Improved tests

Centralized the use of the PKG_CONFIG_PATH environment variable to determine the OpenSSL version required by libp11.
Added flexibility to configure the OpenSSL binary via LD_LIBRARY_PATH for custom shared library locations.
Forced the use of the locally built engine by setting OPENSSL_ENGINES to ../src/.libs/.
Tests rely on pre-installed pkcs11-tool and softhsm2-util, which must be accessible through the default system PATH.
Added a guide for debugging the engine with Valgrind.
Refactored the code to improve clarity, simplify logic, and eliminate redundancies.
Switched from sh to bash to leverage Bash-specific features and ensure compatibility.
Removed legacy support checks for OpenSSL versions older than 1.0.0.
Skipped tests when libsofthsm2.so is built with libcrypto.so.3, as it is incompatible with OpenSSL 1.0.2u.
Update copyright information to Mobi - Com Polska Sp. z o.o.

tests/Makefile.am

@@ -1,4 +1,4 @@
-EXTRA_DIST = engines.cnf.in rsa-common.sh rsa-no-pubkey.sh ec-common.sh ec-no-pubkey.sh
+EXTRA_DIST = engines.cnf.in common.sh
 
 AM_CFLAGS = $(OPENSSL_CFLAGS)
 AM_CPPFLAGS = \
@@ -25,27 +25,28 @@ dist_check_SCRIPTS = \
 	rsa-testlistkeys.softhsm \
 	rsa-testlistkeys_ext.softhsm \
 	rsa-evp-sign.softhsm \
-	ec-evp-sign.softhsm \
-	ec-testfork.softhsm \
-	fork-change-slot.softhsm \
 	rsa-pss-sign.softhsm \
 	rsa-oaep.softhsm \
-	case-insensitive.softhsm \
 	rsa-check-privkey.softhsm \
+	ec-testfork.softhsm \
+	ec-evp-sign.softhsm \
 	ec-check-privkey.softhsm \
-	pkcs11-uri-without-token.softhsm \
-	search-all-matching-tokens.softhsm \
 	ec-cert-store.softhsm \
-	ec-copy.softhsm
+	ec-copy.softhsm \
+	fork-change-slot.softhsm \
+	case-insensitive.softhsm \
+	pkcs11-uri-without-token.softhsm \
+	search-all-matching-tokens.softhsm
 dist_check_DATA = \
-	rsa-cert.der rsa-prvkey.der rsa-pubkey.der \
-	ec-cert.der ec-prvkey.der ec-pubkey.der
+	rsa-cert.der rsa-privkey.der rsa-pubkey.der \
+	ec-cert.der ec-privkey.der ec-pubkey.der
 
 TESTS = $(dist_check_SCRIPTS)
 
 TESTS_ENVIRONMENT =	\
 	LC_ALL="C" \
 	EXEEXT=$(EXEEXT) \
+	PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \
 	top_builddir="$(top_builddir)" \
 	srcdir="$(srcdir)"
 

tests/case-insensitive.softhsm

@@ -1,5 +1,7 @@
-#!/bin/sh
+#!/bin/bash
 
+# Copyright © 2024 Mobi - Com Polska Sp. z o.o.
+# Author: Małgorzata Olszówka <[email protected]>
 # Copyright (C) 2015 Nikos Mavrogiannopoulos
 # Copyright (C) 2018 Anderson Toshiyuki Sasaki
 #
@@ -21,42 +23,50 @@
 
 outdir="output.$$"
 
-# Load common test functions
-. ${srcdir}/rsa-common.sh
+ALL_LOWER_PRIV_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234"
+ALL_LOWER_PUB_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234"
 
-# Do the common test initialization
-common_init
+ALL_UPPER_PRIV_KEY="PKCS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234"
+ALL_UPER_PUB_KEY="PKCS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234"
 
-sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
+MIXED_PRIV_KEY="PkCs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234"
+MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234"
 
-export OPENSSL_ENGINES="../src/.libs/"
-ALL_LOWER_PRIV_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"
-ALL_LOWER_PUB_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"
+# Load common test functions
+. ${srcdir}/common.sh
 
-ALL_UPPER_PRIV_KEY="PKCS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"
-ALL_UPER_PUB_KEY="PKCS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"
+# Do the token initialization
+init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert"
 
-MIXED_PRIV_KEY="PkCs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"
-MIXED_PUB_KEY="pKcS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"
+# Load openssl settings
+TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
+. ${srcdir}/openssl-settings.sh
 
