Skip to content

Commit 7e67274

Browse files
douzzerdouzzer
committed
scripts/pem.test: add more missing feature sensing and conditions.
1 parent eff2fcd commit 7e67274

1 file changed

Lines changed: 182 additions & 86 deletions

File tree

scripts/pem.test

Lines changed: 182 additions & 86 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,13 @@ CR=$'\n'
1919
ENC_STRING="encrypt"
2020
DER_TO_PEM_STRING="input is DER and output is PEM"
2121

22+
# Check for pem example usability - can't test without it.
2223
if ! "$PEM_EXE" --help >/dev/null 2>&1; then
2324
echo "$PEM_EXE not found -- skipping pem.test."
2425
exit 77
2526
fi
2627

28+
# Check for asn1 example usability - can't test without it.
2729
if ! "$ASN1_EXE" --help >/dev/null 2>&1; then
2830
echo "$ASN1_EXE not found -- skipping pem.test."
2931
exit 77
@@ -61,6 +63,26 @@ if ! grep -q -E '^#define NO_DH$' wolfssl/options.h; then
6163
HAVE_DH=1
6264
fi
6365

66+
if ! grep -q -E '^#define NO_DSA$' wolfssl/options.h; then
67+
HAVE_DSA=1
68+
fi
69+
70+
if grep -q -E '^#define HAVE_ECC$' wolfssl/options.h; then
71+
HAVE_ECC=1
72+
fi
73+
74+
if grep -q -E '^#define HAVE_ED25519$' wolfssl/options.h; then
75+
HAVE_ED25519=1
76+
fi
77+
78+
if grep -q -E '^#define HAVE_ED448$' wolfssl/options.h; then
79+
HAVE_ED448=1
80+
fi
81+
82+
if grep -q -E '^#define WOLFSSL_CERT_REQ$' wolfssl/options.h; then
83+
WOLFSSL_CERT_REQ=1
84+
fi
85+
6486
if grep -q -E '^#define WOLFSSL_KEY_GEN$' wolfssl/options.h; then
6587
WOLFSSL_KEY_GEN=1
6688
fi
@@ -258,6 +280,7 @@ convert_to_pem() {
258280
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
259281
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
260282
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
283+
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
261284
return 0
262285
fi
263286
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
@@ -292,6 +315,7 @@ pem_der_exp() {
292315
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
293316
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
294317
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
318+
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
295319
return 0
296320
fi
297321
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
@@ -327,6 +351,7 @@ der_pem_enc() {
327351
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
328352
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
329353
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
354+
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
330355
return 0
331356
fi
332357
PEM_TYPE="ENCRYPTED PRIVATE KEY"
@@ -337,17 +362,6 @@ der_pem_enc() {
337362

338363
################################################################################
339364

340-
# Check for pem example - can't test without it.
341-
if [ ! -x $PEM_EXE ]; then
342-
echo "PEM example not available, won't run"
343-
exit 77
344-
fi
345-
# Check for asn1 example - don't want to test without it.
346-
if [ ! -x $ASN1_EXE ]; then
347-
echo "ASN.1 example not available, won't run"
348-
exit 77
349-
fi
350-
351365
# Check the available features compiled into pem example.
352366
echo "wolfSSL features:"
353367
check_usage_string $DER_TO_PEM_STRING
@@ -378,78 +392,120 @@ convert_to_der -in ./certs/server-cert.pem
378392
test_setup "Convert PEM certificate (second of many) to DER"
379393
convert_to_der -in ./certs/server-cert.pem --offset 6000
380394

381-
test_setup "RSA private key"
382-
pem_der_exp ./certs/server-key.pem \
383-
./certs/server-key.der "RSA PRIVATE KEY"
395+
if [ "$HAVE_RSA" = 1 ]; then
396+
test_setup "RSA private key"
397+
pem_der_exp ./certs/server-key.pem \
398+
./certs/server-key.der "RSA PRIVATE KEY"
399+
else
400+
echo ' Skipping RSA test'
401+
TEST_CNT=$((TEST_CNT+1))
402+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
403+
fi
384404

385405
# failing 20260417:
386406
#
387407
# test_setup "RSA public key"
388408
# pem_der_exp ./certs/server-keyPub.pem \
389409
# ./certs/server-keyPub.der "RSA PUBLIC KEY"
390410

