[ima-evm-utils PATCH 2/2] tests: Use EVMCTL_ENGINE to set engine or provider for test case

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Use EVMCTL_ENGINE to pass --provider or --engine to evmctl. Before, when
gost tests were running, EVMCTL_ENGINE was still set to '--engine gost'
and was used on the command line for evmctl by a pkcs11 tests as well.

Note: Ubuntu 22.04 (Noble) currently seems to have an issue when softhsm is
used via --engine pkcs11. In this case ENGINE_finish() in evmctl causes a
crash/segfault. However, when pkcs11-provider is installed and used by
evcmtl then this issue does not occur. Therefore, we cannot currently run
tests on Ubuntu 22.04 that use softhsm via pkcs11 engine. Users should
install and use the pkcs11-provider instead and not force usage of the
engine by passing '--engine pkcs11' to the command line.

Fixes: ffde173250 ("tests: Add pkcs11 test using provider")
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
 tests/sign_verify.test | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index f9522e0..4e7945a 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -440,8 +440,8 @@ expect_fail \
 _softhsm_setup "${WORKDIR}"
 if [ -n "${PKCS11_KEYURI}" ]; then
   if evmctl --help 2>/dev/null | grep -q engine; then
-    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS="--keyid=aabbccdd --engine pkcs11"
-    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS="--keyid=aabbccdd --engine pkcs11"
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS="--keyid=aabbccdd" EVMCTL_ENGINE="--engine pkcs11"
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS="--keyid=aabbccdd" EVMCTL_ENGINE="--engine pkcs11"
   else
     __skip() { echo "pkcs11 test with engine is skipped since there is no engine support"; return "$SKIP"; }
     expect_pass __skip
@@ -453,8 +453,8 @@ if [ -n "${PKCS11_KEYURI}" ]; then
      openssl list -providers -provider pkcs11 2>/dev/null; then
     PKCS11_PRIVKEYURI=${PKCS11_KEYURI//type=public/type=private}
 
-    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS="--keyid=aabbccdd --provider pkcs11"
-    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS="--keyid=aabbccdd --provider pkcs11"
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS="--keyid=aabbccdd" EVMCTL_ENGINE="--provider pkcs11"
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS="--keyid=aabbccdd" EVMCTL_ENGINE="--provider pkcs11"
   else
     __skip() { echo "pkcs11 test with provider is skipped since no provider support or pkcs11 not installed"; return "$SKIP"; }
     expect_pass __skip
-- 
2.45.0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux