From d6aa350e4b48f13d5299c560e74ed411f9b9852d Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 21 Jan 2026 14:07:28 +0100 Subject: [PATCH 1/6] Enable provider mode for OpenSSL 4.x --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 41ec59bc..c1799898 100644 --- a/configure.ac +++ b/configure.ac @@ -36,6 +36,9 @@ opensslversion="$( \ $PKG_CONFIG --modversion openssl ) | \ sed 's/^\([0-9.]*\).*/\1/' )" case "$opensslversion" in + 4.*) # Provider for OpenSSL 4.x + LIBP11_LT_OLDEST="4" + LIBP11_OSSL_PROVIDER="yes";; 3.*) # Engines directory prefix for OpenSSL 3.x LIBP11_LT_OLDEST="3" LIBP11_OSSL_PROVIDER="yes" From fc16b1539896ffc295d90bd313659bee502299be Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 21 Jan 2026 14:10:27 +0100 Subject: [PATCH 2/6] Guard ENGINE code with OPENSSL_NO_ENGINE --- src/eng_back.c | 4 ++++ src/eng_front.c | 4 ++++ src/engine.h | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/src/eng_back.c b/src/eng_back.c index 91c58046..6e636933 100644 --- a/src/eng_back.c +++ b/src/eng_back.c @@ -31,6 +31,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + struct engine_ctx_st { /* UI */ int ui_method_provided; @@ -298,4 +300,6 @@ int ENGINE_CTX_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)(void)) return 0; } +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/src/eng_front.c b/src/eng_front.c index 5530a4ef..cd73d737 100644 --- a/src/eng_front.c +++ b/src/eng_front.c @@ -25,6 +25,8 @@ #error did not get engine.h #endif +#ifndef OPENSSL_NO_ENGINE + #define PKCS11_ENGINE_ID "pkcs11" #define PKCS11_ENGINE_NAME "pkcs11 engine" @@ -297,4 +299,6 @@ static int bind_fn(ENGINE *e, const char *id) IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/src/engine.h b/src/engine.h index 3f474525..374dcea8 100644 --- a/src/engine.h +++ b/src/engine.h @@ -25,6 +25,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef OPENSSL_NO_ENGINE + #ifndef _ENGINE_PKCS11_H #define _ENGINE_PKCS11_H @@ -98,4 +100,6 @@ void ENGINE_CTX_log(ENGINE_CTX *ctx, int level, const char *format, ...) #endif /* _ENGINE_PKCS11_H */ +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ From b2e8dc6bc897d5de7c68ae58773aa9d37c55abb1 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 21 Jan 2026 14:18:59 +0100 Subject: [PATCH 3/6] Disable custom EVP_PKEY_METHOD support on OpenSSL 4.x --- src/p11_eddsa.c | 15 +++++++++++++++ src/p11_load.c | 4 ++-- src/p11_pkey.c | 14 ++++++++++---- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/p11_eddsa.c b/src/p11_eddsa.c index 84ea6793..883cb83b 100644 --- a/src/p11_eddsa.c +++ b/src/p11_eddsa.c @@ -36,10 +36,13 @@ #include static int pkey_ex_idx = 0; + +#if OPENSSL_VERSION_NUMBER < 0x40000000L static EVP_PKEY_METHOD *pkcs11_ed25519_method = NULL; static EVP_PKEY_METHOD *pkcs11_ed448_method = NULL; static const EVP_PKEY_METHOD *orig_ed25519_method = NULL; static const EVP_PKEY_METHOD *orig_ed448_method = NULL; +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ int (*orig_ed25519_digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); @@ -58,6 +61,8 @@ static void alloc_pkey_ex_index(void) } } +#if OPENSSL_VERSION_NUMBER < 0x40000000L + static void free_pkey_ex_index(void) { if (pkey_ex_idx > 0) { @@ -343,6 +348,8 @@ void pkcs11_ed_key_method_free(void) } } +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ + void pkcs11_set_ex_data_pkey(EVP_PKEY *pkey, PKCS11_OBJECT_private *key) { EVP_PKEY_set_ex_data(pkey, pkey_ex_idx, key); @@ -445,16 +452,20 @@ static EVP_PKEY *pkcs11_get_evp_key_ed25519(PKCS11_OBJECT_private *key) return NULL; if (key->object_class == CKO_PRIVATE_KEY) { +#if OPENSSL_VERSION_NUMBER < 0x40000000L /* global initialize ED25519 EVP_PKEY_METHOD */ if (!pkcs11_ed25519_method_new()) { EVP_PKEY_free(pkey); return NULL; } +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ /* creates a new EVP_PKEY object which requires its own key object reference */ alloc_pkey_ex_index(); key = pkcs11_object_ref(key); pkcs11_set_ex_data_pkey(pkey, key); +#if OPENSSL_VERSION_NUMBER < 0x40000000L atexit(pkcs11_ed25519_method_free); +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ } return pkey; } @@ -476,16 +487,20 @@ static EVP_PKEY *pkcs11_get_evp_key_ed448(PKCS11_OBJECT_private *key) return NULL; if (key->object_class == CKO_PRIVATE_KEY) { +#if OPENSSL_VERSION_NUMBER < 0x40000000L /* global initialize ED448 EVP_PKEY_METHOD */ if (!pkcs11_ed448_method_new()) { EVP_PKEY_free(pkey); return NULL; } +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ /* create a new EVP_PKEY object which requires its own key object reference */ alloc_pkey_ex_index(); key = pkcs11_object_ref(key); pkcs11_set_ex_data_pkey(pkey, key); +#if OPENSSL_VERSION_NUMBER < 0x40000000L atexit(pkcs11_ed448_method_free); +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ } return pkey; } diff --git a/src/p11_load.c b/src/p11_load.c index e5b7840b..a5d1d2db 100644 --- a/src/p11_load.c +++ b/src/p11_load.c @@ -184,9 +184,9 @@ void pkcs11_CTX_free(PKCS11_CTX *ctx) #if OPENSSL_VERSION_NUMBER >= 0x10100002L #ifndef OPENSSL_NO_EC pkcs11_ec_key_method_free(); -# if OPENSSL_VERSION_NUMBER >= 0x30000000L +# if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_VERSION_NUMBER < 0x40000000L pkcs11_ed_key_method_free(); -# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_VERSION_NUMBER < 0x40000000L */ #endif /* OPENSSL_NO_EC */ #else /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ECDSA diff --git a/src/p11_pkey.c b/src/p11_pkey.c index e5a1d279..708a74d0 100644 --- a/src/p11_pkey.c +++ b/src/p11_pkey.c @@ -21,6 +21,8 @@ #include "libp11-int.h" #include +#if OPENSSL_VERSION_NUMBER < 0x40000000L + static int (*orig_pkey_rsa_sign_init) (EVP_PKEY_CTX *ctx); static int (*orig_pkey_rsa_sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -30,21 +32,22 @@ static int (*orig_pkey_rsa_decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); -#ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC static int (*orig_pkey_ec_sign_init) (EVP_PKEY_CTX *ctx); static int (*orig_pkey_ec_sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); -# if OPENSSL_VERSION_NUMBER >= 0x30000000L +# if OPENSSL_VERSION_NUMBER >= 0x30000000L static int (*orig_pkey_ed25519_digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); static int (*orig_pkey_ed448_digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); -# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ -#endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) @@ -151,6 +154,7 @@ static void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, } #endif +#if OPENSSL_VERSION_NUMBER < 0x40000000L static CK_MECHANISM_TYPE pkcs11_md2ckm(const EVP_MD *md) { switch (EVP_MD_type(md)) { @@ -937,4 +941,6 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, return 0; } +#endif /* OPENSSL_VERSION_NUMBER < 0x40000000L */ + /* vim: set noexpandtab: */ From 12523580d3ad8203514c10f6e016635ad7d95bf3 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 21 Jan 2026 14:22:25 +0100 Subject: [PATCH 4/6] Skip ENGINE-based tests on OpenSSL 4.x --- tests/case-insensitive.softhsm | 5 +++++ tests/check-privkey.c | 10 ++++++++++ tests/dup-key.c | 10 ++++++++++ tests/ec-check-privkey.softhsm | 5 +++++ tests/ec-copy.softhsm | 5 +++++ tests/ec-keygen.c | 10 ++++++++++ tests/ec-keygen.softhsm | 5 +++++ tests/ed25519-keygen.c | 4 ++-- tests/ed25519-keygen.softhsm | 2 +- tests/ed448-keygen.c | 4 ++-- tests/ed448-keygen.softhsm | 2 +- tests/evp-sign.c | 10 ++++++++++ tests/fork-change-slot.c | 10 ++++++++++ tests/fork-change-slot.softhsm | 5 +++++ tests/pkcs11-uri-pin-source.softhsm | 5 +++++ tests/pkcs11-uri-without-token.softhsm | 5 +++++ tests/rsa-check-privkey.softhsm | 5 +++++ tests/rsa-evp-sign.softhsm | 5 +++++ tests/rsa-keygen.c | 10 ++++++++++ tests/rsa-keygen.softhsm | 5 +++++ tests/rsa-oaep.c | 10 ++++++++++ tests/rsa-oaep.softhsm | 5 +++++ tests/rsa-pss-sign.c | 10 ++++++++++ tests/rsa-pss-sign.softhsm | 5 +++++ tests/search-all-matching-tokens.softhsm | 5 +++++ 25 files changed, 151 insertions(+), 6 deletions(-) diff --git a/tests/case-insensitive.softhsm b/tests/case-insensitive.softhsm index 9f346998..0b893763 100755 --- a/tests/case-insensitive.softhsm +++ b/tests/case-insensitive.softhsm @@ -35,6 +35,11 @@ MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=pu # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" diff --git a/tests/check-privkey.c b/tests/check-privkey.c index 3aacef43..1bd57bac 100644 --- a/tests/check-privkey.c +++ b/tests/check-privkey.c @@ -31,6 +31,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void usage(char *argv[]) { fprintf(stderr, "%s [certificate (PEM or URL)] [private key URL] " @@ -188,4 +190,12 @@ int main(int argc, char *argv[]) return ret; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/dup-key.c b/tests/dup-key.c index 7b63f37a..04acad75 100644 --- a/tests/dup-key.c +++ b/tests/dup-key.c @@ -33,6 +33,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void usage(char *argv[]) { fprintf(stderr, "%s [private key URL] [module] [conf]\n", argv[0]); @@ -185,4 +187,12 @@ int main(int argc, char *argv[]) return ret; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/ec-check-privkey.softhsm b/tests/ec-check-privkey.softhsm index 3ac535f4..6f3eb5ed 100755 --- a/tests/ec-check-privkey.softhsm +++ b/tests/ec-check-privkey.softhsm @@ -27,6 +27,11 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type= # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" diff --git a/tests/ec-copy.softhsm b/tests/ec-copy.softhsm index 7c9433f4..6feda60d 100755 --- a/tests/ec-copy.softhsm +++ b/tests/ec-copy.softhsm @@ -25,6 +25,11 @@ PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=priv # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" diff --git a/tests/ec-keygen.c b/tests/ec-keygen.c index 591c71eb..74bc79f9 100644 --- a/tests/ec-keygen.c +++ b/tests/ec-keygen.c @@ -22,6 +22,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void display_openssl_errors(int l) { const char* file; @@ -226,4 +228,12 @@ int main(int argc, char* argv[]) return ret; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/ec-keygen.softhsm b/tests/ec-keygen.softhsm index a18f307e..4104c99e 100755 --- a/tests/ec-keygen.softhsm +++ b/tests/ec-keygen.softhsm @@ -18,6 +18,11 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Initialize SoftHSM DB init_db diff --git a/tests/ed25519-keygen.c b/tests/ed25519-keygen.c index 54c28af8..7f037d9f 100644 --- a/tests/ed25519-keygen.c +++ b/tests/ed25519-keygen.c @@ -22,7 +22,7 @@ #include #include "eddsa_common.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) void display_openssl_errors(void) { @@ -171,6 +171,6 @@ int main() { return 0; } -#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) */ /* vim: set noexpandtab: */ diff --git a/tests/ed25519-keygen.softhsm b/tests/ed25519-keygen.softhsm index 9f0d1119..bfbaee85 100755 --- a/tests/ed25519-keygen.softhsm +++ b/tests/ed25519-keygen.softhsm @@ -21,7 +21,7 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then +if (( "${OPENSSL_VERSION%%.*}" != 3 )); then echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" exit 77 fi diff --git a/tests/ed448-keygen.c b/tests/ed448-keygen.c index a5549f42..b78775f8 100644 --- a/tests/ed448-keygen.c +++ b/tests/ed448-keygen.c @@ -22,7 +22,7 @@ #include #include "eddsa_common.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) void display_openssl_errors(void) { @@ -171,6 +171,6 @@ int main() { return 0; } -#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) */ /* vim: set noexpandtab: */ diff --git a/tests/ed448-keygen.softhsm b/tests/ed448-keygen.softhsm index 62c04204..1a371d30 100755 --- a/tests/ed448-keygen.softhsm +++ b/tests/ed448-keygen.softhsm @@ -21,7 +21,7 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then +if (( "${OPENSSL_VERSION%%.*}" != 3 )); then echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" exit 77 fi diff --git a/tests/evp-sign.c b/tests/evp-sign.c index b4e983f4..4458a8a5 100644 --- a/tests/evp-sign.c +++ b/tests/evp-sign.c @@ -44,6 +44,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + /* UI method that's only used to fail if get_pin inside engine_pkcs11 * has failed to pick up in a PIN sent in with ENGINE_ctrl_cmd_string */ static UI_METHOD *ui_detect_failed_ctrl = NULL; @@ -319,4 +321,12 @@ int main(int argc, char **argv) return 0; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/fork-change-slot.c b/tests/fork-change-slot.c index 20885627..b5e2c1d3 100644 --- a/tests/fork-change-slot.c +++ b/tests/fork-change-slot.c @@ -66,6 +66,8 @@ #define RANDOM_SIZE 20 #define MAX_SIGSIZE 1024 +#ifndef OPENSSL_NO_ENGINE + static int do_wait(pid_t pids[], int num) { int i; @@ -315,4 +317,12 @@ int main(int argc, char *argv[]) return rv; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/fork-change-slot.softhsm b/tests/fork-change-slot.softhsm index 8de1e064..bed17422 100755 --- a/tests/fork-change-slot.softhsm +++ b/tests/fork-change-slot.softhsm @@ -24,6 +24,11 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Initialize SoftHSM DB init_db diff --git a/tests/pkcs11-uri-pin-source.softhsm b/tests/pkcs11-uri-pin-source.softhsm index 036c8df0..aa64a283 100755 --- a/tests/pkcs11-uri-pin-source.softhsm +++ b/tests/pkcs11-uri-pin-source.softhsm @@ -22,6 +22,11 @@ URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Generate test input files printf ${PIN} > $outdir/pin.txt printf "${PIN}\n" > $outdir/pin_with_trailing_newline.txt diff --git a/tests/pkcs11-uri-without-token.softhsm b/tests/pkcs11-uri-without-token.softhsm index c29966fa..1f8c34e6 100755 --- a/tests/pkcs11-uri-without-token.softhsm +++ b/tests/pkcs11-uri-without-token.softhsm @@ -30,6 +30,11 @@ PUBLIC_KEY="pkcs11:object=server-key-0;type=public;pin-value=1234" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + export OPENSSL_CONF="${outdir}/engines.cnf" echo "OPENSSL_CONF=${OPENSSL_CONF}" diff --git a/tests/rsa-check-privkey.softhsm b/tests/rsa-check-privkey.softhsm index 90c8ed49..005ad40c 100755 --- a/tests/rsa-check-privkey.softhsm +++ b/tests/rsa-check-privkey.softhsm @@ -28,6 +28,11 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type= # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" diff --git a/tests/rsa-evp-sign.softhsm b/tests/rsa-evp-sign.softhsm index 64dcbd22..7d67284a 100755 --- a/tests/rsa-evp-sign.softhsm +++ b/tests/rsa-evp-sign.softhsm @@ -25,6 +25,11 @@ KEY_ID="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + printf ${PIN} > $outdir/pin.txt # Do the token initialization diff --git a/tests/rsa-keygen.c b/tests/rsa-keygen.c index 4f6885ee..be64856e 100644 --- a/tests/rsa-keygen.c +++ b/tests/rsa-keygen.c @@ -22,6 +22,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void display_openssl_errors(int l) { const char* file; @@ -226,4 +228,12 @@ int main(int argc, char* argv[]) return ret; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/rsa-keygen.softhsm b/tests/rsa-keygen.softhsm index 67ad98ac..bb50a36e 100755 --- a/tests/rsa-keygen.softhsm +++ b/tests/rsa-keygen.softhsm @@ -18,6 +18,11 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Initialize SoftHSM DB init_db diff --git a/tests/rsa-oaep.c b/tests/rsa-oaep.c index 69b75437..dc04e9fb 100644 --- a/tests/rsa-oaep.c +++ b/tests/rsa-oaep.c @@ -41,6 +41,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void display_openssl_errors(int l) { const char *file; @@ -254,4 +256,12 @@ int main(int argc, char **argv) return 0; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/rsa-oaep.softhsm b/tests/rsa-oaep.softhsm index e5ff310b..1bca5227 100755 --- a/tests/rsa-oaep.softhsm +++ b/tests/rsa-oaep.softhsm @@ -26,6 +26,11 @@ PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=publi # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" diff --git a/tests/rsa-pss-sign.c b/tests/rsa-pss-sign.c index 577cce4f..725e6f11 100644 --- a/tests/rsa-pss-sign.c +++ b/tests/rsa-pss-sign.c @@ -40,6 +40,8 @@ #include #include +#ifndef OPENSSL_NO_ENGINE + static void display_openssl_errors(int l) { const char *file; @@ -270,4 +272,12 @@ int main(int argc, char **argv) return 0; } +#else + +int main() { + return 0; +} + +#endif /* OPENSSL_NO_ENGINE */ + /* vim: set noexpandtab: */ diff --git a/tests/rsa-pss-sign.softhsm b/tests/rsa-pss-sign.softhsm index 2cf95fb2..1f3fe0d1 100755 --- a/tests/rsa-pss-sign.softhsm +++ b/tests/rsa-pss-sign.softhsm @@ -26,6 +26,11 @@ PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=publi # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" diff --git a/tests/search-all-matching-tokens.softhsm b/tests/search-all-matching-tokens.softhsm index 44f90b88..3a55898b 100755 --- a/tests/search-all-matching-tokens.softhsm +++ b/tests/search-all-matching-tokens.softhsm @@ -40,6 +40,11 @@ NUM_DEVICES=5 # Load common test functions . ${srcdir}/common.sh +if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then + echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + exit 77 +fi + export OPENSSL_CONF="${outdir}/engines.cnf" echo "OPENSSL_CONF=${OPENSSL_CONF}" From 8d137725c49f9aaf9236729cf06f5bac1a029bc0 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 28 Jan 2026 13:03:24 +0100 Subject: [PATCH 5/6] Fix OPENSSL_NO_ENGINE guard placement --- src/eng_front.