diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-28 17:19:49 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-28 17:19:49 -0800 |
commit | e51a2095c410203fe01fc6b7a4c5ff2c1861dcd4 (patch) | |
tree | 9ffc33df2d76eed8bad5bca01213b7545ba28e7e | |
parent | b304bf09c2a41ac7476bebc1076896281441efa4 (diff) | |
download | openssl-pkcs11-export-e51a2095c410203fe01fc6b7a4c5ff2c1861dcd4.tar.gz |
tests: cope with older versions of p11tool
p11tool before version 3.4.4 didn't have the --test-sign option, which
we use to test signatures. Split out test signing into a separate
module and check that we can run it in configure.ac
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rwxr-xr-x | tests/p11tool_checks.sh | 14 | ||||
-rwxr-xr-x | tests/p11tool_test_sign.sh | 18 |
4 files changed, 30 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index 12879e6..eaa9025 100644 --- a/configure.ac +++ b/configure.ac @@ -11,6 +11,15 @@ AC_PROG_LN_S PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2]) # OAEP definitions are missing from earlier p11-kit PKG_CHECK_MODULES([P11KIT], [p11-kit-1 >= 0.23.3]) +# test-sign is missing from gnutls < 3.4.4 +AC_CHECK_PROG([P11TOOL], p11tool, [`p11tool --version|awk '/^p11tool /{print $2}'`]) +if test -z $P11TOOL; then + AC_MSG_ERROR([p11tool from gnutls must be installed for make check]) +fi +AX_COMPARE_VERSION([$P11TOOL],[ge],[3.4.4],[test_sign=yes]) +AM_CONDITIONAL([TEST_SIGN], [test x$test_sign = "xyes"]) +AM_COND_IF([TEST_SIGN],, [AC_MSG_WARN([p11tool is too old to run test signing])]) + AC_ARG_WITH( [pkcs11-dir], diff --git a/tests/Makefile.am b/tests/Makefile.am index 3db9cba..bbc367a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -3,6 +3,9 @@ TESTS = init.sh \ signature.sh \ engine.sh \ p11tool_checks.sh +if TEST_SIGN +TESTS += p11tool_test_sign.sh +endif AM_TESTS_ENVIRONMENT = OPENSSL_PKCS11_CONF=$(abs_srcdir)/op.conf; \ srcdir=$(abs_srcdir); \ diff --git a/tests/p11tool_checks.sh b/tests/p11tool_checks.sh index da48734..0556bef 100755 --- a/tests/p11tool_checks.sh +++ b/tests/p11tool_checks.sh @@ -10,17 +10,3 @@ for mech in CKM_RSA_PKCS \ CKM_RSA_PKCS_OAEP; do grep -q $mech tmp.txt || exit 1; done - -GNUTLS_PIN=Passw0rd -export GNUTLS_PIN -for f in "" "--sign-params=RSA-PSS"; do - ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1 -done -## -# Elliptic curve checks -## -${P11TOOL} --test-sign 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-p256;object=key-p256' || exit 1 -## -# gnutls cannot currently handle parametrised curves, only named ones -## -#${P11TOOL} --test-sign 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-bp;object=key-bp' || exit 1 diff --git a/tests/p11tool_test_sign.sh b/tests/p11tool_test_sign.sh new file mode 100755 index 0000000..0ddc914 --- /dev/null +++ b/tests/p11tool_test_sign.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -x + +P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so" + +GNUTLS_PIN=Passw0rd +export GNUTLS_PIN +for f in "" "--sign-params=RSA-PSS"; do + ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1 +done +## +# Elliptic curve checks +## +${P11TOOL} --test-sign 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-p256;object=key-p256' || exit 1 +## +# gnutls cannot currently handle parametrised curves, only named ones +## +#${P11TOOL} --test-sign 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-bp;object=key-bp' || exit 1 |