c581e13380
bwrap tweaks:
...
in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);
in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);
in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
2022-02-10 15:54:39 -06:00
b957a6e872
Purge Rabbit cipher
2022-01-28 13:13:53 -05:00
38558d7fd1
dtls-srtp: don't run openssl_srtp.test on make check
2022-01-25 21:51:56 +01:00
848f5eeb0c
Merge pull request #4755 from dgarske/dtls_srtp
...
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
2022-01-21 10:43:47 +10:00
46c0809f5a
dtls-srtp: add script to test interop with OpenSSL
2022-01-20 16:55:44 +01:00
c2860cb311
Get rid of HC-128
2022-01-17 18:11:54 -05:00
d8b58b8b05
Put both `DigiCert Global Root CA` and `GlobalSign Root CA` into the Google CA list. Fixes `--enable-dtls --enable-ocsp` ./scripts/ocsp.test`.
2021-12-20 11:47:34 -08:00
72486333c3
Get host name: add code to use popen and the command 'host'
...
When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.
Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().
Test TLSv1.3 with www.google.com if wolfSSL supports it.
CMAC: cannot cast size_t* to word32* when big-endian.
SP math all: Random prime - munge bits before moving them around for
big-endian.
BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
2021-09-09 18:32:19 +10:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
9ae021d2cb
tests: server example doesn't like empty string params
...
But it's ok with them at the end
2021-06-14 12:01:09 -07:00
21db484f50
tests: fix test scripts for paths with spaces
2021-06-13 21:37:07 -07:00
ed14e593c7
ED25119 and SHAKE-256: fixes
...
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
2021-06-11 10:13:31 +10:00
ed5b134161
TLS 1.3 PSK EarlyData testing
...
Fix test to expect 3 or 5 lines with "Early Data" (release or debug
build).
2021-05-18 15:25:12 +10:00
d44549fd77
only update OPENSSL_ENGINE_ID if already set
2021-04-12 01:47:01 -06:00
ee22d27cf8
add sanity check that engine can be loaded
2021-04-11 20:48:18 +07:00
c34025b186
add option to use an engine with openssl test script
2021-04-11 20:06:13 +07:00
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
302c6dfe11
addressed jenkins failure part3
2021-03-05 08:19:22 +09:00
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
d67934f6b8
scripts: remove use of `realpath` and fix `external.test`
...
`external.test` could fail quietly for not finding `ping.test` for
out-of-tree builds. Make it look relative to the script location.
2021-02-10 14:18:32 -08:00
9b6f382b2c
testing: fix openssl test for `distcheck`
...
Previously missed case of cert locations for out-of-tree build. Use
relative path from script location for certificate path
2021-02-10 07:15:22 -08:00
12eddee104
scripts: fix tests for out of tree `distcheck`
...
Copying or using certs from directory relative to scripts source directory.
2021-02-08 10:43:31 -08:00
c17597a4fb
build: arbitrary path for `make check`
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
93ea355217
build: fix `make distcheck`
...
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.
Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
2021-02-05 07:25:07 -08:00
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
9598c03716
Free mutex and fix test script
2020-12-30 17:40:15 -08:00
c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug
...
Fix bug where OCSP stapling wasn't happening even when requested by client
2020-12-29 14:23:10 -08:00
eeefe043ec
scripts/: nix `timeout` wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability.
2020-12-16 17:31:53 -06:00
801aa18b9e
Fix bug where OCSP stapling wasn't happening even when requested by client.
...
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
2020-12-15 16:56:21 -06:00
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr
...
Fixes for TLS sniffer with v1.3 (HRR and Certs)
2020-11-18 16:07:11 -08:00
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
d208779974
Added test case for TLS v1.3 with HRR (hello_retry_request)
2020-11-12 08:59:10 -08:00
1cbc2e8608
openssl.test: recognize TLS13-AES128-CCM-8-SHA256 and TLS13-AES128-CCM8-SHA256 as equivalent while iterating through $wolf_ciphers.
2020-11-11 23:23:28 -06:00
5625929c83
scripts/external.test: skip test when -UHAVE_ECC.