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/eng_front.c b/src/eng_front.c index cd73d737..39ab9f4d 100644 --- a/src/eng_front.c +++ b/src/eng_front.c @@ -21,12 +21,13 @@ #include #include #include + +#ifndef OPENSSL_NO_ENGINE + #ifndef ENGINE_CMD_BASE #error did not get engine.h #endif -#ifndef OPENSSL_NO_ENGINE - #define PKCS11_ENGINE_ID "pkcs11" #define PKCS11_ENGINE_NAME "pkcs11 engine" From f7cff8545b99fbbcd7eab04fe523b48d8d77e793 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 28 Jan 2026 13:05:11 +0100 Subject: [PATCH 6/6] Adjust tests for OpenSSL feature availability (ENGINE, EC) --- examples/ed25519keygen.c | 13 +++++--- examples/ed448keygen.c | 13 +++++--- tests/case-insensitive.softhsm | 25 +++++++-------- tests/check-all-prov.c | 7 +++-- tests/check-privkey-prov.c | 7 +++-- tests/check-privkey.c | 7 +++-- tests/common.sh | 28 ++++++++++++----- tests/dup-key-prov.c | 7 +++-- tests/dup-key.c | 7 +++-- tests/ec-cert-store.softhsm | 18 ++++++----- tests/ec-check-privkey.softhsm | 23 +++++++------- tests/ec-copy.softhsm | 21 ++++++------- tests/ec-evp-sign.softhsm | 26 +++++++++------- tests/ec-keygen.c | 7 +++-- tests/ec-keygen.softhsm | 25 +++++++-------- tests/ec-testfork.softhsm | 15 ++++++--- tests/ed25519-keygen-prov.c | 13 +++++--- tests/ed25519-keygen.c | 20 ++++++------ tests/ed25519-keygen.softhsm | 25 +++++++-------- tests/ed448-keygen-prov.c | 13 +++++--- tests/ed448-keygen.c | 18 +++++------ tests/ed448-keygen.softhsm | 25 +++++++-------- tests/evp-sign-prov.c | 7 +++-- tests/evp-sign.c | 7 +++-- tests/fork-change-slot-prov.c | 7 +++-- tests/fork-change-slot.c | 7 +++-- tests/fork-change-slot.softhsm | 22 ++++++------- tests/openssl-settings.sh | 3 ++ tests/pkcs11-uri-pin-source.softhsm | 22 ++++++------- tests/pkcs11-uri-without-token.softhsm | 18 +++++------ tests/provider-case-insensitive.softhsm | 25 +++++++-------- tests/provider-ec-check-all.softhsm | 19 ++++++------ tests/provider-ec-check-privkey.softhsm | 23 +++++++------- tests/provider-ec-copy.softhsm | 21 ++++++------- tests/provider-ec-evp-sign.softhsm | 28 ++++++++--------- tests/provider-ed25519-keygen.softhsm | 25 +++++++-------- tests/provider-ed448-keygen.softhsm | 25 +++++++-------- tests/provider-fork-change-slot.softhsm | 22 ++++++------- .../provider-pkcs11-uri-without-token.softhsm | 18 +++++------ tests/provider-rsa-check-all.softhsm | 19 ++++++------ tests/provider-rsa-check-privkey.softhsm | 23 +++++++------- tests/provider-rsa-evp-sign.softhsm | 27 ++++++++-------- tests/provider-rsa-oaep.softhsm | 19 ++++++------ tests/provider-rsa-pss-sign.softhsm | 19 ++++++------ ...rovider-search-all-matching-tokens.softhsm | 10 +++--- tests/rsa-cert-store.softhsm | 18 ++++++----- tests/rsa-check-privkey.softhsm | 23 +++++++------- tests/rsa-evp-sign.softhsm | 31 +++++++++---------- tests/rsa-keygen.c | 7 +++-- tests/rsa-keygen.softhsm | 25 +++++++-------- tests/rsa-oaep-prov.c | 7 +++-- tests/rsa-oaep.c | 7 +++-- tests/rsa-oaep.softhsm | 19 ++++++------ tests/rsa-pss-sign-prov.c | 7 +++-- tests/rsa-pss-sign.c | 7 +++-- tests/rsa-pss-sign.softhsm | 19 ++++++------ tests/rsa-testfork.softhsm | 16 ++++++---- tests/rsa-testlistkeys.softhsm | 15 ++++++--- tests/rsa-testlistkeys_ext.softhsm | 14 ++++++--- tests/rsa-testpkcs11.softhsm | 17 +++++----- tests/search-all-matching-tokens.softhsm | 18 +++++------ 61 files changed, 557 insertions(+), 472 deletions(-) diff --git a/examples/ed25519keygen.c b/examples/ed25519keygen.c index a954ac75..67160de2 100644 --- a/examples/ed25519keygen.c +++ b/examples/ed25519keygen.c @@ -27,7 +27,9 @@ * SUCH DAMAGE. */ -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) #include #include @@ -176,13 +178,16 @@ int main(int argc, char *argv[]) return rc; } -#else /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#else /* !OPENSSL_NO_EC && OpenSSL 3.x */ + +#include int main(void) { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n"); + return 77; } -#endif /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/examples/ed448keygen.c b/examples/ed448keygen.c index 8b8ddf23..5a87bfbd 100644 --- a/examples/ed448keygen.c +++ b/examples/ed448keygen.c @@ -27,7 +27,9 @@ * SUCH DAMAGE. */ -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) #include #include @@ -176,13 +178,16 @@ int main(int argc, char *argv[]) return rc; } -#else /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#else /* !OPENSSL_NO_EC && OpenSSL 3.x */ + +#include int main(void) { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n"); + return 77; } -#endif /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/tests/case-insensitive.softhsm b/tests/case-insensitive.softhsm index 0b893763..b19fa27a 100755 --- a/tests/case-insensitive.softhsm +++ b/tests/case-insensitive.softhsm @@ -35,43 +35,42 @@ MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=pu # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./evp-sign default false "${outdir}/engines.cnf" \ ${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE} -if [[ $? -ne 0 ]]; then - echo "All lower case PKCS#11 URI scheme detection failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "PKCS#11 URI scheme detection test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "All lower case PKCS#11 URI scheme detection failed." exit 1 fi ./evp-sign default false "${outdir}/engines.cnf" \ ${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "All upper case PKCS#11 URI scheme detection failed" + echo "All upper case PKCS#11 URI scheme detection failed." exit 1 fi ./evp-sign default false "${outdir}/engines.cnf" \ ${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Mixed case PKCS#11 URI scheme detection failed" + echo "Mixed case PKCS#11 URI scheme detection failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/check-all-prov.c b/tests/check-all-prov.c index 9d658afe..4949158f 100644 --- a/tests/check-all-prov.c +++ b/tests/check-all-prov.c @@ -85,10 +85,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/check-privkey-prov.c b/tests/check-privkey-prov.c index 5c4d2601..0572f707 100644 --- a/tests/check-privkey-prov.c +++ b/tests/check-privkey-prov.c @@ -84,10 +84,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/check-privkey.c b/tests/check-privkey.c index 1bd57bac..1618f932 100644 --- a/tests/check-privkey.c +++ b/tests/check-privkey.c @@ -190,10 +190,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/common.sh b/tests/common.sh index cd67d2da..c2dcee54 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -26,8 +26,6 @@ echo "Current directory: $(pwd)" echo "Source directory: ${srcdir}" echo "Output directory: ${outdir}" -mkdir -p ${outdir} - # List of directories to search SOFTHSM_SEARCH_PATHS=( "/opt/homebrew" @@ -77,6 +75,13 @@ TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) +# Skip if SoftHSM requires ECDSA_SIG_get0 but current libcrypto doesn't provide it (no-ec build) +if nm -D "${MODULE}" 2>/dev/null | grep -q ' U ECDSA_SIG_get0' && \ + ! "${OPENSSL}" list -public-key-algorithms 2>/dev/null | grep -qi '\bec\b'; then + echo "Skipping test: SoftHSM requires EC support, but OpenSSL was built without EC." + exit 77 +fi + # Restore settings export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} @@ -107,6 +112,7 @@ else SHARED_EXT=.so fi +mkdir -p ${outdir} sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ @@ -152,6 +158,7 @@ init_db() { # Exit if no tool was found if [[ -z "${SOFTHSM_TOOL}" ]]; then echo "Skipping test: No softhsm or softhsm2-util tool found in expected locations." + rm -rf "$outdir" exit 77 fi @@ -282,10 +289,17 @@ list_objects () { echo "***************************************" echo "* Listing objects on the token ${token_label}" echo "***************************************" - pkcs11-tool --login --pin ${PIN} --module ${MODULE} \ - --token-label "${token_label}" --list-objects - if [[ $? -ne 0 ]]; then - exit 1 - fi + + # Ensure pkcs11-tool runs with the original library path + export LD_LIBRARY_PATH="${TEMP_LD_LIBRARY_PATH}" + + pkcs11-tool --login --pin "${PIN}" --module "${MODULE}" \ + --token-label "${token_label}" --list-objects || exit 1 + echo "***************************************" } + +# Cleanup test environment +cleanup() { + export LD_LIBRARY_PATH="${TEMP_LD_LIBRARY_PATH}" +} diff --git a/tests/dup-key-prov.c b/tests/dup-key-prov.c index e8aae1a0..a9b4c75b 100644 --- a/tests/dup-key-prov.c +++ b/tests/dup-key-prov.c @@ -85,10 +85,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/dup-key.c b/tests/dup-key.c index 04acad75..809acd0d 100644 --- a/tests/dup-key.c +++ b/tests/dup-key.c @@ -187,10 +187,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/ec-cert-store.softhsm b/tests/ec-cert-store.softhsm index 5d31d884..e0900f9f 100755 --- a/tests/ec-cert-store.softhsm +++ b/tests/ec-cert-store.softhsm @@ -30,9 +30,11 @@ outdir="output.