Adjust tests for OpenSSL feature availability (ENGINE, EC)

Author: olszomal

examples/ed25519keygen.c

@@ -27,7 +27,9 @@
  * SUCH DAMAGE.
  */
 
-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if !defined(OPENSSL_NO_EC) && \
+    (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \
+    (OPENSSL_VERSION_NUMBER < 0x40000000L)
 
 #include <libp11.h>
 #include <string.h>
@@ -176,13 +178,16 @@ int main(int argc, char *argv[])
 	return rc;
 }
 
-#else /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#else /* !OPENSSL_NO_EC && OpenSSL 3.x */
+
+#include <stdio.h>
 
 int main(void)
 {
-	return 0;
+	fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n");
+	return 77;
 }
 
-#endif /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */
 
 /* vim: set noexpandtab: */

examples/ed448keygen.c

@@ -27,7 +27,9 @@
  * SUCH DAMAGE.
  */
 
-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if !defined(OPENSSL_NO_EC) && \
+    (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \
+    (OPENSSL_VERSION_NUMBER < 0x40000000L)
 
 #include <libp11.h>
 #include <string.h>
@@ -176,13 +178,16 @@ int main(int argc, char *argv[])
 	return rc;
 }
 
-#else /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#else /* !OPENSSL_NO_EC && OpenSSL 3.x */
+
+#include <stdio.h>
 
 int main(void)
 {
-	return 0;
+	fprintf(stderr, "Skipped: requires OpenSSL 3.x built with EC support\n");
+	return 77;
 }
 
-#endif /* !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#endif /* !OPENSSL_NO_EC && OpenSSL 3.x */
 
 /* vim: set noexpandtab: */

tests/case-insensitive.softhsm

@@ -35,43 +35,42 @@ MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=pu
 # Load common test functions
 . ${srcdir}/common.sh
 
-if (( "${OPENSSL_VERSION%%.*}" >= 4 )); then
-	echo "Skipping test with OpenSSL ${OPENSSL_VERSION}"
-	exit 77
-fi
-
 # Do the token initialization
 init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert"
 
 # Load openssl settings
-TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
 . ${srcdir}/openssl-settings.sh
 
+# Restore openssl settings
+trap cleanup EXIT
+
 # Run the test
 ${WRAPPER} ./evp-sign default false "${outdir}/engines.cnf" \
 	${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE}
-if [[ $? -ne 0 ]]; then
-	echo "All lower case PKCS#11 URI scheme detection failed"
+rc=$?
+if [[ $rc -eq 77 ]]; then
+	echo "PKCS#11 URI scheme detection test skipped."
+	rm -rf "$outdir"
+	exit 77
+elif [[ $rc -ne 0 ]]; then
+	echo "All lower case PKCS#11 URI scheme detection failed."
 	exit 1
 fi
 
 ./evp-sign default false "${outdir}/engines.cnf" \
 	${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE}
 if [[ $? -ne 0 ]]; then
-	echo "All upper case PKCS#11 URI scheme detection failed"
+	echo "All upper case PKCS#11 URI scheme detection failed."
 	exit 1
 fi
 
 ./evp-sign default false "${outdir}/engines.cnf" \
 	${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE}
 if [[ $? -ne 0 ]]; then
-	echo "Mixed case PKCS#11 URI scheme detection failed"
+	echo "Mixed case PKCS#11 URI scheme detection failed."
 	exit 1
 fi
 
-# Restore settings
-export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH}
-
 rm -rf "$outdir"
 
 exit 0

tests/check-all-prov.c

@@ -85,10 +85,13 @@ int main(int argc, char *argv[])
 	return ret;
 }
 
-#else
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+#include <stdio.h>
 
 int main() {
-	return 0;
+	fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n");
+	return 77;
 }
 
 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */

tests/check-privkey-prov.c

@@ -84,10 +84,13 @@ int main(int argc, char *argv[])
 	return ret;
 }
 
-#else
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+#include <stdio.h>
 
 int main() {
-	return 0;
+	fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n");
+	return 77;
 }
 
 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */

tests/check-privkey.c

@@ -190,10 +190,13 @@ int main(int argc, char *argv[])
 	return ret;
 }
 
-#else
+#else /* OPENSSL_NO_ENGINE */
+
+#include <stdio.h>
 
 int main() {
-	return 0;
+	fprintf(stderr, "Skipped: ENGINE support not available\n");
+	return 77;
 }
 
