feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

scripts/: more race elimination/mitigation.

Browse Source
This commit is contained in:
Daniel Pouzzner
2020-09-16 18:05:35 -05:00
parent 26901d1cd9
commit 5ed2fe8092
9 changed files with 55 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/crl-revoked.test
View File

@@ -79,6 +79,9 @@ run_test() {
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
if test -e $ready_file; then if test -e $ready_file; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
@@ -87,7 +90,7 @@ run_test() {
fi fi
# get created port 0 ephemeral port # get created port 0 ephemeral port
crl_port=`cat $ready_file` crl_port="$(cat $ready_file)"
# starts client on crl_port and captures the output from client # starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port 2>&1) capture_out=$(./examples/client/client -p $crl_port 2>&1)

25
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@@ -23,7 +23,7 @@ if [ $? -eq 0 ]; then
exit 0 exit 0
fi fi
PARENTDIR=`pwd` PARENTDIR="$PWD"
# create a unique workspace directory ending in PID for the script instance ($$) # create a unique workspace directory ending in PID for the script instance ($$)
# to make this instance orthogonal to any others running, even on same repo. # to make this instance orthogonal to any others running, even on same repo.
@@ -126,7 +126,7 @@ create_new_cnf() {
mv $test_cnf $CERT_DIR/$test_cnf mv $test_cnf $CERT_DIR/$test_cnf
cd $CERT_DIR cd $CERT_DIR
CURR_LOC=`pwd` CURR_LOC="$PWD"
printf '%s\n' "echo now in $CURR_LOC" printf '%s\n' "echo now in $CURR_LOC"
./renewcerts-for-test.sh $test_cnf ./renewcerts-for-test.sh $test_cnf
cd $WORKSPACE cd $WORKSPACE
@@ -202,11 +202,10 @@ if [ ! -f $ready_file ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\"" printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1 exit 1
else else
RPORTSELECTED=`cat $ready_file` printf '%s\n' "Random port selected: $port1"
printf '%s\n' "Random port selected: $RPORTSELECTED"
# Use client connection to shutdown the server cleanly # Use client connection to shutdown the server cleanly
./examples/client/client -p $RPORTSELECTED ./examples/client/client -p $port1
create_new_cnf $RPORTSELECTED create_new_cnf $port1
fi fi
sleep 0.1 sleep 0.1
@@ -224,7 +223,7 @@ sleep 0.1
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh & # OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes! # purposes!
openssl ocsp -port $RPORTSELECTED -nmin 1 \ openssl ocsp -port $port1 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/intermediate1-ca-cert.pem \ -rsigner certs/ocsp/intermediate1-ca-cert.pem \
-rkey certs/ocsp/intermediate1-ca-key.pem \ -rkey certs/ocsp/intermediate1-ca-key.pem \
@@ -241,10 +240,10 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
./examples/server/server -c certs/ocsp/server1-cert.pem \ ./examples/server/server -c certs/ocsp/server1-cert.pem \
-k certs/ocsp/server1-key.pem -R $ready_file2 \ -k certs/ocsp/server1-key.pem -R $ready_file2 \
-p $port2 & -p $port2 &
wait_for_readyFile $ready_file2 wolf_pid2=$!
CLI_PORT=`cat $ready_file2` wait_for_readyFile $ready_file2 $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $CLI_PORT -p $port2
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" && exit 1 [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" && exit 1
printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "Test PASSED!"
@@ -255,10 +254,10 @@ remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem \ ./examples/server/server -c certs/ocsp/server2-cert.pem \
-k certs/ocsp/server2-key.pem -R $ready_file2 \ -k certs/ocsp/server2-key.pem -R $ready_file2 \
-p $port2 & -p $port2 &
wait_for_readyFile $ready_file2 wolf_pid2=$!
CLI_PORT=`cat $ready_file2` wait_for_readyFile $ready_file2 $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $CLI_PORT -p $port2
RESULT=$? RESULT=$?
[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "Test successfully REVOKED!"