2020-11-10 01:27:45 -06:00
196ae63eb2
scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible).
2020-11-10 00:03:02 -06:00
3858bda7e9
add "module", "modules_install", and "clean_module" rules to BUILD_LINUXKM section of Makefile.am, and add working install rule to linuxkm/Makefile, so that "make module" and "make modules_install" now work when --enable-linuxkm; fix "make dist" logic in Makefile.am and scripts/include.am to be unaffected by --enable-linuxkm; don't build wolfcrypt/benchmark or testwolfcrypt when --enable-linuxkm and --enable-crypttests.
2020-11-04 14:13:39 -06:00
139b0431cb
ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain").
2020-10-28 17:28:05 -05:00
0568ec304f
pass -4 flag to openssl and nc only when IPV6_SUPPORTED.
2020-10-28 17:28:05 -05:00
94a3f86dcd
scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful.
2020-10-28 17:28:05 -05:00
7a5cbaa9bc
fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build.
2020-10-28 17:28:05 -05:00
81849e64b8
scripts/openssl.test: for "-psk" cases, use "-psk key", not "-psk=key", for OpenSSL 1.0.2 compatibility.
2020-10-21 23:30:14 -05:00
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
9df9fb7936
unit.test: add bwrap wrapper script at scripts/unit.test.
2020-09-17 12:03:44 -05:00
5ed2fe8092
scripts/: more race elimination/mitigation.
2020-09-17 12:03:44 -05:00
26901d1cd9
scripts/ocsp-stapling2.test: eliminate races.
2020-09-17 12:03:44 -05:00
b669f8eeb9
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-14 16:06:45 -05:00
d8dc6be5b9
scripts/ocsp-stapling2.test: try using a static prechecked port for the servers on ready_file5 too.
2020-09-12 01:13:35 -05:00
51046d45d3
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-12 00:20:38 -05:00
1e9971f64c
scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace.
2020-09-11 18:20:27 -05:00
8f25456f86
scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-11 15:30:37 -05:00
7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth
...
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
2020-09-03 15:55:38 -07:00
9901eb9272
Merge pull request #3249 from SparkiDev/tls13_early_data_fix
...
TLS 1.3 Early Data: fix
2020-09-03 14:49:39 -07:00
89b9a77eca
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
...
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
2020-09-01 15:27:46 +10:00
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
6a984da53f
Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use `-b` bind to any on server). Fix to use random port number for the `oscp-stapling.test` script. Reduce delay times in scripts.
2020-08-25 10:55:41 -07:00
ceed98b952
Modify the openssl test script to run the openssl commands in an eval.
2020-08-12 16:59:10 -07:00
93cdfd7132
Update OpenSSL interopability testing
...
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
2020-08-11 16:44:45 +10:00
70aa11f0a9
Merge pull request #3153 from ethanlooney/15th_branch
...
Added unit tests for Logging.c
2020-07-28 16:35:31 -06:00
563806c497
Changed the log dump txt file's directory to include /tests and added it to make clean
2020-07-23 10:12:40 -07:00
b500a54fc5
Added new file to read in and dump error message and added cleanup within cleanup script
2020-07-21 12:30:43 -07:00
e6017de19d
Fix in `snifftest` to try loading private key into static ephemeral and private key. Updated pcap files (were missing TCP packets).
2020-07-20 11:10:46 -07:00
23a3ead758
Framework for new TLS v1.3 sniffer tests.
2020-07-17 15:56:56 -07:00
42f3a6d7a4
Put both potential roots for login.live.com into collection for stapling test
2020-07-07 16:02:48 -06:00
392e09c474
Cleanup after TLS 1.3 tests
...
Make sure the server is dead after each test.
Client may not connect to server if cipher suite not supported and
return error as expected.
2020-06-23 09:14:51 +10:00
1d01b87741
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
ba9fd89314
Script Portability
...
1. The openssl interop test script should check that it should run before
doing anything else.
2. The process to create a random port number was using a non-portable
option to the head command. Changed to use the od tool reading from
/dev/random.
3. Ran into a sed that doesn't use the -i option, so changed it to cp its
own bak file and sed from that.
