scripts/pem.test: add more missing feature sensing and conditions.

This commit is contained in:
Daniel Pouzzner
2026-04-20 15:24:28 -05:00
parent eff2fcd513
commit 7e67274ebe
+169 -73
View File
@@ -19,11 +19,13 @@ CR=$'\n'
ENC_STRING="encrypt"
DER_TO_PEM_STRING="input is DER and output is PEM"
# Check for pem example usability - can't test without it.
if ! "$PEM_EXE" --help >/dev/null 2>&1; then
echo "$PEM_EXE not found -- skipping pem.test."
exit 77
fi
# Check for asn1 example usability - can't test without it.
if ! "$ASN1_EXE" --help >/dev/null 2>&1; then
echo "$ASN1_EXE not found -- skipping pem.test."
exit 77
@@ -61,6 +63,26 @@ if ! grep -q -E '^#define NO_DH$' wolfssl/options.h; then
HAVE_DH=1
fi
if ! grep -q -E '^#define NO_DSA$' wolfssl/options.h; then
HAVE_DSA=1
fi
if grep -q -E '^#define HAVE_ECC$' wolfssl/options.h; then
HAVE_ECC=1
fi
if grep -q -E '^#define HAVE_ED25519$' wolfssl/options.h; then
HAVE_ED25519=1
fi
if grep -q -E '^#define HAVE_ED448$' wolfssl/options.h; then
HAVE_ED448=1
fi
if grep -q -E '^#define WOLFSSL_CERT_REQ$' wolfssl/options.h; then
WOLFSSL_CERT_REQ=1
fi
if grep -q -E '^#define WOLFSSL_KEY_GEN$' wolfssl/options.h; then
WOLFSSL_KEY_GEN=1
fi
@@ -258,6 +280,7 @@ convert_to_pem() {
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
return 0
fi
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
@@ -292,6 +315,7 @@ pem_der_exp() {
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
return 0
fi
if [ "$SKIP" = "" -a "$FAILED" = "" ]; then
@@ -327,6 +351,7 @@ der_pem_enc() {
if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then
echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM'
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
TEST_PASS_CNT=$((TEST_PASS_CNT-1))
return 0
fi
PEM_TYPE="ENCRYPTED PRIVATE KEY"
@@ -337,17 +362,6 @@ der_pem_enc() {
################################################################################
# Check for pem example - can't test without it.
if [ ! -x $PEM_EXE ]; then
echo "PEM example not available, won't run"
exit 77
fi
# Check for asn1 example - don't want to test without it.
if [ ! -x $ASN1_EXE ]; then
echo "ASN.1 example not available, won't run"
exit 77
fi
# Check the available features compiled into pem example.
echo "wolfSSL features:"
check_usage_string $DER_TO_PEM_STRING
@@ -378,9 +392,15 @@ convert_to_der -in ./certs/server-cert.pem
test_setup "Convert PEM certificate (second of many) to DER"
convert_to_der -in ./certs/server-cert.pem --offset 6000
test_setup "RSA private key"
pem_der_exp ./certs/server-key.pem \
./certs/server-key.der "RSA PRIVATE KEY"
if [ "$HAVE_RSA" = 1 ]; then
test_setup "RSA private key"
pem_der_exp ./certs/server-key.pem \
./certs/server-key.der "RSA PRIVATE KEY"
else
echo ' Skipping RSA test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
# failing 20260417:
#
@@ -388,68 +408,104 @@ pem_der_exp ./certs/server-key.pem \
# pem_der_exp ./certs/server-keyPub.pem \
# ./certs/server-keyPub.der "RSA PUBLIC KEY"
test_setup "DH parameters"
pem_der_exp ./certs/dh3072.pem \
./certs/dh3072.der "DH PARAMETERS"
if [ "$HAVE_DH" = 1 ]; then
test_setup "DH parameters"
pem_der_exp ./certs/dh3072.pem \
./certs/dh3072.der "DH PARAMETERS"
test_setup "X9.42 parameters"
pem_der_exp ./certs/x942dh2048.pem \
./certs/x942dh2048.der "X9.42 DH PARAMETERS"
test_setup "X9.42 parameters"
pem_der_exp ./certs/x942dh2048.pem \
./certs/x942dh2048.der "X9.42 DH PARAMETERS"
else
echo ' Skipping DH tests'
TEST_CNT=$((TEST_CNT+2))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
fi
USAGE_STRING=" DSA PARAMETERS"
test_setup "DSA parameters"
pem_der_exp ./certs/dsaparams.pem \
./certs/dsaparams.der "DSA PARAMETERS"
if [ "$HAVE_DSA" = 1 ]; then
USAGE_STRING=" DSA PARAMETERS"
