fixup! APPS/pkeyutl: remove wrong check for -verifyrecover regarding …

…too long sign/verify input
siemens · Nov 8, 2024 · 9338c47 · 9338c47
1 parent fb1796d
commit 9338c47
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
@@ -17,7 +17,7 @@ use File::Compare qw/compare_text compare/;
 
 setup("test_pkeyutl");
 
-plan tests => 24;
+plan tests => 25;
 
 # For the tests below we use the cert itself as the TBS file
 
@@ -95,6 +95,7 @@ SKIP: {
                   "Verify an Ed448 signature against a piece of data, no -rawin");
 }
 
+my $sigfile;
 sub tsignverify {
     my $testtext = shift;
     my $privkey = shift;
@@ -103,7 +104,7 @@ sub tsignverify {
 
     my $data_to_sign = srctop_file('test', 'data.bin');
     my $other_data = srctop_file('test', 'data2.bin');
-    my $sigfile = basename($privkey, '.pem') . '.sig';
+    $sigfile = basename($privkey, '.pem') . '.sig';
 
     my @args = ();
     plan tests => 5;
@@ -152,7 +153,7 @@ sub tsignverify {
 }
 
 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 1
+    skip "RSA is not supported by this OpenSSL build", 3
         if disabled("rsa");
 
     subtest "RSA CLI signature generation and verification" => sub {
@@ -162,13 +163,18 @@ SKIP: {
                     "-rawin", "-digest", "sha256");
     };
 
+    ok(run(app((['openssl', 'pkeyutl', '-verifyrecover', '-in', $sigfile,
+                 '-pubin', '-inkey', srctop_file('test', 'testrsapub.pem')]))),
+       "RSA: Verify signature with -verifyrecover");
+
     subtest "RSA CLI signature and verification with pkeyopt" => sub {
         tsignverify("RSA",
                     srctop_file("test","testrsa.pem"),
                     srctop_file("test","testrsapub.pem"),
                     "-rawin", "-digest", "sha256",
                     "-pkeyopt", "rsa_padding_mode:pss");
     };
+
 }
 
 SKIP: {
@@ -231,7 +237,7 @@ SKIP: {
 # openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin
 # decap_out is equal to secret
 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 3
+    skip "RSA is not supported by this OpenSSL build", 5
         if disabled("rsa");
 
     # Self-compat