$$" init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \ -out ${outdir}/ec-cert.pem CERTIFICATE="${outdir}/ec-cert.pem" @@ -40,17 +42,19 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=04030201;object=stored-cert;pin-value= # Run the test ${WRAPPER} ../examples/storecert ${CERTIFICATE} ${CERTIFICATE_URL} ${MODULE} -if [[ $? -ne 0 ]]; then - echo "The certificate storing couldn't be performed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "EC certificate storing test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "EC certificate storing couldn't be performed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - list_objects && list_objects | grep -q stored-cert if [[ $? -ne 0 ]]; then - echo "The certificate was not properly stored" + echo "EC certificate was not properly stored." exit 1 fi diff --git a/tests/ec-check-privkey.softhsm b/tests/ec-check-privkey.softhsm index 6f3eb5ed..1f1822c3 100755 --- a/tests/ec-check-privkey.softhsm +++ b/tests/ec-check-privkey.softhsm @@ -27,18 +27,15 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type= # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \ -out ${outdir}/ec-cert.pem CERTIFICATE="${outdir}/ec-cert.pem" @@ -46,21 +43,23 @@ CERTIFICATE="${outdir}/ec-cert.pem" # Run the test ${WRAPPER} ./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} \ "${outdir}/engines.cnf" -if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "EC key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "The private key loading couldn't get the public key from the certificate." exit 1 fi ./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} \ "${outdir}/engines.cnf" if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate URL" + echo "The private key loading couldn't get the public key from the certificate URL." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/ec-copy.softhsm b/tests/ec-copy.softhsm index 6feda60d..8f861c2e 100755 --- a/tests/ec-copy.softhsm +++ b/tests/ec-copy.softhsm @@ -25,28 +25,27 @@ PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=priv # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./dup-key ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if [[ $? -ne 0 ]]; then - echo "Could not duplicate private key" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Duplicate private key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Duplicate private key test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/ec-evp-sign.softhsm b/tests/ec-evp-sign.softhsm index 360b9064..337813b9 100755 --- a/tests/ec-evp-sign.softhsm +++ b/tests/ec-evp-sign.softhsm @@ -30,55 +30,59 @@ PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=publi init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./evp-sign ctrl false "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test, using ctrl failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Basic PKCS #11 test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Basic PKCS #11 test, using ctrl failed." exit 1 fi ./evp-sign default false "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test, using default failed" + echo "Basic PKCS #11 test, using default failed." exit 1 fi ./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test without pin-value, using ctrl failed" + echo "Basic PKCS #11 test without pin-value, using ctrl failed." exit 1 fi ./evp-sign default ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test without pin-value, using default failed" + echo "Basic PKCS #11 test without pin-value, using default failed." exit 1 fi ./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ "label_server-key-0" "label_server-key-0" ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with legacy name #1 failed" + echo "Basic PKCS #11 test with legacy name #1 failed." exit 1 fi ./evp-sign default ${PIN} "${outdir}/engines.cnf" \ "id_01020304" "id_01020304" ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with legacy name #2 failed" + echo "Basic PKCS #11 test with legacy name #2 failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/ec-keygen.c b/tests/ec-keygen.c index 74bc79f9..a6611f05 100644 --- a/tests/ec-keygen.c +++ b/tests/ec-keygen.c @@ -228,10 +228,13 @@ int main(int argc, char* argv[]) return ret; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/ec-keygen.softhsm b/tests/ec-keygen.softhsm index 4104c99e..ac3911dd 100755 --- a/tests/ec-keygen.softhsm +++ b/tests/ec-keygen.softhsm @@ -18,11 +18,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -30,22 +25,26 @@ init_db init_card "token1" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./ec-keygen token1 libp11-keylabel ${PIN} "${outdir}/engines.cnf" ${MODULE} -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "EC key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "EC key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "The key was not properly generated." exit 1 fi diff --git a/tests/ec-testfork.softhsm b/tests/ec-testfork.softhsm index 94101fac..0d55fd5f 100755 --- a/tests/ec-testfork.softhsm +++ b/tests/ec-testfork.softhsm @@ -28,18 +28,23 @@ outdir="output.$$" init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./fork-test ${MODULE} ${PIN} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Fork test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Fork test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/ed25519-keygen-prov.c b/tests/ed25519-keygen-prov.c index ac377888..1c07347a 100644 --- a/tests/ed25519-keygen-prov.c +++ b/tests/ed25519-keygen-prov.c @@ -20,7 +20,9 @@ #include "helpers_prov.h" #include "eddsa_common.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) static void error_queue(const char *name) { @@ -153,12 +155,15 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* !OPENSSL_NO_EC && OpenSSL 3.x */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n"); + return 77; } -#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/tests/ed25519-keygen.c b/tests/ed25519-keygen.c index 7f037d9f..50ba57ed 100644 --- a/tests/ed25519-keygen.c +++ b/tests/ed25519-keygen.c @@ -22,7 +22,10 @@ #include #include "eddsa_common.h" -#if !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) +#if !defined(OPENSSL_NO_ENGINE) && \ + !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) void display_openssl_errors(void) { @@ -76,15 +79,9 @@ int main(int argc, char *argv[]) } ENGINE_add_conf_module(); -# if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); -# else - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_digests(); - ERR_load_crypto_strings(); -# endif ERR_clear_error(); ENGINE_load_builtin_engines(); @@ -165,12 +162,15 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* !OPENSSL_NO_ENGINE && !OPENSSL_NO_EC && OpenSSL 3.x */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with ENGINE and EC support\n"); + return 77; } -#endif /* !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) */ +#endif /* !OPENSSL_NO_ENGINE && !