Second round of review

julek-wolfssl · julek-wolfssl · commit 3ff234a4a900 · 2026-03-31T14:07:12.000+02:00
diff --git a/tests/base64/base64-test.py b/tests/base64/base64-test.py
@@ -98,6 +98,7 @@ def test_stdin_input(self):
             [WOLFSSL_BIN, "base64"],
             input=stdin_data,
             capture_output=True,
+            timeout=60,
         )
         self.assertEqual(result.returncode, 0,
                          "Couldn't parse input from stdin")
diff --git a/tests/client/client-test.py b/tests/client/client-test.py
@@ -42,6 +42,7 @@ def test_s_client_x509(self):
             [WOLFSSL_BIN, "x509", "-outform", "pem", "-out", tmp_crt],
             input=s_client.stdout,
             capture_output=True,
+            timeout=60,
         )
 
         # Read back the cert
diff --git a/tests/encrypt/enc-test.py b/tests/encrypt/enc-test.py
@@ -16,7 +16,7 @@ def run_enc(*args, password=""):
     """Run wolfssl enc with a -k password argument appended."""
     cmd = [WOLFSSL_BIN] + list(args) + ["-k", password]
     return subprocess.run(cmd, capture_output=True, text=True,
-                          stdin=subprocess.DEVNULL)
+                          stdin=subprocess.DEVNULL, timeout=60)
 
 
 class EncDecryptTest(unittest.TestCase):
@@ -154,7 +154,7 @@ def test_openssl_enc_wolfssl_dec(self):
 
         ossl = subprocess.run(["openssl", "enc", "-base64", "-aes-256-cbc",
                                 "-k", "test password", "-in", orig, "-out", enc],
-                               capture_output=True)
+                               capture_output=True, timeout=60)
         self.assertEqual(ossl.returncode, 0, ossl.stderr)
 
         r = run_enc("enc", "-base64", "-d", "-aes-256-cbc",
@@ -174,7 +174,7 @@ def test_wolfssl_enc_openssl_dec(self):
 
         ossl = subprocess.run(["openssl", "enc", "-base64", "-d", "-aes-256-cbc",
                                 "-k", "test password", "-in", enc, "-out", dec],
-                               capture_output=True)
+                               capture_output=True, timeout=60)
         self.assertEqual(ossl.returncode, 0, ossl.stderr)
         self.assertTrue(filecmp.cmp(orig, dec, shallow=False))
 
@@ -186,7 +186,7 @@ def test_pbkdf2_openssl_enc_wolfssl_dec(self):
 
         ossl = subprocess.run(["openssl", "enc", "-base64", "-pbkdf2", "-aes-256-cbc",
                                 "-k", "long test password", "-in", orig, "-out", enc],
-                               capture_output=True)
+                               capture_output=True, timeout=60)
         self.assertEqual(ossl.returncode, 0, ossl.stderr)
 
         r = run_enc("enc", "-base64", "-d", "-pbkdf2", "-aes-256-cbc",
@@ -207,7 +207,7 @@ def test_pbkdf2_wolfssl_enc_openssl_dec(self):
         ossl = subprocess.run(["openssl", "enc", "-base64", "-d", "-pbkdf2",
                                 "-aes-256-cbc", "-k", "long test password",
                                 "-in", enc, "-out", dec],
-                               capture_output=True)
+                               capture_output=True, timeout=60)
         self.assertEqual(ossl.returncode, 0, ossl.stderr)
         self.assertTrue(filecmp.cmp(orig, dec, shallow=False))
 
