From f5717442ddbd7d1a6835e5ed42e9645ea9bbc277 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 31 May 2024 14:48:37 +0100 Subject: [PATCH] [TEMP] tests/openssl: Enable PKCS_RSA_PSS_SHA256 certificate tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only enable PKCS_RSA_PSS_SHA256 and not the rest of the variants as the tests for that are currently failing. Use aws_lc_rs for testing as supposedly this one does support PSS keys while ring does not. * Fix a logic error in the test in which verify_cert_basic was being run when verify_cert should have been and viceversa. Signed-off-by: Tomás González --- rcgen/tests/openssl.rs | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/rcgen/tests/openssl.rs b/rcgen/tests/openssl.rs index a1c8d0f4..968e11ae 100644 --- a/rcgen/tests/openssl.rs +++ b/rcgen/tests/openssl.rs @@ -288,25 +288,21 @@ fn test_openssl_rsa_combinations_given() { &rcgen::PKCS_RSA_SHA256, &rcgen::PKCS_RSA_SHA384, &rcgen::PKCS_RSA_SHA512, - //&rcgen::PKCS_RSA_PSS_SHA256, - //&rcgen::PKCS_RSA_PSS_SHA384, - //&rcgen::PKCS_RSA_PSS_SHA512, + #[cfg(feature = "aws_lc_rs")] + &rcgen::PKCS_RSA_PSS_SHA256, + // #[cfg(feature = "aws_lc_rs")] + // &rcgen::PKCS_RSA_PSS_SHA384, + // #[cfg(feature = "aws_lc_rs")] + // &rcgen::PKCS_RSA_PSS_SHA512, ]; - for (i, alg) in alg_list.iter().enumerate() { + for (_i, alg) in alg_list.iter().enumerate() { let (params, _) = util::default_params(); let key_pair = KeyPair::from_pkcs8_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, alg).unwrap(); let cert = params.self_signed(&key_pair).unwrap(); - // Now verify the certificate. - if i >= 4 { - verify_cert(&cert, &key_pair); - verify_csr(&cert, &key_pair); - } else { - // The PSS key types are not fully supported. - // An attempt to use them gives a handshake error. - verify_cert_basic(&cert); - } + verify_cert(&cert, &key_pair); + verify_csr(&cert, &key_pair); } }