Skip to content

test(integv2): add partial support for OpenSSL 3.0 provider #5131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
Mar 12, 2025
Merged

test(integv2): add partial support for OpenSSL 3.0 provider #5131

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
21981f6
adding openssl 3 as a provider
johubertj Feb 20, 2025
8cc964d
removed an import not needed
johubertj Feb 20, 2025
f55b829
added example string that would be parsed
johubertj Feb 26, 2025
c4b85d9
fixed comments
johubertj Feb 26, 2025
e287697
using .get_version
johubertj Feb 27, 2025
4f045e1
we have invalid params if we don't support a specific cert
johubertj Feb 27, 2025
1f7a752
added a helper method and reduce number of subprocess runs
johubertj Feb 27, 2025
96f3b54
Update tests/integrationv2/providers.py
johubertj Feb 28, 2025
31404eb
Update tests/integrationv2/providers.py
johubertj Feb 28, 2025
45eff50
fixed nesting if statements and removed cert is none check
johubertj Feb 28, 2025
41a8c01
Merge branch 'main' into feature-add-openSSL3
johubertj Feb 28, 2025
7474680
removed unused imports
johubertj Feb 28, 2025
60645c8
ruff format check
johubertj Feb 28, 2025
2f009e5
removed unnecessary parameter
johubertj Feb 28, 2025
538a02f
Merge branch 'main' into feature-add-openSSL3
johubertj Mar 1, 2025
87d9e1e
remove openssl 1.1.1 from the path
johubertj Mar 4, 2025
24436a0
removed all 1.1.1 required paths for nix
johubertj Mar 4, 2025
9fc9bc4
Merge branch 'main' into feature-add-openSSL3
johubertj Mar 4, 2025
a9bbe38
causing ci errors
johubertj Mar 6, 2025
6bfda4e
Merge branch 'main' into feature-add-openSSL3
johubertj Mar 6, 2025
b2a89d3
added back nix stuff to make CI use openssl 1.1.1
johubertj Mar 7, 2025
7718632
added back more nix
johubertj Mar 7, 2025
3e29893
accidentally added file for another PR
johubertj Mar 7, 2025
73eba53
removed more unneeded files
johubertj Mar 7, 2025
52dd890
removed more files
johubertj Mar 7, 2025
335548f
Update tests/integrationv2/providers.py
johubertj Mar 10, 2025
afc17ac
Update tests/integrationv2/conftest.py
johubertj Mar 10, 2025
29ead50
Update tests/integrationv2/providers.py
johubertj Mar 10, 2025
fedc338
Merge branch 'main' into feature-add-openSSL3
johubertj Mar 11, 2025
d9cc7b3
Merge branch 'main' into feature-add-openSSL3
johubertj Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion tests/integrationv2/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@
# SPDX-License-Identifier: Apache-2.0
import os
import pytest
import subprocess
from global_flags import set_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE
from providers import S2N, JavaSSL
from providers import S2N, JavaSSL, OpenSSL

PATH_CONFIGURATION_KEY = pytest.StashKey()

Expand All @@ -30,6 +31,9 @@ def available_providers():
if os.path.exists("./bin/SSLSocketClient.class"):
providers.add(JavaSSL)

if OpenSSL.get_provider() == "OpenSSL" and OpenSSL.get_version() == "3.0":
providers.add(OpenSSL)

return providers


Expand Down
51 changes: 37 additions & 14 deletions tests/integrationv2/providers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import pytest
import threading

from common import ProviderOptions, Ciphers, Curves, Protocols, Signatures, Cert
from common import ProviderOptions, Certificates, Ciphers, Curves, Protocols, Signatures, Cert
from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE
from stat import S_IMODE

Expand Down Expand Up @@ -344,12 +344,22 @@ def setup_server(self):


class OpenSSL(Provider):
result = subprocess.run(
["openssl", "version"], shell=False, capture_output=True, text=True
)
# After splitting, version_str would be: ["OpenSSL", "3.0.8", "7", "Feb", "2023\n"]
version_str = result.stdout.split(" ")
# e.g., "OpenSSL"
provider = version_str[0]
# e.g., "3.0.8"
version_openssl = version_str[1]

def __init__(self, options: ProviderOptions):
Provider.__init__(self, options)
# We print some OpenSSL logging that includes stderr
self.expect_stderr = True # lgtm [py/overwritten-inherited-attribute]
# Current provider needs 1.1.x https://github.com/aws/s2n-tls/issues/3963
self._is_openssl_11()
self.at_least_openssl_1_1()

@classmethod
def get_send_marker(cls):
Expand Down Expand Up @@ -398,27 +408,40 @@ def _cipher_to_cmdline(self, cipher):

@classmethod
def get_version(cls):
return get_flag(S2N_PROVIDER_VERSION)
return cls.version_openssl

@classmethod
def supports_protocol(cls, protocol):
if protocol is Protocols.SSLv3:
return False
def get_provider(cls):
return cls.provider

@classmethod
def supports_protocol(cls, protocol, with_cert=None):
if OpenSSL.get_version()[0:3] == "1.1":
return protocol not in (Protocols.SSLv3)
elif OpenSSL.get_version()[0:3] == "3.0":
return protocol not in (Protocols.SSLv3, Protocols.TLS10, Protocols.TLS11)
else:
return True

@classmethod
def supports_certificate(cls, cert: Cert):
if OpenSSL.get_version()[0:3] == "3.0":
return cert not in (
Certificates.RSA_1024_SHA256,
Certificates.RSA_1024_SHA384,
Certificates.RSA_1024_SHA512,
)

return True

@classmethod
def supports_cipher(cls, cipher, with_curve=None):
return True

def _is_openssl_11(self) -> None:
result = subprocess.run(["openssl", "version"], shell=False, capture_output=True, text=True)
version_str = result.stdout.split(" ")
project = version_str[0]
version = version_str[1]
print(f"openssl version: {project} version: {version}")
if (project != "OpenSSL" or version[0:3] != "1.1"):
raise FileNotFoundError(f"Openssl version returned {version}, expected 1.1.x.")
def at_least_openssl_1_1(self) -> None:
print(f"Openssl version: {OpenSSL.get_version()}")
if (OpenSSL.get_version() < "1.1"):
raise FileNotFoundError(f"Openssl version returned {OpenSSL.get_version()}, expected at least 1.1.x.")

def setup_client(self):
cmd_line = ['openssl', 's_client']
Expand Down
4 changes: 2 additions & 2 deletions tests/integrationv2/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
from common import Protocols
from providers import S2N
from common import Certificates, Protocols
from providers import OpenSSL, S2N
from global_flags import get_flag, S2N_FIPS_MODE


Expand Down