391-
test_setup "DH parameters"
392-
pem_der_exp ./certs/dh3072.pem \
393-
./certs/dh3072.der "DH PARAMETERS"
394-
395-
test_setup "X9.42 parameters"
396-
pem_der_exp ./certs/x942dh2048.pem \
397-
./certs/x942dh2048.der "X9.42 DH PARAMETERS"
398-
399-
USAGE_STRING=" DSA PARAMETERS"
400-
test_setup "DSA parameters"
401-
pem_der_exp ./certs/dsaparams.pem \
402-
./certs/dsaparams.der "DSA PARAMETERS"
403-
404-
USAGE_STRING=" DSA PRIVATE KEY"
405-
test_setup "DSA private key"
406-
pem_der_exp ./certs/1024/dsa1024.pem \
407-
./certs/1024/dsa1024.der "DSA PRIVATE KEY"
408-
409-
USAGE_STRING=" EC PRIVATE KEY"
410-
test_setup "ECC private key"
411-
pem_der_exp ./certs/ecc-keyPkcs8.pem \
412-
./certs/ecc-keyPkcs8.der "PRIVATE KEY"
413-
414-
USAGE_STRING=" EC PRIVATE KEY"
415-
test_setup "EC PRIVATE KEY"
416-
pem_der_exp ./certs/ecc-privkey.pem \
417-
./certs/ecc-privkey.der "EC PRIVATE KEY"
418-
419-
USAGE_STRING=" EC PARAMETERS"
420-
test_setup "ECC parameters"
421-
pem_der_exp ./certs/ecc-params.pem \
422-
./certs/ecc-params.der "EC PARAMETERS"
423-
424-
test_setup "ECC public key"
425-
pem_der_exp ./certs/ecc-keyPub.pem \
426-
./certs/ecc-keyPub.der "PUBLIC KEY"
427-
428-
test_setup "Ed25519 public key"
429-
pem_der_exp ./certs/ed25519/client-ed25519-key.pem \
430-
./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY'
431-
432-
test_setup "Ed25519 private key"
433-
pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \
434-
./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY'
435-
436-
USAGE_STRING=" EDDSA PRIVATE KEY"
437-
test_setup "EdDSA private key"
438-
pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \
439-
./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY'
440-
441-
test_setup "Ed448 public key"
442-
pem_der_exp ./certs/ed448/client-ed448-key.pem \
443-
./certs/ed448/client-ed448-key.der 'PUBLIC KEY'
444-
445-
test_setup "Ed448 private key"
446-
pem_der_exp ./certs/ed448/client-ed448-priv.pem \
447-
./certs/ed448/client-ed448-priv.der 'PRIVATE KEY'
448-
449-
USAGE_STRING=" CERTIFICATE REQUEST"
450-
test_setup "Certificate Request"
451-
pem_der_exp ./certs/csr.dsa.pem \
452-
./certs/csr.dsa.der 'CERTIFICATE REQUEST'
411+
if [ "$HAVE_DH" = 1 ]; then
412+
test_setup "DH parameters"
413+
pem_der_exp ./certs/dh3072.pem \
414+
./certs/dh3072.der "DH PARAMETERS"
415+
416+
test_setup "X9.42 parameters"
417+
pem_der_exp ./certs/x942dh2048.pem \
418+
./certs/x942dh2048.der "X9.42 DH PARAMETERS"
419+
else
420+
echo ' Skipping DH tests'
421+
TEST_CNT=$((TEST_CNT+2))
422+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
423+
fi
424+
425+
if [ "$HAVE_DSA" = 1 ]; then
426+
USAGE_STRING=" DSA PARAMETERS"
427+
test_setup "DSA parameters"
428+