-./evp-sign default false "${outdir}/engines.cnf" ${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE}
-if test $? != 0;then
+# Run the test
+${WRAPPER} ./evp-sign default false "${outdir}/engines.cnf" \
+	${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE}
+if [[ $? -ne 0 ]]; then
 	echo "All lower case PKCS#11 URI scheme detection failed"
-	exit 1;
+	exit 1
 fi
 
-./evp-sign default false "${outdir}/engines.cnf" ${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE}
-if test $? != 0;then
+./evp-sign default false "${outdir}/engines.cnf" \
+	${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE}
+if [[ $? -ne 0 ]]; then
 	echo "All upper case PKCS#11 URI scheme detection failed"
-	exit 1;
+	exit 1
 fi
 
-./evp-sign default false "${outdir}/engines.cnf" ${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE}
-if test $? != 0;then
+./evp-sign default false "${outdir}/engines.cnf" \
+	${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE}
+if [[ $? -ne 0 ]]; then
 	echo "Mixed case PKCS#11 URI scheme detection failed"
-	exit 1;
+	exit 1
 fi
 
+# Restore settings
+export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH}
+
 rm -rf "$outdir"
 
 exit 0

tests/common.sh

@@ -0,0 +1,249 @@
+#!/bin/bash
+
+# Copyright © 2024 Mobi - Com Polska Sp. z o.o.
+# Author: Małgorzata Olszówka <[email protected]>
+# Copyright (C) 2013 Nikos Mavrogiannopoulos
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Uncomment the following line to enable debugging with Valgrind
+# WRAPPER="valgrind -s --track-origins=yes --leak-check=full --show-leak-kinds=all --tool=memcheck --show-reachable=yes --keep-debuginfo=yes"
+
+echo "Current directory: $(pwd)"
+echo "Source directory: ${srcdir}"
+echo "Output directory: ${outdir}"
+
+mkdir -p ${outdir}
+
+for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 \
+		/usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do
+	if [[ -f "$i/libsofthsm2.so" ]]; then
+		MODULE="$i/libsofthsm2.so"
+		break
+	else
+		if [[ -f "$i/libsofthsm.so" ]]; then
+			MODULE="$i/libsofthsm.so"
+			break
+		fi
+	fi
+done
+
+if [[ ! -x /usr/bin/pkcs11-tool && ! -x /usr/local/bin/pkcs11-tool ]]; then
+	echo "Skipping test: 'pkcs11-tool' not found. Please install the tool to proceed."
+	exit 77
+fi
+
+# Load openssl settings
+TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
+. ${srcdir}/openssl-settings.sh
+
+OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2)
+
+# Restore settings
+export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH}
+
+LIBCRYPTO_VER=$(ldd "${MODULE}" | grep 'libcrypto' | awk '{print $1}')
+if [[ "$OPENSSL_VERSION" =~ ^0.* || "$OPENSSL_VERSION" =~ ^1\.0.* ]] \
+	&& [[ "$LIBCRYPTO_VER" == "libcrypto.so.3" ]]; then
+	echo -n "Skipping test: Module '${MODULE}' built with '${LIBCRYPTO_VER}'"
+	echo "is incompatible with OpenSSL version '${OPENSSL_VERSION}'."
+	exit 77
+fi
+
+echo "Detected system: ${OSTYPE}"
+
+if [[ ${OSTYPE} == darwin* ]]; then
+	SHARED_EXT=.dylib
+else
+	SHARED_EXT=.so
+fi
+
+
+sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \
+	"s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \
+	<"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
+
+# Force the use of the local built engine
+export OPENSSL_ENGINES="../src/.libs/"
+echo "OPENSSL_ENGINES=${OPENSSL_ENGINES}"
+
+# Set the used PIN and PUK
+PIN=1234
+PUK=1234
+
+# Set the default object ID for operations
+ID=01020304
+
+# Initialize the SoftHSM DB
+init_db () {
+	if [[ -x "/usr/bin/softhsm" ]]; then
+		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm"
+		SLOT="--slot 0"
+	fi
+
+	if [[ -x "/usr/local/bin/softhsm2-util" ]]; then
+		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/local/bin/softhsm2-util"
