TEST: Prefer using precomputed RSA and DH keys for more efficient tests

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13715)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-12-12 22:04:05 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-05-27 11:06:01 +0200
commit: 91f2b15f2ecd9dd92b6ed2563b10c1a126db2643 (patch)
tree: c51d88b816f7995a4a8d82663422fa8a2df49890 /test
parent: 8b893c35da65c7b9a126c779caf42500e1297e7d (diff)
download: openssl-new-91f2b15f2ecd9dd92b6ed2563b10c1a126db2643.tar.gz
15 files changed, 104 insertions, 47 deletions
diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf
index e7ca8c5a1e..e232e7023e 100644
--- a/test/CAtsa.cnf
+++ b/test/CAtsa.cnf
@@ -48,7 +48,6 @@ emailAddress		= optional
 
 #----------------------------------------------------------------------
 [ req ]
-default_bits		= 2048
 default_md		= sha1
 distinguished_name	= $ENV::TSDNSECT
 encrypt_rsa_key		= no
diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf
index 598db2b6a0..f6663924ae 100644
--- a/test/ca-and-certs.cnf
+++ b/test/ca-and-certs.cnf
@@ -3,8 +3,6 @@ CN2 = Brother 2
 
 ####################################################################
 [ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
 default_md		= sha1
@@ -19,8 +17,6 @@ commonName_value		= Dodgy CA
 
 ####################################################################
 [ userreq ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= user_dn
 encrypt_rsa_key		= no
 default_md		= sha256
diff --git a/test/certs/dhk2048.pem b/test/certs/dhk2048.pem
new file mode 100644
index 0000000000..1e1cef4b8c
--- /dev/null
+++ b/test/certs/dhk2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN PRIVATE KEY-----
+MIICKgIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////yQ/aoiFowjTE
+xmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP
+4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJ
+KGZR7ORbPcIAfLihY78FmNpINhxV05ppFj+o/STPX4NlXSPco62WHGLzViCFUrue
+1SkHcJaWbWcMNU5KvJgE8XRsCMoYIXwykF5GLjbOO+OedywYDoYDmyeDouwHoo+1
+xV3wb0xSyd4ry/aVWBcYOZVJfOqVauUV0iYYmPoFEBVyjlqKrKpo//////////8C
+AQICAgf/BIIBBAKCAQBPXxEkDA2EWknARF2EzUo6gc1eFNdKMVwa7aT3e2ClTIkN
+B4Y6XsJCS5C4q0vKhHtdH5LswCxUPfTQQAOlKPzcdMcGuOvx8gl90kvaOuxnD0wQ
+rpRmC64FbN+h503UJuGuNTFO2AvgLVb6EA637soAcWR6qLtRJ3wDpr1OW/ertIUj
+jhzD1i255j+z6UVQBNLy882AUSHfjr1UzWTYfcyn1zpQbZtbIh+0O5cloIl6Ek4N
+c3NtCgwAmTROrsKqHGmaW+pw4sOAAtNJByPT0y725s7tq4mAJKJgCc2J8Lbwbx9Z
+s+tEoCidGYuBRNouVH6I6POwjIhdpU0kIscdv+w8
+-----END PRIVATE KEY-----
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 9d0ebeb7e7..f851f73ffd 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -88,6 +88,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
 }
 #endif
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
                           OSSL_PARAM *genparams)
 {
@@ -109,6 +110,7 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
     EVP_PKEY_CTX_free(ctx);
     return pkey;
 }
+#endif
 
 /* Main test driver */
 
@@ -1182,6 +1184,9 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
 # endif /* OPENSSL_NO_EC2M */
 #endif /* OPENSSL_NO_EC */
 
+#define USAGE "rsa-key.pem rsa-pss-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
 # ifndef OPENSSL_NO_RC4
@@ -1207,12 +1212,14 @@ int setup_tests(void)
     };
 #endif
 
-    /* 7 is the default magic number */
-    static unsigned int rsapss_min_saltlen = 7;
-    OSSL_PARAM RSA_PSS_params[] = {
-        OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
-        OSSL_PARAM_END
-    };
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+    if (test_get_argument_count() != 2) {
+        TEST_error("usage: endecode_test %s", USAGE);
+        return 0;
+    }
 
 #ifndef OPENSSL_NO_EC
     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
@@ -1237,15 +1244,16 @@ int setup_tests(void)
     TEST_info("Generating keys...");
 
