diff options
| author | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-12-19 07:52:12 +0000 |
|---|---|---|
| committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-12-19 07:52:12 +0000 |
| commit | 62f162f64c23a5e6b872ff8ee540d375b7e27168 (patch) | |
| tree | 4b2d904a2838de569da16f2814a6e1107b778167 | |
| parent | 0b03bec946b28cb60d71e647d1597322689e8bb0 (diff) | |
| parent | d8f627a74f5f269f592b6eeedd37cce68333f6be (diff) | |
| download | gnutls-62f162f64c23a5e6b872ff8ee540d375b7e27168.tar.gz | |
Merge branch 'tmp-portable-tests' into 'master'
Make some tests more portable
See merge request gnutls/gnutls!819
| -rw-r--r-- | .gitlab-ci.yml | 1 | ||||
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | tests/cert-tests/Makefile.am | 4 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool | 13 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool-crl-decoding | 11 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool-ecdsa | 6 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool-eddsa | 37 | ||||
| -rwxr-xr-x | tests/cert-tests/pem-decoding | 27 | ||||
| -rwxr-xr-x | tests/cert-tests/pkcs12-corner-cases | 7 | ||||
| -rwxr-xr-x | tests/cert-tests/pkcs12-utf8 | 2 | ||||
| -rwxr-xr-x | tests/gnutls-cli-debug.sh | 90 | ||||
| -rwxr-xr-x | tests/long-crl.sh | 19 | ||||
| -rw-r--r-- | tests/scripts/common.sh | 27 |
13 files changed, 133 insertions, 116 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1817df1a90..0ba9f7eb52 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -515,6 +515,7 @@ Debian.cross.i686-linux-gnu: - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" - ./bootstrap + - sed -i '/errno.==.EINVAL/d' gl/tests/test-strerror.c - mkdir -p build - cd build # Debian's softhsm package is not multiarch yet. Missing softhsm libraries diff --git a/configure.ac b/configure.ac index d44791bd91..21ab6bbe9d 100644 --- a/configure.ac +++ b/configure.ac @@ -60,6 +60,11 @@ fi AX_CODE_COVERAGE AM_MAINTAINER_MODE([enable]) +AC_ARG_ENABLE(bash-tests, + AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]), + enable_bash_tests=$enableval, enable_bash_tests=yes) +AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes") + AC_ARG_ENABLE(doc, AS_HELP_STRING([--disable-doc], [don't generate any documentation]), enable_doc=$enableval, enable_doc=yes) diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 26dd5b22bb..0e5692df6d 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -162,5 +162,9 @@ else TESTS_ENVIRONMENT += ENABLE_GOST=0 endif +if DISABLE_BASH_TESTS +TESTS_ENVIRONMENT += DISABLE_BASH_TESTS=1 +endif + distclean-local: rm -rf tmp-* *.tmp diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index 3c7c620dee..5f1276e60e 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2014-2018 Nikos Mavrogiannopoulos # Copyright (C) 2018 Red Hat, Inc. @@ -27,6 +27,10 @@ TMPFILE1=certtool-file1.$$.tmp TMPFILE2=certtool-file2.$$.tmp PASS="1234" +if test -n "$DISABLE_BASH_TESTS"; then + exit 77 +fi + if ! test -x "${CERTTOOL}"; then exit 77 fi @@ -43,8 +47,11 @@ if test -n "${SETSID}";then exit 1 fi - #check whether ask-pass is being honoured - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} + #check whether password is being honoured + #some CI runners need GNUTLS_PIN (GNUTLS_PIN=${PASS}) + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 <<EOF +$PASS +EOF if test $? != 0;then cat ${TMPFILE2} echo "cert generation failed" diff --git a/tests/cert-tests/certtool-crl-decoding b/tests/cert-tests/certtool-crl-decoding index 36fb1ea46d..dadc92cbf7 100755 --- a/tests/cert-tests/certtool-crl-decoding +++ b/tests/cert-tests/certtool-crl-decoding @@ -24,7 +24,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" OUTFILE="crl.$$.pem" if ! test -x "${CERTTOOL}"; then @@ -35,21 +34,21 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" fi +. "${srcdir}/../scripts/common.sh" + # crl-demo1.pem: version 2 CRL with a single extension # crl-demo2.pem: version 2 CRL with two extensions (one critical) # crl-demo3.pem: version 1 CRL with many revoked certificates for i in "crl-demo1.pem" "crl-demo2.pem" "crl-demo3.pem";do ${VALGRIND} "${CERTTOOL}" --crl-info --infile "${srcdir}/data/$i" >$OUTFILE -rc=$? - -if test "${rc}" != 0;then +if test $? != 0; then echo "Could not read CRL $i" exit 1 fi -$DIFF -I 'warning:' ${OUTFILE} "${srcdir}/data/$i" -if test $? != 0;then +check_if_equal ${OUTFILE} "${srcdir}/data/$i" "warning:" +if test $? != 0; then echo "Error in parsing cert with long OIDs" exit 1 fi diff --git a/tests/cert-tests/certtool-ecdsa b/tests/cert-tests/certtool-ecdsa index 2cb1aac134..9811777b1f 100755 --- a/tests/cert-tests/certtool-ecdsa +++ b/tests/cert-tests/certtool-ecdsa @@ -22,7 +22,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" KEYFILE=ecdsa-privkey.