diff --git a/.gitignore b/.gitignore index 0e10af5f9..e4b39ed6e 100644 --- a/.gitignore +++ b/.gitignore @@ -242,6 +242,10 @@ linuxkm/libwolfssl.mod.c linuxkm/module_exports.c linuxkm/linuxkm/get_thread_size +# autotools generated +scripts/unit.test +wolfcrypt/test/test_paths.h + # MPLAB Generated Files (OS X) mcapi/wolfcrypt_mcapi.X/nbproject/Makefile-* mcapi/wolfcrypt_mcapi.X/nbproject/Package-default.bash diff --git a/Makefile.am b/Makefile.am index 6e2f3b478..78e0e45ee 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,7 +27,9 @@ DIST_SUBDIRS_OPT = @INC_AMINCLUDE@ DISTCLEANFILES+= aminclude.am -CLEANFILES+= cert.der \ +CLEANFILES+= ecc-key.der \ + ecc-public-key.der \ + cert.der \ cert.pem \ certecc.der \ certecc.pem \ diff --git a/configure.ac b/configure.ac index 054a7b4e3..fd60f815c 100644 --- a/configure.ac +++ b/configure.ac @@ -6145,7 +6145,15 @@ AC_SUBST([LIB_STATIC_ADD]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) -AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) +AC_CONFIG_FILES([Makefile + wolfssl/version.h + wolfssl/options.h + cyassl/options.h + support/wolfssl.pc + rpm/spec + wolfcrypt/test/test_paths.h + ]) +AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test index e49611c64..9d7f7eba0 100755 --- a/scripts/crl-revoked.test +++ b/scripts/crl-revoked.test @@ -1,6 +1,7 @@ -#!/bin/sh +#!/bin/bash #crl.test +CERT_DIR=certs # if we can, isolate the network namespace to eliminate port collisions. if [ "${AM_BWRAPPED-}" != "yes" ]; then @@ -70,7 +71,8 @@ run_test() { # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid ./examples/server/server -R $ready_file -p $crl_port \ - -c certs/server-revoked-cert.pem -k certs/server-revoked-key.pem & + -c ${CERT_DIR}/server-revoked-cert.pem \ + -k ${CERT_DIR}/server-revoked-key.pem & server_pid=$! while [ ! -s $ready_file -a "$counter" -lt 20 ]; do diff --git a/scripts/include.am b/scripts/include.am index fafdb43ab..dc47aad84 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -82,6 +82,7 @@ dist_noinst_SCRIPTS+= scripts/ocsp.test endif dist_noinst_SCRIPTS+= scripts/unit.test +noinst_SCRIPTS+= scripts/unit.test.in endif endif diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index faccf985f..0991b4569 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -2,6 +2,8 @@ # ocsp-stapling-with-ca-as-responder.test +SCRIPT_DIR="$(dirname "$0")" + # if we can, isolate the network namespace to eliminate port collisions. if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" @@ -32,7 +34,7 @@ PARENTDIR="$PWD" WORKSPACE="${PARENTDIR}/workspace.pid$$" mkdir "${WORKSPACE}" || exit $? -cp -pR certs "${WORKSPACE}"/ || exit $? +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? ln -s ../examples diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index eb7244645..7a1583138 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -5,6 +5,8 @@ # Note, this script makes connection(s) to the public Internet. +SCRIPT_DIR="$(dirname "$0")" + if [[ -z "${RETRIES_REMAINING-}" ]]; then export RETRIES_REMAINING=2 fi @@ -51,7 +53,7 @@ PARENTDIR="$PWD" WORKSPACE="${PARENTDIR}/workspace.pid$$" mkdir "${WORKSPACE}" || exit $? -cp -pR certs "${WORKSPACE}"/ || exit $? +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? ln -s ../examples @@ -270,7 +272,7 @@ sleep 0.1 # client test against the server server=login.live.com #ca=certs/external/baltimore-cybertrust-root.pem -ca=certs/external/ca_collection.pem +ca=./certs/external/ca_collection.pem if [[ "$V4V6" == "4" ]]; then ./examples/client/client -C -h $server -p 443 -A $ca -g -W 1 diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 55c0c716a..70a9ab857 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -3,6 +3,8 @@ # ocsp-stapling2.test # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 +SCRIPT_DIR="$(dirname "$0")" + # if we can, isolate the network namespace to eliminate port collisions. if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" @@ -51,7 +53,7 @@ PARENTDIR="$PWD" WORKSPACE="${PARENTDIR}/workspace.pid$$" mkdir "${WORKSPACE}" || exit $? -cp -pR certs "${WORKSPACE}"/ || exit $? +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? ln -s ../examples diff --git a/scripts/ocsp.test b/scripts/ocsp.test index a939ca229..74231b404 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -4,6 +4,8 @@ # Note, this script makes connection(s) to the public Internet. +SCRIPT_DIR="$(dirname "$0")" + server=www.globalsign.com ca=certs/external/ca-globalsign-root.pem @@ -25,7 +27,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test" # is our desired server there? - ./scripts/ping.test $server 2 + ${SCRIPT_DIR}/ping.test $server 2 RESULT=$? if [ $RESULT -ne 0 ]; then GL_UNREACHABLE=1 @@ -45,10 +47,10 @@ else fi server=www.google.com -ca=certs/external/ca-google-root.pem +ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem # is our desired server there? -./scripts/ping.test $server 2 +${SCRIPT_DIR}/ping.test $server 2 RESULT=$? if [ $RESULT -eq 0 ]; then # client test against the server diff --git a/scripts/unit.test b/scripts/unit.test deleted file mode 100755 index 3881334a3..000000000 --- a/scripts/unit.test +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -DIRNAME="$(dirname "$0")" -bwrap_path="$(command -v bwrap)" -if [ -n "$bwrap_path" ]; then - exec "$bwrap_path" --unshare-net --dev-bind / / "$DIRNAME/../tests/unit.test" "$@" -else - exec "$DIRNAME/../tests/unit.test" "$@" -fi diff --git a/scripts/unit.test.in b/scripts/unit.test.in new file mode 100644 index 000000000..2bb3012ad --- /dev/null +++ b/scripts/unit.test.in @@ -0,0 +1,8 @@ +#!