test_setup "DSA parameters"
pem_der_exp ./certs/dsaparams.pem \
./certs/dsaparams.der "DSA PARAMETERS"
USAGE_STRING=" DSA PRIVATE KEY"
test_setup "DSA private key"
pem_der_exp ./certs/1024/dsa1024.pem \
./certs/1024/dsa1024.der "DSA PRIVATE KEY"
USAGE_STRING=" DSA PRIVATE KEY"
test_setup "DSA private key"
pem_der_exp ./certs/1024/dsa1024.pem \
./certs/1024/dsa1024.der "DSA PRIVATE KEY"
else
echo ' Skipping DSA tests'
TEST_CNT=$((TEST_CNT+2))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
fi
USAGE_STRING=" EC PRIVATE KEY"
test_setup "ECC private key"
pem_der_exp ./certs/ecc-keyPkcs8.pem \
./certs/ecc-keyPkcs8.der "PRIVATE KEY"
if [ "$HAVE_ECC" = 1 ]; then
USAGE_STRING=" EC PRIVATE KEY"
test_setup "ECC private key"
pem_der_exp ./certs/ecc-keyPkcs8.pem \
./certs/ecc-keyPkcs8.der "PRIVATE KEY"
USAGE_STRING=" EC PRIVATE KEY"
test_setup "EC PRIVATE KEY"
pem_der_exp ./certs/ecc-privkey.pem \
./certs/ecc-privkey.der "EC PRIVATE KEY"
USAGE_STRING=" EC PRIVATE KEY"
test_setup "EC PRIVATE KEY"
pem_der_exp ./certs/ecc-privkey.pem \
./certs/ecc-privkey.der "EC PRIVATE KEY"
USAGE_STRING=" EC PARAMETERS"
test_setup "ECC parameters"
pem_der_exp ./certs/ecc-params.pem \
./certs/ecc-params.der "EC PARAMETERS"
USAGE_STRING=" EC PARAMETERS"
test_setup "ECC parameters"
pem_der_exp ./certs/ecc-params.pem \
./certs/ecc-params.der "EC PARAMETERS"
test_setup "ECC public key"
pem_der_exp ./certs/ecc-keyPub.pem \
./certs/ecc-keyPub.der "PUBLIC KEY"
test_setup "ECC public key"
pem_der_exp ./certs/ecc-keyPub.pem \
./certs/ecc-keyPub.der "PUBLIC KEY"
else
echo ' Skipping ECC tests'
TEST_CNT=$((TEST_CNT+4))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+4))
fi
test_setup "Ed25519 public key"
pem_der_exp ./certs/ed25519/client-ed25519-key.pem \
./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY'
if [ "$HAVE_ED25519" = 1 ]; then
test_setup "Ed25519 public key"
pem_der_exp ./certs/ed25519/client-ed25519-key.pem \
./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY'
test_setup "Ed25519 private key"
pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \
./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY'
test_setup "Ed25519 private key"
pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \
./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY'
USAGE_STRING=" EDDSA PRIVATE KEY"
test_setup "EdDSA private key"
pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \
./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY'
USAGE_STRING=" EDDSA PRIVATE KEY"
test_setup "EdDSA private key"
pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \
./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY'
else
echo ' Skipping ED25519 tests'
TEST_CNT=$((TEST_CNT+3))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+3))
fi
test_setup "Ed448 public key"
pem_der_exp ./certs/ed448/client-ed448-key.pem \
./certs/ed448/client-ed448-key.der 'PUBLIC KEY'
if [ "$HAVE_ED448" = 1 ]; then
test_setup "Ed448 public key"
pem_der_exp ./certs/ed448/client-ed448-key.pem \
./certs/ed448/client-ed448-key.der 'PUBLIC KEY'
test_setup "Ed448 private key"
pem_der_exp ./certs/ed448/client-ed448-priv.pem \
./certs/ed448/client-ed448-priv.der 'PRIVATE KEY'
test_setup "Ed448 private key"
pem_der_exp ./certs/ed448/client-ed448-priv.pem \
./certs/ed448/client-ed448-priv.der 'PRIVATE KEY'
else
echo ' Skipping ED448 tests'
TEST_CNT=$((TEST_CNT+2))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
fi
USAGE_STRING=" CERTIFICATE REQUEST"
test_setup "Certificate Request"
pem_der_exp ./certs/csr.dsa.pem \
./certs/csr.dsa.der 'CERTIFICATE REQUEST'
if [ "$WOLFSSL_CERT_REQ" = 1 ]; then
USAGE_STRING=" CERTIFICATE REQUEST"
test_setup "Certificate Request"
pem_der_exp ./certs/csr.dsa.pem \
./certs/csr.dsa.der 'CERTIFICATE REQUEST'
