile, "-out", $dstfile])); @@ -310,13 +337,14 @@ sub init { (my $srcfile = $dstfile) =~ s/-key-pkcs8-pbes2-sha256\.pem$ /-key-pkcs8.pem/ix; - run(app(["openssl", "pkcs8", "-topk8", + run(app(["openssl", "pkcs8", @std_args, + "-topk8", "-passout", "pass:password", "-v2", "aes256", "-v2prf", "hmacWithSHA256", "-in", $srcfile, "-out", $dstfile])); }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) # *-cert.pem (intermediary for the .p12 inits) - && run(app(["openssl", "req", "-x509", + && run(app(["openssl", "req", "-x509", @std_args, "-config", $cnf, "-noenc", "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { @@ -324,11 +352,12 @@ sub init { (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|; (my $csr = $dstfile) =~ s|\.pem|.csr|; - (run(app(["openssl", "req", "-new", + (run(app(["openssl", "req", "-new", @std_args, "-config", $cnf, "-section", "userreq", "-key", $srckey, "-out", $csr])) && - run(app(["openssl", "x509", "-days", "3650", + run(app(["openssl", "x509", @std_args, + "-days", "3650", "-CA", "cacert.pem", "-CAkey", $cakey, "-set_serial", time(), "-req", @@ -380,9 +409,7 @@ sub init { print STDERR "(destination file was $dstfile)\n"; return 0; } - run(app(["openssl", "pkcs12", - "-provider", "default", - "-provider", "legacy", + run(app(["openssl", "pkcs12", @std_args, "-inkey", $srckey, "-in", $srccert, "-passout", "pass:password", "-chain", "-CAfile", "cacert.pem", |