/bin/sh + +bwrap_path="$(command -v bwrap)" +if [ -n "$bwrap_path" ]; then + exec "$bwrap_path" --unshare-net --dev-bind / / "@builddir@/tests/unit.test" "$@" +else + exec "@builddir@/tests/unit.test" "$@" +fi diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am index 37b4a8b95..905333ee8 100644 --- a/wolfcrypt/test/include.am +++ b/wolfcrypt/test/include.am @@ -12,8 +12,7 @@ noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt wolfcrypt_test_testwolfcrypt_SOURCES = wolfcrypt/test/test.c wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD) wolfcrypt_test_testwolfcrypt_DEPENDENCIES = src/libwolfssl.la -noinst_HEADERS += wolfcrypt/test/test.h - +noinst_HEADERS += wolfcrypt/test/test.h wolfcrypt/test/test_paths.h.in endif endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b924cd9d4..ada142640 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -94,8 +94,14 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\""); #endif #ifdef USE_FLAT_TEST_H + #ifdef HAVE_CONFIG_H + #include "test_paths.h" + #endif #include "test.h" #else + #ifdef HAVE_CONFIG_H + #include "wolfcrypt/test/test_paths.h" + #endif #include "wolfcrypt/test/test.h" #endif @@ -11641,10 +11647,18 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #elif defined(WOLFSSL_uTKERNEL2) #define CERT_PREFIX "/uda/" #define CERT_PATH_SEP "/" -#else +#endif + +#ifndef CERT_PREFIX #define CERT_PREFIX "./" +#endif +#ifndef CERT_PATH_SEP #define CERT_PATH_SEP "/" #endif +#ifndef CERT_WRITE_TEMP_DIR + #define CERT_WRITE_TEMP_DIR CERT_PREFIX +#endif + #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP /* Generated Test Certs */ @@ -11738,44 +11752,44 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC #ifdef WOLFSSL_CERT_GEN - static const char* certEccPemFile = CERT_PREFIX "certecc.pem"; + static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; #endif #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; - static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; + static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem"; + static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der"; #endif - static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; - static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; - static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; + static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem"; + static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der"; + static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der"; #ifdef HAVE_PKCS8 - static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; + static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der"; #endif #if defined(WOLFSSL_CERT_GEN) || \ (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* certEccDerFile = CERT_PREFIX "certecc.der"; + static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif #endif /* HAVE_ECC */ #ifndef NO_RSA #if defined(WOLFSSL_CERT_GEN) || \ (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* otherCertDerFile = CERT_PREFIX "othercert.der"; - static const char* certDerFile = CERT_PREFIX "cert.der"; + static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; + static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; #endif #ifdef WOLFSSL_CERT_GEN - static const char* otherCertPemFile = CERT_PREFIX "othercert.pem"; - static const char* certPemFile = CERT_PREFIX "cert.pem"; + static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; + static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem"; #endif #ifdef WOLFSSL_CERT_REQ - static const char* certReqDerFile = CERT_PREFIX "certreq.der"; - static const char* certReqPemFile = CERT_PREFIX "certreq.pem"; + static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der"; + static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem"; #endif #endif /* !NO_RSA */ #if !defined(NO_RSA) || !defined(NO_DSA) #ifdef WOLFSSL_KEY_GEN - static const char* keyDerFile = CERT_PREFIX "key.der"; - static const char* keyPemFile = CERT_PREFIX "key.pem"; + static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der"; + static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem"; #endif #endif diff --git a/wolfcrypt/test/test_paths.h.in b/wolfcrypt/test/test_paths.h.in new file mode 100644 index 000000000..e4428c459 --- /dev/null +++ b/wolfcrypt/test/test_paths.h.in @@ -0,0 +1,25 @@ +/* wolfcrypt/test/test_paths.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef NO_FILESYSTEM + #define CERT_PREFIX "@abs_top_srcdir@/" + #define CERT_WRITE_TEMP_DIR "@abs_top_builddir@/" +#endif /* NO_FILESYSTEM */