mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
test: Add external test for pkcs11-provider
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25587)
This commit is contained in:
parent
144b9ebc3e
commit
e9af1eaa54
21
.github/workflows/ci.yml
vendored
21
.github/workflows/ci.yml
vendored
@ -602,6 +602,27 @@ jobs:
|
||||
gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results
|
||||
grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results
|
||||
|
||||
external-test-pkcs11-provider:
|
||||
runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
- name: package installs
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect
|
||||
- name: config
|
||||
run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: test external pkcs11-provider
|
||||
run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
|
||||
|
||||
external-test-pyca:
|
||||
runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
|
||||
strategy:
|
||||
|
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -32,3 +32,6 @@
|
||||
path = fuzz/corpora
|
||||
url = https://github.com/openssl/fuzz-corpora
|
||||
branch = main
|
||||
[submodule "pkcs11-provider"]
|
||||
path = pkcs11-provider
|
||||
url = https://github.com/latchset/pkcs11-provider.git
|
||||
|
1
pkcs11-provider
Submodule
1
pkcs11-provider
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 8757cf26a8ffc4144b66870c8438df00d2668d48
|
@ -118,6 +118,35 @@ algorithms to be skipped, e.g. as follows:
|
||||
The names of all supported quantum-safe algorithms are available at
|
||||
<https://github.com/open-quantum-safe/oqs-provider#algorithms>
|
||||
|
||||
pkcs11-provider test suite
|
||||
======================
|
||||
|
||||
This builds and runs pkcs11-provider tests agains the local OpenSSL build.
|
||||
|
||||
You will need a git checkout of pkcs11-provider at the top level:
|
||||
|
||||
$ git submodule update --init
|
||||
|
||||
Then configure/build OpenSSL enabling external tests:
|
||||
|
||||
$ ./config shared enable-external-tests
|
||||
$ make
|
||||
|
||||
pkcs11-provider requires meson for the build process. Moreover, it requires
|
||||
softhsm and nss softokn tokens and certtool, certutil, pkcs11-tool and expect
|
||||
to run the tests.
|
||||
|
||||
Tests will then be run as part of the rest of the suite, or can be
|
||||
explicitly run (with more debugging):
|
||||
|
||||
$ make test VERBOSE=1 TESTS=test_external_pkcs11_provider
|
||||
|
||||
Test failures and suppressions
|
||||
------------------------------
|
||||
|
||||
There are tests for different software tokens - softhsm, nss-softokn and kryoptic.
|
||||
Kryoptic tests will not run at this point. Currently no test fails.
|
||||
|
||||
Updating test suites
|
||||
====================
|
||||
|
||||
|
28
test/recipes/95-test_external_pkcs11_provider.t
Normal file
28
test/recipes/95-test_external_pkcs11_provider.t
Normal file
@ -0,0 +1,28 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
|
||||
use OpenSSL::Test;
|
||||
use OpenSSL::Test::Utils;
|
||||
use OpenSSL::Test qw/:DEFAULT data_file bldtop_dir srctop_dir cmdstr/;
|
||||
|
||||
setup("test_external_pkcs11_provider");
|
||||
|
||||
plan skip_all => "No external tests in this configuration"
|
||||
if disabled("external-tests");
|
||||
plan skip_all => "pkcs11-provider tests not available on Windows or VMS"
|
||||
if $^O =~ /^(VMS|MSWin32)$/;
|
||||
plan skip_all => "pkcs11-provider tests only available in a shared build"
|
||||
if disabled("shared");
|
||||
plan skip_all => "pkcs11-provider tests not supported in out of tree builds"
|
||||
if bldtop_dir() ne srctop_dir();
|
||||
|
||||
plan tests => 1;
|
||||
|
||||
ok(run(cmd(["sh", data_file("pkcs11-provider.sh")])),
|
||||
"running pkcs11-provider tests");
|
70
test/recipes/95-test_external_pkcs11_provider_data/pkcs11-provider.sh
Executable file
70
test/recipes/95-test_external_pkcs11_provider_data/pkcs11-provider.sh
Executable file
@ -0,0 +1,70 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
#
|
||||
# OpenSSL external testing using the pkcs11-provider
|
||||
#
|
||||
|
||||
PWD="$(pwd)"
|
||||
|
||||
SRCTOP="$(cd $SRCTOP; pwd)"
|
||||
BLDTOP="$(cd $BLDTOP; pwd)"
|
||||
|
||||
if [ "$SRCTOP" != "$BLDTOP" ] ; then
|
||||
echo "Out of tree builds not supported with pkcsa11-provider test!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
O_EXE="$BLDTOP/apps"
|
||||
O_BINC="$BLDTOP/include"
|
||||
O_SINC="$SRCTOP/include"
|
||||
O_LIB="$BLDTOP"
|
||||
|
||||
unset OPENSSL_CONF
|
||||
|
||||
export PATH="$O_EXE:$PATH"
|
||||
export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH"
|
||||
export OPENSSL_ROOT_DIR="$O_LIB"
|
||||
|
||||
# Check/Set openssl version
|
||||
OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '`
|
||||
|
||||
echo "------------------------------------------------------------------"
|
||||
echo "Testing OpenSSL using pkcs11-provider:"
|
||||
echo " CWD: $PWD"
|
||||
echo " SRCTOP: $SRCTOP"
|
||||
echo " BLDTOP: $BLDTOP"
|
||||
echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR"
|
||||
echo " OpenSSL version: $OPENSSL_VERSION"
|
||||
echo "------------------------------------------------------------------"
|
||||
|
||||
PKCS11_PROVIDER_BUILDDIR=$OPENSSL_ROOT_DIR/pkcs11-provider/builddir
|
||||
|
||||
echo "------------------------------------------------------------------"
|
||||
echo "Building pkcs11-provider"
|
||||
echo "------------------------------------------------------------------"
|
||||
|
||||
PKG_CONFIG_PATH="$BLDTOP" meson setup $PKCS11_PROVIDER_BUILDDIR $OPENSSL_ROOT_DIR/pkcs11-provider/ || exit 1
|
||||
meson compile -C $PKCS11_PROVIDER_BUILDDIR pkcs11 || exit 1
|
||||
|
||||
echo "------------------------------------------------------------------"
|
||||
echo "Running tests"
|
||||
echo "------------------------------------------------------------------"
|
||||
|
||||
# The OpenSSL app uses ${HARNESS_OSSL_PREFIX} as a prefix for its standard output
|
||||
HARNESS_OSSL_PREFIX= meson test -C $PKCS11_PROVIDER_BUILDDIR
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $PKCS11_PROVIDER_BUILDDIR/meson-logs/testlog.txt
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -rf $PKCS11_PROVIDER_BUILDDIR
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue
Block a user