$$.tmp TMPFILE=ecdsa.$$.tmp @@ -38,6 +37,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi +. "${srcdir}/../scripts/common.sh" ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-ecc256-full.pem" --outfile "${TMPFILE}" rc=$? @@ -47,7 +47,7 @@ if test "${rc}" != "0"; then exit 1 fi -$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" "Not After:" if test $? != 0;then echo "Error in parsing ECDSA cert" exit 1 @@ -60,7 +60,7 @@ if test "${rc}" != "0"; then exit 1 fi -$DIFF ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem" if test $? != 0;then echo "Error in parsing ECDSA public key" exit 1 diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index 8b2714dcde..c097fbf6c6 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -22,9 +22,9 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" KEYFILE=eddsa-privkey.$$.tmp TMPFILE=eddsa.$$.tmp +TMPFILE2=eddsa2.$$.tmp if ! test -x "${CERTTOOL}"; then exit 77 @@ -38,17 +38,17 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi +. "${srcdir}/../scripts/common.sh" # Test certificate in draft-ietf-curdle-pkix-04 ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue parsing the certificate" exit 1 fi -$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" "Not After:" if test $? != 0;then echo "Error in parsing EdDSA cert" exit 1 @@ -56,13 +56,12 @@ fi # Test public key in draft-ietf-curdle-pkix-04 ${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-eddsa.pem" --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not read an EdDSA public key" exit 1 fi -$DIFF ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem" if test $? != 0;then echo "Error in parsing EdDSA public key" exit 1 @@ -72,16 +71,14 @@ fi # Create an RSA-PSS private key, restricted to the use with RSA-PSS ${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ --key-type eddsa --outfile "$KEYFILE" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA key" exit 1 fi ${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not read generated an EdDSA key" exit 1 fi @@ -92,16 +89,14 @@ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --pkcs8 --load-privkey "$KEYFILE" --password '' \ --template "${srcdir}/templates/template-test.tmpl" \ --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA certificate from an EdDSA key" exit 1 fi ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the generated certificate (1)" exit 1 fi @@ -113,33 +108,29 @@ ${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type eddsa \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ --template "${srcdir}/templates/template-test.tmpl" \ --outfile "${TMPFILE}" 2>/dev/null -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA certificate $i" exit 1 fi ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the generated certificate (2)" exit 1 fi -rm -f "${TMPFILE}" +rm -f "${TMPFILE}" "${TMPFILE2}" rm -f "${KEYFILE}" -. ${srcdir}/../scripts/common.sh check_for_datefudge # Test certificate chain using Ed25519 datefudge "2017-7-6" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the Ed25519 chain" exit 1 fi diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index 1daf926317..267a1fc7f3 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -24,7 +24,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" if ! test -x "${CERTTOOL}"; then exit 77 @@ -34,6 +33,8 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi +. "${srcdir}/../scripts/common.sh" + TMPFILE=tmp-$$.pem.tmp TMPFILE1=tmp1-$$.pem.tmp TMPFILE2=tmp2-$$.pem.tmp @@ -57,8 +58,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -#FIXME: the output string differs in windows and linux on the last char. -${DIFF} -I 'Algorithm Security Level' "${srcdir}/data/bmpstring.pem" ${TMPFILE} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${srcdir}/data/bmpstring.pem" ${TMPFILE} +check_if_equal "${srcdir}/data/bmpstring.pem" ${TMPFILE} "Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -75,9 +75,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat "${srcdir}/data/complex-cert.pem" |grep -v "Not After:" >${TMPFILE1} -cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2} -${DIFF} -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +check_if_equal "${srcdir}/data/complex-cert.pem" ${TMPFILE} "Not After:|Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -94,9 +92,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat "${srcdir}/data/xmpp-othername.pem" |grep -v "Not After:" >${TMPFILE1} -cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2} -${DIFF} -I ^warning -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +check_if_equal "${srcdir}/data/xmpp-othername.pem" ${TMPFILE} "^warning|Not After:|Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -112,9 +108,9 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat ${TMPFILE} |grep "KRB5Principal:" >${TMPFILE1} -cat "${srcdir}/data/template-krb5name-full.pem" |grep "KRB5Principal:" >${TMPFILE2} -${DIFF} -I 'Algorithm Security Level' -u ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' -u --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +grep "KRB5Principal:" ${TMPFILE} >${TMPFILE1} +grep "KRB5Principal:" "${srcdir}/data/template-krb5name-full.pem" >${TMPFILE2} +check_if_equal ${TMPFILE1} ${TMPFILE2} rc=$? if test "${rc}" != "0"; then @@ -138,7 +134,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -u ${TMPFILE} "${GOSTCERT}" || ${DIFF} -u --strip-trailing-cr "${TMPFILE}" "${GOSTCERT}" +check_if_equal ${TMPFILE} "${GOSTCERT}" rc=$? if test "${rc}" != "0"; then @@ -155,7 +151,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/gost94-cert.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost94-cert.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/gost94-cert.pem" "Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -171,7 +167,8 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/multi-value-dn.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/multi-value-dn.pem" +# Needed for FIPS140 mode +check_if_equal "${srcdir}/data/multi-value-dn.pem" ${TMPFILE} "Algorithm Security Level:" rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/pkcs12-corner-cases b/tests/cert-tests/pkcs12-corner-cases index 5a0e615b3b..0b9c482db7 100755 --- a/tests/cert-tests/pkcs12-corner-cases +++ b/tests/cert-tests/pkcs12-corner-cases @@ -38,7 +38,8 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=6" fi -DIFF="${DIFF:-diff}" +. "${srcdir}/../scripts/common.sh" + TMPFILE="pkcs12-corner.$$.tmp" # Cases from oss-fuzz @@ -79,7 +80,7 @@ for p12 in "key-corpus-rc2-1.p12";do set -- ${p12} file="$1" "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ - --infile "${srcdir}/data/${file}" >${TMPFILE} 2>/dev/null + --infile "${srcdir}/data/${file}" | tr -d '\r' >${TMPFILE} 2>/dev/null rc=$? if test ${rc} != 0 && test ${rc} != 1; then cat ${TMPFILE} @@ -87,7 +88,7 @@ for p12 in "key-corpus-rc2-1.p12";do exit 1 fi - ${DIFF} --strip-trailing-cr ${TMPFILE} "${srcdir}/data/${file}.out" + check_if_equal ${TMPFILE} "${srcdir}/data/${file}.out" rc=$? if test ${rc} != 0;then echo "Output differs in ${file}.out ${TMPFILE}" diff --git a/tests/cert-tests/pkcs12-utf8 b/tests/cert-tests/pkcs12-utf8 index 1842136eaa..ace10ca181 100755 --- a/tests/cert-tests/pkcs12-utf8 +++ b/tests/cert-tests/pkcs12-utf8 @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2016 Red Hat, Inc. # Inc. diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 017db46e0b..10a3b182f1 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2017-2018 Red Hat, Inc. # @@ -74,31 +74,33 @@ timeout 1800 datefudge "2017-08-9" \ kill ${PID} wait - -declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" - "for TLS 1.1 (RFC4346) support... yes" "for TLS 1.2 (RFC5246) support... yes" - "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" - "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" - "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" - "for AES-GCM cipher (RFC5288) support... yes" - "for SHA1 MAC support... yes") - -if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then -#these