Skip to content

Commit

Permalink
do not do resume with new test case
Browse files Browse the repository at this point in the history
add wolfssl_no_resume flag to openssl.test

check for version of openssl testing against

check if RSA is supported for test case

guard on test case for TLS versions supported
  • Loading branch information
JacobBarthelmeh committed Dec 28, 2024
1 parent 3aa2881 commit 1ae0f7c
Showing 1 changed file with 60 additions and 20 deletions.
80 changes: 60 additions & 20 deletions scripts/openssl.test
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ anon_wolfssl_pid=$no_pid
wolf_cases_tested=0
wolf_cases_total=0
counter=0
wolfssl_no_resume=""
testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
versionName="Invalid"
if [ "$OPENSSL" = "" ]; then
Expand Down Expand Up @@ -328,6 +329,10 @@ do_wolfssl_client() {
then
wolfssl_resume=
fi
if [ "$wolfssl_no_resume" = "yes" ]
then
wolfssl_resume=
fi
if [ "$version" != "5" -a "$version" != "" ]
then
echo "#"
Expand Down Expand Up @@ -516,6 +521,19 @@ then
if [ "$wolf_rsa" != "" ]; then
echo "wolfSSL supports RSA"
fi
# Check if RSA-PSS certificates supported in wolfSSL
wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1`
case $wolf_rsapss in
*"ca file"*)
echo "wolfSSL does not support RSA-PSS"
wolf_rsapss=""
;;
*)
;;
esac
if [ "$wolf_rsapss" != "" ]; then
echo "wolfSSL supports RSA-PSS"
fi
# Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1`
case $wolf_ecc in
Expand Down Expand Up @@ -1228,27 +1246,49 @@ do
done
IFS="$OIFS" #restore separator

# Test for RSA-PSS certs
echo -e "Doing interop RSA-PSS test"

key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem
cert_file=${CERT_DIR}/rsapss/server-rsapss.pem
ca_file=${CERT_DIR}/client-cert.pem
openssl_suite="RSAPSS"
start_openssl_server

cert="${CERT_DIR}/client-cert.pem"
key="${CERT_DIR}/client-key.pem"
caCert="${CERT_DIR}/rsapss/ca-rsapss.pem"
crl="-C"
wolfSuite="ALL"
version="4"
port=$server_port
do_wolfssl_client

version="3"
do_wolfssl_client
# Skip RSA-PSS interop test when RSA-PSS is not supported
if [ "$wolf_rsapss" != "" ]
then
# Test for RSA-PSS certs interop
# Was running into alert sent by openssl server with version 1.1.1 released
# in Sep 2018. To avoid this issue check that openssl version 3.0.0 or later
# is used.

$OPENSSL version | awk '{print $2}' | \
awk -F. '{if ($1 >= 3) exit 1; else exit 0;}'
RESULT=$?
if [ "$RESULT" = "0" ]; then
echo -e "Old version of openssl detected, skipping interop RSA-PSS test"
else
echo -e "Doing interop RSA-PSS test"

key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem
cert_file=${CERT_DIR}/rsapss/server-rsapss.pem
ca_file=${CERT_DIR}/client-cert.pem
openssl_suite="RSAPSS"
start_openssl_server

cert="${CERT_DIR}/client-cert.pem"
key="${CERT_DIR}/client-key.pem"
caCert="${CERT_DIR}/rsapss/ca-rsapss.pem"
crl="-C"
wolfSuite="ALL"
wolfssl_no_resume="yes"
port=$server_port

if [ "$wolf_tls13" != "" ]
then
version="4"
do_wolfssl_client
fi

if [ "$wolf_tls" != "" ]
then
version="3"
do_wolfssl_client
fi
fi
fi
do_cleanup

echo -e "wolfSSL total cases $wolf_cases_total"
Expand Down

0 comments on commit 1ae0f7c

Please sign in to comment.