else
echo ' Skipping certificate request test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
# failing 20260417:
#
@@ -458,14 +514,18 @@ pem_der_exp ./certs/csr.dsa.pem \
# pem_der_exp ./certs/crl/caEccCrl.pem \
# ./certs/crl/caEccCrl.der 'X509 CRL'
if [ "$HAVE_FIPS" != 1 ]; then
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
if [ "$HAVE_FIPS" != 1 ] && [ "$HAVE_DES3" = 1 ]; then
if [ "$HAVE_RSA" = 1 ]; then
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key with header"
convert_to_der -in ./certs/server-keyEnc.pem -p yassl123 --padding
else
echo ' Skipping DES && RSA test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key - PKCS#8"
convert_to_der -in ./certs/server-keyPkcs8Enc.pem -p yassl123
@@ -473,19 +533,35 @@ if [ "$HAVE_FIPS" != 1 ]; then
USAGE_STRING=$ENC_STRING
test_setup "Encrypted Key - PKCS#8 (PKCS#12 PBE)"
convert_to_der -in ./certs/server-keyPkcs8Enc12.pem -p yassl123
else
echo ' Skipping DES && MD5 && RSA tests'
TEST_CNT=$((TEST_CNT+2))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
fi
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
if [ "$HAVE_MD5" = 1 ]; then
USAGE_STRING="PBES1_MD5_DES"
test_setup "Encrypted Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
convert_to_der -in ./certs/ecc-keyPkcs8Enc.pem -p yassl123
else
echo ' Skipping DES && MD5 test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
if [ "$HAVE_SHA" = 1 ]; then
USAGE_STRING=" DES3"
test_setup "Encrypted Key - PKCS#8 (PKCS#5v2 PBE-SHA1-DES3)"
convert_to_der -in ./certs/server-keyPkcs8Enc2.pem -p yassl123
else
echo ' Skipping DES && SHA-1 test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
else
echo ' Skipping DES tests'
TEST_CNT=$((TEST_CNT+5))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+5))
fi
# failing 20260417:
@@ -525,15 +601,19 @@ fi
# test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 DES3)"
# der_pem_enc --pbe-alg DES3
if [ "$HAVE_FIPS" = 1 ]; then
if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
if [ "$HAVE_FIPS" != 1 ]; then
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ]; then
USAGE_STRING="PBES1_MD5_DES"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)"
der_pem_enc --pbe PBES1_MD5_DES
else
echo ' Skipping DES && MD5 DER-to-PEM test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then
if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
USAGE_STRING="PBES1_SHA1_DES"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-SHA1-DES)"
@@ -543,21 +623,37 @@ if [ "$HAVE_FIPS" = 1 ]; then
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-DES3)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_DES3
else
echo ' Skipping DES && SHA-1 DER-to-PEM tests'
TEST_CNT=$((TEST_CNT+2))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+2))
fi
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC4" = 1 ]; then
if [ "$HAVE_RC4" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
USAGE_STRING=" SHA1_RC4_128"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-RC4-128)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_RC4_128
else
echo ' Skipping RC4 && SHA-1 DER-to-PEM test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC2" = 1 ]; then
if [ "$HAVE_RC2" = 1 ] && [ "$HAVE_SHA" = 1 ]; then
USAGE_STRING="SHA1_40RC2_CBC"
PEM_TYPE="ENCRYPTED PRIVATE KEY"
test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-40RC2-CBC)"
der_pem_enc --pbe-ver PKCS12 --pbe SHA1_40RC2_CBC
else
echo ' Skipping RC2 && SHA-1 DER-to-PEM test'
TEST_CNT=$((TEST_CNT+1))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+1))
fi
else
echo ' Skipping DES/RC4/RC2 DER-to-PEM tests'
TEST_CNT=$((TEST_CNT+5))
TEST_SKIP_CNT=$((TEST_SKIP_CNT+5))
fi
# Note: PKCS#12 with SHA1_DES doesn't work as we encode as PKCS#5 SHA1_DES as