tests are not run in FIPS mode -arr+=("for MD5 MAC support... no") -arr+=("for ARCFOUR 128 cipher (RFC2246) support... no") -arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes") -fi - -for txt in "${arr[@]}" -do - echo " - Checking ${OUTFILE} for \"${txt}\"" - grep "$txt" $OUTFILE >/dev/null - if test $? != 0;then +check_text() { + echo " - Checking ${OUTFILE} for \"$1\"" + grep "$1" $OUTFILE >/dev/null + if test $? != 0; then echo "failed" exit 1 fi -done +} + +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... yes" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for SHA1 MAC support... yes" +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" +fi rm -f ${OUTFILE} @@ -118,32 +120,26 @@ timeout 1800 datefudge "2017-08-9" \ kill ${PID} wait -declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" - "for TLS 1.1 (RFC4346) support... no" "for TLS 1.2 (RFC5246) support... yes" - "for TLS 1.3 (RFC8446) support... yes" - "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" - "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" - "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" - "for AES-GCM cipher (RFC5288) support... yes" - "for SHA1 MAC support... yes") - -if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then -#these tests are not run in FIPS mode -arr+=("for MD5 MAC support... no") -arr+=("for ARCFOUR 128 cipher (RFC2246) support... no") -arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes") +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... no" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "for TLS 1.3 (RFC8446) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for SHA1 MAC support... yes" +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" fi -for txt in "${arr[@]}" -do - echo " - Checking ${OUTFILE} for \"${txt}\"" - grep "$txt" $OUTFILE >/dev/null - if test $? != 0;then - echo "failed" - exit 1 - fi -done - rm -f ${OUTFILE} exit 0 diff --git a/tests/long-crl.sh b/tests/long-crl.sh index 74327e36c6..3abd910cbd 100755 --- a/tests/long-crl.sh +++ b/tests/long-crl.sh @@ -21,7 +21,6 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -DIFF="${DIFF:-diff}" CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" if ! test -x "${CERTTOOL}"; then @@ -32,24 +31,20 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi +. "${srcdir}/scripts/common.sh" + TMPFILE=long.$$.pem.tmp -rm -f $TMPFILE ${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/data/long.crl" --outfile $TMPFILE -rc=$? - -# We're done. -if test "${rc}" != "0"; then +if test $? != 0; then echo "CRL decoding failed 1!" - exit ${rc} + exit 1 fi -${DIFF} -I ^warning "${srcdir}/data/long.pem" "$TMPFILE" || ${DIFF} -I ^warning --strip-trailing-cr "${srcdir}/data/long.pem" $TMPFILE -rc=$? - -if test "${rc}" != "0"; then +check_if_equal "${srcdir}/data/long.pem" $TMPFILE "^warning" +if test $? != 0; then echo "CRL decoding failed 2!" - exit ${rc} + exit 1 fi rm -f $TMPFILE diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 1567d8e614..1cce09d04e 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -59,7 +59,10 @@ check_if_port_listening() { } # Find a port number not currently in use. -GETPORT='rc=0; myrandom=$(date +%N | sed s/^0*//) +GETPORT='rc=0; unset myrandom + if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi + if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi + if test -z "$myrandom"; then myrandom=0; fi while test $rc = 0;do PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" check_if_port_in_use $PORT;rc=$? @@ -117,7 +120,7 @@ wait_for_port() { local ret local PORT="$1" - sleep 4 + sleep 1 for i in 1 2 3 4 5 6;do check_if_port_listening ${PORT} @@ -144,7 +147,7 @@ wait_for_free_port() if test $ret != 0;then break else - sleep 20 + sleep 2 fi done return $ret @@ -260,3 +263,21 @@ terminate_proc() { kill_quiet -9 $pid sleep 0.1 } + +# $1, $2: the two files to check for equality +# $3: Strings to be ignored, separated by | +check_if_equal() { + if test -n "$3"; then + local tmp1=`basename "$1"`"1.tmp" + local tmp2=`basename "$2"`"2.tmp" + egrep -v "$3" "$1" | tr -d '\r' >"$tmp1" + egrep -v "$3" "$2" | tr -d '\r' >"$tmp2" + diff -b -B "$tmp1" "$tmp2" + local rc=$? + rm -f "$tmp1" "$tmp2" + return $rc + fi + + diff -b -B "$1" "$2" + return $? +} |