47
scripts/ocsp-stapling.test
View File

@@ -17,7 +17,7 @@ if [ $? -eq 0 ]; then
fi fi
PARENTDIR=`pwd` PARENTDIR="$PWD"
# create a unique workspace directory ending in PID for the script instance ($$) # create a unique workspace directory ending in PID for the script instance ($$)
# to make this instance orthogonal to any others running, even on same repo. # to make this instance orthogonal to any others running, even on same repo.
@@ -118,7 +118,7 @@ create_new_cnf() {
mv $test_cnf $CERT_DIR/$test_cnf mv $test_cnf $CERT_DIR/$test_cnf
cd $CERT_DIR cd $CERT_DIR
CURR_LOC=`pwd` CURR_LOC="$PWD"
printf '%s\n' "echo now in $CURR_LOC" printf '%s\n' "echo now in $CURR_LOC"
./renewcerts-for-test.sh $test_cnf ./renewcerts-for-test.sh $test_cnf
cd $WORKSPACE cd $WORKSPACE
@@ -162,8 +162,8 @@ if [ $? -eq 0 ]; then
fi fi
# check if supported key size is large enough to handle 4096 bit RSA # check if supported key size is large enough to handle 4096 bit RSA
size=`./examples/client/client '-?' | grep "Max RSA key"` size="$(./examples/client/client '-?' | grep "Max RSA key")"
size=`echo ${size//[^0-9]/}` size="${size//[^0-9]/}"
if [ ! -z "$size" ]; then if [ ! -z "$size" ]; then
printf 'check on max key size of %d ...' $size printf 'check on max key size of %d ...' $size
if [ $size -lt 4096 ]; then if [ $size -lt 4096 ]; then
@@ -199,9 +199,8 @@ port3=$(get_first_free_port $((port2 + 1)))
# test interop fail case # test interop fail case
ready_file=`pwd`/wolf_ocsp_readyF$$ ready_file=$PWD/wolf_ocsp_readyF$$
printf '%s\n' "ready file: $ready_file" printf '%s\n' "ready file: $ready_file"
# bind to any (allows use with IPv6)
./examples/server/server -b -p $port1 -o -R $ready_file & ./examples/server/server -b -p $port1 -o -R $ready_file &
wolf_pid=$! wolf_pid=$!
wait_for_readyFile $ready_file $wolf_pid $port1 wait_for_readyFile $ready_file $wolf_pid $port1
@@ -210,8 +209,7 @@ if [ ! -f $ready_file ]; then
exit 1 exit 1
else else
# should fail if ocspstapling is also enabled # should fail if ocspstapling is also enabled
RPORTSELECTED=`cat $ready_file` echo "hi" | openssl s_client -status -connect 127.0.0.1:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
echo "hi" | openssl s_client -status -connect 127.0.0.1:${RPORTSELECTED} -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
printf '%s\n' "Succeeded when should have failed" printf '%s\n' "Succeeded when should have failed"
remove_single_rF $ready_file remove_single_rF $ready_file
@@ -234,11 +232,10 @@ if [ ! -f $ready_file ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\"" printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1 exit 1
else else
RPORTSELECTED=`cat $ready_file` printf '%s\n' "Random port selected: $port2"
printf '%s\n' "Random port selected: $RPORTSELECTED"
# Use client connection to shutdown the server cleanly # Use client connection to shutdown the server cleanly
./examples/client/client -p $RPORTSELECTED ./examples/client/client -p $port2
create_new_cnf $RPORTSELECTED create_new_cnf $port2
fi fi
sleep 0.1 sleep 0.1
@@ -266,7 +263,7 @@ fi
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh & # OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes! # purposes!
openssl ocsp -port $RPORTSELECTED -nmin 1 \ openssl ocsp -port $port2 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \ -rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \
@@ -282,9 +279,9 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -p $port3 & -k certs/ocsp/server1-key.pem -p $port3 &
wait_for_readyFile $ready_file2 wolf_pid3=$!
CLI_PORT=`cat $ready_file2` wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "Test PASSED!"
@@ -294,10 +291,10 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
remove_single_rF $ready_file2 remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -p $port3 & -k certs/ocsp/server2-key.pem -p $port3 &
wait_for_readyFile $ready_file2 wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3
sleep 0.1 sleep 0.1
CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
RESULT=$? RESULT=$?
[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" \ [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" \
&& exit 1 && exit 1
@@ -312,10 +309,10 @@ if [ $? -ne 0 ]; then
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -v 4 \ -k certs/ocsp/server1-key.pem -v 4 \
-p $port3 & -p $port3 &
wait_for_readyFile $ready_file2 wolf_pid3=$!
CLI_PORT=`cat $ready_file2` wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $CLI_PORT -p $port3
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1
printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "Test PASSED!"
@@ -326,10 +323,10 @@ if [ $? -ne 0 ]; then
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -v 4 \ -k certs/ocsp/server2-key.pem -v 4 \
-p $port3 & -p $port3 &
wait_for_readyFile $ready_file2 wolf_pid3=$!
CLI_PORT=`cat $ready_file2` wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $CLI_PORT -p $port3
RESULT=$? RESULT=$?
[ $RESULT -ne 1 ] && \ [ $RESULT -ne 1 ] && \
printf '\n\n%s\n' "Client connection succeeded $RESULT" \ printf '\n\n%s\n' "Client connection succeeded $RESULT" \

5
scripts/ocsp-stapling2.test
View File

@@ -330,10 +330,9 @@ printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
#./examples/server/server -c certs/ocsp/server3-cert.pem \ #./examples/server/server -c certs/ocsp/server3-cert.pem \
# -k certs/ocsp/server3-key.pem -R $ready_file5 \ # -k certs/ocsp/server3-key.pem -R $ready_file5 \
# -p $port5 & # -p $port5 &
#wait_for_readyFile $ready_file5 #wait_for_readyFile $ready_file5 $server_pid5 $port5
#CLI_PORT=`cat $ready_file5`
#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ #./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
# -p $CLI_PORT # -p $port5
#RESULT=$? #RESULT=$?
#[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 #[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
#printf '%s\n\n' "Test PASSED!" #printf '%s\n\n' "Test PASSED!"

3
scripts/pkcallbacks.test
View File

@@ -95,6 +95,9 @@ run_test() {
exit 1 exit 1
fi fi
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
pk_port=`cat $ready_file` pk_port=`cat $ready_file`

3
scripts/psk.test
View File

@@ -37,6 +37,9 @@ create_port() {
if test -e $ready_file; then if test -e $ready_file; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat $ready_file`
else else

3
scripts/resume.test
View File

@@ -86,6 +86,9 @@ do_test() {
exit 1 exit 1
fi fi
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
resume_port=`cat $ready_file` resume_port=`cat $ready_file`

3
scripts/tls13.test
View File

@@ -45,6 +45,9 @@ create_port() {
if [ -e $ready_file ]; then if [ -e $ready_file ]; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat $ready_file`
else else

3
scripts/trusted_peer.test
View File

@@ -48,6 +48,9 @@ create_port() {
if test -e $ready_file; then if test -e $ready_file; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat $ready_file`
else else