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/tests/ed25519-keygen.softhsm b/tests/ed25519-keygen.softhsm index bfbaee85..ef1c569c 100755 --- a/tests/ed25519-keygen.softhsm +++ b/tests/ed25519-keygen.softhsm @@ -21,11 +21,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" != 3 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -33,22 +28,26 @@ init_db init_card "token1" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./ed25519-keygen ${MODULE} token1 libp11-keylabel ${PIN} "${outdir}/engines.cnf" -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Ed25519 key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Ed25519 key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "Ed25519 key was not properly generated." exit 1 fi diff --git a/tests/ed448-keygen-prov.c b/tests/ed448-keygen-prov.c index df4fa98b..5904b08d 100644 --- a/tests/ed448-keygen-prov.c +++ b/tests/ed448-keygen-prov.c @@ -20,7 +20,9 @@ #include "helpers_prov.h" #include "eddsa_common.h" -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) static void error_queue(const char *name) { @@ -153,12 +155,15 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* !OPENSSL_NO_EC && OpenSSL 3.x */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n"); + return 77; } -#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/tests/ed448-keygen.c b/tests/ed448-keygen.c index b78775f8..d50aec62 100644 --- a/tests/ed448-keygen.c +++ b/tests/ed448-keygen.c @@ -22,7 +22,10 @@ #include #include "eddsa_common.h" -#if !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) +#if !defined(OPENSSL_NO_ENGINE) && \ + !defined(OPENSSL_NO_EC) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ + (OPENSSL_VERSION_NUMBER < 0x40000000L) void display_openssl_errors(void) { @@ -76,15 +79,9 @@ int main(int argc, char *argv[]) } ENGINE_add_conf_module(); -# if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); -# else - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_digests(); - ERR_load_crypto_strings(); -# endif ERR_clear_error(); ENGINE_load_builtin_engines(); @@ -165,12 +162,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* !OPENSSL_NO_ENGINE && !OPENSSL_NO_EC && OpenSSL 3.x */ int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL 3.x built with ENGINE and EC support\n"); + return 77; } -#endif /* !defined(OPENSSL_NO_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x30000000L) */ +#endif /* !OPENSSL_NO_ENGINE && !OPENSSL_NO_EC && OpenSSL 3.x */ /* vim: set noexpandtab: */ diff --git a/tests/ed448-keygen.softhsm b/tests/ed448-keygen.softhsm index 1a371d30..f280e8a9 100755 --- a/tests/ed448-keygen.softhsm +++ b/tests/ed448-keygen.softhsm @@ -21,11 +21,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" != 3 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -33,22 +28,26 @@ init_db init_card "token1" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./ed448-keygen ${MODULE} token1 libp11-keylabel ${PIN} "${outdir}/engines.cnf" -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Ed448 key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Ed448 key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "Ed448 key was not properly generated." exit 1 fi diff --git a/tests/evp-sign-prov.c b/tests/evp-sign-prov.c index 0ffa9461..a48a4a5d 100644 --- a/tests/evp-sign-prov.c +++ b/tests/evp-sign-prov.c @@ -188,10 +188,13 @@ int main(int argc, char **argv) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/evp-sign.c b/tests/evp-sign.c index 4458a8a5..226200bc 100644 --- a/tests/evp-sign.c +++ b/tests/evp-sign.c @@ -321,10 +321,13 @@ int main(int argc, char **argv) return 0; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/fork-change-slot-prov.c b/tests/fork-change-slot-prov.c index d66ac10a..a3576dcb 100644 --- a/tests/fork-change-slot-prov.c +++ b/tests/fork-change-slot-prov.c @@ -226,10 +226,13 @@ int main(int argc, char *argv[]) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/fork-change-slot.c b/tests/fork-change-slot.c index b5e2c1d3..48a02df1 100644 --- a/tests/fork-change-slot.c +++ b/tests/fork-change-slot.c @@ -317,10 +317,13 @@ int main(int argc, char *argv[]) return rv; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/fork-change-slot.softhsm b/tests/fork-change-slot.softhsm index bed17422..d88c4c14 100755 --- a/tests/fork-change-slot.softhsm +++ b/tests/fork-change-slot.softhsm @@ -24,11 +24,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -40,18 +35,17 @@ init_card "token2" generate_rsa_key_pair "pkey" "token2" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test program which will stop and wait for a signal (SIGUSR1) # Valgrind cannot be used because the test program waits indefinitely at the sigwait call ./fork-change-slot "pkcs11:token=token2;object=pkey;type=private;pin-value=$PIN" \ "${outdir}/engines.cnf" ${MODULE} & pid=$! -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - # Wait the test program to reach the sigwait sleep 3 @@ -63,12 +57,16 @@ kill -USR1 `pgrep -P $pid` # Test the result wait $pid -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Fork test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Fork test failed." exit 1 fi -# Cleanup rm -rf "$outdir" exit 0 - diff --git a/tests/openssl-settings.sh b/tests/openssl-settings.sh index a393c945..7a4ef594 100644 --- a/tests/openssl-settings.sh +++ b/tests/openssl-settings.sh @@ -17,6 +17,9 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Save original library path for later restoration +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} + # OpenSSL settings if test -n ${PKG_CONFIG_PATH}; then OPENSSL_PATH="${PKG_CONFIG_PATH}/../.." diff --git a/tests/pkcs11-uri-pin-source.softhsm b/tests/pkcs11-uri-pin-source.softhsm index aa64a283..cd43ad4c 100755 --- a/tests/pkcs11-uri-pin-source.softhsm +++ b/tests/pkcs11-uri-pin-source.softhsm @@ -22,11 +22,6 @@ URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Generate test input files printf ${PIN} > $outdir/pin.txt printf "${PIN}\n" > $outdir/pin_with_trailing_newline.txt @@ -35,9 +30,11 @@ printf "${PIN}\n" > $outdir/pin_with_trailing_newline.txt init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test for PIN_SOURCE_ATTR in \ "pin-source=$outdir/pin.txt" \ @@ -48,15 +45,18 @@ do ${WRAPPER} ./check-privkey "${URL};type=cert" "${URL};type=private;${PIN_SOURCE_ATTR}" \ ${MODULE} "${outdir}/engines.cnf" - if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate URL" + rc=$? + if [[ $rc -eq 77 ]]; then + echo "PIN source test skipped." + rm -rf "$outdir" + exit 77 + elif [[ $rc -ne 0 ]]; then + echo "The private key loading couldn't get the public key from the certificate URL." exit 1 fi -done -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} +done rm -rf "$outdir" diff --git a/tests/pkcs11-uri-without-token.softhsm b/tests/pkcs11-uri-without-token.softhsm index 1f8c34e6..d638e692 100755 --- a/tests/pkcs11-uri-without-token.softhsm +++ b/tests/pkcs11-uri-without-token.softhsm @@ -30,11 +30,6 @@ PUBLIC_KEY="pkcs11:object=server-key-0;type=public;pin-value=1234" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - export OPENSSL_CONF="${outdir}/engines.cnf" echo "OPENSSL_CONF=${OPENSSL_CONF}" @@ -45,9 +40,17 @@ init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" echo "secret" >"${outdir}/in.txt" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +if ! "${OPENSSL}" engine >/dev/null 2>&1; then + echo "Skipping engine tests: ENGINE support not available" + rm -rf "$outdir" + exit 77 +fi + +# Restore openssl settings +trap cleanup EXIT + # Run the test # Generate signature without specifying the token in the PKCS#11 URI ${WRAPPER} ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \ @@ -67,9 +70,6 @@ if [[ $? -ne 0 ]]; then exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-case-insensitive.softhsm b/tests/provider-case-insensitive.softhsm index 33700954..b9065423 100755 --- a/tests/provider-case-insensitive.softhsm +++ b/tests/provider-case-insensitive.softhsm @@ -29,11 +29,6 @@ ALL_UPER_PUB_KEY="PKCS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type MIXED_PRIV_KEY="PkCs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -45,31 +40,35 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./evp-sign-prov default ${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} -if [[ $? -ne 0 ]]; then - echo "All lower case PKCS#11 URI scheme detection failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "PKCS#11 URI scheme detection test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "All lower case PKCS#11 URI scheme detection failed." exit 1 fi ./evp-sign-prov default ${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} if [[ $? -ne 0 ]]; then - echo "All upper case PKCS#11 URI scheme detection failed" + echo "All upper case PKCS#11 URI scheme detection failed." exit 1 fi ./evp-sign-prov default ${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} if [[ $? -ne 0 ]]; then - echo "Mixed case PKCS#11 URI scheme detection failed" + echo "Mixed case PKCS#11 URI scheme detection failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-ec-check-all.softhsm b/tests/provider-ec-check-all.softhsm index 9e6c2d3d..e068e149 100755 --- a/tests/provider-ec-check-all.softhsm +++ b/tests/provider-ec-check-all.softhsm @@ -23,11 +23,6 @@ outdir="output.