 #ifndef OPENSSL_NO_DH
+    TEST_info("Generating DH keys...");
     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
-    TEST_info("Generating keys...DH done");
 #endif
 #ifndef OPENSSL_NO_DSA
+    TEST_info("Generating DSA keys...");
     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
-    TEST_info("Generating keys...DSA done");
 #endif
 #ifndef OPENSSL_NO_EC
+    TEST_info("Generating EC keys...");
     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
@@ -1257,12 +1265,12 @@ int setup_tests(void)
     MAKE_KEYS(ED448, "ED448", NULL);
     MAKE_KEYS(X25519, "X25519", NULL);
     MAKE_KEYS(X448, "X448", NULL);
-    TEST_info("Generating keys...EC done");
 #endif
-    MAKE_KEYS(RSA, "RSA", NULL);
-    TEST_info("Generating keys...RSA done");
-    MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
-    TEST_info("Generating keys...RSA_PSS done");
+    TEST_info("Loading RSA key...");
+    ok = ok && TEST_ptr(key_RSA = load_pkey_pem(test_get_argument(0), NULL));
+    TEST_info("Loading RSA_PSS key...");
+    ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(test_get_argument(1), NULL));
+    TEST_info("Generating keys done");
 
     if (ok) {
 #ifndef OPENSSL_NO_DH
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 9e54f1f03b..b3bd4f5872 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -674,19 +674,48 @@ static int test_key(int idx)
     return ok;
 }
 
+#define USAGE "rsa-key.pem dh-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
     size_t i;
 
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+    if (test_get_argument_count() != 2) {
+        TEST_error("usage: endecoder_legacy_test %s", USAGE);
+        return 0;
+    }
+
     TEST_info("Generating keys...");
 
     for (i = 0; i < OSSL_NELEM(keys); i++) {
+#ifndef OPENSSL_NO_DH
+        if (strcmp(keys[i].keytype, "DH") == 0) {
+            if (!TEST_ptr(keys[i].key =
+                          load_pkey_pem(test_get_argument(1), NULL)))
+                return  0;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+        if (strcmp(keys[i].keytype, "RSA") == 0) {
+            if (!TEST_ptr(keys[i].key =
+                          load_pkey_pem(test_get_argument(0), NULL)))
+                return  0;
+            continue;
+        }
+#endif
+        TEST_info("Generating %s key...", keys[i].keytype);
         if (!TEST_ptr(keys[i].key =
                       make_key(keys[i].keytype, keys[i].template_params)))
             return 0;
     }
 
-    TEST_info("Generating key... done");
+    TEST_info("Generating keys done");
 
     ADD_ALL_TESTS(test_key, OSSL_NELEM(test_stanzas));
     return 1;
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index 1fcfdadeef..5e8f436cca 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -530,15 +530,16 @@ static int kem_rsa_gen_recover(void)
     unsigned char ct[256] = { 0, };
     unsigned char unwrap[256] = { 0, };
     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
+    int bits = 2048;
 
-    ret = TEST_true(rsa_keygen(2048, &pub, &priv))
+    ret = TEST_true(rsa_keygen(bits, &pub, &priv))
           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
                                               &secretlen), 1)
           && TEST_int_eq(ctlen, secretlen)
-          && TEST_int_eq(ctlen, 2048 / 8)
+          && TEST_int_eq(ctlen, bits / 8)
           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
                                               &secretlen), 1)
           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
diff --git a/test/proxy.cnf b/test/proxy.cnf
index e6b60542bb..ceac227c04 100644
--- a/test/proxy.cnf
+++ b/test/proxy.cnf
@@ -2,8 +2,6 @@
 ## Config file for proxy certificate testing.
 
 [ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name_p1
 encrypt_rsa_key		= no
 default_md		= sha256
@@ -29,8 +27,6 @@ proxyCertInfo	= critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
 ####################################################################
 
 [ proxy2_req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name_p2
 encrypt_rsa_key		= no
 default_md		= sha256
diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t
index 2041eb1fb9..0152519716 100644
--- a/test/recipes/04-test_encoder_decoder.t
+++ b/test/recipes/04-test_encoder_decoder.t
@@ -20,4 +20,7 @@ plan tests => 1;
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
 
-ok(run(test(["endecode_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem");
+
+ok(run(test(["endecode_test", $rsa_key, $pss_key])));
diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t
index d6671b2215..f278e17e48 100644
--- a/test/recipes/04-test_encoder_decoder_legacy.t
+++ b/test/recipes/04-test_encoder_decoder_legacy.t
@@ -20,8 +20,10 @@ plan skip_all => "Not available in a no-deprecated build"
     if disabled("deprecated");
 plan tests => 1;
 
