Fix test failures

Author: julek-wolfssl

.gitattributes

@@ -0,0 +1,8 @@
+# Ensure cert/key files always use LF line endings so that hashes
+# remain consistent across platforms.
+*.pem eol=lf
+*.cnf eol=lf
+*.cfg eol=lf
+
+# DER files are binary and must never be transformed.
+*.der binary

src/x509/clu_x509_sign.c

@@ -1274,21 +1274,11 @@ int wolfCLU_CertSign(WOLFCLU_CERT_SIGN* csign, WOLFSSL_X509* x509)
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
 
-    #if LIBWOLFSSL_VERSION_HEX > 0x05001000
-        #ifndef WOLFSSL_NOSHA512_224
             case WC_HASH_TYPE_SHA512_224:
-        #endif
-        #ifndef WOLFSSL_NOSHA512_256
             case WC_HASH_TYPE_SHA512_256:
-        #endif
-        #ifdef WOLFSSL_SHAKE128
             case WC_HASH_TYPE_SHAKE128:
-        #endif
-        #ifdef WOLFSSL_SHAKE256
             case WC_HASH_TYPE_SHAKE256:
-        #endif
             case WC_HASH_TYPE_SM3:
-    #endif
             default:
                 wolfCLU_LogError("Unsupported hash type");
                 ret = WOLFCLU_FATAL_ERROR;

tests/x509/x509-process-test.py

@@ -14,7 +14,7 @@
 HAS_OPENSSL = shutil.which("openssl") is not None
 
 
-def _check_cert_signature(cert_path, digest):
+def _check_cert_signature(cert_path, digest, inform="PEM"):
     """Use OpenSSL to verify the signature on a self-signed certificate.
 
     Returns True on success, raises AssertionError on failure.
@@ -24,10 +24,13 @@ def _check_cert_signature(cert_path, digest):
         raise unittest.SkipTest("openssl not available")
 
     stripped = cert_path + ".stripped.pem"
+    sig_bin = cert_path + ".sig.bin"
+    body_bin = cert_path + ".body.bin"
+    pub_pem = cert_path + ".pub.pem"
     try:
         subprocess.run(
-            ["openssl", "x509", "-in", cert_path, "-out", stripped,
-             "-outform", "PEM"],
+            ["openssl", "x509", "-inform", inform, "-in", cert_path,
+             "-out", stripped, "-outform", "PEM"],
             check=True, capture_output=True, timeout=60)
 
         # Extract signature hex
@@ -48,17 +51,14 @@ def _check_cert_signature(cert_path, digest):
                 lines.append(stripped_line)
         sig_hex = "".join(lines)
 
-        sig_bin = cert_path + ".sig.bin"
         with open(sig_bin, "wb") as f:
             f.write(bytes.fromhex(sig_hex))
 
-        body_bin = cert_path + ".body.bin"
         subprocess.run(
             ["openssl", "asn1parse", "-in", stripped, "-strparse", "4",
              "-out", body_bin, "-noout"],
             check=True, capture_output=True, timeout=60)
 
-        pub_pem = cert_path + ".pub.pem"
         with open(pub_pem, "w") as pub_f:
             subprocess.run(
                 ["openssl", "x509", "-in", stripped, "-noout", "-pubkey"],
@@ -150,7 +150,7 @@ def test_1c_pem_to_der_signature(self):
                         "-in", os.path.join(CERTS_DIR, "ca-cert.pem"),
                         "-out", out)
         self.assertEqual(r.returncode, 0, r.stderr)
-        _check_cert_signature(out, "sha256")
+        _check_cert_signature(out, "sha256", inform="DER")
 
     def test_1d_der_to_pem_stdout(self):
         """DER -> PEM to stdout succeeds."""
@@ -175,7 +175,7 @@ def test_1e_der_to_der_signature(self):
                         "-in", os.path.join(CERTS_DIR, "ca-cert.der"),
                         "-out", out)
         self.assertEqual(r.returncode, 0, r.stderr)
-        _check_cert_signature(out, "sha256")
+        _check_cert_signature(out, "sha256", inform="DER")
 
     def test_1f_der_text_noout(self):
         """DER text/noout succeeds."""