From ab560aa6b828e96b527113b9ac215733b94752f2 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 19 Jul 2023 20:22:16 +0200 Subject: [PATCH 1/2] Fix ClientHello parsing when no extensions are present --- src/dtls.c | 11 ++++--- tests/api.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 4 deletions(-) diff --git a/src/dtls.c b/src/dtls.c index 97cfae7ea..2ac321ba6 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -285,10 +285,13 @@ static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch) if (idx > helloSz - OPAQUE8_LEN) return BUFFER_ERROR; idx += ReadVector8(input + idx, &ch->compression); - if (idx > helloSz - OPAQUE16_LEN) - return BUFFER_ERROR; - idx += ReadVector16(input + idx, &ch->extension); - if (idx > helloSz) + if (idx < helloSz - OPAQUE16_LEN) { + /* Extensions are optional */ + idx += ReadVector16(input + idx, &ch->extension); + if (idx > helloSz) + return BUFFER_ERROR; + } + if (idx != helloSz) return BUFFER_ERROR; ch->length = idx; return 0; diff --git a/tests/api.c b/tests/api.c index a0991e231..fd089f7df 100644 --- a/tests/api.c +++ b/tests/api.c @@ -62854,6 +62854,94 @@ static int test_wolfSSL_configure_args(void) #endif return EXPECT_RESULT(); } + +static int test_dtls_no_extensions(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && !defined(NO_FILESYSTEM) + WOLFSSL *ssl_s = NULL; + WOLFSSL_CTX *ctx_s = NULL; + struct test_memio_ctx test_ctx; + const byte chNoExtensions[] = { + /* Handshake type */ + 0x16, + /* Version */ + 0xfe, 0xff, + /* Epoch */ + 0x00, 0x00, + /* Seq number */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Length */ + 0x00, 0x40, + /* CH type */ + 0x01, + /* Length */ + 0x00, 0x00, 0x34, + /* Msg Seq */ + 0x00, 0x00, + /* Frag offset */ + 0x00, 0x00, 0x00, + /* Frag length */ + 0x00, 0x00, 0x34, + /* Version */ + 0xfe, 0xff, + /* Random */ + 0x62, 0xfe, 0xbc, 0xfe, 0x2b, 0xfe, 0x3f, 0xeb, 0x03, 0xc4, 0xea, 0x37, + 0xe7, 0x47, 0x7e, 0x8a, 0xd9, 0xbf, 0x77, 0x0f, 0x6c, 0xb6, 0x77, 0x0b, + 0x03, 0x3f, 0x82, 0x2b, 0x21, 0x64, 0x57, 0x1d, + /* Session Length */ + 0x00, + /* Cookie Length */ + 0x00, + /* CS Length */ + 0x00, 0x0c, + /* CS */ + 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x39, 0x00, 0x33, + /* Comp Meths Length */ + 0x01, + /* Comp Meths */ + 0x00 + /* And finally... no extensions */ + }; + int i; +#ifdef OPENSSL_EXTRA + int repeats = 2; +#else + int repeats = 1; +#endif + + for (i = 0; i < repeats; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ssl_s = NULL; + ctx_s = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfDTLS_server_method), 0); + + XMEMCPY(test_ctx.s_buff, chNoExtensions, sizeof(chNoExtensions)); + test_ctx.s_len = sizeof(chNoExtensions); + +#ifdef OPENSSL_EXTRA + if (i > 0) { + ExpectIntEQ(wolfSSL_set_max_proto_version(ssl_s, DTLS1_2_VERSION), + WOLFSSL_SUCCESS); + } +#endif + + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Expecting a handshake msg. Either HVR or SH. */ + ExpectIntGT(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.c_buff[0], 0x16); + + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -64103,6 +64191,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_dtls_msg_from_other_peer), TEST_DECL(test_dtls_ipv6_check), TEST_DECL(test_wolfSSL_SCR_after_resumption), + TEST_DECL(test_dtls_no_extensions), /* This test needs to stay at the end to clean up any caches allocated. */ TEST_DECL(test_wolfSSL_Cleanup) }; From d3aa11bf87c2f56cf36d83dcc5a4f636a85233a1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 20 Jul 2023 11:11:42 +0200 Subject: [PATCH 2/2] Place manual memio helpers in utils.c and add macro for them --- tests/api.c | 32 ++++---- tests/utils.c | 198 +++++++++++++++++++++++++++++++++++++++++++++++ wolfssl/test.h | 206 ------------------------------------------------- 3 files changed, 214 insertions(+), 222 deletions(-) diff --git a/tests/api.c b/tests/api.c index fd089f7df..d908f6ede 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10717,7 +10717,8 @@ static int test_wolfSSL_SCR_Reconnect(void) EXPECT_DECLS; #if defined(HAVE_SECURE_RENEGOTIATION) && \ defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \ - defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; @@ -61017,8 +61018,7 @@ static int test_wolfSSL_DTLS_fragment_buckets(void) #if !defined(NO_FILESYSTEM) && \ defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ - !defined(NO_RSA) + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) static int test_wolfSSL_dtls_stateless2(void) { @@ -61241,9 +61241,8 @@ static int test_wolfSSL_dtls_stateless_downgrade(void) #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)*/ -#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ - !defined(NO_OLD_TLS) && !defined(NO_RSA) +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_OLD_TLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) static int test_WOLFSSL_dtls_version_alert(void) { EXPECT_DECLS; @@ -61297,7 +61296,8 @@ static int test_WOLFSSL_dtls_version_alert(void) #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ && defined(WOLFSSL_TLS13) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ + && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler) { struct test_memio_ctx *test_ctx; @@ -61466,7 +61466,7 @@ static int test_ticket_nonce_malloc(void) !defined(WOLFSSL_TICKET_DECRYPT_NO_CREATE) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_RSA) && \ - defined(HAVE_ECC) + defined(HAVE_ECC) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) static int test_ticket_ret_create(void) { @@ -61924,7 +61924,7 @@ static int test_TLS_13_ticket_different_ciphers(void) } #endif #if defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) #define TEST_WRONG_CS_CLIENT "DHE-RSA-AES128-SHA" /* AKA TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ @@ -61990,7 +61990,7 @@ static int test_extra_alerts_wrong_cs(void) #endif #if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH) + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH) static void test_remove_msg(byte *msg, int tail_len, int *len, int msg_length) { @@ -62149,8 +62149,8 @@ static int test_extra_alerts_skip_hs(void) } #endif -#if !defined(WOLFSSL_NO_TLS12) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_EXTRA_ALERTS) && !defined(NO_PSK) && !defined(NO_DH) +#if !defined(WOLFSSL_NO_TLS12) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && defined(WOLFSSL_EXTRA_ALERTS) && !defined(NO_PSK) && !defined(NO_DH) static unsigned int test_server_psk_cb(WOLFSSL* ssl, const char* id, unsigned char* key, unsigned int key_max_len) @@ -62401,7 +62401,7 @@ static int test_override_alt_cert_chain(void) } #endif -#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) static int test_dtls13_bad_epoch_ch(void) @@ -62544,8 +62544,8 @@ static int test_short_session_id(void) } #endif -#if defined(HAVE_NULL_CIPHER) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_DTLS13) +#if defined(HAVE_NULL_CIPHER) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \ + && defined(WOLFSSL_DTLS13) static byte* test_find_string(const char *string, byte *buf, int buf_size) { @@ -62858,7 +62858,7 @@ static int test_wolfSSL_configure_args(void) static int test_dtls_no_extensions(void) { EXPECT_DECLS; -#if defined(WOLFSSL_DTLS) && !defined(NO_FILESYSTEM) +#if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) WOLFSSL *ssl_s = NULL; WOLFSSL_CTX *ctx_s = NULL; struct test_memio_ctx test_ctx; diff --git a/tests/utils.c b/tests/utils.c index 87557f292..d5267be35 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -119,4 +119,202 @@ cleanup: } #endif /* !NO_FILESYSTEM */ +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + +/* This set of memio functions allows for more fine tuned control of the TLS + * connection operations. For new tests, try to use ssl_memio first. */ + +#define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES + +#define TEST_MEMIO_BUF_SZ (64 * 1024) +struct test_memio_ctx +{ + byte c_buff[TEST_MEMIO_BUF_SZ]; + int c_len; + const char* c_ciphers; + byte s_buff[TEST_MEMIO_BUF_SZ]; + int s_len; + const char* s_ciphers; +}; + +int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, + int max_rounds, int *rounds); +int test_memio_setup(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s); + +static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, + void *ctx) +{ + struct test_memio_ctx *test_ctx; + byte *buf; + int *len; + + test_ctx = (struct test_memio_ctx*)ctx; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + } + else { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + } + + if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ) + return WOLFSSL_CBIO_ERR_WANT_READ; + + XMEMCPY(buf + *len, data, sz); + *len += sz; + + return sz; +} + +static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, + void *ctx) +{ + struct test_memio_ctx *test_ctx; + int read_sz; + byte *buf; + int *len; + + test_ctx = (struct test_memio_ctx*)ctx; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + } + else { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + } + + if (*len == 0) + return WOLFSSL_CBIO_ERR_WANT_READ; + + read_sz = sz < *len ? sz : *len; + + XMEMCPY(data, buf, read_sz); + XMEMMOVE(buf, buf + read_sz, *len - read_sz); + + *len -= read_sz; + + return read_sz; +} + +int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, + int max_rounds, int *rounds) +{ + byte handshake_complete = 0, hs_c = 0, hs_s = 0; + int ret, err; + + if (rounds != NULL) + *rounds = 0; + while (!handshake_complete && max_rounds > 0) { + if (!hs_c) { + ret = wolfSSL_connect(ssl_c); + if (ret == WOLFSSL_SUCCESS) { + hs_c = 1; + } + else { + err = wolfSSL_get_error(ssl_c, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) + return -1; + } + } + if (!hs_s) { + ret = wolfSSL_accept(ssl_s); + if (ret == WOLFSSL_SUCCESS) { + hs_s = 1; + } + else { + err = wolfSSL_get_error(ssl_s, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) + return -1; + } + } + handshake_complete = hs_c && hs_s; + max_rounds--; + if (rounds != NULL) + *rounds = *rounds + 1; + } + + if (!handshake_complete) + return -1; + + return 0; +} + +int test_memio_setup(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s) +{ + int ret; + + if (ctx_c != NULL && *ctx_c == NULL) { + *ctx_c = wolfSSL_CTX_new(method_c()); + if (*ctx_c == NULL) + return -1; +#ifndef NO_CERTS + ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); + if (ret != WOLFSSL_SUCCESS) + return -1; +#endif /* NO_CERTS */ + wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); + if (ctx->c_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers); + if (ret != WOLFSSL_SUCCESS) + return -1; + } + } + + if (ctx_s != NULL && *ctx_s == NULL) { + *ctx_s = wolfSSL_CTX_new(method_s()); + if (*ctx_s == NULL) + return -1; +#ifndef NO_CERTS + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS) + return- -1; + ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS) + return -1; +#endif + wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ctx->s_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); + if (ret != WOLFSSL_SUCCESS) + return -1; + } + } + + if (ctx_c != NULL && ssl_c != NULL) { + *ssl_c = wolfSSL_new(*ctx_c); + if (*ssl_c == NULL) + return -1; + wolfSSL_SetIOWriteCtx(*ssl_c, ctx); + wolfSSL_SetIOReadCtx(*ssl_c, ctx); + } + if (ctx_s != NULL && ssl_s != NULL) { + *ssl_s = wolfSSL_new(*ctx_s); + if (*ssl_s == NULL) + return -1; + wolfSSL_SetIOWriteCtx(*ssl_s, ctx); + wolfSSL_SetIOReadCtx(*ssl_s, ctx); +#if !defined(NO_DH) + SetDH(*ssl_s); +#endif + } + + return 0; +} +#endif + #endif /* WOLFSSL_TEST_UTILS_INCLUDED */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 42ad85202..fda2b29c9 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -5296,210 +5296,4 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); #define DTLS_CID_BUFFER_SIZE 256 -#if !defined(NO_FILESYSTEM) && ( \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ - && defined(WOLFSSL_TLS13) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ - || \ - (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)) \ - || \ - (defined(HAVE_SECURE_RENEGOTIATION) && \ - !defined(NO_RSA) && \ - defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ - defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ - defined(HAVE_AESGCM)) \ - ) || \ - (defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(WOLFSSL_TICKET_DECRYPT_NO_CREATE) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ - !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)) || \ - (defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)) -#define TEST_MEMIO_BUF_SZ (64 * 1024) -struct test_memio_ctx -{ - byte c_buff[TEST_MEMIO_BUF_SZ]; - int c_len; - const char* c_ciphers; - byte s_buff[TEST_MEMIO_BUF_SZ]; - int s_len; - const char* s_ciphers; -}; - -static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, - void *ctx) -{ - struct test_memio_ctx *test_ctx; - byte *buf; - int *len; - - test_ctx = (struct test_memio_ctx*)ctx; - - if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { - buf = test_ctx->c_buff; - len = &test_ctx->c_len; - } - else { - buf = test_ctx->s_buff; - len = &test_ctx->s_len; - } - - if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ) - return WOLFSSL_CBIO_ERR_WANT_READ; - - XMEMCPY(buf + *len, data, sz); - *len += sz; - - return sz; -} - -static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, - void *ctx) -{ - struct test_memio_ctx *test_ctx; - int read_sz; - byte *buf; - int *len; - - test_ctx = (struct test_memio_ctx*)ctx; - - if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { - buf = test_ctx->s_buff; - len = &test_ctx->s_len; - } - else { - buf = test_ctx->c_buff; - len = &test_ctx->c_len; - } - - if (*len == 0) - return WOLFSSL_CBIO_ERR_WANT_READ; - - read_sz = sz < *len ? sz : *len; - - XMEMCPY(data, buf, read_sz); - XMEMMOVE(buf, buf + read_sz, *len - read_sz); - - *len -= read_sz; - - return read_sz; -} - -static WC_INLINE int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, - int max_rounds, int *rounds) -{ - byte handshake_complete = 0, hs_c = 0, hs_s = 0; - int ret, err; - - if (rounds != NULL) - *rounds = 0; - while (!handshake_complete && max_rounds > 0) { - if (!hs_c) { - ret = wolfSSL_connect(ssl_c); - if (ret == WOLFSSL_SUCCESS) { - hs_c = 1; - } - else { - err = wolfSSL_get_error(ssl_c, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) - return -1; - } - } - if (!hs_s) { - ret = wolfSSL_accept(ssl_s); - if (ret == WOLFSSL_SUCCESS) { - hs_s = 1; - } - else { - err = wolfSSL_get_error(ssl_s, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) - return -1; - } - } - handshake_complete = hs_c && hs_s; - max_rounds--; - if (rounds != NULL) - *rounds = *rounds + 1; - } - - if (!handshake_complete) - return -1; - - return 0; -} - -static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx, - WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, - method_provider method_c, method_provider method_s) -{ - int ret; - - if (ctx_c != NULL && *ctx_c == NULL) { - *ctx_c = wolfSSL_CTX_new(method_c()); - if (*ctx_c == NULL) - return -1; -#ifndef NO_CERTS - ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); - if (ret != WOLFSSL_SUCCESS) - return -1; -#endif /* NO_CERTS */ - wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); - if (ctx->c_ciphers != NULL) { - ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers); - if (ret != WOLFSSL_SUCCESS) - return -1; - } - } - - if (ctx_s != NULL && *ctx_s == NULL) { - *ctx_s = wolfSSL_CTX_new(method_s()); - if (*ctx_s == NULL) - return -1; -#ifndef NO_CERTS - ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, - WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) - return- -1; - ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, - WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) - return -1; -#endif - wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); - if (ctx->s_ciphers != NULL) { - ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); - if (ret != WOLFSSL_SUCCESS) - return -1; - } - } - - if (ctx_c != NULL && ssl_c != NULL) { - *ssl_c = wolfSSL_new(*ctx_c); - if (*ssl_c == NULL) - return -1; - wolfSSL_SetIOWriteCtx(*ssl_c, ctx); - wolfSSL_SetIOReadCtx(*ssl_c, ctx); - } - if (ctx_s != NULL && ssl_s != NULL) { - *ssl_s = wolfSSL_new(*ctx_s); - if (*ssl_s == NULL) - return -1; - wolfSSL_SetIOWriteCtx(*ssl_s, ctx); - wolfSSL_SetIOReadCtx(*ssl_s, ctx); -#if !defined(NO_DH) - SetDH(*ssl_s); -#endif - } - - return 0; -} -#endif - #endif /* wolfSSL_TEST_H */