-
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));
 
-ok(run(test(["endecoder_legacy_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $dh_key = srctop_file("test", "certs", "dhk2048.pem");
+
+ok(run(test(["endecoder_legacy_test", $rsa_key, $dh_key])));
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 0fcb56a46a..9783fe3960 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -33,6 +33,7 @@ if (disabled("rsa")) {
 
 # Check for duplicate -addext parameters, and one "working" case.
 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+                    "-key",  srctop_file("test", "certs", "ee-key.pem"),
     "-config", srctop_file("test", "test.cnf"), @req_new );
 my $val = "subjectAltName=DNS:example.com";
 my $val2 = " " . $val;
@@ -288,6 +289,7 @@ subtest "generating certificate requests" => sub {
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                "-key", srctop_file("test", "certs", "ee-key.pem"),
                 @req_new, "-out", "testreq.pem"])),
        "Generating request");
 
diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t
index 920b608a37..a2268c59e4 100644
--- a/test/recipes/25-test_verify_store.t
+++ b/test/recipes/25-test_verify_store.t
@@ -17,6 +17,8 @@ setup("test_verify_store");
 plan tests => 10;
 
 my $dummycnf = srctop_file("apps", "openssl.cnf");
+my $cakey = srctop_file("test", "certs", "ca-key.pem");
+my $ukey = srctop_file("test", "certs", "ee-key.pem");
 
 my $cnf = srctop_file("test", "ca-and-certs.cnf");
 my $CAkey = "keyCA.ss";
@@ -33,6 +35,7 @@ SKIP: {
          qw(-new -section userreq),
          -config       => $cnf,
          -out          => $CAreq,
+         -key          => $cakey,
          -keyout       => $CAkey );
 
     skip 'failure', 8 unless
@@ -73,6 +76,7 @@ SKIP: {
              qw(-new -section userreq),
              -config  => $cnf,
              -out     => $Ureq,
+             -key     => $ukey,
              -keyout  => $Ukey );
 
     skip 'failure', 2 unless
diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 4b145264ad..59a09ee917 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -29,15 +29,18 @@ rmtree("demoCA", { safe => 0 });
 
 plan tests => 15;
  SKIP: {
+     my $cakey = srctop_file("test", "certs", "ca-key.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
      skip "failed creating CA structure", 4
-	 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
+	 if !ok(run(perlapp(["CA.pl","-newca",
+                             "-extra-req", "-key $cakey"], stdin => undef)),
 		'creating CA structure');
 
+     my $eekey = srctop_file("test", "certs", "ee-key.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
      skip "failed creating new certificate request", 3
 	 if !ok(run(perlapp(["CA.pl","-newreq",
-                             '-extra-req', '-outform DER -section userreq'])),
+                             '-extra-req', "-outform DER -section userreq -key $eekey"])),
 		'creating certificate request');
      $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf;
      skip "failed to sign certificate request", 2
@@ -50,8 +53,9 @@ plan tests => 15;
      skip "CT not configured, can't use -precert", 1
          if disabled("ct");
 
+     my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
-     ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)),
+     ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
         'creating new pre-certificate');
 }
 
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index d01b2b72a8..59f364d7f7 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -46,12 +46,12 @@ my @genpkeycmd = ("openssl", "genpkey");
 my $dummycnf = srctop_file("apps", "openssl.cnf");
 
 my $cnf = srctop_file("test", "ca-and-certs.cnf");
-my $CAkey = "keyCA.ss";
+my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss"
 my $CAcert="certCA.ss";
 my $CAserial="certCA.srl";
 my $CAreq="reqCA.ss";
 my $CAreq2="req2CA.ss";	# temp
-my $Ukey="keyU.ss";
+my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss";
 my $Ureq="reqU.ss";
 my $Ucert="certU.ss";
 my $Dkey="keyD.ss";
@@ -62,11 +62,11 @@ my $Ereq="reqE.ss";
 my $Ecert="certE.ss";
 
 my $proxycnf=srctop_file("test", "proxy.cnf");
-my $P1key="keyP1.ss";
+my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss";
 my $P1req="reqP1.ss";
 my $P1cert="certP1.ss";
 my $P1intermediate="tmp_intP1.ss";
-my $P2key="keyP2.ss";
+my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss";
 my $P2req="reqP2.ss";
 my $P2cert="certP2.ss";
 my $P2intermediate="tmp_intP2.ss";
@@ -125,7 +125,7 @@ sub testss {
   SKIP: {
       skip 'failure', 16 unless
 	  ok(run(app([@reqcmd, "-config", $cnf,
-		      "-out", $CAreq, "-keyout", $CAkey,
+		      "-out", $CAreq, "-key", $CAkey,
 		      @req_new])),
 	     'make cert request');
 