@@ -225,7 +225,8 @@ def test_pbkdf2_wolfssl_pass_flag(self):
         r = subprocess.run(
             [WOLFSSL_BIN, "enc", "-base64", "-d", "-pbkdf2", "-aes-256-cbc",
              "-pass", "pass:long test password", "-in", enc, "-out", dec],
-            capture_output=True, text=True, stdin=subprocess.DEVNULL)
+            capture_output=True, text=True, stdin=subprocess.DEVNULL,
+            timeout=60)
         self.assertEqual(r.returncode, 0, r.stderr)
         self.assertTrue(filecmp.cmp(orig, dec, shallow=False))
 
diff --git a/tests/pkcs/pkcs12-test.py b/tests/pkcs/pkcs12-test.py
@@ -41,6 +41,7 @@ def test_nocerts(self):
             [WOLFSSL_BIN, "pkcs12", "-nodes", "-nocerts",
              "-passin", "stdin", "-passout", "pass:", "-in", P12_FILE],
             input=b"wolfSSL test", capture_output=True, text=False,
+            timeout=60,
         )
         self.assertEqual(r.returncode, 0, r.stderr)
         self.assertNotIn(b"CERTIFICATE", r.stdout)
@@ -50,6 +51,7 @@ def test_nokeys(self):
             [WOLFSSL_BIN, "pkcs12", "-nokeys",
              "-passin", "stdin", "-passout", "pass:", "-in", P12_FILE],
             input=b"wolfSSL test", capture_output=True, text=False,
+            timeout=60,
         )
         self.assertEqual(r.returncode, 0, r.stderr)
         self.assertNotIn(b"KEY", r.stdout)
@@ -64,6 +66,7 @@ def test_nocerts_with_passout(self):
             [WOLFSSL_BIN, "pkcs12", "-passin", "stdin", "-passout", "pass:",
              "-in", P12_FILE, "-nocerts"],
             input=b"wolfSSL test", capture_output=True, text=False,
+            timeout=60,
         )
         self.assertEqual(r.returncode, 0, r.stderr)
 
diff --git a/tests/pkcs/pkcs7-test.py b/tests/pkcs/pkcs7-test.py
@@ -49,6 +49,7 @@ def test_pem_to_der(self):
              "-in", os.path.join(CERTS_DIR, "signed.p7s"),
              "-outform", "DER"],
             capture_output=True, stdin=subprocess.DEVNULL,
+            timeout=60,
         )
         self.assertEqual(r.returncode, 0, r.stderr)
 
@@ -62,6 +63,7 @@ def test_stdin_input(self):
         r = subprocess.run(
             [WOLFSSL_BIN, "pkcs7", "-inform", "DER"],
             input=data, capture_output=True, text=False,
+            timeout=60,
         )
         self.assertIn(b"BEGIN PKCS7", r.stdout + r.stderr)
 
diff --git a/tests/pkcs/pkcs8-test.py b/tests/pkcs/pkcs8-test.py
@@ -86,6 +86,7 @@ def test_stdin_input(self):
         r = subprocess.run(
             [WOLFSSL_BIN, "pkcs8", "-passin", "pass:yassl123"],
             input=data, capture_output=True, text=False,
+            timeout=60,
         )
         self.assertIn(b"BEGIN PRIVATE", r.stdout + r.stderr)
 
diff --git a/tests/pkey/ecparam-test.py b/tests/pkey/ecparam-test.py
@@ -81,9 +81,10 @@ def test_fail_der_params_only(self):
         """Reading DER with parameters only (no key) is not yet supported."""
         self._cleanup("ecc-key.der", "ecc-key.pem")
 
-        run_wolfssl("ecparam", "-in",
-                    os.path.join(CERTS_DIR, "ecc-key.pem"),
-                    "-out", "ecc-key.der", "-outform", "der")
+        r = run_wolfssl("ecparam", "-in",
+                        os.path.join(CERTS_DIR, "ecc-key.pem"),
+                        "-out", "ecc-key.der", "-outform", "der")
+        self.assertEqual(r.returncode, 0, r.stderr)
 
         r = run_wolfssl("ecparam", "-in", "ecc-key.der", "-inform", "der",
                         "-out", "ecc-key.pem", "-outform", "pem")
diff --git a/tests/x509/x509-ca-test.py b/tests/x509/x509-ca-test.py
@@ -275,11 +275,12 @@ def test_selfsign_verify_fails_wrong_ca(self):
         """Self-signed cert should not verify with unrelated CAs."""
         out = "test_ca_selfsign_vf.pem"
         self._clean(out)
-        run_wolfssl("ca", "-config", self.conf,
-                    "-in", self.csr, "-out", out,
-                    "-md", "sha256", "-selfsign",
-                    "-keyfile",
-                    os.path.join(CERTS_DIR, "server-key.pem"))
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", out,
+                        "-md", "sha256", "-selfsign",
+                        "-keyfile",
+                        os.path.join(CERTS_DIR, "server-key.pem"))
+        self.assertEqual(r.returncode, 0, r.stderr)
 