$$" URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;pin-value=${PIN}" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -39,19 +34,23 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./check-all-prov ${URL} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Provider get all objects test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "Provider get all objects test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-ec-check-privkey.softhsm b/tests/provider-ec-check-privkey.softhsm index 92828dc4..30b82e77 100755 --- a/tests/provider-ec-check-privkey.softhsm +++ b/tests/provider-ec-check-privkey.softhsm @@ -24,11 +24,6 @@ outdir="output.$$" PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" @@ -40,9 +35,11 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \ -out ${outdir}/ec-cert.pem CERTIFICATE="${outdir}/ec-cert.pem" @@ -50,21 +47,23 @@ CERTIFICATE="${outdir}/ec-cert.pem" # Run the test ${WRAPPER} ./check-privkey-prov ${CERTIFICATE} ${PRIVATE_KEY} \ "${outdir}/engines.cnf" -if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "EC key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "The private key loading couldn't get the public key from the certificate." exit 1 fi ./check-privkey-prov ${CERTIFICATE_URL} ${PRIVATE_KEY} \ "${outdir}/engines.cnf" if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate URL" + echo "The private key loading couldn't get the public key from the certificate URL." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-ec-copy.softhsm b/tests/provider-ec-copy.softhsm index ffeb9c88..0eaa601f 100755 --- a/tests/provider-ec-copy.softhsm +++ b/tests/provider-ec-copy.softhsm @@ -23,11 +23,6 @@ outdir="output.$$" PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "" @@ -39,19 +34,23 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./dup-key-prov ${PRIVATE_KEY} -if [[ $? -ne 0 ]]; then - echo "Could not duplicate private key" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Duplicate private key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Duplicate private key test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-ec-evp-sign.softhsm b/tests/provider-ec-evp-sign.softhsm index 7081914c..6f331571 100755 --- a/tests/provider-ec-evp-sign.softhsm +++ b/tests/provider-ec-evp-sign.softhsm @@ -23,11 +23,6 @@ outdir="output.$$" KEY_ID="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - printf ${PIN} > $outdir/pin.txt # Do the token initialization @@ -41,9 +36,11 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test for PIN_ATTR in \ "pin-value=${PIN}" \ @@ -57,14 +54,19 @@ do echo $PRIVATE_KEY ${WRAPPER} ./evp-sign-prov ctrl ${PRIVATE_KEY} ${PUBLIC_KEY} - if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with pin-value, using ctrl failed" + rc=$? + if [[ $rc -eq 77 ]]; then + echo "Basic PKCS #11 test skipped." + rm -rf "$outdir" + exit 77 + elif [[ $rc -ne 0 ]]; then + echo "Basic PKCS #11 test with pin-value, using ctrl failed." exit 1 fi ./evp-sign-prov default ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with pin-value, using default failed" + echo "Basic PKCS #11 test with pin-value, using default failed." exit 1 fi @@ -75,20 +77,16 @@ echo $PRIVATE_KEY ./evp-sign-prov ctrl ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using ctrl failed" + echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using ctrl failed." exit 1 fi ./evp-sign-prov default ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using default failed" + echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using default failed." exit 1 fi - -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-ed25519-keygen.softhsm b/tests/provider-ed25519-keygen.softhsm index 4c01fa98..74a46e86 100755 --- a/tests/provider-ed25519-keygen.softhsm +++ b/tests/provider-ed25519-keygen.softhsm @@ -21,11 +21,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -39,22 +34,26 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./ed25519-keygen-prov ${MODULE} token1 libp11-keylabel ${PIN} -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Ed25519 key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Ed25519 key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "Ed25519 key was not properly generated." exit 1 fi diff --git a/tests/provider-ed448-keygen.softhsm b/tests/provider-ed448-keygen.softhsm index 182afc47..1a3247c3 100755 --- a/tests/provider-ed448-keygen.softhsm +++ b/tests/provider-ed448-keygen.softhsm @@ -21,11 +21,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -39,22 +34,26 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./ed448-keygen-prov ${MODULE} token1 libp11-keylabel ${PIN} -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Ed448 key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Ed448 key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "Ed448 key was not properly generated." exit 1 fi diff --git a/tests/provider-fork-change-slot.softhsm b/tests/provider-fork-change-slot.softhsm index 153c2e95..4a792fc7 100755 --- a/tests/provider-fork-change-slot.softhsm +++ b/tests/provider-fork-change-slot.softhsm @@ -21,11 +21,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -44,9 +39,11 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # These URIs contains the token specification PRIVATE_KEY="pkcs11:token=token2;object=pkey;type=private;pin-value=${PIN}" @@ -55,9 +52,6 @@ PRIVATE_KEY="pkcs11:token=token2;object=pkey;type=private;pin-value=${PIN}" ./fork-change-slot-prov ${PRIVATE_KEY} & pid=$! -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - # Wait the test program to reach the sigwait sleep 3 @@ -69,12 +63,16 @@ kill -USR1 `pgrep -P $pid` # Test the result wait $pid -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Fork test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Fork test failed." exit 1 fi -# Cleanup rm -rf "$outdir" exit 0 - diff --git a/tests/provider-pkcs11-uri-without-token.softhsm b/tests/provider-pkcs11-uri-without-token.softhsm index 62c244d0..2291a6aa 100755 --- a/tests/provider-pkcs11-uri-without-token.softhsm +++ b/tests/provider-pkcs11-uri-without-token.softhsm @@ -24,16 +24,17 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh +if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then + echo "Skipping provider tests with OpenSSL ${OPENSSL_VERSION}" + rm -rf "$outdir" + exit 77 +fi + # These URIs don't contain the token specification PRIVATE_KEY="pkcs11:object=server-key-0;type=private;pin-value=${PIN}" PUBLIC_KEY="pkcs11:object=server-key-0;type=public" CERTIFICATE="pkcs11:object=server-key-0;type=cert" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -48,9 +49,11 @@ echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" echo "secret" >"${outdir}/in.txt" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test # Generate signature without specifying the token in the PKCS#11 URI ${WRAPPER} ${OPENSSL} pkeyutl -provider pkcs11prov -provider default \ @@ -79,9 +82,6 @@ if [[ $? -ne 0 ]]; then exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-rsa-check-all.softhsm b/tests/provider-rsa-check-all.softhsm index fe613afa..792b15ce 100755 --- a/tests/provider-rsa-check-all.softhsm +++ b/tests/provider-rsa-check-all.softhsm @@ -23,11 +23,6 @@ outdir="output.