@@ -159,7 +159,7 @@ sub testss {
 
       skip 'failure', 10 unless
 	  ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq",
-		      "-out", $Ureq, "-keyout", $Ukey, @req_new],
+		      "-out", $Ureq, "-key", $Ukey, @req_new],
 		     stdout => "err.ss")),
 	     'make a user cert request');
 
@@ -271,7 +271,7 @@ sub testss {
 
       skip 'failure', 5 unless
 	  ok(run(app([@reqcmd, "-config", $proxycnf,
-		      "-out", $P1req, "-keyout", $P1key, @req_new],
+		      "-out", $P1req, "-key", $P1key, @req_new],
 		     stdout => "err.ss")),
 	     'make a proxy cert request');
 
@@ -294,7 +294,7 @@ sub testss {
 
       skip 'failure', 2 unless
 	  ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req",
-		      "-out", $P2req, "-keyout", $P2key,
+		      "-out", $P2req, "-key", $P2key,
 		      @req_new],
 		     stdout => "err.ss")),
 	     'make another proxy cert request');
@@ -427,11 +427,11 @@ sub testssl {
         my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
 
         if (!$no_dsa) {
-            push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
+            push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
         }
 
         if (!$no_ec) {
-            push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
+            push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey;
         }
 
         my @protocols = ();
diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t
index 6fa005aebc..a76d4a9d05 100644
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@@ -25,6 +25,7 @@ plan skip_all => "TS is not supported by this OpenSSL build"
 # here, however, to be available in all subroutines.
 my $openssl_conf;
 my $testtsa;
+my $tsacakey;
 my $CAtsa;
 my @QUERY = ("openssl", "ts", "-query");
 my @REPLY;
@@ -38,12 +39,13 @@ sub create_tsa_cert {
 
     ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
                 "-out", "tsa_req${INDEX}.pem",
+                "-key", srctop_file("test", "certs", "alt${INDEX}-key.pem"),
                 "-keyout", "tsa_key${INDEX}.pem"])));
     note "using extension $EXT";
     ok(run(app(["openssl", "x509", "-req",
                 "-in", "tsa_req${INDEX}.pem",
                 "-out", "tsa_cert${INDEX}.pem",
-                "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
+                "-CA", "tsaca.pem", "-CAkey", $tsacakey,
                 "-CAcreateserial",
                 "-extfile", $openssl_conf, "-extensions", $EXT])));
 }
@@ -90,6 +92,7 @@ indir "tsa" => sub
 {
     $openssl_conf = srctop_file("test", "CAtsa.cnf");
     $testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
+    $tsacakey = srctop_file("test", "certs", "ca-key.pem");
     $CAtsa = srctop_file("test", "CAtsa.cnf");
     @REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply");
 
@@ -102,7 +105,7 @@ indir "tsa" => sub
      skip "failed", 19
          unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
                             "-new", "-x509", "-noenc",
-                            "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+                            "-out", "tsaca.pem", "-key", $tsacakey])),
                    'creating a new CA for the TSA tests');
 
      skip "failed", 18
diff --git a/test/test.cnf b/test/test.cnf
index a686c3d8bd..8b2f92ad8e 100644
--- a/test/test.cnf
+++ b/test/test.cnf
@@ -49,15 +49,11 @@ emailAddress		= optional
 
 ####################################################################
 [ req ]
-default_bits		= 2048
-default_keyfile 	= testkey.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
 
 # Make altreq be identical to req
 [ altreq ]
-default_bits		= 2048
-default_keyfile 	= testkey.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-12-12 22:04:05 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-05-27 11:06:01 +0200
commit	91f2b15f2ecd9dd92b6ed2563b10c1a126db2643 (patch)
tree	c51d88b816f7995a4a8d82663422fa8a2df49890 /test
parent	8b893c35da65c7b9a126c779caf42500e1297e7d (diff)
download	openssl-new-91f2b15f2ecd9dd92b6ed2563b10c1a126db2643.tar.gz