From f936dd7e818fb415792eaa141fa6cdc74744bab8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 27 Sep 2024 13:13:36 -0400 Subject: [PATCH] Test TLS1.3 connection forcing all ops on token This is used primarily to test TLS13-KDF. Note that we have to disable digest ops on the token as OpenSSL requires context duplication to work, and most tokens do not really offer it. Signed-off-by: Simo Sorce --- tests/ttls | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ttls b/tests/ttls index a3ea93f4..25575c59 100755 --- a/tests/ttls +++ b/tests/ttls @@ -93,4 +93,18 @@ run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2" title PARA "Run test with TLS 1.2 and ECDH" run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1" +#Try again forcing all operations on the token +#We need to disable digest operations as OPenSSL depens on context duplication working +ORIG_OPENSSL_CONF=${OPENSSL_CONF} +sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \ + -e "s/#pkcs11-module-block-operations/pkcs11-module-block-operations = digest/" \ + "${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken" +OPENSSL_CONF=${OPENSSL_CONF}.forcetoken + +title PARA "Run test with TLS 1.3 preferring token functions" +run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_3" + +OPENSSL_CONF=${ORIG_OPENSSL_CONF} + + exit 0;