+		SLOT="--free "
+	fi
+
+	if [[ -x "/opt/local/bin/softhsm2-util" ]]; then
+		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/opt/local/bin/softhsm2-util"
+		SLOT="--free "
+	fi
+
+	if [[ -x "/usr/bin/softhsm2-util" ]]; then
+		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+		SLOT="--free "
+	fi
+
+	if [[ -z ${SOFTHSM_TOOL} ]]; then
+		echo "Could not find softhsm(2) tool"
+		exit 77
+	fi
+
+	if [[ -n ${SOFTHSM2_CONF} ]]; then
+		rm -rf $outdir/softhsm-testpkcs11.db
+		mkdir -p $outdir/softhsm-testpkcs11.db
+		echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+		echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \
+			${SOFTHSM2_CONF}
+	else
+		rm -rf $outdir/softhsm-testpkcs11.db
+		echo "0:$outdir/softhsm-testpkcs11.db" > ${SOFTHSM_CONF}
+	fi
+	echo "SOFTHSM2_CONF=${SOFTHSM2_CONF}"
+}
+
+# Initialize a token in the first available slot
+init_card () {
+	local token_label="$1"
+
+	echo "***************************************"
+	echo -n "* Initializing token ${token_label} ... "
+	${SOFTHSM_TOOL} --init-token ${SLOT} --label ${token_label} \
+		--so-pin ${PUK} --pin ${PIN} >/dev/null
+	if [[ $? -eq 0 ]]; then
+		echo ok
+	else
+		echo failed
+		exit 1
+	fi
+}
+
+# Delete the token at a given slot
+remove_card () {
+	local token_label="$1"
+
+	echo "* Removing token ${token_label}"
+	${SOFTHSM_TOOL} --delete-token --token ${token_label}
+	if [[ $? -ne 0 ]]; then
+		exit 1
+	fi
+}
+
+# Generate an RSA key pair on the token
+generate_rsa_key_pair () {
+	local obj_label="$1"
+	local token_label="$2"
+
+	echo "* Generating an RSA key pair on the token ${token_label}"
+	pkcs11-tool --login --pin ${PIN} --module ${MODULE} --id ${ID} \
+		--keypairgen --key-type "rsa:2048" \
+		--label ${obj_label} --token-label ${token_label}
+	if [[ $? -ne 0 ]]; then
+		exit 1
+	fi
+}
+
+# Do the token initialization
+init_token () {
+	local key_type="$1"
+	local num_devices="$2"
+	local common_label="$3"
+	local obj_id="$4"
+	local obj_label="$5"
+	local i=0
+
+	# Remove the first 5 parameters from the list of arguments
+	shift 5
+
+	# Initialize SoftHSM DB
+	init_db
+
+	while [[ $i -lt ${num_devices} ]]; do
+		# Initialize a new device
+		init_card "${common_label}-$i"
+
+		# Import objects with different labels
+		import_objects ${key_type} "${common_label}-$i" ${obj_id} "${obj_label}-$i" "$@"
+
+		# List the objects imported into the token
+		list_objects "${common_label}-$i"
+
+		i=$(($i + 1))
+	done
+}
+
+# Write an object (privkey, pubkey, cert) to the token
+import_objects () {
+	local key_type="$1"
+	local token_label="$2"
+	local obj_id="$3"
+	local obj_label="$4"
+
+	# Remove the first 4 parameters from the list of arguments
+	shift 4
+
+	# Import objects with different labels
+	for param in "$@"; do
+		if [[ -n "$param" ]]; then
+			echo -n "* Importing the ${key_type^^} ${param} object id=${obj_id}"
+			echo -n " into the token ${token_label} ... "
+			pkcs11-tool --login --pin ${PIN} --module ${MODULE} \
+				--token-label "${token_label}"\
+				--write-object "${srcdir}/${key_type}-${param}.der" \
+				--type ${param} \
+				--id ${obj_id} --label "${obj_label}" >/dev/null
+			if [[ $? -eq 0 ]]; then
+				echo ok
+			else
+				echo failed
+				exit 1
+			fi
+		else
+			echo "Skipping empty parameter"
+		fi
+	done
+}
+
+# Show objects on the token
+list_objects () {
+	local token_label="$1"
+
+	echo "***************************************"
+	echo "* Listing objects on the token ${token_label}"
+	echo "***************************************"
+	pkcs11-tool --login --pin ${PIN} --module ${MODULE} \
+		--token-label "${token_label}" --list-objects
+	if [[ $? -ne 0 ]]; then
+		exit 1
+	fi
+	echo "***************************************"
+}