feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

scripts/: more race elimination/mitigation.

Browse Source
This commit is contained in:
Daniel Pouzzner
2020-09-16 18:05:35 -05:00
parent 26901d1cd9
commit 5ed2fe8092
9 changed files with 55 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/crl-revoked.test
View File

@@ -79,6 +79,9 @@ run_test() {
counter=$((counter+ 1))
done
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
@@ -87,7 +90,7 @@ run_test() {
fi
# get created port 0 ephemeral port
crl_port=`cat $ready_file`
crl_port="$(cat $ready_file)"
# starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port 2>&1)

25
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@@ -23,7 +23,7 @@ if [ $? -eq 0 ]; then
exit 0
fi
PARENTDIR=`pwd`
PARENTDIR="$PWD"
# create a unique workspace directory ending in PID for the script instance ($$)
# to make this instance orthogonal to any others running, even on same repo.
@@ -126,7 +126,7 @@ create_new_cnf() {
mv $test_cnf $CERT_DIR/$test_cnf
cd $CERT_DIR
CURR_LOC=`pwd`
CURR_LOC="$PWD"
printf '%s\n' "echo now in $CURR_LOC"
./renewcerts-for-test.sh $test_cnf
cd $WORKSPACE
@@ -202,11 +202,10 @@ if [ ! -f $ready_file ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1
else
RPORTSELECTED=`cat $ready_file`
printf '%s\n' "Random port selected: $RPORTSELECTED"
printf '%s\n' "Random port selected: $port1"
# Use client connection to shutdown the server cleanly
./examples/client/client -p $RPORTSELECTED
create_new_cnf $RPORTSELECTED
./examples/client/client -p $port1
create_new_cnf $port1
fi
sleep 0.1
@@ -224,7 +223,7 @@ sleep 0.1
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port $RPORTSELECTED -nmin 1 \
openssl ocsp -port $port1 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/intermediate1-ca-cert.pem \
-rkey certs/ocsp/intermediate1-ca-key.pem \
@@ -241,10 +240,10 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
./examples/server/server -c certs/ocsp/server1-cert.pem \
-k certs/ocsp/server1-key.pem -R $ready_file2 \
-p $port2 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
wolf_pid2=$!
wait_for_readyFile $ready_file2 $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $CLI_PORT
-p $port2
RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" && exit 1
printf '%s\n\n' "Test PASSED!"
@@ -255,10 +254,10 @@ remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem \
-k certs/ocsp/server2-key.pem -R $ready_file2 \
-p $port2 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
wolf_pid2=$!
wait_for_readyFile $ready_file2 $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $CLI_PORT
-p $port2
RESULT=$?
[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
printf '%s\n\n' "Test successfully REVOKED!"

47
scripts/ocsp-stapling.test
View File

@@ -17,7 +17,7 @@ if [ $? -eq 0 ]; then
fi
PARENTDIR=`pwd`
PARENTDIR="$PWD"
# create a unique workspace directory ending in PID for the script instance ($$)
# to make this instance orthogonal to any others running, even on same repo.
@@ -118,7 +118,7 @@ create_new_cnf() {
mv $test_cnf $CERT_DIR/$test_cnf
cd $CERT_DIR
CURR_LOC=`pwd`
CURR_LOC="$PWD"
printf '%s\n' "echo now in $CURR_LOC"
./renewcerts-for-test.sh $test_cnf
cd $WORKSPACE
@@ -162,8 +162,8 @@ if [ $? -eq 0 ]; then
fi
# check if supported key size is large enough to handle 4096 bit RSA
size=`./examples/client/client '-?' | grep "Max RSA key"`
size=`echo ${size//[^0-9]/}`
size="$(./examples/client/client '-?' | grep "Max RSA key")"
size="${size//[^0-9]/}"
if [ ! -z "$size" ]; then
printf 'check on max key size of %d ...' $size
if [ $size -lt 4096 ]; then
@@ -199,9 +199,8 @@ port3=$(get_first_free_port $((port2 + 1)))
# test interop fail case
ready_file=`pwd`/wolf_ocsp_readyF$$
ready_file=$PWD/wolf_ocsp_readyF$$
printf '%s\n' "ready file: $ready_file"
# bind to any (allows use with IPv6)
./examples/server/server -b -p $port1 -o -R $ready_file &
wolf_pid=$!
wait_for_readyFile $ready_file $wolf_pid $port1
@@ -210,8 +209,7 @@ if [ ! -f $ready_file ]; then
exit 1
else
# should fail if ocspstapling is also enabled
RPORTSELECTED=`cat $ready_file`
echo "hi" | openssl s_client -status -connect 127.0.0.1:${RPORTSELECTED} -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
echo "hi" | openssl s_client -status -connect 127.0.0.1:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
if [ $? -eq 0 ]; then
printf '%s\n' "Succeeded when should have failed"
remove_single_rF $ready_file
@@ -234,11 +232,10 @@ if [ ! -f $ready_file ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1
else
RPORTSELECTED=`cat $ready_file`
printf '%s\n' "Random port selected: $RPORTSELECTED"
printf '%s\n' "Random port selected: $port2"
# Use client connection to shutdown the server cleanly
./examples/client/client -p $RPORTSELECTED
create_new_cnf $RPORTSELECTED
./examples/client/client -p $port2
create_new_cnf $port2
fi
sleep 0.1
@@ -266,7 +263,7 @@ fi
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port $RPORTSELECTED -nmin 1 \
openssl ocsp -port $port2 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
@@ -282,9 +279,9 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
printf '%s\n\n' "Test PASSED!"
@@ -294,10 +291,10 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -p $port3 &
wait_for_readyFile $ready_file2
wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3
sleep 0.1
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
RESULT=$?
[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" \
&& exit 1
@@ -312,10 +309,10 @@ if [ $? -ne 0 ]; then
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -v 4 \
-p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $CLI_PORT
-p $port3
RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1
printf '%s\n\n' "Test PASSED!"
@@ -326,10 +323,10 @@ if [ $? -ne 0 ]; then
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -v 4 \
-p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $CLI_PORT
-p $port3
RESULT=$?
[ $RESULT -ne 1 ] && \
printf '\n\n%s\n' "Client connection succeeded $RESULT" \

5
scripts/ocsp-stapling2.test
View File

@@ -330,10 +330,9 @@ printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
#./examples/server/server -c certs/ocsp/server3-cert.pem \
# -k certs/ocsp/server3-key.pem -R $ready_file5 \
# -p $port5 &
#wait_for_readyFile $ready_file5
#CLI_PORT=`cat $ready_file5`
#wait_for_readyFile $ready_file5 $server_pid5 $port5
#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
# -p $CLI_PORT
# -p $port5
#RESULT=$?
#[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
#printf '%s\n\n' "Test PASSED!"

3
scripts/pkcallbacks.test
View File

@@ -95,6 +95,9 @@ run_test() {
exit 1
fi
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port
pk_port=`cat $ready_file`

3
scripts/psk.test
View File

@@ -37,6 +37,9 @@ create_port() {
if test -e $ready_file; then
echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port
port=`cat $ready_file`
else

3
scripts/resume.test
View File

@@ -86,6 +86,9 @@ do_test() {
exit 1
fi
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port
resume_port=`cat $ready_file`

3
scripts/tls13.test
View File

@@ -45,6 +45,9 @@ create_port() {
if [ -e $ready_file ]; then
echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port
port=`cat $ready_file`
else

3
scripts/trusted_peer.test
View File

@@ -48,6 +48,9 @@ create_port() {
if test -e $ready_file; then
echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1
# get created port 0 ephemeral port
port=`cat $ready_file`
else