2020-05-18 09:04:41 -07:00
0a6b93fda2
add single quotes around -? in test scripts
2020-03-24 22:40:48 -06:00
6334dd9cb0
Allow mutual authentication to be required for TLS 1.3
2020-03-02 08:50:57 +10:00
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
abee442c1e
Useful script to cleanup test files created.
2019-11-18 15:08:54 -08:00
89db0da0aa
Synchronous Quick Assist Support for Sniffer
...
1. Fixed a compiler warnings.
2. Fixed a memory issue when using the storage callback with QAT.
2019-10-08 16:49:38 -07:00
8ec90339d9
Change the sniffer testsuite to do the IPv6 test when the "-6" option is
...
on the command line.
2019-10-05 19:26:41 -07:00
b6b57154e5
Add the new IPv6 sniffer test file to the automake list.
2019-10-04 14:54:17 -07:00
89ff909d73
Sniffer IPv6
...
1. Sorted out IPv6 configuration for sniff test.
2. Tests the sniffer using an IPv6 file.
2019-10-04 14:54:17 -07:00
fdeb65dec8
WCv4.0.1-stable changes
...
CHAR_BIT to 8, simplify logic from peer review
Update build script
2019-07-16 15:58:56 -06:00
27ea9d9bce
Configure Fixes
...
1. The combination enable-all and disable-rsa breaks some of the
testing. Added the NO_RSA guards as appropriate.
2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they
use test certificates with RSA keys.
2019-03-13 17:54:33 -07:00
275667f0e9
remove ocsp attempt with ipv6 enabled
2019-02-13 19:01:09 -07:00
0459e9842e
OCSP Script Update
...
The check status variable GL_UNREACHABLE is not initialized and there
are times when it is checked and hasn't been set. Initialize it to zero.
2019-01-17 11:36:44 -08:00
e4132d32a4
add ocsp test for more code coverage
2019-01-14 13:52:13 -07:00
6ac384793f
memory management with OCSP requests
2019-01-14 09:49:50 -07:00
a00eaeb877
add ocsp stapling test and initialize values
2019-01-04 13:16:47 -07:00
3729b12fae
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-08-30 14:44:49 -06:00
fc64788092
Merge pull request #1795 from SparkiDev/tls13_no_tls12
...
Fixes to work when compiled with TLS 1.3 only
2018-08-29 16:16:46 -07:00
487c60df78
Fixes to work when compiled with TLS 1.3 only
...
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
46c04cafd3
change grep message for RSA key size with tests
2018-08-24 16:47:37 -06:00
c3ab52ed44
key size check on ocsp-stapling2 test
2018-08-15 09:52:43 -06:00
f74406d2c9
check max key size with ocsp stapling test
2018-08-15 09:52:43 -06:00
280de47d06
Use pzero solutions on servers and clients in addition to ocsp responders
2018-08-10 14:17:17 -06:00
c288a214b1
give servers time to shut-down after client connection
2018-08-10 11:57:35 -06:00
ba3bc59771
further test control over ocsp-stapling tests
2018-08-10 11:44:16 -06:00
735e4a0986
ocsp stapling tests to wait until unit tests are complete
2018-08-10 11:18:04 -06:00
35dbf9a6fe
address file restoration issue present when git not available
2018-08-10 10:24:42 -06:00
c7f1d810c3
update ocsp test case for portability and informative updates on use of environment variable
2018-08-07 10:42:18 -06:00
30d6c0c1fc
Merge pull request #1737 from ejohnstown/ocsp-free
...
OCSP Free
2018-08-06 09:08:01 -07:00
f45dbed8f9
OCSP
...
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder.
2. Modify the client's W option to take:
- 1 for Stapling v1
- 2 for Stapling v2
- 3 for Stapling v2 MULTI
3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
Daniel Pouzzner
Anthony Hu
Marco Oliverio
Sean Parkinson
David Garske
Elms
JacobBarthelmeh
Hideki Miyazaki
Tesfa Mael
John Safranek
Hayden Roche
toddouska
Chris Conlon
Ethan Looney
kaleb-himes
Eric Blankenhorn
Carie Pointer