Add ocsp responder test to testsuite.c and tested on windows

Author: julek-wolfssl

IDE/WIN/user_settings.h

@@ -40,6 +40,11 @@
     #define HAVE_CRL
     #define HAVE_CRL_MONITOR
 
+    #define HAVE_OCSP
+    #define HAVE_OCSP_RESPONDER
+    #define WOLFSSL_CERT_GEN
+    #define HAVE_CERTIFICATE_STATUS_REQUEST
+
     #if defined(WOLFSSL_LIB)
         /* The lib */
         #define OPENSSL_EXTRA

examples/ocsp_responder/ocsp_responder.c

@@ -53,8 +53,10 @@
 #include <string.h>
 
 /* Define mygetopt variables (used by mygetopt_long in test.h) */
+#ifndef NO_MAIN_DRIVER
 int myoptind = 0;
 char* myoptarg = NULL;
+#endif
 
 #ifdef _WIN32
     #include <winsock2.h>
@@ -84,15 +86,6 @@ char* myoptarg = NULL;
 #define MAX_PATH_LEN      256
 #define MAX_CERTS         16
 
-/* Simple logging macro */
-#define LOG_ERROR(...)                                                         \
-    do {                                                                       \
-        if (got_signal)                                                        \
-            fprintf(stderr, "Shutdown requested, exiting loop\n");             \
-        else                                                                   \
-            fprintf(stderr, __VA_ARGS__);                                      \
-    } while (0)
-
 
 #define LOG_MSG(...)                                                           \
     do {                                                                       \
@@ -109,6 +102,21 @@ static void sig_handler(int sig)
     (void)sig;
     got_signal = 1;
 }
+
+/* Simple logging macro */
+#define LOG_ERROR(...)                                                         \
+    do {                                                                       \
+        if (got_signal)                                                        \
+            fprintf(stderr, "Shutdown requested, exiting loop\n");             \
+        else                                                                   \
+            fprintf(stderr, __VA_ARGS__);                                      \
+    } while (0)
+#else
+/* Simple logging macro */
+#define LOG_ERROR(...)                                                         \
+    do {                                                                       \
+        fprintf(stderr, __VA_ARGS__);                                          \
+    } while (0)
 #endif
 
 /* Index file entry structure */
@@ -737,6 +745,8 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
         }
     }
 
+    myoptind = 0;      /* reset for test cases */
+
     /* Validate required options */
     if (opts.certFile == NULL) {
         LOG_ERROR("Error: CA certificate required (-c)\n");
@@ -855,9 +865,32 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
         }
     }
 
+#ifdef USE_WINDOWS_API
+    if (opts.port == 0) {
+        /* Generate random port for testing */
+        opts.port = GetRandomPort();
+    }
+#endif /* USE_WINDOWS_API */
+
     /* Create and listen on server socket */
     tcp_listen(&sockfd, &opts.port, 1, 0, 0);
 
+#ifndef SINGLE_THREADED
+    /* Signal readiness via tcp_ready if provided (for in-process testing) */
+    if (myargs->signal != NULL) {
+        tcp_ready* ready = myargs->signal;
+    #ifdef WOLFSSL_COND
+        THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
+    #endif
+        ready->ready = 1;
+        ready->port  = opts.port;
+    #ifdef WOLFSSL_COND
+        THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
+        THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
+    #endif
+    }
+#endif /* !SINGLE_THREADED */
+
     /* Write ready file if requested */
     if (opts.readyFile != NULL) {
         XFILE rf = XFOPEN(opts.readyFile, "w");
@@ -1007,10 +1040,6 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
     if (caKeyDer)
         XFREE(caKeyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-#ifdef _WIN32
-    WSACleanup();
-#endif
-
     myargs->return_code = ret;
 #ifndef WOLFSSL_THREAD_VOID_RETURN
     return (THREAD_RETURN)0;
@@ -1025,6 +1054,8 @@ int main(int argc, char** argv)
     func_args args;
     int ret;
 
+    StartTCP();
+
 #ifdef HAVE_WNR
     if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
         err_sys("Whitewood netRandom global config failed");

src/crl.c

@@ -2554,7 +2554,7 @@ int wolfSSL_X509_CRL_sign(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* pkey,
     CRL_Entry* entry;
     byte* issuerDer = NULL;
     int issuerSz = 0;
-    int sigType;
+    int sigType = 0;
     int tbsSz = 0;
     int totalSz = 0;
     byte* buf = NULL;
@@ -2794,10 +2794,10 @@ int wolfSSL_X509_CRL_sign(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* pkey,
          */
         {
             word32 idx = 0;
-            int len;
+            int len = 0;
             word32 tbsStart = 0;
             word32 tbsLen = 0;
-            int sigLen;
+            int sigLen = 0;
 
             /* Parse outer SEQUENCE */
             if (GetSequence(buf, &idx, &len, (word32)totalSz) < 0) {

src/pk.c

@@ -6015,11 +6015,11 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
                 break;
 #endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
+    defined(WOLFSSL_KEY_GEN)
             case WC_EVP_PKEY_DSA:
                 ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa);
                 break;
-#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
+#endif /* !NO_DSA && !HAVE_SELFTEST && defined(WOLFSSL_KEY_GEN) */
 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
     defined(WOLFSSL_KEY_GEN)
             case WC_EVP_PKEY_EC:

src/ssl_certman.c

@@ -2993,10 +2993,10 @@ int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s)
    don't allow chain ones to be added w/o isCA extension */
 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 {
-    int         ret;
+    int         ret = 0;
     Signer*     signer = NULL;
-    word32      row;
-    byte*       subjectHash;
+    word32      row = 0;
+    byte*       subjectHash = NULL;
     WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
     DerBuffer*   der = *pDer;
 

src/tls.c

@@ -3237,7 +3237,7 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
         if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
                 SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
                 SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL) {
-            return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspCsrResp[idx].length;
+            return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspCsrResp[idx].length);
         }
         return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
                 csr->responses[idx].length);

src/tls13.c

@@ -8662,7 +8662,7 @@ static int WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts,
             if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) &&
                 certExts[extIdx] == NULL) {
                 /* csr extension is not zero */
-                extSz[extIdx] = tmpSz;
+                extSz[extIdx] = (word16)tmpSz;
 
                 ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset,
                                                     CERT_TYPE, ssl->heap);
@@ -8902,7 +8902,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
                 return ret;
 
             ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0],
-                    1 /* +1 for leaf */ + ssl->buffers.certChainCnt);
+                    1 /* +1 for leaf */ + (word16)ssl->buffers.certChainCnt);
             if (ret < 0)
                 return ret;
             totalextSz += ret;

src/x509.c

@@ -11641,7 +11641,7 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
     cert->isCA    = wolfSSL_X509_get_isCA(x509);
     cert->basicConstCrit = x509->basicConstCrit;
     cert->basicConstSet = x509->basicConstSet;
-    cert->pathLen = x509->pathLength;
+    cert->pathLen = (byte)x509->pathLength;
     cert->pathLenSet = x509->pathLengthSet;
 
 #ifdef WOLFSSL_CERT_EXT

testsuite/include.am

@@ -12,6 +12,7 @@ testsuite_testsuite_test_SOURCES = \
 			      examples/echoclient/echoclient.c \
 			      examples/echoserver/echoserver.c \
 			      examples/server/server.c \
+			      examples/ocsp_responder/ocsp_responder.c \
 			      testsuite/testsuite.c
 testsuite_testsuite_test_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE)
 testsuite_testsuite_test_LDADD        = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB)