From d00b93b6211b208aaeb45d7e33bbdf43ccb4fc5c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 29 Apr 2024 16:03:02 +0200
Subject: [PATCH] Require RSA when using server1* key or certificate

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8e32a698f4..b40e322113 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -477,9 +477,15 @@ detect_required_features() {
     esac
 
     case "$CMD_LINE" in
+        */server1*|\
         */server2*|\
         */server7*)
-            # server2 and server7 certificates use RSA encryption
+            # Certificates with an RSA key. The algorithm requirement is
+            # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature,
+            # PSS signature}. We can't easily tell which subset works, and
+            # we aren't currently running ssl-opt.sh in configurations
+            # where partial RSA support is a problem, so generically, we
+            # just require RSA and it works out for our tests so far.
             requires_config_enabled "MBEDTLS_RSA_C"
     esac