wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes for make check with --enable-all (now including --enable-earlydata) with fips or asynccrypt:

Browse Source 
in scripts/tls13.test, use fips-compatible server-side cipher suite for "TLS v1.3 cipher suite mismatch" test, and modernize some syntax;

in configure.ac, omit earlydata from enable-all when asynccrypt, pending fix;

also in configure.ac, fix AC_CHECK_DECLS()-overriding-AC_CHECK_FUNCS() kludge, to fix CPPFLAGS=-std=c99 builds.
This commit is contained in:
Daniel Pouzzner
2022-03-07 17:19:31 -06:00
parent a9cc1ca877
commit 0231304607
2 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@@ -97,12 +97,10 @@ AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset
AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [ AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [
if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes" if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
then then
echo " note: earlier check for $(eval 'echo ${as_decl_name}') superseded." AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
eval "$(eval 'echo ac_cv_func_${as_decl_name}=no')" eval "ac_cv_func_${as_decl_name}=no"
_mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'` _mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'`
echo "g/#define $_mask_varname 1/s//\/* #undef $_mask_varname *\// sed --in-place "s~^#define ${_mask_varname} 1$~~" confdefs.h
wq
." | ed -s confdefs.h
fi fi
], [[ ], [[
#ifdef HAVE_SYS_SOCKET_H #ifdef HAVE_SYS_SOCKET_H
@@ -586,7 +584,10 @@ then
test "$enable_trusted_ca" = "" && enable_trusted_ca=yes test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
test "$enable_session_ticket" = "" && enable_session_ticket=yes test "$enable_session_ticket" = "" && enable_session_ticket=yes
# don't add earlydata when assynccrypt, pending fix:
if test "$enable_asynccrypt" != "yes"; then
test "$enable_earlydata" = "" && enable_earlydata=yes test "$enable_earlydata" = "" && enable_earlydata=yes
fi
if test "$ENABLED_32BIT" != "yes" if test "$ENABLED_32BIT" != "yes"
then then

42
scripts/tls13.test
View File

@@ -23,12 +23,12 @@ counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir) # let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's # also let's add some randomness by adding pid in case multiple 'make check's
# per source tree # per source tree
ready_file=`pwd`/wolfssl_tls13_ready$$ ready_file="$(pwd)/wolfssl_tls13_ready$$"
client_file=`pwd`/wolfssl_tls13_client$$ client_file="$(pwd)/wolfssl_tls13_client$$"
# Server output # Server output
server_out_file=`pwd`/wolfssl_tls13_server_out$$ server_out_file="$(pwd)/wolfssl_tls13_server_out$$"
# Client output # Client output
client_out_file=`pwd`/wolfssl_tls13_client_out$$ client_out_file="$(pwd)/wolfssl_tls13_client_out$$"
echo "ready file "$ready_file"" echo "ready file "$ready_file""
@@ -49,7 +49,7 @@ create_port() {
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat "$ready_file"` port="$(cat "$ready_file")"
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
do_cleanup do_cleanup
@@ -69,7 +69,7 @@ do_cleanup() {
if [ $server_pid != $no_pid ] if [ $server_pid != $no_pid ]
then then
echo "killing server" echo "killing server"
kill -9 $server_pid kill -9 $server_pid 2>/dev/null
server_pid=$no_pid server_pid=$no_pid
fi fi
remove_ready_file remove_ready_file
@@ -124,7 +124,7 @@ echo ""
# TLS 1.3 cipher suites server / client. # TLS 1.3 cipher suites server / client.
echo -e "\n\nTLS v1.3 cipher suite mismatch" echo -e "\n\nTLS v1.3 cipher suite mismatch"
port=0 port=0
./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & ./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-AES128-GCM-SHA256 &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
@@ -138,9 +138,9 @@ fi
do_cleanup do_cleanup
echo "" echo ""
cat ./wolfssl/options.h | grep -- 'NO_CERTS' cat ./wolfssl/options.h | grep -F -e 'NO_CERTS'
NO_CERTS=$? NO_CERTS=$?
cat ./wolfssl/options.h | grep -- 'WOLFSSL_NO_CLIENT_AUTH' cat ./wolfssl/options.h | grep -F -e 'WOLFSSL_NO_CLIENT_AUTH'
NO_CLIENT_AUTH=$? NO_CLIENT_AUTH=$?
if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
# TLS 1.3 mutual auth required but client doesn't send certificates. # TLS 1.3 mutual auth required but client doesn't send certificates.
@@ -162,7 +162,7 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
fi fi
# Check for TLS 1.2 support # Check for TLS 1.2 support
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' ./examples/client/client -v 3 2>&1 | grep -F -e 'Bad SSL version'
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
# TLS 1.3 server / TLS 1.2 client. # TLS 1.3 server / TLS 1.2 client.
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
@@ -202,7 +202,7 @@ if [ $? -ne 0 ]; then
for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
do do
echo $CS echo $CS
./examples/client/client -e | grep $CS >/dev/null ./examples/client/client -e | grep -F -e "$CS" >/dev/null
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
TLS12_CS=$CS TLS12_CS=$CS
break break
@@ -234,11 +234,11 @@ if [ $? -ne 0 ]; then
fi fi
# Check for EarlyData support # Check for EarlyData support
./examples/client/client -? 2>&1 | grep -- 'Early data' ./examples/client/client -? 2>&1 | grep -F -e 'Early data'
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
early_data=yes early_data=yes
fi fi
./examples/client/client -? 2>&1 | grep -- 'Shared keys' ./examples/client/client -? 2>&1 | grep -F -e 'Shared keys'
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
psk=yes psk=yes
fi fi
@@ -254,13 +254,13 @@ if [ "$early_data" = "yes" ]; then
RESULT=$? RESULT=$?
cat "$client_out_file" cat "$client_out_file"
remove_ready_file remove_ready_file
grep 'Session Ticket' "$client_out_file" grep -F -e 'Session Ticket' "$client_out_file"
session_ticket=$? session_ticket=$?
ed_srv_msgcnt=`grep 'Early Data Client message' "$server_out_file" | wc -l` ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt=`grep 'Early Data was' "$server_out_file" | wc -l` ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
if [ $session_ticket -eq 0 -a $ed_srv_msgcnt -ne 2 \ if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
-a $ed_srv_status_cnt -ne 2]; then -a $ed_srv_status_cnt -ne 2 ]; then
RESULT=1 RESULT=1
fi fi
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@@ -286,15 +286,15 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
# wait for the server to quit and write output # wait for the server to quit and write output
wait $server_pid wait $server_pid
ed_srv_msgcnt=`grep 'Early Data Client message' "$server_out_file" | wc -l` ed_srv_msgcnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt=`grep 'Early Data was' "$server_out_file" | wc -l` ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
echo echo
echo "Server out file" echo "Server out file"
cat "$server_out_file" cat "$server_out_file"
echo echo
echo "Found lines" echo "Found lines"
grep 'Early Data' "$server_out_file" grep -F -e 'Early Data' "$server_out_file"
echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt" echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt"
RESULT=1 RESULT=1
fi fi