$$" URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;pin-value=${PIN}" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -39,19 +34,23 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./check-all-prov ${URL} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Provider get all objects test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "Provider get all objects test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-rsa-check-privkey.softhsm b/tests/provider-rsa-check-privkey.softhsm index eecfdf22..9f29d6df 100755 --- a/tests/provider-rsa-check-privkey.softhsm +++ b/tests/provider-rsa-check-privkey.softhsm @@ -24,11 +24,6 @@ outdir="output.$$" PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" @@ -40,9 +35,11 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${OPENSSL} x509 -in ${srcdir}/rsa-cert.der -inform DER -outform PEM \ -out ${outdir}/rsa-cert.pem CERTIFICATE="${outdir}/rsa-cert.pem" @@ -50,21 +47,23 @@ CERTIFICATE="${outdir}/rsa-cert.pem" # Run the test ${WRAPPER} ./check-privkey-prov ${CERTIFICATE} ${PRIVATE_KEY} \ "${outdir}/engines.cnf" -if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "The private key loading couldn't get the public key from the certificate." exit 1 fi ./check-privkey-prov ${CERTIFICATE_URL} ${PRIVATE_KEY} \ "${outdir}/engines.cnf" if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate URL" + echo "The private key loading couldn't get the public key from the certificate URL." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-rsa-evp-sign.softhsm b/tests/provider-rsa-evp-sign.softhsm index 9142dfe9..b6bc7b14 100755 --- a/tests/provider-rsa-evp-sign.softhsm +++ b/tests/provider-rsa-evp-sign.softhsm @@ -23,11 +23,6 @@ outdir="output.$$" KEY_ID="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - printf ${PIN} > $outdir/pin.txt # Do the token initialization @@ -41,9 +36,11 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test for PIN_ATTR in \ "pin-value=${PIN}" \ @@ -57,14 +54,19 @@ do echo $PRIVATE_KEY ${WRAPPER} ./evp-sign-prov ctrl ${PRIVATE_KEY} ${PUBLIC_KEY} - if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with pin-value, using ctrl failed" + rc=$? + if [[ $rc -eq 77 ]]; then + echo "Basic PKCS #11 test skipped." + rm -rf "$outdir" + exit 77 + elif [[ $rc -ne 0 ]]; then + echo "Basic PKCS #11 test with pin-value, using ctrl failed." exit 1 fi ./evp-sign-prov default ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with pin-value, using default failed" + echo "Basic PKCS #11 test with pin-value, using default failed." exit 1 fi @@ -75,19 +77,16 @@ echo $PRIVATE_KEY ./evp-sign-prov ctrl ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using ctrl failed" + echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using ctrl failed." exit 1 fi ./evp-sign-prov default ${PRIVATE_KEY} ${PUBLIC_KEY} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using default failed" + echo "Basic PKCS #11 test with PKCS11_PIN environment variable, using default failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-rsa-oaep.softhsm b/tests/provider-rsa-oaep.softhsm index a6f439db..80fb0697 100755 --- a/tests/provider-rsa-oaep.softhsm +++ b/tests/provider-rsa-oaep.softhsm @@ -24,11 +24,6 @@ outdir="output.$$" PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -40,19 +35,23 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./rsa-oaep-prov ${PRIVATE_KEY} ${PUBLIC_KEY} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA-OAEP encryption/decryption test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "RSA-OAEP encryption/decryption test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-rsa-pss-sign.softhsm b/tests/provider-rsa-pss-sign.softhsm index 6d0804fa..052d6f92 100755 --- a/tests/provider-rsa-pss-sign.softhsm +++ b/tests/provider-rsa-pss-sign.softhsm @@ -24,11 +24,6 @@ outdir="output.$$" PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}" PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public" -if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" @@ -40,19 +35,23 @@ echo "OPENSSL_MODULES=${OPENSSL_MODULES}" echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./rsa-pss-sign-prov ${PRIVATE_KEY} ${PUBLIC_KEY} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA-PSS signature/verification test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "RSA-PSS signature/verification test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/provider-search-all-matching-tokens.softhsm b/tests/provider-search-all-matching-tokens.softhsm index c8756ecd..1b1bfabf 100755 --- a/tests/provider-search-all-matching-tokens.softhsm +++ b/tests/provider-search-all-matching-tokens.softhsm @@ -39,7 +39,8 @@ CERTIFICATE="pkcs11:object=label-3;type=cert" NUM_DEVICES=5 if [[ "${OPENSSL_VERSION}" =~ ^[012].* ]]; then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" + echo "Skipping provider tests with OpenSSL ${OPENSSL_VERSION}" + rm -rf "$outdir" exit 77 fi @@ -57,9 +58,11 @@ echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}" echo "secret" > "${outdir}/in.txt" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test # Verify that it doesn't try to login if more than one token matched the search ${WRAPPER} ${OPENSSL} pkeyutl -provider pkcs11prov -provider default \ @@ -111,9 +114,6 @@ if [[ $? -ne 0 ]]; then exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-cert-store.softhsm b/tests/rsa-cert-store.softhsm index 75fffef9..62792982 100755 --- a/tests/rsa-cert-store.softhsm +++ b/tests/rsa-cert-store.softhsm @@ -25,9 +25,11 @@ outdir="output.$$" init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # RSA certificate to store ${OPENSSL} x509 -in ${srcdir}/rsa-cert.der -inform DER -outform PEM \ -out ${outdir}/rsa-cert.pem @@ -36,17 +38,19 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=04030201;object=stored-cert;pin-value= # Run the test ${WRAPPER} ../examples/storecert ${CERTIFICATE} ${CERTIFICATE_URL} ${MODULE} -if [[ $? -ne 0 ]]; then - echo "RSA certificate storing couldn't be performed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA certificate storing test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "RSA certificate storing couldn't be performed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - list_objects && list_objects | grep -q stored-cert if [[ $? -ne 0 ]]; then - echo "The RSA certificate was not properly stored" + echo "The RSA certificate was not properly stored." exit 1 fi diff --git a/tests/rsa-check-privkey.softhsm b/tests/rsa-check-privkey.softhsm index 005ad40c..840f048e 100755 --- a/tests/rsa-check-privkey.softhsm +++ b/tests/rsa-check-privkey.softhsm @@ -28,18 +28,15 @@ CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type= # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${OPENSSL} x509 -in ${srcdir}/rsa-cert.der -inform DER -outform PEM \ -out ${outdir}/rsa-cert.pem CERTIFICATE="${outdir}/rsa-cert.pem" @@ -47,21 +44,23 @@ CERTIFICATE="${outdir}/rsa-cert.pem" # Run the test ${WRAPPER} ./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} \ "${outdir}/engines.cnf" -if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA key test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "The private key loading couldn't get the public key from the certificate." exit 1 fi ./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} \ "${outdir}/engines.cnf" if [[ $? -ne 0 ]]; then - echo "The private key loading couldn't get the public key from the certificate URL" + echo "The private key loading couldn't get the public key from the certificate URL." