diff --git a/scripts/pem.test b/scripts/pem.test index c2107b31f9..329f5dbf89 100755 --- a/scripts/pem.test +++ b/scripts/pem.test @@ -19,11 +19,13 @@ CR=$'\n' ENC_STRING="encrypt" DER_TO_PEM_STRING="input is DER and output is PEM" +# Check for pem example usability - can't test without it. if ! "$PEM_EXE" --help >/dev/null 2>&1; then echo "$PEM_EXE not found -- skipping pem.test." exit 77 fi +# Check for asn1 example usability - can't test without it. if ! "$ASN1_EXE" --help >/dev/null 2>&1; then echo "$ASN1_EXE not found -- skipping pem.test." exit 77 @@ -61,6 +63,26 @@ if ! grep -q -E '^#define NO_DH$' wolfssl/options.h; then HAVE_DH=1 fi +if ! grep -q -E '^#define NO_DSA$' wolfssl/options.h; then + HAVE_DSA=1 +fi + +if grep -q -E '^#define HAVE_ECC$' wolfssl/options.h; then + HAVE_ECC=1 +fi + +if grep -q -E '^#define HAVE_ED25519$' wolfssl/options.h; then + HAVE_ED25519=1 +fi + +if grep -q -E '^#define HAVE_ED448$' wolfssl/options.h; then + HAVE_ED448=1 +fi + +if grep -q -E '^#define WOLFSSL_CERT_REQ$' wolfssl/options.h; then + WOLFSSL_CERT_REQ=1 +fi + if grep -q -E '^#define WOLFSSL_KEY_GEN$' wolfssl/options.h; then WOLFSSL_KEY_GEN=1 fi @@ -258,6 +280,7 @@ convert_to_pem() { if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM' TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) + TEST_PASS_CNT=$((TEST_PASS_CNT-1)) return 0 fi if [ "$SKIP" = "" -a "$FAILED" = "" ]; then @@ -292,6 +315,7 @@ pem_der_exp() { if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM' TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) + TEST_PASS_CNT=$((TEST_PASS_CNT-1)) return 0 fi if [ "$SKIP" = "" -a "$FAILED" = "" ]; then @@ -327,6 +351,7 @@ der_pem_enc() { if [ "$WOLFSSL_NO_DER_TO_PEM" = 1 ]; then echo ' Skipping -- WOLFSSL_NO_DER_TO_PEM' TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) + TEST_PASS_CNT=$((TEST_PASS_CNT-1)) return 0 fi PEM_TYPE="ENCRYPTED PRIVATE KEY" @@ -337,17 +362,6 @@ der_pem_enc() { ################################################################################ -# Check for pem example - can't test without it. -if [ ! -x $PEM_EXE ]; then - echo "PEM example not available, won't run" - exit 77 -fi -# Check for asn1 example - don't want to test without it. -if [ ! -x $ASN1_EXE ]; then - echo "ASN.1 example not available, won't run" - exit 77 -fi - # Check the available features compiled into pem example. echo "wolfSSL features:" check_usage_string $DER_TO_PEM_STRING @@ -378,9 +392,15 @@ convert_to_der -in ./certs/server-cert.pem test_setup "Convert PEM certificate (second of many) to DER" convert_to_der -in ./certs/server-cert.pem --offset 6000 -test_setup "RSA private key" -pem_der_exp ./certs/server-key.pem \ - ./certs/server-key.der "RSA PRIVATE KEY" +if [ "$HAVE_RSA" = 1 ]; then + test_setup "RSA private key" + pem_der_exp ./certs/server-key.pem \ + ./certs/server-key.der "RSA PRIVATE KEY" +else + echo ' Skipping RSA test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) +fi # failing 20260417: # @@ -388,68 +408,104 @@ pem_der_exp ./certs/server-key.pem \ # pem_der_exp ./certs/server-keyPub.pem \ # ./certs/server-keyPub.der "RSA PUBLIC KEY" -test_setup "DH parameters" -pem_der_exp ./certs/dh3072.pem \ - ./certs/dh3072.der "DH PARAMETERS" +if [ "$HAVE_DH" = 1 ]; then + test_setup "DH parameters" + pem_der_exp ./certs/dh3072.pem \ + ./certs/dh3072.der "DH PARAMETERS" -test_setup "X9.42 parameters" -pem_der_exp ./certs/x942dh2048.pem \ - ./certs/x942dh2048.der "X9.42 DH PARAMETERS" + test_setup "X9.42 parameters" + pem_der_exp ./certs/x942dh2048.pem \ + ./certs/x942dh2048.der "X9.42 DH PARAMETERS" +else + echo ' Skipping DH tests' + TEST_CNT=$((TEST_CNT+2)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+2)) +fi -USAGE_STRING=" DSA PARAMETERS" -test_setup "DSA parameters" -pem_der_exp ./certs/dsaparams.pem \ - ./certs/dsaparams.der "DSA PARAMETERS" +if [ "$HAVE_DSA" = 1 ]; then + USAGE_STRING=" DSA PARAMETERS" + test_setup "DSA parameters" + pem_der_exp ./certs/dsaparams.pem \ + ./certs/dsaparams.der "DSA PARAMETERS" -USAGE_STRING=" DSA PRIVATE KEY" -test_setup "DSA private key" -pem_der_exp ./certs/1024/dsa1024.pem \ - ./certs/1024/dsa1024.der "DSA PRIVATE KEY" + USAGE_STRING=" DSA PRIVATE KEY" + test_setup "DSA private key" + pem_der_exp ./certs/1024/dsa1024.pem \ + ./certs/1024/dsa1024.der "DSA PRIVATE KEY" +else + echo ' Skipping DSA tests' + TEST_CNT=$((TEST_CNT+2)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+2)) +fi -USAGE_STRING=" EC PRIVATE KEY" -test_setup "ECC private key" -pem_der_exp ./certs/ecc-keyPkcs8.pem \ - ./certs/ecc-keyPkcs8.der "PRIVATE KEY" +if [ "$HAVE_ECC" = 1 ]; then + USAGE_STRING=" EC PRIVATE KEY" + test_setup "ECC private key" + pem_der_exp ./certs/ecc-keyPkcs8.pem \ + ./certs/ecc-keyPkcs8.der "PRIVATE KEY" -USAGE_STRING=" EC PRIVATE KEY" -test_setup "EC PRIVATE KEY" -pem_der_exp ./certs/ecc-privkey.pem \ - ./certs/ecc-privkey.der "EC PRIVATE KEY" + USAGE_STRING=" EC PRIVATE KEY" + test_setup "EC PRIVATE KEY" + pem_der_exp ./certs/ecc-privkey.pem \ + ./certs/ecc-privkey.der "EC PRIVATE KEY" -USAGE_STRING=" EC PARAMETERS" -test_setup "ECC parameters" -pem_der_exp ./certs/ecc-params.pem \ - ./certs/ecc-params.der "EC PARAMETERS" + USAGE_STRING=" EC PARAMETERS" + test_setup "ECC parameters" + pem_der_exp ./certs/ecc-params.pem \ + ./certs/ecc-params.der "EC PARAMETERS" -test_setup "ECC public key" -pem_der_exp ./certs/ecc-keyPub.pem \ - ./certs/ecc-keyPub.der "PUBLIC KEY" + test_setup "ECC public key" + pem_der_exp ./certs/ecc-keyPub.pem \ + ./certs/ecc-keyPub.der "PUBLIC KEY" +else + echo ' Skipping ECC tests' + TEST_CNT=$((TEST_CNT+4)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+4)) +fi -test_setup "Ed25519 public key" -pem_der_exp ./certs/ed25519/client-ed25519-key.pem \ - ./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY' +if [ "$HAVE_ED25519" = 1 ]; then + test_setup "Ed25519 public key" + pem_der_exp ./certs/ed25519/client-ed25519-key.pem \ + ./certs/ed25519/client-ed25519-key.der 'PUBLIC KEY' -test_setup "Ed25519 private key" -pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \ - ./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY' + test_setup "Ed25519 private key" + pem_der_exp ./certs/ed25519/client-ed25519-priv.pem \ + ./certs/ed25519/client-ed25519-priv.der 'PRIVATE KEY' -USAGE_STRING=" EDDSA PRIVATE KEY" -test_setup "EdDSA private key" -pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \ - ./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY' + USAGE_STRING=" EDDSA PRIVATE KEY" + test_setup "EdDSA private key" + pem_der_exp ./certs/ed25519/eddsa-ed25519.pem \ + ./certs/ed25519/eddsa-ed25519.der 'EDDSA PRIVATE KEY' +else + echo ' Skipping ED25519 tests' + TEST_CNT=$((TEST_CNT+3)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+3)) +fi -test_setup "Ed448 public key" -pem_der_exp ./certs/ed448/client-ed448-key.pem \ - ./certs/ed448/client-ed448-key.der 'PUBLIC KEY' +if [ "$HAVE_ED448" = 1 ]; then + test_setup "Ed448 public key" + pem_der_exp ./certs/ed448/client-ed448-key.pem \ + ./certs/ed448/client-ed448-key.der 'PUBLIC KEY' -test_setup "Ed448 private key" -pem_der_exp ./certs/ed448/client-ed448-priv.pem \ - ./certs/ed448/client-ed448-priv.der 'PRIVATE KEY' + test_setup "Ed448 private key" + pem_der_exp ./certs/ed448/client-ed448-priv.pem \ + ./certs/ed448/client-ed448-priv.der 'PRIVATE KEY' +else + echo ' Skipping ED448 tests' + TEST_CNT=$((TEST_CNT+2)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+2)) +fi -USAGE_STRING=" CERTIFICATE REQUEST" -test_setup "Certificate Request" -pem_der_exp ./certs/csr.dsa.pem \ - ./certs/csr.dsa.der 'CERTIFICATE REQUEST' +if [ "$WOLFSSL_CERT_REQ" = 1 ]; then + USAGE_STRING=" CERTIFICATE REQUEST" + test_setup "Certificate Request" + pem_der_exp ./certs/csr.dsa.pem \ + ./certs/csr.dsa.der 'CERTIFICATE REQUEST' +else + echo ' Skipping certificate request test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) +fi # failing 20260417: # @@ -458,14 +514,18 @@ pem_der_exp ./certs/csr.dsa.pem \ # pem_der_exp ./certs/crl/caEccCrl.pem \ # ./certs/crl/caEccCrl.der 'X509 CRL' -if [ "$HAVE_FIPS" != 1 ]; then - if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_RSA" = 1 ]; then +if [ "$HAVE_FIPS" != 1 ] && [ "$HAVE_DES3" = 1 ]; then + if [ "$HAVE_RSA" = 1 ]; then USAGE_STRING=$ENC_STRING test_setup "Encrypted Key with header" convert_to_der -in ./certs/server-keyEnc.pem -p yassl123 --padding + else + echo ' Skipping DES && RSA test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi - if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then + if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_RSA" = 1 ]; then USAGE_STRING=$ENC_STRING test_setup "Encrypted Key - PKCS#8" convert_to_der -in ./certs/server-keyPkcs8Enc.pem -p yassl123 @@ -473,19 +533,35 @@ if [ "$HAVE_FIPS" != 1 ]; then USAGE_STRING=$ENC_STRING test_setup "Encrypted Key - PKCS#8 (PKCS#12 PBE)" convert_to_der -in ./certs/server-keyPkcs8Enc12.pem -p yassl123 + else + echo ' Skipping DES && MD5 && RSA tests' + TEST_CNT=$((TEST_CNT+2)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+2)) fi - if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then + if [ "$HAVE_MD5" = 1 ]; then USAGE_STRING="PBES1_MD5_DES" test_setup "Encrypted Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)" convert_to_der -in ./certs/ecc-keyPkcs8Enc.pem -p yassl123 + else + echo ' Skipping DES && MD5 test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi - if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then + if [ "$HAVE_SHA" = 1 ]; then USAGE_STRING=" DES3" test_setup "Encrypted Key - PKCS#8 (PKCS#5v2 PBE-SHA1-DES3)" convert_to_der -in ./certs/server-keyPkcs8Enc2.pem -p yassl123 + else + echo ' Skipping DES && SHA-1 test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi +else + echo ' Skipping DES tests' + TEST_CNT=$((TEST_CNT+5)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+5)) fi # failing 20260417: @@ -525,15 +601,19 @@ fi # test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES2 DES3)" # der_pem_enc --pbe-alg DES3 -if [ "$HAVE_FIPS" = 1 ]; then - if [ "$HAVE_MD5" = 1 ] && [ "$HAVE_DES3" = 1 ]; then +if [ "$HAVE_FIPS" != 1 ]; then + if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_MD5" = 1 ]; then USAGE_STRING="PBES1_MD5_DES" PEM_TYPE="ENCRYPTED PRIVATE KEY" test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-MD5-DES)" der_pem_enc --pbe PBES1_MD5_DES + else + echo ' Skipping DES && MD5 DER-to-PEM test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi - if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_DES3" = 1 ]; then + if [ "$HAVE_DES3" = 1 ] && [ "$HAVE_SHA" = 1 ]; then USAGE_STRING="PBES1_SHA1_DES" PEM_TYPE="ENCRYPTED PRIVATE KEY" test_setup "Encrypt Key - PKCS#8 (PKCS#5 PBES1-SHA1-DES)" @@ -543,21 +623,37 @@ if [ "$HAVE_FIPS" = 1 ]; then PEM_TYPE="ENCRYPTED PRIVATE KEY" test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-DES3)" der_pem_enc --pbe-ver PKCS12 --pbe SHA1_DES3 + else + echo ' Skipping DES && SHA-1 DER-to-PEM tests' + TEST_CNT=$((TEST_CNT+2)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+2)) fi - if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC4" = 1 ]; then + if [ "$HAVE_RC4" = 1 ] && [ "$HAVE_SHA" = 1 ]; then USAGE_STRING=" SHA1_RC4_128" PEM_TYPE="ENCRYPTED PRIVATE KEY" test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-RC4-128)" der_pem_enc --pbe-ver PKCS12 --pbe SHA1_RC4_128 + else + echo ' Skipping RC4 && SHA-1 DER-to-PEM test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi - if [ "$HAVE_SHA" = 1 ] && [ "$HAVE_RC2" = 1 ]; then + if [ "$HAVE_RC2" = 1 ] && [ "$HAVE_SHA" = 1 ]; then USAGE_STRING="SHA1_40RC2_CBC" PEM_TYPE="ENCRYPTED PRIVATE KEY" test_setup "Encrypt Key - PKCS#8 (PKCS#12 PBE-SHA1-40RC2-CBC)" der_pem_enc --pbe-ver PKCS12 --pbe SHA1_40RC2_CBC + else + echo ' Skipping RC2 && SHA-1 DER-to-PEM test' + TEST_CNT=$((TEST_CNT+1)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+1)) fi +else + echo ' Skipping DES/RC4/RC2 DER-to-PEM tests' + TEST_CNT=$((TEST_CNT+5)) + TEST_SKIP_CNT=$((TEST_SKIP_CNT+5)) fi # Note: PKCS#12 with SHA1_DES doesn't work as we encode as PKCS#5 SHA1_DES as