 #endif /* OPENSSL_NO_ENGINE */

tests/common.sh

@@ -26,8 +26,6 @@ echo "Current directory: $(pwd)"
 echo "Source directory: ${srcdir}"
 echo "Output directory: ${outdir}"
 
-mkdir -p ${outdir}
-
 # List of directories to search
 SOFTHSM_SEARCH_PATHS=(
 	"/opt/homebrew"
@@ -77,6 +75,13 @@ TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
 
 OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2)
 
+# Skip if SoftHSM requires ECDSA_SIG_get0 but current libcrypto doesn't provide it (no-ec build)
+if nm -D "${MODULE}" 2>/dev/null | grep -q ' U ECDSA_SIG_get0' && \
+	! "${OPENSSL}" list -public-key-algorithms 2>/dev/null | grep -qi '\bec\b'; then
+	echo "Skipping test: SoftHSM requires EC support, but OpenSSL was built without EC."
+	exit 77
+fi
+
 # Restore settings
 export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH}
 
@@ -107,6 +112,7 @@ else
 	SHARED_EXT=.so
 fi
 
+mkdir -p ${outdir}
 
 sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \
 	"s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \
@@ -152,6 +158,7 @@ init_db() {
 	# Exit if no tool was found
 	if [[ -z "${SOFTHSM_TOOL}" ]]; then
 		echo "Skipping test: No softhsm or softhsm2-util tool found in expected locations."
+		rm -rf "$outdir"
 		exit 77
 	fi
 
@@ -282,10 +289,17 @@ list_objects () {
 	echo "***************************************"
 	echo "* Listing objects on the token ${token_label}"
 	echo "***************************************"
-	pkcs11-tool --login --pin ${PIN} --module ${MODULE} \
-		--token-label "${token_label}" --list-objects
-	if [[ $? -ne 0 ]]; then
-		exit 1
-	fi
+
+	# Ensure pkcs11-tool runs with the original library path
+	export LD_LIBRARY_PATH="${TEMP_LD_LIBRARY_PATH}"
+
+	pkcs11-tool --login --pin "${PIN}" --module "${MODULE}" \
+		--token-label "${token_label}" --list-objects || exit 1
+
 	echo "***************************************"
 }
+
+# Cleanup test environment
+cleanup() {
+	export LD_LIBRARY_PATH="${TEMP_LD_LIBRARY_PATH}"
+}

tests/dup-key-prov.c

@@ -85,10 +85,13 @@ int main(int argc, char *argv[])
 	return ret;
 }
 
-#else
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+#include <stdio.h>
 
 int main() {
-	return 0;
+	fprintf(stderr, "Skipped: requires OpenSSL >= 3.0\n");
+	return 77;
 }
 
 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */

tests/dup-key.c

@@ -187,10 +187,13 @@ int main(int argc, char *argv[])
 	return ret;
 }
 
-#else
+#else /* OPENSSL_NO_ENGINE */
+
+#include <stdio.h>
 
 int main() {
-	return 0;
+	fprintf(stderr, "Skipped: ENGINE support not available\n");
+	return 77;
 }
 
 #endif /* OPENSSL_NO_ENGINE */

tests/ec-cert-store.softhsm

@@ -30,27 +30,31 @@ outdir="output.$$"
 init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert"
 
 # Load openssl settings
-TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
 . ${srcdir}/openssl-settings.sh
 
+# Restore openssl settings
+trap cleanup EXIT
+
 ${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \
 	-out ${outdir}/ec-cert.pem
 CERTIFICATE="${outdir}/ec-cert.pem"
 CERTIFICATE_URL="pkcs11:token=libp11-0;id=04030201;object=stored-cert;pin-value=1234"
 
 # Run the test
 ${WRAPPER} ../examples/storecert ${CERTIFICATE} ${CERTIFICATE_URL} ${MODULE}
-if [[ $? -ne 0 ]]; then
-	echo "The certificate storing couldn't be performed"
+rc=$?
+if [[ $rc -eq 77 ]]; then
+	echo "EC certificate storing test skipped."
+	rm -rf "$outdir"
+	exit 77
+elif [[ $rc -ne 0 ]]; then
+	echo "EC certificate storing couldn't be performed."
 	exit 1
 fi
 
-# Restore settings
-export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH}
-
 list_objects && list_objects | grep -q stored-cert
 if [[ $? -ne 0 ]]; then
-	echo "The certificate was not properly stored"
+	echo "EC certificate was not properly stored."
 	exit 1
 fi