pem_der_exp ./certs/dsaparams.pem \
429+
./certs/dsaparams.der "DSA PARAMETERS"
430+
431+
USAGE_STRING=" DSA PRIVATE KEY"
432+
test_setup "DSA private key"
433+
pem_der_exp ./certs/1024/dsa1024.pem \
434+
./certs/1024/dsa1024.der "DSA PRIVATE KEY"
435+
else
436+
echo ' Skipping DSA tests'
437+
TEST_CNT=$((TEST_CNT+2))
438+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
439+
fi
440+
441+
if [ "$HAVE_ECC" = 1 ]; then
442+
USAGE_STRING=" EC PRIVATE KEY"
443+
test_setup "ECC private key"
444+
pem_der_exp ./certs/ecc-keyPkcs8.pem \
445+
./certs/ecc-keyPkcs8.der "PRIVATE KEY"
446+
447+
USAGE_STRING=" EC PRIVATE KEY"
448+
test_setup "EC PRIVATE KEY"
449+
pem_der_exp ./certs/ecc-privkey.pem \
450+
./certs/ecc-privkey.der "EC PRIVATE KEY"
451+
452+
USAGE_STRING=" EC PARAMETERS"
453+
test_setup "ECC parameters"
454+
pem_der_exp ./certs/ecc-params.pem \
455+
./certs/ecc-params.der "EC PARAMETERS"
456+
457+
test_setup "ECC public key"
458+
pem_der_exp ./certs/ecc-keyPub.pem \
459+
./certs/ecc-keyPub.der "PUBLIC KEY"
460+
else
461+
echo ' Skipping ECC tests'
462+
TEST_CNT=$((TEST_CNT+4))
463+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+4))
464+
fi
465+
466+
if [ "$HAVE_ED25519" = 1 ]; then
467+
test_setup "Ed25519 public key"
468+
pem_der_exp ./certs/ed25519/client-ed25519-key.pem \
469+
./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY'
470+
471+
test_setup "Ed25519 private key"
472+
pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \
473+
./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY'
474+
475+
USAGE_STRING=" EDDSA PRIVATE KEY"
476+
test_setup "EdDSA private key"
477+
pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \
478+
./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY'
479+
else
480+
echo ' Skipping ED25519 tests'
481+
TEST_CNT=$((TEST_CNT+3))
482+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+3))
483+
fi
484+
485+
if [ "$HAVE_ED448" = 1 ]; then
486+
test_setup "Ed448 public key"
487+
pem_der_exp ./certs/ed448/client-ed448-key.pem \
488+
./certs/ed448/client-ed448-key.der 'PUBLIC KEY'
489+
490+
test_setup "Ed448 private key"
491+
pem_der_exp ./certs/ed448/client-ed448-priv.pem \
492+
./certs/ed448/client-ed448-priv.der 'PRIVATE KEY'
493+
else
494+
echo ' Skipping ED448 tests'
495+
TEST_CNT=$((TEST_CNT+2))
496+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
497+
fi
498+
499+
if [ "$WOLFSSL_CERT_REQ" = 1 ]; then
500+
USAGE_STRING=" CERTIFICATE REQUEST"
501+
test_setup "Certificate Request"
502+
pem_der_exp ./certs/csr.dsa.pem \
503+
./certs/csr.dsa.der 'CERTIFICATE REQUEST'
504+
else
505+
echo ' Skipping certificate request test'
506+
TEST_CNT=$((TEST_CNT+1))
507+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
508+
fi
453509