         r1 = run_wolfssl("verify", "-CAfile",
                          os.path.join(CERTS_DIR, "server-cert.pem"), out)
@@ -486,8 +487,9 @@ def test_rand_file_written(self):
         """Rand file should be 256 bytes after cert creation."""
         out = "test_ca_rand.pem"
         self._clean(out)
-        run_wolfssl("ca", "-config", self.conf,
-                    "-in", self.csr, "-out", out)
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", out)
+        self.assertEqual(r.returncode, 0, r.stderr)
         self.assertTrue(os.path.isfile("rand-file-test"))
         size = os.path.getsize("rand-file-test")
         self.assertEqual(size, 256,
@@ -499,16 +501,18 @@ def test_rand_file_changes(self):
         out2 = "test_ca_randc2.pem"
         self._clean(out1, out2)
 
-        run_wolfssl("ca", "-config", self.conf,
-                    "-in", self.csr, "-out", out1)
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", out1)
+        self.assertEqual(r.returncode, 0, r.stderr)
         with open("rand-file-test", "rb") as f:
             rand1 = f.read()
 
         _cleanup("index.txt")
         _touch("index.txt")
 
-        run_wolfssl("ca", "-config", self.conf,
-                    "-in", self.csr, "-out", out2)
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", out2)
+        self.assertEqual(r.returncode, 0, r.stderr)
         with open("rand-file-test", "rb") as f:
             rand2 = f.read()
 
@@ -548,10 +552,11 @@ def test_no_common_name_supplied_fails(self):
         csr = "ca_pol_nocn.csr"
         out = "ca_pol_nocn.pem"
         self._clean(csr, out)
-        run_wolfssl("req", "-key",
-                    os.path.join(CERTS_DIR, "server-key.pem"),
-                    "-subj", "O=wolfSSL/C=US/ST=MT/L=Bozeman/OU=org-unit",
-                    "-out", csr)
+        r = run_wolfssl("req", "-key",
+                        os.path.join(CERTS_DIR, "server-key.pem"),
+                        "-subj", "O=wolfSSL/C=US/ST=MT/L=Bozeman/OU=org-unit",
+                        "-out", csr)
+        self.assertEqual(r.returncode, 0, r.stderr)
         r = run_wolfssl("ca", "-config", self.conf,
                         "-in", csr, "-out", out,
                         "-md", "sha256",
@@ -563,10 +568,11 @@ def test_no_common_name_match_fails(self):
         csr = "ca_pol_nocnm.csr"
         out = "ca_pol_nocnm.pem"
         self._clean(csr, out)
-        run_wolfssl("req", "-key",
-                    os.path.join(CERTS_DIR, "server-key.pem"),
-                    "-subj", "O=wolfSSL/C=US/ST=MT/L=Bozeman/OU=org-unit",
-                    "-out", csr)
+        r = run_wolfssl("req", "-key",
+                        os.path.join(CERTS_DIR, "server-key.pem"),
+                        "-subj", "O=wolfSSL/C=US/ST=MT/L=Bozeman/OU=org-unit",
+                        "-out", csr)
+        self.assertEqual(r.returncode, 0, r.stderr)
         r = run_wolfssl("ca", "-config", self.match_conf,
                         "-in", csr, "-out", out,
                         "-md", "sha256",
@@ -578,11 +584,12 @@ def test_common_name_supplied_succeeds(self):
         csr = "ca_pol_cn.csr"
         out = "ca_pol_cn.pem"
         self._clean(csr, out)
-        run_wolfssl("req", "-key",
-                    os.path.join(CERTS_DIR, "server-key.pem"),
-                    "-subj",
-                    "O=Sawtooth/CN=www.wolfclu.com/C=US/ST=MT/L=Bozeman/OU=org-unit",
-                    "-out", csr)
+        r = run_wolfssl("req", "-key",
+                        os.path.join(CERTS_DIR, "server-key.pem"),
+                        "-subj",
+                        "O=Sawtooth/CN=www.wolfclu.com/C=US/ST=MT/L=Bozeman/OU=org-unit",
+                        "-out", csr)
+        self.assertEqual(r.returncode, 0, r.stderr)
         r = run_wolfssl("ca", "-config", self.conf,
                         "-in", csr, "-out", out,
                         "-md", "sha256",
@@ -594,11 +601,12 @@ def test_common_name_mismatch_fails(self):
         csr = "ca_pol_cnmm.csr"
         out = "ca_pol_cnmm.pem"
         self._clean(csr, out)
-        run_wolfssl("req", "-key",
-                    os.path.join(CERTS_DIR, "server-key.pem"),
-                    "-subj",
-                    "O=Sawtooth/CN=www.wolfclu.com/C=US/ST=MT/L=Bozeman/OU=org-unit",
-                    "-out", csr)
+        r = run_wolfssl("req", "-key",
+                        os.path.join(CERTS_DIR, "server-key.pem"),
+                        "-subj",
+                        "O=Sawtooth/CN=www.wolfclu.com/C=US/ST=MT/L=Bozeman/OU=org-unit",
+                        "-out", csr)
+        self.assertEqual(r.returncode, 0, r.stderr)
         r = run_wolfssl("ca", "-config", self.match_conf,
                         "-in", csr, "-out", out,
                         "-md", "sha256",
diff --git a/tests/x509/x509-process-test.py b/tests/x509/x509-process-test.py
diff --git a/tests/x509/x509-req-test.py b/tests/x509/x509-req-test.py

