tests: Run TLS tests also when forcing all operations on token

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Jul 17, 2024 · b8e8511 · b8e8511
1 parent 9395b9f
commit b8e8511
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 12 deletions.
diff --git a/tests/openssl.cnf.in b/tests/openssl.cnf.in
@@ -28,6 +28,7 @@ pkcs11-module-token-pin = file:@PINFILE@
 #pkcs11-module-allow-export
 #pkcs11-module-load-behavior
 #pkcs11-module-block-operations
+#pkcs11-module-cache-keys
 ##QUIRKS
 activate = 1
 

diff --git a/tests/ttls b/tests/ttls
@@ -66,22 +66,46 @@ run_test() {
 
 }
 
-title PARA "Run sanity test with default values (RSA)"
-run_test "$PRIURI" "$CRTURI"
+run_tests() {
 
-title PARA "Run sanity test with default values (ECDSA)"
-run_test "$ECPRIURI" "$ECCRTURI"
+    title PARA "Run sanity test with default values (RSA)"
+    run_test "$PRIURI" "$CRTURI"
 
-title PARA "Run test with TLS 1.2"
-run_test "$PRIURI" "$CRTURI" "" "-tls1_2"
+    title PARA "Run sanity test with default values (ECDSA)"
+    run_test "$ECPRIURI" "$ECCRTURI"
 
-title PARA "Run test with explicit TLS 1.3"
-run_test "$PRIURI" "$CRTURI" "" "-tls1_3"
+    title PARA "Run test with TLS 1.2"
+    run_test "$PRIURI" "$CRTURI" "" "-tls1_2"
 
-title PARA "Run test with TLS 1.2 (ECDSA)"
-run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2"
+    title PARA "Run test with explicit TLS 1.3"
+    run_test "$PRIURI" "$CRTURI" "" "-tls1_3"
 
-title PARA "Run test with TLS 1.2 and ECDH"
-run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1"
+    title PARA "Run test with TLS 1.2 (ECDSA)"
+    run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2"
+
+    title PARA "Run test with TLS 1.2 and ECDH"
+    run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1"
+}
+
+title SECTION "TLS with key in provider"
+run_tests
+title ENDSECTION
+
+title SECTION "Forcing the provider for all operations"
+ORIG_OPENSSL_CONF=${OPENSSL_CONF}
+sed \
+    -e "s/^#pkcs11-module-cache-keys.*$/pkcs11-module-cache-keys = false/" \
+    -e "s/^#pkcs11-module-block-operations.*$/pkcs11-module-block-operations = digest/" \
+    -e "s/pkcs11-module-quirks = /pkcs11-module-quirks = no-operation-state /" \
+    -e "s/^##QUIRKS$/pkcs11-module-quirks = no-operation-state/" \
+    -e "s/#MORECONF/alg_section = algorithm_sect/" \
+    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.force"
+echo "[algorithm_sect]" >> "${OPENSSL_CONF}.force"
+echo "default_properties = ?provider=pkcs11" >> "${OPENSSL_CONF}.force"
+OPENSSL_CONF=${OPENSSL_CONF}.force
+
+run_tests
+OPENSSL_CONF=${ORIG_OPENSSL_CONF}
+title ENDSECTION
 
 exit 0;