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-evp-sign.softhsm b/tests/rsa-evp-sign.softhsm index 7d67284a..fe1e5dbf 100755 --- a/tests/rsa-evp-sign.softhsm +++ b/tests/rsa-evp-sign.softhsm @@ -25,20 +25,17 @@ KEY_ID="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - printf ${PIN} > $outdir/pin.txt # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test for PIN_ATTR in \ "pin-value=${PIN}" \ @@ -53,29 +50,34 @@ do ${WRAPPER} ./evp-sign ctrl false "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} - if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test, using ctrl failed" + rc=$? + if [[ $rc -eq 77 ]]; then + echo "Basic PKCS #11 test skipped." + rm -rf "$outdir" + exit 77 + elif [[ $rc -ne 0 ]]; then + echo "Basic PKCS #11 test, using ctrl failed." exit 1 fi ./evp-sign default false "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test, using default failed" + echo "Basic PKCS #11 test, using default failed." exit 1 fi ./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test without pin-value, using ctrl failed" + echo "Basic PKCS #11 test without pin-value, using ctrl failed." exit 1 fi ./evp-sign default ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test without pin-value, using default failed" + echo "Basic PKCS #11 test without pin-value, using default failed." exit 1 fi @@ -84,20 +86,17 @@ done ./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ "label_server-key-0" "label_server-key-0" ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with legacy name #1 failed" + echo "Basic PKCS #11 test with legacy name #1 failed." exit 1 fi ./evp-sign default ${PIN} "${outdir}/engines.cnf" \ "id_01020304" "id_01020304" ${MODULE} if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test with legacy name #2 failed" + echo "Basic PKCS #11 test with legacy name #2 failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-keygen.c b/tests/rsa-keygen.c index be64856e..d51cfd89 100644 --- a/tests/rsa-keygen.c +++ b/tests/rsa-keygen.c @@ -228,10 +228,13 @@ int main(int argc, char* argv[]) return ret; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/rsa-keygen.softhsm b/tests/rsa-keygen.softhsm index bb50a36e..755e2e1a 100755 --- a/tests/rsa-keygen.softhsm +++ b/tests/rsa-keygen.softhsm @@ -18,11 +18,6 @@ outdir="output.$$" # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Initialize SoftHSM DB init_db @@ -30,22 +25,26 @@ init_db init_card "token1" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + ${WRAPPER} ./rsa-keygen token1 libp11-keylabel ${PIN} "${outdir}/engines.cnf" ${MODULE} -if test $? != 0; then - echo "Key generation failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA key generation test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "RSA key generation test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - echo "Checking pkcs11-tool result..." list_objects | grep -q libp11-keylabel -if test $? != 0; then - echo "The key was not properly generated" +if [[ $? != 0 ]]; then + echo "RSA key was not properly generated." exit 1 fi diff --git a/tests/rsa-oaep-prov.c b/tests/rsa-oaep-prov.c index ba60f86f..5718dbc3 100644 --- a/tests/rsa-oaep-prov.c +++ b/tests/rsa-oaep-prov.c @@ -152,10 +152,13 @@ int main(int argc, char **argv) return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/rsa-oaep.c b/tests/rsa-oaep.c index dc04e9fb..f4399fcb 100644 --- a/tests/rsa-oaep.c +++ b/tests/rsa-oaep.c @@ -256,10 +256,13 @@ int main(int argc, char **argv) return 0; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/rsa-oaep.softhsm b/tests/rsa-oaep.softhsm index 1bca5227..b4fa16cf 100755 --- a/tests/rsa-oaep.softhsm +++ b/tests/rsa-oaep.softhsm @@ -26,29 +26,28 @@ PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=publi # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./rsa-oaep ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA-OAEP encryption/decryption test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "RSA-OAEP encryption/decryption test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-pss-sign-prov.c b/tests/rsa-pss-sign-prov.c index eeaff8fd..a724468a 100644 --- a/tests/rsa-pss-sign-prov.c +++ b/tests/rsa-pss-sign-prov.c @@ -142,10 +142,13 @@ int main(int argc, char **argv) { return ret; } -#else +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n"); + return 77; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ diff --git a/tests/rsa-pss-sign.c b/tests/rsa-pss-sign.c index 725e6f11..37845327 100644 --- a/tests/rsa-pss-sign.c +++ b/tests/rsa-pss-sign.c @@ -272,10 +272,13 @@ int main(int argc, char **argv) return 0; } -#else +#else /* OPENSSL_NO_ENGINE */ + +#include int main() { - return 0; + fprintf(stderr, "Skipped: ENGINE support not available\n"); + return 77; } #endif /* OPENSSL_NO_ENGINE */ diff --git a/tests/rsa-pss-sign.softhsm b/tests/rsa-pss-sign.softhsm index 1f3fe0d1..3cd261ff 100755 --- a/tests/rsa-pss-sign.softhsm +++ b/tests/rsa-pss-sign.softhsm @@ -26,29 +26,28 @@ PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=publi # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - # Do the token initialization init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./rsa-pss-sign ${PIN} "${outdir}/engines.cnf" \ ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "RSA-PSS signature/verification test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "RSA-PSS signature/verification test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testfork.softhsm b/tests/rsa-testfork.softhsm index 967ac9a5..420029c2 100755 --- a/tests/rsa-testfork.softhsm +++ b/tests/rsa-testfork.softhsm @@ -28,19 +28,23 @@ outdir="output.$$" init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ./fork-test ${MODULE} ${PIN} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Fork test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Fork test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - -# Cleanup rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testlistkeys.softhsm b/tests/rsa-testlistkeys.softhsm index 7fe9d444..43a2751a 100755 --- a/tests/rsa-testlistkeys.softhsm +++ b/tests/rsa-testlistkeys.softhsm @@ -28,18 +28,23 @@ outdir="output.$$" init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ../examples/listkeys ${MODULE} ${PIN} -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "List keys test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "List keys test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testlistkeys_ext.softhsm b/tests/rsa-testlistkeys_ext.softhsm index c0d88425..c320c2e8 100755 --- a/tests/rsa-testlistkeys_ext.softhsm +++ b/tests/rsa-testlistkeys_ext.softhsm @@ -35,12 +35,19 @@ import_objects "rsa" "libp11-0" "01020344" "server-key-4" "privkey" "pubkey" "ce list_objects "libp11-0" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ../examples/listkeys_ext -m ${MODULE} -p ${PIN} | grep -q 'nkeys:5' -if [[ $? -ne 0 ]]; then +rc=$? +if [[ $rc -eq 77 ]]; then + echo "List keys test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then echo "Failed when no search parameters were given. 5 Keys should have been found." exit 1 fi @@ -75,9 +82,6 @@ if [[ $? -eq 0 ]]; then exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testpkcs11.softhsm b/tests/rsa-testpkcs11.softhsm index 2b90e3e9..ea49db1d 100755 --- a/tests/rsa-testpkcs11.softhsm +++ b/tests/rsa-testpkcs11.softhsm @@ -29,20 +29,23 @@ outdir="output.$$" init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +# Restore openssl settings +trap cleanup EXIT + # Run the test ${WRAPPER} ../examples/auth ${MODULE} ${PIN} -if [[ $? -ne 0 ]]; then - echo "Basic PKCS #11 test test failed" +rc=$? +if [[ $rc -eq 77 ]]; then + echo "Basic PKCS #11 test skipped." + rm -rf "$outdir" + exit 77 +elif [[ $rc -ne 0 ]]; then + echo "Basic PKCS #11 test failed." exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - -# Cleanup rm -rf "$outdir" exit 0 diff --git a/tests/search-all-matching-tokens.softhsm b/tests/search-all-matching-tokens.softhsm index 3a55898b..2bd838b1 100755 --- a/tests/search-all-matching-tokens.softhsm +++ b/tests/search-all-matching-tokens.softhsm @@ -40,11 +40,6 @@ NUM_DEVICES=5 # Load common test functions . ${srcdir}/common.sh -if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then - echo "Skipping test with OpenSSL ${OPENSSL_VERSION}" - exit 77 -fi - export OPENSSL_CONF="${outdir}/engines.cnf" echo "OPENSSL_CONF=${OPENSSL_CONF}" @@ -55,9 +50,17 @@ init_token "rsa" ${NUM_DEVICES} "libp11" ${ID} "label" "privkey" "pubkey" "cert" echo "secret" > "${outdir}/in.txt" # Load openssl settings -TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} . ${srcdir}/openssl-settings.sh +if ! "${OPENSSL}" engine >/dev/null 2>&1; then + echo "Skipping engine tests: ENGINE support not available" + rm -rf "$outdir" + exit 77 +fi + +# Restore openssl settings +trap cleanup EXIT + # Run the test # Verify that it doesn't try to login if more than one token matched the search ${WRAPPER} ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \ @@ -109,9 +112,6 @@ if [[ $? -ne 0 ]]; then exit 1 fi -# Restore settings -export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} - rm -rf "$outdir" exit 0