From: Alicja Kario <hkario@redhat.com>
Date: Thu, 29 Aug 2024 18:07:37 +0000 (+0200)
Subject: add test coverage for #25298
X-Git-Tag: openssl-3.5.0-alpha1~987
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=144b9ebc3e444803643d90fee45d588be83361dd;p=thirdparty%2Fopenssl.git

add test coverage for #25298

Add test coverage for issue #25298, clean up the json file so
it uses consistent indentation

Signed-off-by: Alicja Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25329)
---

diff --git a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
index 1bc20799d9b..a093b9d76cb 100644
--- a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
+++ b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
@@ -1,23 +1,40 @@
 [
     {"server_command": ["@SERVER@", "s_server", "-www",
-                 "-key", "tests/serverX509Key.pem",
-                 "-cert", "tests/serverX509Cert.pem",
-                 "-verify", "1", "-CAfile", "tests/clientX509Cert.pem"],
+                        "-key", "tests/serverX509Key.pem",
+                        "-cert", "tests/serverX509Cert.pem",
+                        "-verify", "1",
+                        "-CAfile", "tests/clientX509Cert.pem"],
      "comment": "Use ANY certificate just to ensure that server tries to authorise a client",
      "environment": {"PYTHONPATH" : "."},
      "server_hostname": "localhost",
      "server_port": @PORT@,
      "tests" : [
-	 {"name" : "test-tls13-certificate-verify.py",
-          "arguments" : ["-k", "tests/clientX509Key.pem",
-                         "-c", "tests/clientX509Cert.pem",
-			 "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
-	                 "-p", "@PORT@"]},
-	 {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
+       {"name" : "test-tls13-certificate-verify.py",
+        "arguments" : ["-k", "tests/clientX509Key.pem",
+                       "-c", "tests/clientX509Cert.pem",
+                       "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                       "-p", "@PORT@"]},
+       {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
           "arguments" : ["-k", "tests/serverECKey.pem",
                          "-c", "tests/serverECCert.pem",
-			 "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
-	                 "-p", "@PORT@"]}
+                         "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                         "-p", "@PORT@"]}
+     ]
+    },
+    {"server_command": ["@SERVER@", "s_server", "-www",
+                 "-key", "tests/serverX509Key.pem",
+                 "-cert", "tests/serverX509Cert.pem",
+                 "-verify", "1", "-CAfile", "tests/clientX509Cert.pem",
+                 "-client_sigalgs", "RSA+SHA384:rsa_pss_rsae_sha384:rsa_pss_pss_sha384"],
+     "comment": "set -client_sigalgs because of https://github.com/openssl/openssl/issues/25277",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+       {"name" : "test-certificate-verify-malformed.py",
+        "arguments" : ["-d", "-k", "tests/clientX509Key.pem",
+                       "-c", "tests/clientX509Cert.pem",
+                       "-p", "@PORT@"]}
      ]
     },
     {"server_command": ["@SERVER@", "s_server", "-www",
@@ -27,12 +44,11 @@
      "server_hostname": "localhost",
      "server_port": @PORT@,
      "tests" : [
-	 {"name" : "test-tls13-conversation.py",
-          "arguments" : ["-p", "@PORT@"]},
-	 {"name" : "test-conversation.py",
-          "arguments" : ["-p", "@PORT@",
-		  "-d"]}
+       {"name" : "test-tls13-conversation.py",
+        "arguments" : ["-p", "@PORT@"]},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-p", "@PORT@",
+                       "-d"]}
      ]
     }
-
 ]