add test coverage for #25298

Add test coverage for issue #25298, clean up the json file so
it uses consistent indentation

Signed-off-by: Alicja Kario <hkario@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25329)

diff --git a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
index 1bc20799d9b5c254fc6862ace371843e246e8445..a093b9d76cb8021f9c8836ef5a5b97f333cf43b6 100644 (file)
--- a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
+++ b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
@@ -1,23 +1,40 @@
 [
     {"server_command": ["@SERVER@", "s_server", "-www",
-                 "-key", "tests/serverX509Key.pem",
-                 "-cert", "tests/serverX509Cert.pem",
-                 "-verify", "1", "-CAfile", "tests/clientX509Cert.pem"],
+                        "-key", "tests/serverX509Key.pem",
+                        "-cert", "tests/serverX509Cert.pem",
+                        "-verify", "1",
+                        "-CAfile", "tests/clientX509Cert.pem"],
      "comment": "Use ANY certificate just to ensure that server tries to authorise a client",
      "environment": {"PYTHONPATH" : "."},
      "server_hostname": "localhost",
      "server_port": @PORT@,
      "tests" : [
-        {"name" : "test-tls13-certificate-verify.py",
-          "arguments" : ["-k", "tests/clientX509Key.pem",
-                         "-c", "tests/clientX509Cert.pem",
-                        "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
-                        "-p", "@PORT@"]},
-        {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
+       {"name" : "test-tls13-certificate-verify.py",
+        "arguments" : ["-k", "tests/clientX509Key.pem",
+                       "-c", "tests/clientX509Cert.pem",
+                       "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                       "-p", "@PORT@"]},
+       {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
           "arguments" : ["-k", "tests/serverECKey.pem",
                          "-c", "tests/serverECCert.pem",
-                        "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
-                        "-p", "@PORT@"]}
+                         "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                         "-p", "@PORT@"]}
+     ]
+    },
+    {"server_command": ["@SERVER@", "s_server", "-www",
+                 "-key", "tests/serverX509Key.pem",
+                 "-cert", "tests/serverX509Cert.pem",
+                 "-verify", "1", "-CAfile", "tests/clientX509Cert.pem",
+                 "-client_sigalgs", "RSA+SHA384:rsa_pss_rsae_sha384:rsa_pss_pss_sha384"],
+     "comment": "set -client_sigalgs because of https://github.com/openssl/openssl/issues/25277",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+       {"name" : "test-certificate-verify-malformed.py",
+        "arguments" : ["-d", "-k", "tests/clientX509Key.pem",
+                       "-c", "tests/clientX509Cert.pem",
+                       "-p", "@PORT@"]}
      ]
     },
     {"server_command": ["@SERVER@", "s_server", "-www",
@@ -27,12 +44,11 @@
      "server_hostname": "localhost",
      "server_port": @PORT@,
      "tests" : [
-        {"name" : "test-tls13-conversation.py",
-          "arguments" : ["-p", "@PORT@"]},
-        {"name" : "test-conversation.py",
-          "arguments" : ["-p", "@PORT@",
-                 "-d"]}
+       {"name" : "test-tls13-conversation.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-p", "@PORT@",
+                       "-d"]}
      ]
     }
-
 ]