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,7 @@ def test_stdin_input(self):`
`98`	`98`	`[WOLFSSL_BIN, "base64"],`
`99`	`99`	`input=stdin_data,`
`100`	`100`	`capture_output=True,`
	`101`	`+ timeout=60,`
`101`	`102`	`)`
`102`	`103`	`self.assertEqual(result.returncode, 0,`
`103`	`104`	`"Couldn't parse input from stdin")`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ def test_s_client_x509(self):`
`42`	`42`	`[WOLFSSL_BIN, "x509", "-outform", "pem", "-out", tmp_crt],`
`43`	`43`	`input=s_client.stdout,`
`44`	`44`	`capture_output=True,`
	`45`	`+ timeout=60,`
`45`	`46`	`)`
`46`	`47`
`47`	`48`	`# Read back the cert`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ def test_pem_to_der(self):`
`49`	`49`	`"-in", os.path.join(CERTS_DIR, "signed.p7s"),`
`50`	`50`	`"-outform", "DER"],`
`51`	`51`	`capture_output=True, stdin=subprocess.DEVNULL,`
	`52`	`+ timeout=60,`
`52`	`53`	`)`
`53`	`54`	`self.assertEqual(r.returncode, 0, r.stderr)`
`54`	`55`
`@@ -62,6 +63,7 @@ def test_stdin_input(self):`
`62`	`63`	`r = subprocess.run(`
`63`	`64`	`[WOLFSSL_BIN, "pkcs7", "-inform", "DER"],`
`64`	`65`	`input=data, capture_output=True, text=False,`
	`66`	`+ timeout=60,`
`65`	`67`	`)`
`66`	`68`	`self.assertIn(b"BEGIN PKCS7", r.stdout + r.stderr)`
`67`	`69`
Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,7 @@ def test_stdin_input(self):`
`86`	`86`	`r = subprocess.run(`
`87`	`87`	`[WOLFSSL_BIN, "pkcs8", "-passin", "pass:yassl123"],`
`88`	`88`	`input=data, capture_output=True, text=False,`
	`89`	`+ timeout=60,`
`89`	`90`	`)`
`90`	`91`	`self.assertIn(b"BEGIN PRIVATE", r.stdout + r.stderr)`
`91`	`92`