From 02313046074af56ca87884acf6c04a7f91e78114 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 7 Mar 2022 17:19:31 -0600
Subject: [PATCH] fixes for make check with --enable-all (now including
 --enable-earlydata) with fips or asynccrypt:

in scripts/tls13.test, use fips-compatible server-side cipher suite for "TLS v1.3 cipher suite mismatch" test, and modernize some syntax;

in configure.ac, omit earlydata from enable-all when asynccrypt, pending fix;

also in configure.ac, fix AC_CHECK_DECLS()-overriding-AC_CHECK_FUNCS() kludge, to fix CPPFLAGS=-std=c99 builds.
---
 configure.ac       | 13 +++++++------
 scripts/tls13.test | 44 ++++++++++++++++++++++----------------------
 2 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/configure.ac b/configure.ac
index eb23164c6..b930c50ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,12 +97,10 @@ AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset
 AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
-    echo "    note: earlier check for $(eval 'echo ${as_decl_name}') superseded."
-    eval "$(eval 'echo ac_cv_func_${as_decl_name}=no')"
+    AC_MSG_NOTICE([    note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
+    eval "ac_cv_func_${as_decl_name}=no"
     _mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'`
-    echo "g/#define $_mask_varname 1/s//\/* #undef $_mask_varname *\//
-wq
-." | ed -s confdefs.h
+    sed --in-place "s~^#define ${_mask_varname} 1$~~" confdefs.h
 fi
 ], [[
 #ifdef HAVE_SYS_SOCKET_H
@@ -586,7 +584,10 @@ then
     test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
 
-    test "$enable_earlydata" = "" && enable_earlydata=yes
+    # don't add earlydata when assynccrypt, pending fix:
+    if test "$enable_asynccrypt" != "yes"; then
+        test "$enable_earlydata" = "" && enable_earlydata=yes
+    fi
 
     if test "$ENABLED_32BIT" != "yes"
     then
diff --git a/scripts/tls13.test b/scripts/tls13.test
index 144ddf3ee..7e1a33238 100755
--- a/scripts/tls13.test
+++ b/scripts/tls13.test
@@ -23,12 +23,12 @@ counter=0
 # let's use absolute path to a local dir (make distcheck may be in sub dir)
 # also let's add some randomness by adding pid in case multiple 'make check's
 # per source tree
-ready_file=`pwd`/wolfssl_tls13_ready$$
-client_file=`pwd`/wolfssl_tls13_client$$
+ready_file="$(pwd)/wolfssl_tls13_ready$$"
+client_file="$(pwd)/wolfssl_tls13_client$$"
 # Server output
-server_out_file=`pwd`/wolfssl_tls13_server_out$$
+server_out_file="$(pwd)/wolfssl_tls13_server_out$$"
 # Client output
-client_out_file=`pwd`/wolfssl_tls13_client_out$$
+client_out_file="$(pwd)/wolfssl_tls13_client_out$$"
 
 echo "ready file "$ready_file""
 
@@ -49,7 +49,7 @@ create_port() {
         sleep 0.1
 
         # get created port 0 ephemeral port
-        port=`cat "$ready_file"`
+        port="$(cat "$ready_file")"
     else
         echo -e "NO ready file ending test..."
         do_cleanup
@@ -69,7 +69,7 @@ do_cleanup() {
     if  [ $server_pid != $no_pid ]
     then
         echo "killing server"
-        kill -9 $server_pid
+        kill -9 $server_pid 2>/dev/null
         server_pid=$no_pid
     fi
     remove_ready_file
@@ -124,7 +124,7 @@ echo ""
 # TLS 1.3 cipher suites server / client.
 echo -e "\n\nTLS v1.3 cipher suite mismatch"
 port=0
-./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
+./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-AES128-GCM-SHA256 &
 server_pid=$!
 create_port
 ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
@@ -138,9 +138,9 @@ fi
 do_cleanup
 echo ""
 
-cat ./wolfssl/options.h | grep -- 'NO_CERTS'
+cat ./wolfssl/options.h | grep -F -e 'NO_CERTS'
 NO_CERTS=$?
-cat ./wolfssl/options.h | grep -- 'WOLFSSL_NO_CLIENT_AUTH'
+cat ./wolfssl/options.h | grep -F -e 'WOLFSSL_NO_CLIENT_AUTH'
 NO_CLIENT_AUTH=$?
 if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
     # TLS 1.3 mutual auth required but client doesn't send certificates.
@@ -162,7 +162,7 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
 fi
 
 # Check for TLS 1.2 support
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+./examples/client/client -v 3 2>&1 | grep -F -e 'Bad SSL version'
 if [ $? -ne 0 ]; then
     # TLS 1.3 server / TLS 1.2 client.
     echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
@@ -202,7 +202,7 @@ if [ $? -ne 0 ]; then
     for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256
     do
         echo $CS
-        ./examples/client/client -e | grep $CS >/dev/null
+        ./examples/client/client -e | grep -F -e "$CS" >/dev/null
         if [ "$?" = "0" ]; then
             TLS12_CS=$CS
             break
@@ -234,11 +234,11 @@ if [ $? -ne 0 ]; then
 fi
 
 # Check for EarlyData support
-./examples/client/client -? 2>&1 | grep -- 'Early data'
+./examples/client/client -? 2>&1 | grep -F -e 'Early data'
 if [ $? -eq 0 ]; then
     early_data=yes
 fi
-./examples/client/client -? 2>&1 | grep -- 'Shared keys'
+./examples/client/client -? 2>&1 | grep -F -e 'Shared keys'
 if [ $? -eq 0 ]; then
     psk=yes
 fi
@@ -254,13 +254,13 @@ if [ "$early_data" = "yes" ]; then
     RESULT=$?
     cat "$client_out_file"
     remove_ready_file
-    grep 'Session Ticket' "$client_out_file"
+    grep -F -e 'Session Ticket' "$client_out_file"
     session_ticket=$?
-    
-    ed_srv_msgcnt=`grep 'Early Data Client message' "$server_out_file" | wc -l`
-    ed_srv_status_cnt=`grep 'Early Data was' "$server_out_file" | wc -l`
-    if [ $session_ticket -eq 0 -a $ed_srv_msgcnt -ne 2 \
-        -a $ed_srv_status_cnt -ne 2]; then
+
+    ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
+    ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
+    if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
+        -a $ed_srv_status_cnt -ne 2 ]; then
         RESULT=1
     fi
     if [ $RESULT -ne 0 ]; then
@@ -286,15 +286,15 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
     # wait for the server to quit and write output
     wait $server_pid
 
-    ed_srv_msgcnt=`grep 'Early Data Client message' "$server_out_file" | wc -l`
-    ed_srv_status_cnt=`grep 'Early Data was' "$server_out_file" | wc -l`
+    ed_srv_msgcnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
+    ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
     if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
         echo
         echo "Server out file"
         cat "$server_out_file"
         echo
         echo "Found lines"
-        grep 'Early Data' "$server_out_file"
+        grep -F -e 'Early Data' "$server_out_file"
         echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt"
         RESULT=1
     fi