454510
# failing 20260417:
455511
#
@@ -458,34 +514,54 @@ pem_der_exp ./certs/csr.dsa.pem \
458514
# pem_der_exp ./certs/crl/caEccCrl.pem \
459515
# ./certs/crl/caEccCrl.der 'X509 CRL'
460516

461-
if [ "$HAVE_FIPS" != 1 ]; then
462-
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
517+
if [ "$HAVE_FIPS" != 1 ] && [ "$HAVE_DES3" = 1 ]; then
518+
if [ "$HAVE_RSA" = 1 ]; then
463519
USAGE_STRING=$ENC_STRING
464520
test_setup "Encrypted Key with header"
465521
convert_to_der -in ./certs/server-keyEnc.pem -p yassl123 --padding
522+
else
523+
echo ' Skipping DES && RSA test'
524+
TEST_CNT=$((TEST_CNT+1))
525+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
466526
fi
467527

468-
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
528+
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
469529
USAGE_STRING=$ENC_STRING
470530
test_setup "Encrypted Key - PKCS#8"
471531
convert_to_der -in ./certs/server-keyPkcs8Enc.pem -p yassl123
472532

473533
USAGE_STRING=$ENC_STRING
474534
test_setup "Encrypted Key - PKCS#8 (PKCS#12 PBE)"
475535
convert_to_der -in ./certs/server-keyPkcs8Enc12.pem -p yassl123
536+
else
537+
echo ' Skipping DES && MD5 && RSA tests'
538+
TEST_CNT=$((TEST_CNT+2))
539+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
476540
fi
477541

478-
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
542+
if [ "$HAVE_MD5" = 1 ]; then
479543
USAGE_STRING="PBES1_MD5_DES"
480544
test_setup "Encrypted Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
481545
convert_to_der -in ./certs/ecc-keyPkcs8Enc.pem -p yassl123
546+
else
547+
echo ' Skipping DES && MD5 test'
548+
TEST_CNT=$((TEST_CNT+1))
549+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
482550
fi
483551

484-
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
552+
if [ "$HAVE_SHA" = 1 ]; then
485553
USAGE_STRING=" DES3"
486554
test_setup "Encrypted Key - PKCS#8 (PKCS#5v2 PBE-SHA1-DES3)"
487555
convert_to_der -in ./certs/server-keyPkcs8Enc2.pem -p yassl123
556+
else
557+
echo ' Skipping DES && SHA-1 test'
558+
TEST_CNT=$((TEST_CNT+1))
559+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
488560
fi
561+
else
562+
echo ' Skipping DES tests'
563+
TEST_CNT=$((TEST_CNT+5))
564+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+5))
489565
fi
490566

491567
# failing 20260417:
@@ -525,15 +601,19 @@ fi
525601
# test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 DES3)"
526602
# der_pem_enc --pbe-alg DES3
527603

528-
if [ "$HAVE_FIPS" = 1 ]; then
529-
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
604+
if [ "$HAVE_FIPS" != 1 ]; then
605+
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ]; then
530606
USAGE_STRING="PBES1_MD5_DES"
531607
PEM_TYPE="ENCRYPTED PRIVATE KEY"
532608
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
533609
der_pem_enc --pbe PBES1_MD5_DES
610+
else
611+
echo ' Skipping DES && MD5 DER-to-PEM test'
612+
TEST_CNT=$((TEST_CNT+1))
613+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
534614
fi
535615

536-
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
616+
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
537617
USAGE_STRING="PBES1_SHA1_DES"
538618
PEM_TYPE="ENCRYPTED PRIVATE KEY"
539619
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-SHA1-DES)"
@@ -543,21 +623,37 @@ if [ "$HAVE_FIPS" = 1 ]; then
543623
PEM_TYPE="ENCRYPTED PRIVATE KEY"
544624
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-DES3)"
545625
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_DES3
626+
else
627+
echo ' Skipping DES && SHA-1 DER-to-PEM tests'
628+
TEST_CNT=$((TEST_CNT+2))
629+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
546630
fi
547631

548-
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC4" = 1 ]; then
632+
if [ "$HAVE_RC4" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
549633
USAGE_STRING=" SHA1_RC4_128"
550634
PEM_TYPE="ENCRYPTED PRIVATE KEY"
551635
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-RC4-128)"
552636
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_RC4_128
637+
else
638+
echo ' Skipping RC4 && SHA-1 DER-to-PEM test'
639+
TEST_CNT=$((TEST_CNT+1))
640+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
553641
fi
554642

555-
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC2" = 1 ]; then
643+
if [ "$HAVE_RC2" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
556644
USAGE_STRING="SHA1_40RC2_CBC"
557645
PEM_TYPE="ENCRYPTED PRIVATE KEY"
558646
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-40RC2-CBC)"
559647
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_40RC2_CBC
648+
else
649+
echo ' Skipping RC2 && SHA-1 DER-to-PEM test'
650+
TEST_CNT=$((TEST_CNT+1))
651+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
560652
fi
653+
else
654+
echo ' Skipping DES/RC4/RC2 DER-to-PEM tests'
655+
TEST_CNT=$((TEST_CNT+5))
656+
TEST_SKIP_CNT=$((TEST_SKIP_CNT+5))
561657
fi
562658

563659
# Note: PKCS#12 with SHA1_DES doesn't work as we encode as PKCS#5 SHA1_DES as

0 commit comments

Comments
 (0)